-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Alerting] Provide services to set context for recovered alerts #124972
[Alerting] Provide services to set context for recovered alerts #124972
Conversation
…g/alert-instance-to-alert
…/ymao1/kibana into alerting/alert-instance-to-alert
…/ymao1/kibana into alerting/recovery-context-services-2
…g/recovery-context-services-2
…g/recovery-context-services-2
…g/recovery-context-services-2
…g/recovery-context-services-2
…g/recovery-context-services-2
…g/recovery-context-services-2
…g/recovery-context-services-2
…g/recovery-context-services-2
…g/recovery-context-services-2
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thanks for updating our AlertInstanceFactory stub!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
@elasticmachine merge upstream |
@elasticmachine merge upstream |
💚 Build SucceededMetrics [docs]Public APIs missing comments
Async chunks
Public APIs missing exports
Page load bundle
History
To update your PR or re-run it, just comment with: cc @ymao1 |
…tic#124972) * Rename alert instance to alert and add create fn to alert factory * Rename alert instance to alert and add create fn to alert factory * Fixing types * Fixing types * Adding flag for rule types to opt into setting recovery context * Only showing context in action variable menu if flag set to true * Adding recovery functions to createAlertFactory * Setting recovery in index threshold and fixing types * Fixing lint issues and some refactoring * Cleanup * Functional tests for index threshold rule recovery context * Return array of recovered alerts instead of record * Fixing types * Fixing types * Cleanup * Handling nulls and more tests * Updating developer docs * Making getRecoveryAlerts non-optional * Setting unknown in index threshold recovery value * PR feedback * Adding a test Co-authored-by: Kibana Machine <[email protected]>
…tic#124972) * Rename alert instance to alert and add create fn to alert factory * Rename alert instance to alert and add create fn to alert factory * Fixing types * Fixing types * Adding flag for rule types to opt into setting recovery context * Only showing context in action variable menu if flag set to true * Adding recovery functions to createAlertFactory * Setting recovery in index threshold and fixing types * Fixing lint issues and some refactoring * Cleanup * Functional tests for index threshold rule recovery context * Return array of recovered alerts instead of record * Fixing types * Fixing types * Cleanup * Handling nulls and more tests * Updating developer docs * Making getRecoveryAlerts non-optional * Setting unknown in index threshold recovery value * PR feedback * Adding a test Co-authored-by: Kibana Machine <[email protected]>
* WIP * WIP2 * Use new cases context hooks to open and close the flyout * Update timelines to use new hooks * CLose flyout on create success * Add back sucess toast * Move code to a dedicated component * Add CasesContext to observability * Remove dependency * Small refactor * Use observabilityAppId instead of observabilityFeatureId for buttons * Add CasesContext to timetable * Fix detection engine test cases * Fix broken tests * Fix broken tests * Rename hook * Add test cases for cases context ui * Add test for new hook * Remove state from the provider context * Remove basevalue * apply suggested renaming * Add usecallback * Add reducer types, fix test type, remove redundant check * Accept attachments as a prop for the cases select modal * Expose useCasesAddToExistingCase hook, reducer code and global component * use the new hook to open the select cases modasl * Fix tests and types * Add tests for cases global components * [Fleet] showing agent policy creation error message on UI (#125931) * showing agent policy creation error message on UI * mapping the error instead of showing from the backend Co-authored-by: Kibana Machine <[email protected]> * [ResponseOps] Adds tooltip to time window selector in ES query rule flyout (#125764) * [Lens] Allow detaching from global time range (#125563) * allow detaching from global time range * add test * fix time field recognition * fix tests Co-authored-by: Kibana Machine <[email protected]> * [Fleet] refactor auto upgrade package policies logic (#125909) * refactor upgrade package policies * fixed tests * code cleanup * review improvements * added api test Co-authored-by: Kibana Machine <[email protected]> * skip flaky suite (#126027) * Remove deprecated api (#125524) * [Fleet] Remove deprecated kibana APIs - License * Remove basePath from FleetApp * Replace AsyncPlugin with Plugin * Get fieldFormats from fieldFormats plugin rather than data plugin * Fix ts errors * Attempt fixing wrong type * Move licenseService to FleetStartDeps * Fix types and mocks Co-authored-by: Kibana Machine <[email protected]> * Upgrade `markdown-it` dependency (`10.0.0` → `12.3.2`). (#125526) * skipping failing tests (#126039) * remove unused deprecated code and use field format plugin directly for data view field editor (#126029) * [data views] Improve preview pane (#126013) * fix preview pane * fix preview pane * one less span tag Co-authored-by: Kibana Machine <[email protected]> * [Alerting] Provide services to set context for recovered alerts (#124972) * Rename alert instance to alert and add create fn to alert factory * Rename alert instance to alert and add create fn to alert factory * Fixing types * Fixing types * Adding flag for rule types to opt into setting recovery context * Only showing context in action variable menu if flag set to true * Adding recovery functions to createAlertFactory * Setting recovery in index threshold and fixing types * Fixing lint issues and some refactoring * Cleanup * Functional tests for index threshold rule recovery context * Return array of recovered alerts instead of record * Fixing types * Fixing types * Cleanup * Handling nulls and more tests * Updating developer docs * Making getRecoveryAlerts non-optional * Setting unknown in index threshold recovery value * PR feedback * Adding a test Co-authored-by: Kibana Machine <[email protected]> * [Discover] Re-introduce saved_searches test (#126059) * [Archive Migration] index pattern without timefield (#125870) * kbn_archive date_nanos * kbn_archive date_nanos in context and discover * kbn_archiver more date_nanos tests * split out kbnArchiver for index_pattern_without_timefield * remove date_nanos files from a different PR * update another test for usage of the same archives * set default index pattern for test * remove duplicate const kibanaServer Co-authored-by: Kibana Machine <[email protected]> * delete unused es_archive visualize_embedding (#126001) * delete unused es_archive * remove other unused es_archive * more unused es_archives Co-authored-by: Kibana Machine <[email protected]> * Bump packages (#126119) * url-parse 1.5.3 -> 1.5.9 * follow-redirects 1.y.z -> 1.14.9 * Add tests for all cases selector and attachments * Add tests for use add to existing case hook * First version of the cases timeline actions * export add alert to new case button from cases plugin * Make Cases ECS compatible with timelines and security_solution * Delete new case button * Add helpers * Use the cases hook directly for add to new case * Remov unused dependencies * Rename callbacks, remove timelines calls * Fixing tests for the dropdown * Fix broken test * mocking cases for tests * Fix detectiosn tests * Observability now uses the new cases hooks * Wrap events viewer into cases context * Open the create case flyout if create case was selected in the modal * Fix cases mocks for security_solution * Update tests * Add tests for use cases toast * Improve cases mock * delete security mock * replace tests mocks for cases * fix import mock * Do not require onRowClick * Show the toast inside the modal * show the toast inside the flyout * remove toast logic from the consumer plugin * fix typescript types * Rename type * Fix broken test * Fix file name and broken test * Use internal navigation hook * Update hook dependencies * Move useCaseToast * Fix mock paths * fix eslint * Add test cases for the toast content * Add cases context to the overview page Co-authored-by: Julia Bardi <[email protected]> Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: István Zoltán Szabó <[email protected]> Co-authored-by: Joe Reuter <[email protected]> Co-authored-by: Tiago Costa <[email protected]> Co-authored-by: Cristina Amico <[email protected]> Co-authored-by: Aleh Zasypkin <[email protected]> Co-authored-by: Gloria Hornero <[email protected]> Co-authored-by: Matthew Kime <[email protected]> Co-authored-by: Ying Mao <[email protected]> Co-authored-by: Maja Grubic <[email protected]> Co-authored-by: Lee Drengenberg <[email protected]> Co-authored-by: Joe Portner <[email protected]>
Resolves #122988
Summary
This PR provides rule executors with the ability to set context on recovered alerts. It adds the following:
doesSetRecoveryContext
flag to the rule type, which allows rule types to opt into using recovery services when they are ready. Defaults tofalse
if not set.doesSetRecoveryContext
is true for a rule type, the context variables will be available in the list of action variables when the action group isrecovered
. Previously, context was always hidden for the recovered action group.createAlertFactory
to add adone()
function that is meant to be called when a rule type is done creating alerts and scheduling actions. If a rule type executor tries to create an alert after callingdone()
, an error will be thrown.doesSetRecoveryContext
is true for a rule type, when the rule type executor callsdone()
, it will be provided a list of recovered alertsI've updated the index threshold rule type to use these services to set recovery context so you should be able to verify this PR using that rule type.
Checklist