[Alerting] Initial implementation of alerting task cancel()

[ymao1]

Resolves #113459

Summary

With this PR, the alerting task runner implements a cancel() function (currently only called by the task manager when an alerting task exceeds its timeout value).

• writes an Event Log document with action execute-timeout
• updates the execution status in the rule saved object to reflect the timeout with status:error, reason:timeout.
• adds alerting config cancelAlertsOnRuleTimeout to control action skipping behavior at framework level, defaults to true
• adds rule type config cancelAlertsOnRuleTimeout to control action skipping behavior at rule type level. if not set, defaults to whatever the value of the alerting config cancelAlertsOnRuleTimeout is
• skips scheduling actions if the execution is cancelled AND the cancelAlertsOnRuleTimeout in kibana.yml is true AND the rule type cancelAlertsOnRuleTimeout is true

To Verify

1. Modify the Elasticsearch query rule type x-pack/plugins/stack_alerts/server/alert_types/es_query/alert_type.ts:

@@ -148,6 +148,7 @@ export function getAlertType(logger: Logger): AlertType<
     isExportable: true,
     executor,
     producer: STACK_ALERTS_FEATURE_ID,
+    ruleTaskTimeout: '1m',
   };

   async function executor(
@@ -170,6 +171,8 @@ export function getAlertType(logger: Logger): AlertType<
       throw new Error(getInvalidComparatorError(params.thresholdComparator));
     }

+    await new Promise((resolve) => setTimeout(resolve, 120000));

This sets the ruleTaskTimeout to 1m and adds a 2 minute delay to the executor

2. Create an Elasticsearch query rule (make sure it is one that will fire!) with an attached action and let it run.
3. After 1 minute, you should see this warning in the logs:

[WARN ][plugins.taskManager] Cancelling task alerting:.es-query "f15847e0-2a8e-11ec-b690-17b293411601" as it expired at 2021-10-11T12:30:58.026Z after running for 01m 02s (with timeout set at 1m).

4. In the rule management view, the rule should be in an error state

5. Verify in the kibana index that the rule SO execution status has error status with reason: timeout:

Rule SO execution status

{
  "executionStatus" : {
    "status" : "error",
    "lastExecutionDate" : "2021-10-11T12:36:01.073Z",
    "error" : {
      "reason" : "timeout",
      "message" : "rule execution cancelled due to timeout: \".es-queryf08d2fb0-2a8e-11ec-b690-17b293411601\""
    }
  }
}

6. Verify in the event log index there is a document for execute-timeout:

Event log doc

{
	"@timestamp": "2021-10-11T12:31:00.923Z",
	"event": {
		"provider": "alerting",
		"action": "execute-timeout",
		"kind": "alert",
		"category": [
			"stackAlerts"
		]
	},
	"message": "rule execution cancelled due to timeout: \".es-queryf08d2fb0-2a8e-11ec-b690-17b293411601\"",
	"kibana": {
		"saved_objects": [{
			"rel": "primary",
			"type": "alert",
			"id": "f08d2fb0-2a8e-11ec-b690-17b293411601",
			"type_id": ".es-query"
		}],
		"server_uuid": "5b2de169-2785-441b-ae8c-186a1936b17d",
		"version": "8.0.0"
	},
	"rule": {
		"id": "f08d2fb0-2a8e-11ec-b690-17b293411601",
		"license": "basic",
		"category": ".es-query",
		"ruleset": "stackAlerts"
	},
	"ecs": {
		"version": "1.8.0"
	}
}

7. Verify you receive no action

8. Now add xpack.alerting.cancelAlertsOnRuleTimeout: false to your kibana config and repeat steps 1-7. Verify that all the timeout docs/statuses get written as expected, but you also receive your action at the end of rule execution (after timeout).

9. Now remove xpack.alerting.cancelAlertsOnRuleTimeout: false from your kibana config and add cancelAlertsOnRuleTimeout: false to the Elasticsearch rule type definition in x-pack/plugins/stack_alerts/server/alert_types/es_query/alert_type.ts. Repeat steps 1-7 and verify that all the timeout docs/statuses get written as expected, but you also receive your action at the end of rule execution (after timeout).

Checklist

Delete any items that are not applicable to this PR.

• Unit or functional tests were updated or added to match the most common scenarios

[ymao1]

@elasticmachine merge upstream

[elasticmachine]

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

[ymao1]

Made a new file for the cancel tests bc task_runner.test.ts is enormous

[jbudz]

kibana-docker LGTM

[chrisronline]

@ymao1

I'm not seeing the execution status updating properly:

{
  "executionStatus": {
    "status": "active",
    "lastExecutionDate": "2021-10-11T17:55:49.057Z",
    "error": null
  }
}

but I also see the execute-timeout in the event log:

POST .kibana-event-log-*/_search
{
  "size": 1,
  "sort": [
    {
      "@timestamp": {
        "order": "desc"
      }
    }
  ],
  "query": {
    "term": {
      "event.action": {
        "value": "execute-timeout"
      }
    }
  }
}

-->

{
  "took" : 2,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 5,
      "relation" : "eq"
    },
    "max_score" : null,
    "hits" : [
      {
        "_index" : ".kibana-event-log-8.0.0-000001",
        "_id" : "bh2AcHwBEGeKXpWr6gf5",
        "_score" : null,
        "_source" : {
          "@timestamp" : "2021-10-11T17:57:49.084Z",
          "event" : {
            "provider" : "alerting",
            "action" : "execute-timeout",
            "kind" : "alert",
            "category" : [
              "stackAlerts"
            ]
          },
          "message" : "rule execution cancelled due to timeout: \".es-query96e49850-2aba-11ec-96ec-5f9c1e6661e6\"",
          "kibana" : {
            "saved_objects" : [
              {
                "rel" : "primary",
                "type" : "alert",
                "id" : "96e49850-2aba-11ec-96ec-5f9c1e6661e6",
                "type_id" : ".es-query"
              }
            ],
            "server_uuid" : "5b2de169-2785-441b-ae8c-186a1936b17d",
            "version" : "8.0.0"
          },
          "rule" : {
            "id" : "96e49850-2aba-11ec-96ec-5f9c1e6661e6",
            "license" : "basic",
            "category" : ".es-query",
            "ruleset" : "stackAlerts"
          },
          "ecs" : {
            "version" : "1.8.0"
          }
        },
        "sort" : [
          1633975069084
        ]
      }
    ]
  }
}

Maybe I missed a step in the setup? I'm going to dive in a little more but wanted to give you an early heads up

[chrisronline]

I added a console.trace({ attributes }) to this line and this is what I see when the problem above happens:

[2021-10-11T14:58:04.941-04:00][WARN ][plugins.taskManager] Cancelling task alerting:.es-query "05fd6820-2ac5-11ec-8e22-e9237d2e050c" as it expired at 2021-10-11T18:58:04.920Z after running for 01m 00s (with timeout set at 1m).
Trace: {
  attributes: {
    executionStatus: {
      lastExecutionDate: '2021-10-11T18:58:04.941Z',
      status: 'error',
      error: [Object]
    }
  }
}
    at TaskRunner.updateRuleExecutionStatus (/Users/chris/dev/repos/kibana/x-pack/plugins/alerting/server/task_runner/task_runner.ts:215:13)
    at TaskRunner.cancel (/Users/chris/dev/repos/kibana/x-pack/plugins/alerting/server/task_runner/task_runner.ts:735:16)
    at TaskManagerRunner.cancel (/Users/chris/dev/repos/kibana/x-pack/plugins/task_manager/server/task_running/task_runner.ts:407:19)
    at TaskPool.cancelTask (/Users/chris/dev/repos/kibana/x-pack/plugins/task_manager/server/task_pool.ts:207:18)
    at TaskPool.cancelExpiredTasks (/Users/chris/dev/repos/kibana/x-pack/plugins/task_manager/server/task_pool.ts:198:14)
    at TaskPool.availableWorkers (/Users/chris/dev/repos/kibana/x-pack/plugins/task_manager/server/task_pool.ts:89:10)
    at TaskPool.run (/Users/chris/dev/repos/kibana/x-pack/plugins/task_manager/server/task_pool.ts:112:74)
    at run (/Users/chris/dev/repos/kibana/x-pack/plugins/task_manager/server/polling_lifecycle.ts:264:40)
    at onOk (/Users/chris/dev/repos/kibana/x-pack/plugins/task_manager/server/lib/fill_pool.ts:88:23)
    at map (/Users/chris/dev/repos/kibana/x-pack/plugins/task_manager/server/lib/result_type.ts:104:25)
    at MergeMapSubscriber.project (/Users/chris/dev/repos/kibana/x-pack/plugins/task_manager/server/lib/fill_pool.ts:75:11)
    at MergeMapSubscriber._tryNext (/Users/chris/dev/repos/kibana/node_modules/rxjs/src/internal/operators/mergeMap.ts:131:21)
    at MergeMapSubscriber._next (/Users/chris/dev/repos/kibana/node_modules/rxjs/src/internal/operators/mergeMap.ts:121:12)
    at MergeMapSubscriber.Subscriber.next (/Users/chris/dev/repos/kibana/node_modules/rxjs/src/internal/Subscriber.ts:99:12)
    at TapSubscriber._next (/Users/chris/dev/repos/kibana/node_modules/rxjs/src/internal/operators/tap.ts:125:22)
    at TapSubscriber.Subscriber.next (/Users/chris/dev/repos/kibana/node_modules/rxjs/src/internal/Subscriber.ts:99:12)


Trace: {
  attributes: {
    executionStatus: {
      lastExecutionDate: '2021-10-11T18:58:07.960Z',
      status: 'active',
      error: null
    }
  }
}
    at TaskRunner.updateRuleExecutionStatus (/Users/chris/dev/repos/kibana/x-pack/plugins/alerting/server/task_runner/task_runner.ts:215:13)
    at TaskRunner.run (/Users/chris/dev/repos/kibana/x-pack/plugins/alerting/server/task_runner/task_runner.ts:651:18)

[ymao1]

@chrisronline Thanks! I'll take a look. First thought is maybe a race condition when the rule timeout is the same as the schedule interval 🤔

[ymao1]

@elasticmachine merge upstream

[pmuellr]

LGTM; left a bunch of comments, mainly questions/nits - I think docs is the only thing that we need to have, out of all the comments.

[pmuellr]

We should be adding docs for this config as well, right? Presumably we'll create a PR to cloud-enable this as well?

[ymao1]

I will create a cloud PR for this config when this PR gets merged but I didn't think user docs make sense for this config?

[pmuellr]

I didn't think user docs make sense for this config?

Why not?

I think the one-liner that you added makes sense and is good enough :-)

[chrisronline]

Looks great so far! I had a couple of questions to start

[chrisronline]

LGTM! Great work!

[pmuellr]

changes LGTM; thanks!

[pmuellr]

I didn't think user docs make sense for this config?

Why not?

I think the one-liner that you added makes sense and is good enough :-)

[kibana-ci]

💚 Build Succeeded

• Buildkite Build
• Commit: 030a1fb
• Storybooks Preview

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
alerting	251	252	+1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
triggersActionsUi	777.5KB	777.8KB	+312.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
alerting	36.6KB	36.6KB	+20.0B

Unknown metric groups

API count

id	before	after	diff
alerting	259	260	+1

History

• 💚 Build #6631 succeeded cc4781b
• 💔 Build #6537 failed d769723
• 💚 Build #5880 succeeded 3ebfbfe
• 💚 Build #4965 succeeded 4672e4a
• 💛 Build #4604 was flaky e5906d4
• 💛 Build #3811 was flaky 3e9b3a9

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @ymao1