[Security Solution] Refactor duplicated rule schemas (#135479)

* Replace patch, patch bulk, import rules schemas

* Remove more duplicated schemas

* Fix update rules output_index, patch rules type specific schema, prepackaged immutability and default enabled status

* Fix import exceptions, add back threshold type dependent validation, fix patch schema unit tests

* Remove unused variable

* Fix export rule test

* Fix TODOs, add rule converter tests, consistent throw/return error behavior

* Remove schema cast by adding individual rule type patch schemas

x-pack/plugins/security_solution/common/detection_engine/schemas/request/add_prepackaged_rules_schema.mock.ts

@@ -5,11 +5,7 @@
  * 2.0.
  */
 
-import {
-  AddPrepackagedRulesSchema,
-  AddPrepackagedRulesSchemaDecoded,
-} from './add_prepackaged_rules_schema';
-import { DEFAULT_MAX_SIGNALS } from '../../../constants';
+import { AddPrepackagedRulesSchema } from './add_prepackaged_rules_schema';
 
 export const getAddPrepackagedRulesSchemaMock = (): AddPrepackagedRulesSchema => ({
   description: 'some description',
@@ -23,33 +19,6 @@ export const getAddPrepackagedRulesSchemaMock = (): AddPrepackagedRulesSchema =>
   version: 1,
 });
 
-export const getAddPrepackagedRulesSchemaDecodedMock = (): AddPrepackagedRulesSchemaDecoded => ({
-  author: [],
-  description: 'some description',
-  name: 'Query with a rule id',
-  query: 'user.name: root or user.name: admin',
-  severity: 'high',
-  severity_mapping: [],
-  type: 'query',
-  risk_score: 55,
-  risk_score_mapping: [],
-  language: 'kuery',
-  references: [],
-  actions: [],
-  enabled: false,
-  false_positives: [],
-  from: 'now-6m',
-  interval: '5m',
-  max_signals: DEFAULT_MAX_SIGNALS,
-  tags: [],
-  to: 'now',
-  threat: [],
-  throttle: null,
-  version: 1,
-  exceptions_list: [],
-  rule_id: 'rule-1',
-});
-
 export const getAddPrepackagedThreatMatchRulesSchemaMock = (): AddPrepackagedRulesSchema => ({
   description: 'some description',
   name: 'Query with a rule id',
@@ -93,61 +62,18 @@ export const getAddPrepackagedThreatMatchRulesSchemaMock = (): AddPrepackagedRul
   ],
 });
 
-export const getAddPrepackagedThreatMatchRulesSchemaDecodedMock =
-  (): AddPrepackagedRulesSchemaDecoded => ({
-    author: [],
-    description: 'some description',
-    name: 'Query with a rule id',
-    query: 'user.name: root or user.name: admin',
-    severity: 'high',
-    severity_mapping: [],
-    type: 'threat_match',
-    risk_score: 55,
-    risk_score_mapping: [],
-    language: 'kuery',
-    references: [],
-    actions: [],
-    enabled: false,
-    false_positives: [],
-    from: 'now-6m',
-    interval: '5m',
-    max_signals: DEFAULT_MAX_SIGNALS,
-    tags: [],
-    to: 'now',
-    threat: [],
-    throttle: null,
-    version: 1,
-    exceptions_list: [],
-    rule_id: 'rule-1',
-    threat_query: '*:*',
-    threat_index: ['list-index'],
-    threat_mapping: [
-      {
-        entries: [
-          {
-            field: 'host.name',
-            value: 'host.name',
-            type: 'mapping',
-          },
-        ],
-      },
-    ],
-    threat_filters: [
-      {
-        bool: {
-          must: [
-            {
-              query_string: {
-                query: 'host.name: linux',
-                analyze_wildcard: true,
-                time_zone: 'Zulu',
-              },
-            },
-          ],
-          filter: [],
-          should: [],
-          must_not: [],
-        },
-      },
-    ],
-  });
+export const getAddPrepackagedThresholdRulesSchemaMock = (): AddPrepackagedRulesSchema => ({
+  description: 'some description',
+  name: 'Query with a rule id',
+  query: 'user.name: root or user.name: admin',
+  severity: 'high',
+  risk_score: 55,
+  language: 'kuery',
+  rule_id: 'rule-1',
+  version: 1,
+  type: 'threshold',
+  threshold: {
+    field: ['field-1', 'field-2', 'field-3', 'field-4'],
+    value: 1,
+  },
+});