From ad2e74a30f9cba9b87dc9c3db6e71a7e3ee7c25c Mon Sep 17 00:00:00 2001 From: FrankHassanabad Date: Wed, 22 Sep 2021 12:40:05 -0600 Subject: [PATCH 01/12] Adds the legacy actions side car back. --- .eslintrc.js | 27 ++ .../security_solution/common/constants.ts | 3 +- .../notifications/do_not_use_add_tags.test.ts | 28 ++ .../notifications/do_not_use_add_tags.ts | 14 + .../do_not_use_create_notifications.test.ts | 76 ++++++ .../do_not_use_create_notifications.ts | 46 ++++ .../do_not_use_find_notifications.test.ts | 24 ++ .../do_not_use_find_notifications.ts | 45 ++++ .../do_not_use_read_notifications.test.ts | 158 +++++++++++ .../do_not_use_read_notifications.ts | 60 +++++ ..._use_rules_notification_alert_type.test.ts | 255 ++++++++++++++++++ ...o_not_use_rules_notification_alert_type.ts | 103 +++++++ .../notifications/do_not_use_types.ts | 143 ++++++++++ .../routes/__mocks__/request_responses.ts | 57 ++++ .../do_not_use_create_legacy_notification.ts | 112 ++++++++ .../routes/rules/find_rules_route.ts | 18 +- .../routes/rules/utils.test.ts | 3 +- .../detection_engine/routes/rules/utils.ts | 7 +- ...ot_use_create_rule_actions_saved_object.ts | 54 ++++ ..._use_get_bulk_rule_actions_saved_object.ts | 57 ++++ ...o_not_use_get_rule_actions_saved_object.ts | 59 ++++ ...migrations.ts => do_not_use_migrations.ts} | 13 +- ...ts => do_not_use_saved_object_mappings.ts} | 19 +- .../{types.ts => do_not_use_types.ts} | 18 +- ...ate_or_create_rule_actions_saved_object.ts | 60 +++++ ...ot_use_update_rule_actions_saved_object.ts | 70 +++++ .../rule_actions/do_not_use_utils.ts | 41 +++ .../lib/detection_engine/rules/utils.test.ts | 107 ++++---- .../lib/detection_engine/rules/utils.ts | 68 ++++- .../schemas/rule_converters.ts | 16 +- .../legacy_notifications/one_action.json | 14 + .../scripts/post_legacy_notification.sh | 25 ++ .../security_solution/server/plugin.ts | 15 +- .../security_solution/server/routes/index.ts | 5 + .../security_solution/server/saved_objects.ts | 5 +- .../plugins/security_solution/server/types.ts | 2 + 36 files changed, 1726 insertions(+), 101 deletions(-) create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_add_tags.test.ts create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_add_tags.ts create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_create_notifications.test.ts create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_create_notifications.ts create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_find_notifications.test.ts create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_find_notifications.ts create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_read_notifications.test.ts create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_read_notifications.ts create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_rules_notification_alert_type.test.ts create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_rules_notification_alert_type.ts create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_types.ts create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/do_not_use_create_legacy_notification.ts create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_create_rule_actions_saved_object.ts create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_get_bulk_rule_actions_saved_object.ts create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_get_rule_actions_saved_object.ts rename x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/{migrations.ts => do_not_use_migrations.ts} (90%) rename x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/{saved_object_mappings.ts => do_not_use_saved_object_mappings.ts} (72%) rename x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/{types.ts => do_not_use_types.ts} (73%) create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_update_or_create_rule_actions_saved_object.ts create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_update_rule_actions_saved_object.ts create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_utils.ts create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/scripts/legacy_notifications/one_action.json create mode 100755 x-pack/plugins/security_solution/server/lib/detection_engine/scripts/post_legacy_notification.sh diff --git a/.eslintrc.js b/.eslintrc.js index 83afc27263248..a7615664e838f 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -930,6 +930,15 @@ module.exports = { '@typescript-eslint/no-explicit-any': 'error', '@typescript-eslint/no-useless-constructor': 'error', '@typescript-eslint/unified-signatures': 'error', + 'no-restricted-imports': [ + 'error', + { + // prevents code from importing files that contain the name "do_not_use" within their name. This is a mechanism + // to help deprecation and prevent accidental re-use/continued use of code we plan on removing. If you are + // finding yourself turning this off a lot for "new code" consider renaming the file and functions if it is valid uses. + patterns: ['*do_not_use*'], + }, + ], }, }, { @@ -1192,6 +1201,15 @@ module.exports = { 'no-template-curly-in-string': 'error', 'sort-keys': 'error', 'prefer-destructuring': 'error', + 'no-restricted-imports': [ + 'error', + { + // prevents code from importing files that contain the name "do_not_use" within their name. This is a mechanism + // to help deprecation and prevent accidental re-use/continued use of code we plan on removing. If you are + // finding yourself turning this off a lot for "new code" consider renaming the file and functions if it is valid uses. + patterns: ['*do_not_use*'], + }, + ], }, }, /** @@ -1304,6 +1322,15 @@ module.exports = { 'no-template-curly-in-string': 'error', 'sort-keys': 'error', 'prefer-destructuring': 'error', + 'no-restricted-imports': [ + 'error', + { + // prevents code from importing files that contain the name "do_not_use" within their name. This is a mechanism + // to help deprecation and prevent accidental re-use/continued use of code we plan on removing. If you are + // finding yourself turning this off a lot for "new code" consider renaming the file and functions if it is valid uses. + patterns: ['*do_not_use*'], + }, + ], }, }, /** diff --git a/x-pack/plugins/security_solution/common/constants.ts b/x-pack/plugins/security_solution/common/constants.ts index a93439b29069b..2d3a3cd92d28e 100644 --- a/x-pack/plugins/security_solution/common/constants.ts +++ b/x-pack/plugins/security_solution/common/constants.ts @@ -201,8 +201,9 @@ export const THRESHOLD_RULE_TYPE_ID = `${RULE_TYPE_PREFIX}.thresholdRule` as con /** * Id for the notifications alerting type + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const NOTIFICATIONS_ID = `siem.notifications`; +export const __DO_NOT_USE__NOTIFICATIONS_ID = `siem.notifications`; /** * Special internal structure for tags for signals. This is used diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_add_tags.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_add_tags.test.ts new file mode 100644 index 0000000000000..923c3f6211d34 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_add_tags.test.ts @@ -0,0 +1,28 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__addTags } from './do_not_use_add_tags'; +import { INTERNAL_RULE_ALERT_ID_KEY } from '../../../../common/constants'; + +describe('__DO_NOT_USE__add_tags', () => { + test('it should add a rule id as an internal structure', () => { + const tags = __DO_NOT_USE__addTags([], 'rule-1'); + expect(tags).toEqual([`${INTERNAL_RULE_ALERT_ID_KEY}:rule-1`]); + }); + + test('it should not allow duplicate tags to be created', () => { + const tags = __DO_NOT_USE__addTags(['tag-1', 'tag-1'], 'rule-1'); + expect(tags).toEqual(['tag-1', `${INTERNAL_RULE_ALERT_ID_KEY}:rule-1`]); + }); + + test('it should not allow duplicate internal tags to be created when called two times in a row', () => { + const tags1 = __DO_NOT_USE__addTags(['tag-1'], 'rule-1'); + const tags2 = __DO_NOT_USE__addTags(tags1, 'rule-1'); + expect(tags2).toEqual(['tag-1', `${INTERNAL_RULE_ALERT_ID_KEY}:rule-1`]); + }); +}); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_add_tags.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_add_tags.ts new file mode 100644 index 0000000000000..3e07a6d16dbaf --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_add_tags.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { INTERNAL_RULE_ALERT_ID_KEY } from '../../../../common/constants'; + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +export const __DO_NOT_USE__addTags = (tags: string[], ruleAlertId: string): string[] => + Array.from(new Set([...tags, `${INTERNAL_RULE_ALERT_ID_KEY}:${ruleAlertId}`])); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_create_notifications.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_create_notifications.test.ts new file mode 100644 index 0000000000000..925309737ae36 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_create_notifications.test.ts @@ -0,0 +1,76 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { rulesClientMock } from '../../../../../alerting/server/mocks'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__createNotifications } from './do_not_use_create_notifications'; + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +describe('__DO_NOT_USE__createNotifications', () => { + let rulesClient: ReturnType; + + beforeEach(() => { + rulesClient = rulesClientMock.create(); + }); + + it('calls the rulesClient with proper params', async () => { + const ruleAlertId = 'rule-04128c15-0d1b-4716-a4c5-46997ac7f3bd'; + + await __DO_NOT_USE__createNotifications({ + rulesClient, + actions: [], + ruleAlertId, + enabled: true, + interval: '', + name: '', + }); + + expect(rulesClient.create).toHaveBeenCalledWith( + expect.objectContaining({ + data: expect.objectContaining({ + params: expect.objectContaining({ + ruleAlertId, + }), + }), + }) + ); + }); + + it('calls the rulesClient with transformed actions', async () => { + const action = { + group: 'default', + id: '99403909-ca9b-49ba-9d7a-7e5320e68d05', + params: { message: 'Rule generated {{state.signals_count}} signals' }, + actionTypeId: '.slack', + }; + await __DO_NOT_USE__createNotifications({ + rulesClient, + actions: [action], + ruleAlertId: 'new-rule-id', + enabled: true, + interval: '', + name: '', + }); + + expect(rulesClient.create).toHaveBeenCalledWith( + expect.objectContaining({ + data: expect.objectContaining({ + actions: expect.arrayContaining([ + { + group: action.group, + id: action.id, + params: action.params, + actionTypeId: '.slack', + }, + ]), + }), + }) + ); + }); +}); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_create_notifications.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_create_notifications.ts new file mode 100644 index 0000000000000..a18c811df771a --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_create_notifications.ts @@ -0,0 +1,46 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { SanitizedAlert } from '../../../../../alerting/common'; +import { SERVER_APP_ID, __DO_NOT_USE__NOTIFICATIONS_ID } from '../../../../common/constants'; +// eslint-disable-next-line no-restricted-imports +import { + CreateNotificationParams, + __DO_NOT_USE__RuleNotificationAlertTypeParams, +} from './do_not_use_types'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__addTags } from './do_not_use_add_tags'; + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +export const __DO_NOT_USE__createNotifications = async ({ + rulesClient, + actions, + enabled, + ruleAlertId, + interval, + name, +}: CreateNotificationParams): Promise< + SanitizedAlert<__DO_NOT_USE__RuleNotificationAlertTypeParams> +> => + rulesClient.create<__DO_NOT_USE__RuleNotificationAlertTypeParams>({ + data: { + name, + tags: __DO_NOT_USE__addTags([], ruleAlertId), + alertTypeId: __DO_NOT_USE__NOTIFICATIONS_ID, + consumer: SERVER_APP_ID, + params: { + ruleAlertId, + }, + schedule: { interval }, + enabled, + actions, + throttle: null, + notifyWhen: null, + }, + }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_find_notifications.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_find_notifications.test.ts new file mode 100644 index 0000000000000..701962ea2e55d --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_find_notifications.test.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__getFilter } from './do_not_use_find_notifications'; +import { __DO_NOT_USE__NOTIFICATIONS_ID } from '../../../../common/constants'; + +describe('__DO_NOT_USE__find_notifications', () => { + test('it returns a full filter with an AND if sent down', () => { + expect(__DO_NOT_USE__getFilter('alert.attributes.enabled: true')).toEqual( + `alert.attributes.alertTypeId: ${__DO_NOT_USE__NOTIFICATIONS_ID} AND alert.attributes.enabled: true` + ); + }); + + test('it returns existing filter with no AND when not set', () => { + expect(__DO_NOT_USE__getFilter(null)).toEqual( + `alert.attributes.alertTypeId: ${__DO_NOT_USE__NOTIFICATIONS_ID}` + ); + }); +}); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_find_notifications.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_find_notifications.ts new file mode 100644 index 0000000000000..26f1c4e7e38c9 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_find_notifications.ts @@ -0,0 +1,45 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { AlertTypeParams, FindResult } from '../../../../../alerting/server'; +import { __DO_NOT_USE__NOTIFICATIONS_ID } from '../../../../common/constants'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__FindNotificationParams } from './do_not_use_types'; + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +export const __DO_NOT_USE__getFilter = (filter: string | null | undefined) => { + if (filter == null) { + return `alert.attributes.alertTypeId: ${__DO_NOT_USE__NOTIFICATIONS_ID}`; + } else { + return `alert.attributes.alertTypeId: ${__DO_NOT_USE__NOTIFICATIONS_ID} AND ${filter}`; + } +}; + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +export const __DO_NOT_USE__findNotifications = async ({ + rulesClient, + perPage, + page, + fields, + filter, + sortField, + sortOrder, +}: __DO_NOT_USE__FindNotificationParams): Promise> => + rulesClient.find({ + options: { + fields, + page, + perPage, + filter: __DO_NOT_USE__getFilter(filter), + sortOrder, + sortField, + }, + }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_read_notifications.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_read_notifications.test.ts new file mode 100644 index 0000000000000..d9095033a3fe0 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_read_notifications.test.ts @@ -0,0 +1,158 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__readNotifications } from './do_not_use_read_notifications'; +import { rulesClientMock } from '../../../../../alerting/server/mocks'; +import { + __DO_NOT_USE__getNotificationResult, + __DO_NOT_USE__getFindNotificationsResultWithSingleHit, +} from '../routes/__mocks__/request_responses'; + +// eslint-disable-next-line @typescript-eslint/naming-convention +class __DO_NOT_USE__TestError extends Error { + constructor() { + super(); + + this.name = 'CustomError'; + this.output = { statusCode: 404 }; + } + public output: { statusCode: number }; +} + +describe('__DO_NOT_USE__read_notifications', () => { + let rulesClient: ReturnType; + + beforeEach(() => { + rulesClient = rulesClientMock.create(); + }); + + describe('readNotifications', () => { + test('should return the output from rulesClient if id is set but ruleAlertId is undefined', async () => { + rulesClient.get.mockResolvedValue(__DO_NOT_USE__getNotificationResult()); + + const rule = await __DO_NOT_USE__readNotifications({ + rulesClient, + id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', + ruleAlertId: undefined, + }); + expect(rule).toEqual(__DO_NOT_USE__getNotificationResult()); + }); + test('should return null if saved object found by alerts client given id is not alert type', async () => { + const result = __DO_NOT_USE__getNotificationResult(); + // @ts-expect-error + delete result.alertTypeId; + rulesClient.get.mockResolvedValue(result); + + const rule = await __DO_NOT_USE__readNotifications({ + rulesClient, + id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', + ruleAlertId: undefined, + }); + expect(rule).toEqual(null); + }); + + test('should return error if alerts client throws 404 error on get', async () => { + rulesClient.get.mockImplementation(() => { + throw new __DO_NOT_USE__TestError(); + }); + + const rule = await __DO_NOT_USE__readNotifications({ + rulesClient, + id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', + ruleAlertId: undefined, + }); + expect(rule).toEqual(null); + }); + + test('should return error if alerts client throws error on get', async () => { + rulesClient.get.mockImplementation(() => { + throw new Error('Test error'); + }); + try { + await __DO_NOT_USE__readNotifications({ + rulesClient, + id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', + ruleAlertId: undefined, + }); + } catch (exc) { + expect(exc.message).toEqual('Test error'); + } + }); + + test('should return the output from rulesClient if id is set but ruleAlertId is null', async () => { + rulesClient.get.mockResolvedValue(__DO_NOT_USE__getNotificationResult()); + + const rule = await __DO_NOT_USE__readNotifications({ + rulesClient, + id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', + ruleAlertId: null, + }); + expect(rule).toEqual(__DO_NOT_USE__getNotificationResult()); + }); + + test('should return the output from rulesClient if id is undefined but ruleAlertId is set', async () => { + rulesClient.get.mockResolvedValue(__DO_NOT_USE__getNotificationResult()); + rulesClient.find.mockResolvedValue(__DO_NOT_USE__getFindNotificationsResultWithSingleHit()); + + const rule = await __DO_NOT_USE__readNotifications({ + rulesClient, + id: undefined, + ruleAlertId: 'rule-1', + }); + expect(rule).toEqual(__DO_NOT_USE__getNotificationResult()); + }); + + test('should return null if the output from rulesClient with ruleAlertId set is empty', async () => { + rulesClient.get.mockResolvedValue(__DO_NOT_USE__getNotificationResult()); + rulesClient.find.mockResolvedValue({ data: [], page: 0, perPage: 1, total: 0 }); + + const rule = await __DO_NOT_USE__readNotifications({ + rulesClient, + id: undefined, + ruleAlertId: 'rule-1', + }); + expect(rule).toEqual(null); + }); + + test('should return the output from rulesClient if id is null but ruleAlertId is set', async () => { + rulesClient.get.mockResolvedValue(__DO_NOT_USE__getNotificationResult()); + rulesClient.find.mockResolvedValue(__DO_NOT_USE__getFindNotificationsResultWithSingleHit()); + + const rule = await __DO_NOT_USE__readNotifications({ + rulesClient, + id: null, + ruleAlertId: 'rule-1', + }); + expect(rule).toEqual(__DO_NOT_USE__getNotificationResult()); + }); + + test('should return null if id and ruleAlertId are null', async () => { + rulesClient.get.mockResolvedValue(__DO_NOT_USE__getNotificationResult()); + rulesClient.find.mockResolvedValue(__DO_NOT_USE__getFindNotificationsResultWithSingleHit()); + + const rule = await __DO_NOT_USE__readNotifications({ + rulesClient, + id: null, + ruleAlertId: null, + }); + expect(rule).toEqual(null); + }); + + test('should return null if id and ruleAlertId are undefined', async () => { + rulesClient.get.mockResolvedValue(__DO_NOT_USE__getNotificationResult()); + rulesClient.find.mockResolvedValue(__DO_NOT_USE__getFindNotificationsResultWithSingleHit()); + + const rule = await __DO_NOT_USE__readNotifications({ + rulesClient, + id: undefined, + ruleAlertId: undefined, + }); + expect(rule).toEqual(null); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_read_notifications.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_read_notifications.ts new file mode 100644 index 0000000000000..6623ec58a2895 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_read_notifications.ts @@ -0,0 +1,60 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { AlertTypeParams, SanitizedAlert } from '../../../../../alerting/common'; +// eslint-disable-next-line no-restricted-imports +import { + __DO_NOT_USE__ReadNotificationParams, + __DO_NOT_USE__isAlertType, +} from './do_not_use_types'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__findNotifications } from './do_not_use_find_notifications'; +import { INTERNAL_RULE_ALERT_ID_KEY } from '../../../../common/constants'; + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +export const __DO_NOT_USE__readNotifications = async ({ + rulesClient, + id, + ruleAlertId, +}: __DO_NOT_USE__ReadNotificationParams): Promise | null> => { + if (id != null) { + try { + const notification = await rulesClient.get({ id }); + if (__DO_NOT_USE__isAlertType(notification)) { + return notification; + } else { + return null; + } + } catch (err) { + if (err?.output?.statusCode === 404) { + return null; + } else { + // throw non-404 as they would be 500 or other internal errors + throw err; + } + } + } else if (ruleAlertId != null) { + const notificationFromFind = await __DO_NOT_USE__findNotifications({ + rulesClient, + filter: `alert.attributes.tags: "${INTERNAL_RULE_ALERT_ID_KEY}:${ruleAlertId}"`, + page: 1, + }); + if ( + notificationFromFind.data.length === 0 || + !__DO_NOT_USE__isAlertType(notificationFromFind.data[0]) + ) { + return null; + } else { + return notificationFromFind.data[0]; + } + } else { + // should never get here, and yet here we are. + return null; + } +}; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_rules_notification_alert_type.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_rules_notification_alert_type.test.ts new file mode 100644 index 0000000000000..12be1a2ed84c0 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_rules_notification_alert_type.test.ts @@ -0,0 +1,255 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { loggingSystemMock } from 'src/core/server/mocks'; +import { getAlertMock } from '../routes/__mocks__/request_responses'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__rulesNotificationAlertType } from './do_not_use_rules_notification_alert_type'; +import { buildSignalsSearchQuery } from './build_signals_query'; +import { alertsMock, AlertServicesMock } from '../../../../../alerting/server/mocks'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__NotificationExecutorOptions } from './do_not_use_types'; +import { + sampleDocSearchResultsNoSortIdNoVersion, + sampleDocSearchResultsWithSortId, + sampleEmptyDocSearchResults, +} from '../signals/__mocks__/es_results'; +import { DEFAULT_RULE_NOTIFICATION_QUERY_SIZE } from '../../../../common/constants'; +// eslint-disable-next-line @kbn/eslint/no-restricted-paths +import { elasticsearchClientMock } from 'src/core/server/elasticsearch/client/mocks'; +import { getQueryRuleParams } from '../schemas/rule_schemas.mock'; +jest.mock('./build_signals_query'); + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +describe('__DO_NOT_USE__rules_notification_alert_type', () => { + let payload: __DO_NOT_USE__NotificationExecutorOptions; + let alert: ReturnType; + let logger: ReturnType; + let alertServices: AlertServicesMock; + + beforeEach(() => { + alertServices = alertsMock.createAlertServices(); + logger = loggingSystemMock.createLogger(); + + payload = { + alertId: '1111', + services: alertServices, + params: { ruleAlertId: '2222' }, + state: {}, + spaceId: '', + name: 'name', + tags: [], + startedAt: new Date('2019-12-14T16:40:33.400Z'), + previousStartedAt: new Date('2019-12-13T16:40:33.400Z'), + createdBy: 'elastic', + updatedBy: 'elastic', + rule: { + name: 'name', + tags: [], + consumer: 'foo', + producer: 'foo', + ruleTypeId: 'ruleType', + ruleTypeName: 'Name of rule', + enabled: true, + schedule: { + interval: '1h', + }, + actions: [], + createdBy: 'elastic', + updatedBy: 'elastic', + createdAt: new Date('2019-12-14T16:40:33.400Z'), + updatedAt: new Date('2019-12-14T16:40:33.400Z'), + throttle: null, + notifyWhen: null, + }, + }; + + alert = __DO_NOT_USE__rulesNotificationAlertType({ + logger, + }); + }); + + describe.each([ + ['Legacy', false], + ['RAC', true], + ])('executor - %s', (_, isRuleRegistryEnabled) => { + it('throws an error if rule alert was not found', async () => { + alertServices.savedObjectsClient.get.mockResolvedValue({ + id: 'id', + attributes: {}, + type: 'type', + references: [], + }); + await alert.executor(payload); + expect(logger.error).toHaveBeenCalledWith( + `Saved object for alert ${payload.params.ruleAlertId} was not found` + ); + }); + + it('should call buildSignalsSearchQuery with proper params', async () => { + const ruleAlert = getAlertMock(isRuleRegistryEnabled, getQueryRuleParams()); + alertServices.savedObjectsClient.get.mockResolvedValue({ + id: 'id', + type: 'type', + references: [], + attributes: ruleAlert, + }); + alertServices.scopedClusterClient.asCurrentUser.search.mockResolvedValue( + elasticsearchClientMock.createSuccessTransportRequestPromise( + sampleDocSearchResultsWithSortId() + ) + ); + + await alert.executor(payload); + + expect(buildSignalsSearchQuery).toHaveBeenCalledWith( + expect.objectContaining({ + from: '1576255233400', + index: '.siem-signals', + ruleId: 'rule-1', + to: '1576341633400', + size: DEFAULT_RULE_NOTIFICATION_QUERY_SIZE, + }) + ); + }); + + it('should resolve results_link when meta is undefined to use "/app/security"', async () => { + const ruleAlert = getAlertMock(isRuleRegistryEnabled, getQueryRuleParams()); + delete ruleAlert.params.meta; + alertServices.savedObjectsClient.get.mockResolvedValue({ + id: 'rule-id', + type: 'type', + references: [], + attributes: ruleAlert, + }); + alertServices.scopedClusterClient.asCurrentUser.search.mockResolvedValue( + elasticsearchClientMock.createSuccessTransportRequestPromise( + sampleDocSearchResultsWithSortId() + ) + ); + + await alert.executor(payload); + expect(alertServices.alertInstanceFactory).toHaveBeenCalled(); + + const [{ value: alertInstanceMock }] = alertServices.alertInstanceFactory.mock.results; + expect(alertInstanceMock.scheduleActions).toHaveBeenCalledWith( + 'default', + expect.objectContaining({ + results_link: + '/app/security/detections/rules/id/rule-id?timerange=(global:(linkTo:!(timeline),timerange:(from:1576255233400,kind:absolute,to:1576341633400)),timeline:(linkTo:!(global),timerange:(from:1576255233400,kind:absolute,to:1576341633400)))', + }) + ); + }); + + it('should resolve results_link when meta is an empty object to use "/app/security"', async () => { + const ruleAlert = getAlertMock(isRuleRegistryEnabled, getQueryRuleParams()); + ruleAlert.params.meta = {}; + alertServices.savedObjectsClient.get.mockResolvedValue({ + id: 'rule-id', + type: 'type', + references: [], + attributes: ruleAlert, + }); + alertServices.scopedClusterClient.asCurrentUser.search.mockResolvedValue( + elasticsearchClientMock.createSuccessTransportRequestPromise( + sampleDocSearchResultsWithSortId() + ) + ); + await alert.executor(payload); + expect(alertServices.alertInstanceFactory).toHaveBeenCalled(); + + const [{ value: alertInstanceMock }] = alertServices.alertInstanceFactory.mock.results; + expect(alertInstanceMock.scheduleActions).toHaveBeenCalledWith( + 'default', + expect.objectContaining({ + results_link: + '/app/security/detections/rules/id/rule-id?timerange=(global:(linkTo:!(timeline),timerange:(from:1576255233400,kind:absolute,to:1576341633400)),timeline:(linkTo:!(global),timerange:(from:1576255233400,kind:absolute,to:1576341633400)))', + }) + ); + }); + + it('should resolve results_link to custom kibana link when given one', async () => { + const ruleAlert = getAlertMock(isRuleRegistryEnabled, getQueryRuleParams()); + ruleAlert.params.meta = { + kibana_siem_app_url: 'http://localhost', + }; + alertServices.savedObjectsClient.get.mockResolvedValue({ + id: 'rule-id', + type: 'type', + references: [], + attributes: ruleAlert, + }); + alertServices.scopedClusterClient.asCurrentUser.search.mockResolvedValue( + elasticsearchClientMock.createSuccessTransportRequestPromise( + sampleDocSearchResultsWithSortId() + ) + ); + await alert.executor(payload); + expect(alertServices.alertInstanceFactory).toHaveBeenCalled(); + + const [{ value: alertInstanceMock }] = alertServices.alertInstanceFactory.mock.results; + expect(alertInstanceMock.scheduleActions).toHaveBeenCalledWith( + 'default', + expect.objectContaining({ + results_link: + 'http://localhost/detections/rules/id/rule-id?timerange=(global:(linkTo:!(timeline),timerange:(from:1576255233400,kind:absolute,to:1576341633400)),timeline:(linkTo:!(global),timerange:(from:1576255233400,kind:absolute,to:1576341633400)))', + }) + ); + }); + + it('should not call alertInstanceFactory if signalsCount was 0', async () => { + const ruleAlert = getAlertMock(isRuleRegistryEnabled, getQueryRuleParams()); + alertServices.savedObjectsClient.get.mockResolvedValue({ + id: 'id', + type: 'type', + references: [], + attributes: ruleAlert, + }); + alertServices.scopedClusterClient.asCurrentUser.search.mockResolvedValue( + elasticsearchClientMock.createSuccessTransportRequestPromise(sampleEmptyDocSearchResults()) + ); + + await alert.executor(payload); + + expect(alertServices.alertInstanceFactory).not.toHaveBeenCalled(); + }); + + it('should call scheduleActions if signalsCount was greater than 0', async () => { + const ruleAlert = getAlertMock(isRuleRegistryEnabled, getQueryRuleParams()); + alertServices.savedObjectsClient.get.mockResolvedValue({ + id: 'id', + type: 'type', + references: [], + attributes: ruleAlert, + }); + alertServices.scopedClusterClient.asCurrentUser.search.mockResolvedValue( + elasticsearchClientMock.createSuccessTransportRequestPromise( + sampleDocSearchResultsNoSortIdNoVersion() + ) + ); + + await alert.executor(payload); + + expect(alertServices.alertInstanceFactory).toHaveBeenCalled(); + + const [{ value: alertInstanceMock }] = alertServices.alertInstanceFactory.mock.results; + expect(alertInstanceMock.replaceState).toHaveBeenCalledWith( + expect.objectContaining({ signals_count: 100 }) + ); + expect(alertInstanceMock.scheduleActions).toHaveBeenCalledWith( + 'default', + expect.objectContaining({ + rule: expect.objectContaining({ + name: ruleAlert.name, + }), + }) + ); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_rules_notification_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_rules_notification_alert_type.ts new file mode 100644 index 0000000000000..a62cfcca3c00b --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_rules_notification_alert_type.ts @@ -0,0 +1,103 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { Logger } from 'src/core/server'; +import { schema } from '@kbn/config-schema'; +import { parseScheduleDates } from '@kbn/securitysolution-io-ts-utils'; +import { + DEFAULT_RULE_NOTIFICATION_QUERY_SIZE, + __DO_NOT_USE__NOTIFICATIONS_ID, + SERVER_APP_ID, +} from '../../../../common/constants'; + +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__NotificationAlertTypeDefinition } from './do_not_use_types'; +import { AlertAttributes } from '../signals/types'; +import { siemRuleActionGroups } from '../signals/siem_rule_action_groups'; +import { scheduleNotificationActions } from './schedule_notification_actions'; +import { getNotificationResultsLink } from './utils'; +import { getSignals } from './get_signals'; + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should also be removed + */ +export const __DO_NOT_USE__rulesNotificationAlertType = ({ + logger, +}: { + logger: Logger; +}): __DO_NOT_USE__NotificationAlertTypeDefinition => ({ + id: __DO_NOT_USE__NOTIFICATIONS_ID, + name: 'SIEM notification', + actionGroups: siemRuleActionGroups, + defaultActionGroupId: 'default', + producer: SERVER_APP_ID, + validate: { + params: schema.object({ + ruleAlertId: schema.string(), + }), + }, + minimumLicenseRequired: 'basic', + isExportable: false, + async executor({ startedAt, previousStartedAt, alertId, services, params }) { + const ruleAlertSavedObject = await services.savedObjectsClient.get( + 'alert', + params.ruleAlertId + ); + + if (!ruleAlertSavedObject.attributes.params) { + logger.error(`Saved object for alert ${params.ruleAlertId} was not found`); + return; + } + + const { params: ruleAlertParams, name: ruleName } = ruleAlertSavedObject.attributes; + const ruleParams = { ...ruleAlertParams, name: ruleName, id: ruleAlertSavedObject.id }; + + const fromInMs = parseScheduleDates( + previousStartedAt + ? previousStartedAt.toISOString() + : `now-${ruleAlertSavedObject.attributes.schedule.interval}` + )?.format('x'); + const toInMs = parseScheduleDates(startedAt.toISOString())?.format('x'); + + const results = await getSignals({ + from: fromInMs, + to: toInMs, + size: DEFAULT_RULE_NOTIFICATION_QUERY_SIZE, + index: ruleParams.outputIndex, + ruleId: ruleParams.ruleId, + esClient: services.scopedClusterClient.asCurrentUser, + }); + + const signals = results.hits.hits.map((hit) => hit._source); + + const signalsCount = + typeof results.hits.total === 'number' ? results.hits.total : results.hits.total.value; + + const resultsLink = getNotificationResultsLink({ + from: fromInMs, + to: toInMs, + id: ruleAlertSavedObject.id, + kibanaSiemAppUrl: (ruleAlertParams.meta as { kibana_siem_app_url?: string } | undefined) + ?.kibana_siem_app_url, + }); + + logger.info( + `Found ${signalsCount} signals using signal rule name: "${ruleParams.name}", id: "${params.ruleAlertId}", rule_id: "${ruleParams.ruleId}" in "${ruleParams.outputIndex}" index` + ); + + if (signalsCount !== 0) { + const alertInstance = services.alertInstanceFactory(alertId); + scheduleNotificationActions({ + alertInstance, + signalsCount, + resultsLink, + ruleParams, + signals, + }); + } + }, +}); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_types.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_types.ts new file mode 100644 index 0000000000000..5046d119b0d40 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_types.ts @@ -0,0 +1,143 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + RulesClient, + PartialAlert, + AlertType, + AlertTypeParams, + AlertTypeState, + AlertInstanceState, + AlertInstanceContext, + AlertExecutorOptions, +} from '../../../../../alerting/server'; +import { Alert, AlertAction } from '../../../../../alerting/common'; +import { __DO_NOT_USE__NOTIFICATIONS_ID } from '../../../../common/constants'; + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +// eslint-disable-next-line @typescript-eslint/naming-convention +export interface __DO_NOT_USE__RuleNotificationAlertTypeParams extends AlertTypeParams { + ruleAlertId: string; +} + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +// eslint-disable-next-line @typescript-eslint/naming-convention +export type __DO_NOT_USE__RuleNotificationAlertType = + Alert<__DO_NOT_USE__RuleNotificationAlertTypeParams>; + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +// eslint-disable-next-line @typescript-eslint/naming-convention +export interface __DO_NOT_USE__FindNotificationParams { + rulesClient: RulesClient; + perPage?: number; + page?: number; + sortField?: string; + filter?: string; + fields?: string[]; + sortOrder?: 'asc' | 'desc'; +} + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +// eslint-disable-next-line @typescript-eslint/naming-convention +export interface __DO_NOT_USE__Clients { + rulesClient: RulesClient; +} + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +// eslint-disable-next-line @typescript-eslint/naming-convention +export interface __DO_NOT_USE__NotificationAlertParams { + actions: AlertAction[]; + enabled: boolean; + ruleAlertId: string; + interval: string; + name: string; +} + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +export type CreateNotificationParams = __DO_NOT_USE__NotificationAlertParams & + __DO_NOT_USE__Clients; + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +// eslint-disable-next-line @typescript-eslint/naming-convention +export interface __DO_NOT_USE__ReadNotificationParams { + rulesClient: RulesClient; + id?: string | null; + ruleAlertId?: string | null; +} + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +export const __DO_NOT_USE__isAlertType = ( + partialAlert: PartialAlert +): partialAlert is __DO_NOT_USE__RuleNotificationAlertType => { + return partialAlert.alertTypeId === __DO_NOT_USE__NOTIFICATIONS_ID; +}; + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +// eslint-disable-next-line @typescript-eslint/naming-convention +export type __DO_NOT_USE__NotificationExecutorOptions = AlertExecutorOptions< + __DO_NOT_USE__RuleNotificationAlertTypeParams, + AlertTypeState, + AlertInstanceState, + AlertInstanceContext +>; + +/** + * This returns true because by default a NotificationAlertTypeDefinition is an AlertType + * since we are only increasing the strictness of params. + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +export const __DO_NOT_USE__isNotificationAlertExecutor = ( + obj: __DO_NOT_USE__NotificationAlertTypeDefinition +): obj is AlertType< + AlertTypeParams, + AlertTypeParams, + AlertTypeState, + AlertInstanceState, + AlertInstanceContext +> => { + return true; +}; + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +// eslint-disable-next-line @typescript-eslint/naming-convention +export type __DO_NOT_USE__NotificationAlertTypeDefinition = Omit< + AlertType< + AlertTypeParams, + AlertTypeParams, + AlertTypeState, + AlertInstanceState, + AlertInstanceContext, + 'default' + >, + 'executor' +> & { + executor: ({ + services, + params, + state, + }: __DO_NOT_USE__NotificationExecutorOptions) => Promise; +}; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts index 5d0f0c246f6b0..df6ebcc7522b8 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts @@ -40,6 +40,8 @@ import { getPerformBulkActionSchemaMock } from '../../../../../common/detection_ import { RuleExecutionStatus } from '../../../../../common/detection_engine/schemas/common/schemas'; import { FindBulkExecutionLogResponse } from '../../rule_execution_log/types'; import { ruleTypeMappings } from '../../signals/utils'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__RuleNotificationAlertType } from '../../notifications/do_not_use_types'; export const typicalSetStatusSignalByIdsPayload = (): SetSignalsStatusSchemaDecoded => ({ signal_ids: ['somefakeid1', 'somefakeid2'], @@ -593,3 +595,58 @@ export const getSignalsMigrationStatusRequest = () => path: DETECTION_ENGINE_SIGNALS_MIGRATION_STATUS_URL, query: getSignalsMigrationStatusSchemaMock(), }); + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +export const __DO_NOT_USE__getNotificationResult = (): __DO_NOT_USE__RuleNotificationAlertType => ({ + id: '200dbf2f-b269-4bf9-aa85-11ba32ba73ba', + name: 'Notification for Rule Test', + tags: ['__internal_rule_alert_id:85b64e8a-2e40-4096-86af-5ac172c10825'], + alertTypeId: 'siem.notifications', + consumer: 'siem', + params: { + ruleAlertId: '85b64e8a-2e40-4096-86af-5ac172c10825', + }, + schedule: { + interval: '5m', + }, + enabled: true, + actions: [ + { + actionTypeId: '.slack', + params: { + message: + 'Rule generated {{state.signals_count}} signals\n\n{{context.rule.name}}\n{{{context.results_link}}}', + }, + group: 'default', + id: '99403909-ca9b-49ba-9d7a-7e5320e68d05', + }, + ], + throttle: null, + notifyWhen: null, + apiKey: null, + apiKeyOwner: 'elastic', + createdBy: 'elastic', + updatedBy: 'elastic', + createdAt: new Date('2020-03-21T11:15:13.530Z'), + muteAll: false, + mutedInstanceIds: [], + scheduledTaskId: '62b3a130-6b70-11ea-9ce9-6b9818c4cbd7', + updatedAt: new Date('2020-03-21T12:37:08.730Z'), + executionStatus: { + status: 'unknown', + lastExecutionDate: new Date('2020-08-20T19:23:38Z'), + }, +}); + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +export const __DO_NOT_USE__getFindNotificationsResultWithSingleHit = + (): FindHit<__DO_NOT_USE__RuleNotificationAlertType> => ({ + page: 1, + perPage: 1, + total: 1, + data: [__DO_NOT_USE__getNotificationResult()], + }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/do_not_use_create_legacy_notification.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/do_not_use_create_legacy_notification.ts new file mode 100644 index 0000000000000..7251d000caf01 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/do_not_use_create_legacy_notification.ts @@ -0,0 +1,112 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { schema } from '@kbn/config-schema'; +import type { SecuritySolutionPluginRouter } from '../../../../types'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__updateOrCreateRuleActionsSavedObject } from '../../rule_actions/do_not_use_update_or_create_rule_actions_saved_object'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__readNotifications } from '../../notifications/do_not_use_read_notifications'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__RuleNotificationAlertTypeParams } from '../../notifications/do_not_use_types'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__addTags } from '../../notifications/do_not_use_add_tags'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__createNotifications } from '../../notifications/do_not_use_create_notifications'; + +/** + * Given an "alert_id" and a valid "action_id" this will create a legacy notification. This is for testing + * purposes only and should not be used for production. It is behind a route with the words "internal" and + * "legacy" to announce its legacy and internal intent. + * @deprecated Once we no longer have legacy notifications and "side car actions" this can be removed. + * @param router The router + */ +export const __DO_NOT_USE__createLegacyNotificationRoute = ( + router: SecuritySolutionPluginRouter +): void => { + router.post( + { + path: '/internal/api/detection/do_not_use/notifications', + validate: { + query: schema.object({ alert_id: schema.string() }), + body: schema.object({ + name: schema.string(), + interval: schema.string(), + actions: schema.arrayOf( + schema.object({ + id: schema.string(), + group: schema.string(), + params: schema.object({ + message: schema.string(), + }), + actionTypeId: schema.string(), + }) + ), + }), + }, + options: { + tags: ['access:securitySolution'], + }, + }, + async (context, request, response) => { + const rulesClient = context.alerting.getRulesClient(); + const savedObjectsClient = context.core.savedObjects.client; + const { alert_id: ruleAlertId } = request.query; + const { actions, interval, name } = request.body; + try { + // This is to ensure it exists before continuing. + await rulesClient.get({ id: ruleAlertId }); + const notification = await __DO_NOT_USE__readNotifications({ + rulesClient, + id: undefined, + ruleAlertId, + }); + if (notification != null) { + await rulesClient.update<__DO_NOT_USE__RuleNotificationAlertTypeParams>({ + id: notification.id, + data: { + tags: __DO_NOT_USE__addTags([], ruleAlertId), + name, + schedule: { + interval, + }, + actions, + params: { + ruleAlertId, + }, + throttle: null, + notifyWhen: null, + }, + }); + } else { + await __DO_NOT_USE__createNotifications({ + rulesClient, + actions: [], + enabled: true, + ruleAlertId, + interval, + name, + }); + } + await __DO_NOT_USE__updateOrCreateRuleActionsSavedObject({ + ruleAlertId, + savedObjectsClient, + actions, + throttle: interval, + }); + } catch (error) { + const message = error instanceof Error ? error.message : 'unknown'; + return response.badRequest({ body: message }); + } + return response.ok({ + body: { + ok: 'acknowledged', + }, + }); + } + ); +}; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/find_rules_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/find_rules_route.ts index 26e8d1107237b..48ee76068491b 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/find_rules_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/find_rules_route.ts @@ -17,6 +17,8 @@ import { findRules } from '../../rules/find_rules'; import { buildSiemResponse } from '../utils'; import { buildRouteValidation } from '../../../../utils/build_validation/route_validation'; import { transformFindAlerts } from './utils'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__getBulkRuleActionsSavedObject } from '../../rule_actions/do_not_use_get_bulk_rule_actions_saved_object'; export const findRulesRoute = ( router: SecuritySolutionPluginRouter, @@ -44,6 +46,7 @@ export const findRulesRoute = ( try { const { query } = request; const rulesClient = context.alerting?.getRulesClient(); + const savedObjectsClient = context.core.savedObjects.client; if (!rulesClient) { return siemResponse.error({ statusCode: 404 }); @@ -62,12 +65,15 @@ export const findRulesRoute = ( }); const alertIds = rules.data.map((rule) => rule.id); - const ruleStatuses = await execLogClient.findBulk({ - ruleIds: alertIds, - logsCount: 1, - spaceId: context.securitySolution.getSpaceId(), - }); - const transformed = transformFindAlerts(rules, ruleStatuses); + const [ruleStatuses, ruleActions] = await Promise.all([ + execLogClient.findBulk({ + ruleIds: alertIds, + logsCount: 1, + spaceId: context.securitySolution.getSpaceId(), + }), + __DO_NOT_USE__getBulkRuleActionsSavedObject({ alertIds, savedObjectsClient }), + ]); + const transformed = transformFindAlerts(rules, ruleStatuses, ruleActions); if (transformed == null) { return siemResponse.error({ statusCode: 500, body: 'Internal error transforming' }); } else { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.test.ts index 8001b7d6bf4d4..a6f491b067303 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.test.ts @@ -258,7 +258,7 @@ describe.each([ describe('transformFindAlerts', () => { test('outputs empty data set when data set is empty correct', () => { - const output = transformFindAlerts({ data: [], page: 1, perPage: 0, total: 0 }, {}); + const output = transformFindAlerts({ data: [], page: 1, perPage: 0, total: 0 }, {}, {}); expect(output).toEqual({ data: [], page: 1, perPage: 0, total: 0 }); }); @@ -270,6 +270,7 @@ describe.each([ total: 0, data: [getAlertMock(isRuleRegistryEnabled, getQueryRuleParams())], }, + {}, {} ); const expected = getOutputRuleAlertForRest(); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.ts index 4f023156fba06..12afa6f99f93a 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.ts @@ -33,6 +33,8 @@ import { import { internalRuleToAPIResponse } from '../../schemas/rule_converters'; import { RuleParams } from '../../schemas/rule_schemas'; import { SanitizedAlert } from '../../../../../../alerting/common'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__RulesActionsSavedObject } from '../../rule_actions/do_not_use_get_rule_actions_saved_object'; type PromiseFromStreams = ImportRulesSchemaDecoded | Error; @@ -114,7 +116,8 @@ export const transformAlertsToRules = (alerts: RuleAlertType[]): Array, - ruleStatuses: { [key: string]: IRuleStatusSOAttributes[] | undefined } + ruleStatuses: { [key: string]: IRuleStatusSOAttributes[] | undefined }, + ruleActions: Record ): { page: number; perPage: number; @@ -128,7 +131,7 @@ export const transformFindAlerts = ( data: findResults.data.map((alert) => { const statuses = ruleStatuses[alert.id]; const status = statuses ? statuses[0] : undefined; - return internalRuleToAPIResponse(alert, status); + return internalRuleToAPIResponse(alert, status, ruleActions[alert.id]); }), }; }; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_create_rule_actions_saved_object.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_create_rule_actions_saved_object.ts new file mode 100644 index 0000000000000..110c1c31a8022 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_create_rule_actions_saved_object.ts @@ -0,0 +1,54 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { AlertServices } from '../../../../../alerting/server'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__ruleActionsSavedObjectType } from './do_not_use_saved_object_mappings'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes } from './do_not_use_types'; +// eslint-disable-next-line no-restricted-imports +import { + __DO_NOT_USE__getThrottleOptions, + __DO_NOT_USE__getRuleActionsFromSavedObject, +} from './do_not_use_utils'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__RulesActionsSavedObject } from './do_not_use_get_rule_actions_saved_object'; +import { AlertAction } from '../../../../../alerting/common'; +import { transformAlertToRuleAction } from '../../../../common/detection_engine/transform_actions'; + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +// eslint-disable-next-line @typescript-eslint/naming-convention +interface __DO_NOT_USE__CreateRuleActionsSavedObject { + ruleAlertId: string; + savedObjectsClient: AlertServices['savedObjectsClient']; + actions: AlertAction[] | undefined; + throttle: string | null | undefined; +} + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +export const __DO_NOT_USE__createRuleActionsSavedObject = async ({ + ruleAlertId, + savedObjectsClient, + actions = [], + throttle, +}: __DO_NOT_USE__CreateRuleActionsSavedObject): Promise<__DO_NOT_USE__RulesActionsSavedObject> => { + const ruleActionsSavedObject = + await savedObjectsClient.create<__DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes>( + __DO_NOT_USE__ruleActionsSavedObjectType, + { + ruleAlertId, + actions: actions.map((action) => transformAlertToRuleAction(action)), + ...__DO_NOT_USE__getThrottleOptions(throttle), + } + ); + + return __DO_NOT_USE__getRuleActionsFromSavedObject(ruleActionsSavedObject); +}; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_get_bulk_rule_actions_saved_object.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_get_bulk_rule_actions_saved_object.ts new file mode 100644 index 0000000000000..8e7feb61743aa --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_get_bulk_rule_actions_saved_object.ts @@ -0,0 +1,57 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { AlertServices } from '../../../../../alerting/server'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__ruleActionsSavedObjectType } from './do_not_use_saved_object_mappings'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes } from './do_not_use_types'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__getRuleActionsFromSavedObject } from './do_not_use_utils'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__RulesActionsSavedObject } from './do_not_use_get_rule_actions_saved_object'; +import { buildChunkedOrFilter } from '../signals/utils'; + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +// eslint-disable-next-line @typescript-eslint/naming-convention +interface __DO_NOT_USE__GetBulkRuleActionsSavedObject { + alertIds: string[]; + savedObjectsClient: AlertServices['savedObjectsClient']; +} + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +export const __DO_NOT_USE__getBulkRuleActionsSavedObject = async ({ + alertIds, + savedObjectsClient, +}: __DO_NOT_USE__GetBulkRuleActionsSavedObject): Promise< + Record +> => { + const filter = buildChunkedOrFilter( + `${__DO_NOT_USE__ruleActionsSavedObjectType}.attributes.ruleAlertId`, + alertIds + ); + const { + // eslint-disable-next-line @typescript-eslint/naming-convention + saved_objects, + } = await savedObjectsClient.find<__DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes>({ + type: __DO_NOT_USE__ruleActionsSavedObjectType, + perPage: 10000, + filter, + }); + return saved_objects.reduce( + (acc: { [key: string]: __DO_NOT_USE__RulesActionsSavedObject }, savedObject) => { + acc[savedObject.attributes.ruleAlertId] = + __DO_NOT_USE__getRuleActionsFromSavedObject(savedObject); + return acc; + }, + {} + ); +}; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_get_rule_actions_saved_object.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_get_rule_actions_saved_object.ts new file mode 100644 index 0000000000000..192737cc4629c --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_get_rule_actions_saved_object.ts @@ -0,0 +1,59 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { RuleAlertAction } from '../../../../common/detection_engine/types'; +import { AlertServices } from '../../../../../alerting/server'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__ruleActionsSavedObjectType } from './do_not_use_saved_object_mappings'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes } from './do_not_use_types'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__getRuleActionsFromSavedObject } from './do_not_use_utils'; + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +// eslint-disable-next-line @typescript-eslint/naming-convention +interface __DO_NOT_USE__GetRuleActionsSavedObject { + ruleAlertId: string; + savedObjectsClient: AlertServices['savedObjectsClient']; +} + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +// eslint-disable-next-line @typescript-eslint/naming-convention +export interface __DO_NOT_USE__RulesActionsSavedObject { + id: string; + actions: RuleAlertAction[]; + alertThrottle: string | null; + ruleThrottle: string; +} + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +export const __DO_NOT_USE__getRuleActionsSavedObject = async ({ + ruleAlertId, + savedObjectsClient, +}: __DO_NOT_USE__GetRuleActionsSavedObject): Promise<__DO_NOT_USE__RulesActionsSavedObject | null> => { + const { + // eslint-disable-next-line @typescript-eslint/naming-convention + saved_objects, + } = await savedObjectsClient.find<__DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes>({ + type: __DO_NOT_USE__ruleActionsSavedObjectType, + perPage: 1, + search: `${ruleAlertId}`, + searchFields: ['ruleAlertId'], + }); + + if (!saved_objects[0]) { + return null; + } else { + return __DO_NOT_USE__getRuleActionsFromSavedObject(saved_objects[0]); + } +}; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/migrations.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_migrations.ts similarity index 90% rename from x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/migrations.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_migrations.ts index 2853ca92e2a58..2c62d03e023ec 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/migrations.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_migrations.ts @@ -11,13 +11,14 @@ import { SavedObjectSanitizedDoc, SavedObjectAttributes, } from '../../../../../../../src/core/server'; -import { IRuleActionsAttributesSavedObjectAttributes } from './types'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes } from './do_not_use_types'; /** * We keep this around to migrate and update data for the old deprecated rule actions saved object mapping but we * do not use it anymore within the code base. Once we feel comfortable that users are upgrade far enough and this is no longer * needed then it will be safe to remove this saved object and all its migrations - * @deprecated Remove this once we no longer need legacy migrations for rule actions (8.0.0) + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ function isEmptyObject(obj: {}) { for (const attr in obj) { @@ -32,12 +33,12 @@ function isEmptyObject(obj: {}) { * We keep this around to migrate and update data for the old deprecated rule actions saved object mapping but we * do not use it anymore within the code base. Once we feel comfortable that users are upgrade far enough and this is no longer * needed then it will be safe to remove this saved object and all its migrations - * @deprecated Remove this once we no longer need legacy migrations for rule actions (8.0.0) + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const ruleActionsSavedObjectMigration = { +export const __DO_NOT_USE__ruleActionsSavedObjectMigration = { '7.11.2': ( - doc: SavedObjectUnsanitizedDoc - ): SavedObjectSanitizedDoc => { + doc: SavedObjectUnsanitizedDoc<__DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes> + ): SavedObjectSanitizedDoc<__DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes> => { const { actions } = doc.attributes; const newActions = actions.reduce((acc, action) => { if ( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/saved_object_mappings.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_saved_object_mappings.ts similarity index 72% rename from x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/saved_object_mappings.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_saved_object_mappings.ts index 6522cb431d0fb..ca1c9345b4ce4 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/saved_object_mappings.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_saved_object_mappings.ts @@ -6,23 +6,24 @@ */ import { SavedObjectsType } from '../../../../../../../src/core/server'; -import { ruleActionsSavedObjectMigration } from './migrations'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__ruleActionsSavedObjectMigration } from './do_not_use_migrations'; /** * We keep this around to migrate and update data for the old deprecated rule actions saved object mapping but we * do not use it anymore within the code base. Once we feel comfortable that users are upgrade far enough and this is no longer * needed then it will be safe to remove this saved object and all its migrations. - * * @deprecated Remove this once we no longer need legacy migrations for rule actions (8.0.0) + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -const ruleActionsSavedObjectType = 'siem-detection-engine-rule-actions'; +export const __DO_NOT_USE__ruleActionsSavedObjectType = 'siem-detection-engine-rule-actions'; /** * We keep this around to migrate and update data for the old deprecated rule actions saved object mapping but we * do not use it anymore within the code base. Once we feel comfortable that users are upgrade far enough and this is no longer * needed then it will be safe to remove this saved object and all its migrations. - * * @deprecated Remove this once we no longer need legacy migrations for rule actions (8.0.0) + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -const ruleActionsSavedObjectMappings: SavedObjectsType['mappings'] = { +const __DO_NOT_USE__ruleActionsSavedObjectMappings: SavedObjectsType['mappings'] = { properties: { alertThrottle: { type: 'keyword', @@ -59,10 +60,10 @@ const ruleActionsSavedObjectMappings: SavedObjectsType['mappings'] = { * needed then it will be safe to remove this saved object and all its migrations. * @deprecated Remove this once we no longer need legacy migrations for rule actions (8.0.0) */ -export const type: SavedObjectsType = { - name: ruleActionsSavedObjectType, +export const __DO_NOT_USE__type: SavedObjectsType = { + name: __DO_NOT_USE__ruleActionsSavedObjectType, hidden: false, namespaceType: 'single', - mappings: ruleActionsSavedObjectMappings, - migrations: ruleActionsSavedObjectMigration, + mappings: __DO_NOT_USE__ruleActionsSavedObjectMappings, + migrations: __DO_NOT_USE__ruleActionsSavedObjectMigration, }; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/types.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_types.ts similarity index 73% rename from x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/types.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_types.ts index e43e49b669424..acd20439d8ea9 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/types.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_types.ts @@ -5,6 +5,8 @@ * 2.0. */ +/* eslint-disable @typescript-eslint/naming-convention */ + import { SavedObjectAttributes } from 'kibana/server'; import { RuleAlertAction } from '../../../../common/detection_engine/types'; @@ -15,7 +17,7 @@ import { RuleAlertAction } from '../../../../common/detection_engine/types'; * @deprecated */ // eslint-disable-next-line @typescript-eslint/no-explicit-any -export interface IRuleActionsAttributes extends Record { +export interface __DO_NOT_USE__IRuleActionsAttributes extends Record { ruleAlertId: string; actions: RuleAlertAction[]; ruleThrottle: string; @@ -28,6 +30,16 @@ export interface IRuleActionsAttributes extends Record { * needed then it will be safe to remove this saved object and all its migrations. * @deprecated */ -export interface IRuleActionsAttributesSavedObjectAttributes - extends IRuleActionsAttributes, +export interface __DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes + extends __DO_NOT_USE__IRuleActionsAttributes, SavedObjectAttributes {} + +/** + * @deprecated Remove this once + */ +export interface __DO_NOT_USE__RuleActions { + id: string; + actions: RuleAlertAction[]; + ruleThrottle: string; + alertThrottle: string | null; +} diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_update_or_create_rule_actions_saved_object.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_update_or_create_rule_actions_saved_object.ts new file mode 100644 index 0000000000000..420dcba465a5f --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_update_or_create_rule_actions_saved_object.ts @@ -0,0 +1,60 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { AlertAction } from '../../../../../alerting/common'; +import { AlertServices } from '../../../../../alerting/server'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__getRuleActionsSavedObject } from './do_not_use_get_rule_actions_saved_object'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__createRuleActionsSavedObject } from './do_not_use_create_rule_actions_saved_object'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__updateRuleActionsSavedObject } from './do_not_use_update_rule_actions_saved_object'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__RuleActions } from './do_not_use_types'; + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +// eslint-disable-next-line @typescript-eslint/naming-convention +interface __DO_NOT_USE__UpdateOrCreateRuleActionsSavedObject { + ruleAlertId: string; + savedObjectsClient: AlertServices['savedObjectsClient']; + actions: AlertAction[] | undefined; + throttle: string | null | undefined; +} + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +export const __DO_NOT_USE__updateOrCreateRuleActionsSavedObject = async ({ + savedObjectsClient, + ruleAlertId, + actions, + throttle, +}: __DO_NOT_USE__UpdateOrCreateRuleActionsSavedObject): Promise<__DO_NOT_USE__RuleActions> => { + const ruleActions = await __DO_NOT_USE__getRuleActionsSavedObject({ + ruleAlertId, + savedObjectsClient, + }); + + if (ruleActions != null) { + return __DO_NOT_USE__updateRuleActionsSavedObject({ + ruleAlertId, + savedObjectsClient, + actions, + throttle, + ruleActions, + }); + } else { + return __DO_NOT_USE__createRuleActionsSavedObject({ + ruleAlertId, + savedObjectsClient, + actions, + throttle, + }); + } +}; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_update_rule_actions_saved_object.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_update_rule_actions_saved_object.ts new file mode 100644 index 0000000000000..9198f563a088a --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_update_rule_actions_saved_object.ts @@ -0,0 +1,70 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { AlertServices } from '../../../../../alerting/server'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__ruleActionsSavedObjectType } from './do_not_use_saved_object_mappings'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__RulesActionsSavedObject } from './do_not_use_get_rule_actions_saved_object'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__getThrottleOptions } from './do_not_use_utils'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes } from './do_not_use_types'; +import { AlertAction } from '../../../../../alerting/common'; +import { transformAlertToRuleAction } from '../../../../common/detection_engine/transform_actions'; + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +// eslint-disable-next-line @typescript-eslint/naming-convention +interface __DO_NOT_USE__UpdateRuleActionsSavedObject { + ruleAlertId: string; + savedObjectsClient: AlertServices['savedObjectsClient']; + actions: AlertAction[] | undefined; + throttle: string | null | undefined; + ruleActions: __DO_NOT_USE__RulesActionsSavedObject; +} + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +export const __DO_NOT_USE__updateRuleActionsSavedObject = async ({ + ruleAlertId, + savedObjectsClient, + actions, + throttle, + ruleActions, +}: __DO_NOT_USE__UpdateRuleActionsSavedObject): Promise<__DO_NOT_USE__RulesActionsSavedObject> => { + const throttleOptions = throttle + ? __DO_NOT_USE__getThrottleOptions(throttle) + : { + ruleThrottle: ruleActions.ruleThrottle, + alertThrottle: ruleActions.alertThrottle, + }; + + const options = { + actions: + actions != null + ? actions.map((action) => transformAlertToRuleAction(action)) + : ruleActions.actions, + ...throttleOptions, + }; + + await savedObjectsClient.update<__DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes>( + __DO_NOT_USE__ruleActionsSavedObjectType, + ruleActions.id, + { + ruleAlertId, + ...options, + } + ); + + return { + id: ruleActions.id, + ...options, + }; +}; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_utils.ts new file mode 100644 index 0000000000000..f7828b1020ea0 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_utils.ts @@ -0,0 +1,41 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { SavedObjectsUpdateResponse } from 'kibana/server'; +import { RuleAlertAction } from '../../../../common/detection_engine/types'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes } from './do_not_use_types'; + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +export const __DO_NOT_USE__getThrottleOptions = ( + throttle: string | undefined | null = 'no_actions' +): { + ruleThrottle: string; + alertThrottle: string | null; +} => ({ + ruleThrottle: throttle ?? 'no_actions', + alertThrottle: ['no_actions', 'rule'].includes(throttle ?? 'no_actions') ? null : throttle, +}); + +/** + * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + */ +export const __DO_NOT_USE__getRuleActionsFromSavedObject = ( + savedObject: SavedObjectsUpdateResponse<__DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes> +): { + id: string; + actions: RuleAlertAction[]; + alertThrottle: string | null; + ruleThrottle: string; +} => ({ + id: savedObject.id, + actions: savedObject.attributes.actions || [], + alertThrottle: savedObject.attributes.alertThrottle || null, + ruleThrottle: savedObject.attributes.ruleThrottle || 'no_actions', +}); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.test.ts index 574b16207786f..c193903103c33 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.test.ts @@ -278,72 +278,87 @@ describe('utils', () => { describe('#transformFromAlertThrottle', () => { test('muteAll returns "NOTIFICATION_THROTTLE_NO_ACTIONS" even with notifyWhen set and actions has an array element', () => { expect( - transformFromAlertThrottle({ - muteAll: true, - notifyWhen: 'onActiveAlert', - actions: [ - { - group: 'group', - id: 'id-123', - actionTypeId: 'id-456', - params: {}, - }, - ], - } as SanitizedAlert) + transformFromAlertThrottle( + { + muteAll: true, + notifyWhen: 'onActiveAlert', + actions: [ + { + group: 'group', + id: 'id-123', + actionTypeId: 'id-456', + params: {}, + }, + ], + } as SanitizedAlert, + undefined + ) ).toEqual(NOTIFICATION_THROTTLE_NO_ACTIONS); }); test('returns "NOTIFICATION_THROTTLE_NO_ACTIONS" if actions is an empty array and we do not have a throttle', () => { expect( - transformFromAlertThrottle({ - muteAll: false, - notifyWhen: 'onActiveAlert', - actions: [], - } as unknown as SanitizedAlert) + transformFromAlertThrottle( + { + muteAll: false, + notifyWhen: 'onActiveAlert', + actions: [], + } as unknown as SanitizedAlert, + undefined + ) ).toEqual(NOTIFICATION_THROTTLE_NO_ACTIONS); }); test('returns "NOTIFICATION_THROTTLE_NO_ACTIONS" if actions is an empty array and we have a throttle', () => { expect( - transformFromAlertThrottle({ - muteAll: false, - notifyWhen: 'onThrottleInterval', - actions: [], - throttle: '1d', - } as unknown as SanitizedAlert) + transformFromAlertThrottle( + { + muteAll: false, + notifyWhen: 'onThrottleInterval', + actions: [], + throttle: '1d', + } as unknown as SanitizedAlert, + undefined + ) ).toEqual(NOTIFICATION_THROTTLE_NO_ACTIONS); }); test('it returns "NOTIFICATION_THROTTLE_RULE" if "notifyWhen" is set, muteAll is false and we have an actions array', () => { expect( - transformFromAlertThrottle({ - muteAll: false, - notifyWhen: 'onActiveAlert', - actions: [ - { - group: 'group', - id: 'id-123', - actionTypeId: 'id-456', - params: {}, - }, - ], - } as SanitizedAlert) + transformFromAlertThrottle( + { + muteAll: false, + notifyWhen: 'onActiveAlert', + actions: [ + { + group: 'group', + id: 'id-123', + actionTypeId: 'id-456', + params: {}, + }, + ], + } as SanitizedAlert, + undefined + ) ).toEqual(NOTIFICATION_THROTTLE_RULE); }); test('it returns "NOTIFICATION_THROTTLE_RULE" if "notifyWhen" and "throttle" are not set, but we have an actions array', () => { expect( - transformFromAlertThrottle({ - muteAll: false, - actions: [ - { - group: 'group', - id: 'id-123', - actionTypeId: 'id-456', - params: {}, - }, - ], - } as SanitizedAlert) + transformFromAlertThrottle( + { + muteAll: false, + actions: [ + { + group: 'group', + id: 'id-123', + actionTypeId: 'id-456', + params: {}, + }, + ], + } as SanitizedAlert, + undefined + ) ).toEqual(NOTIFICATION_THROTTLE_RULE); }); }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.ts index 3fdd97b7d933f..88e0353dd2e69 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.ts @@ -27,7 +27,7 @@ import type { } from '@kbn/securitysolution-io-ts-alerting-types'; import type { ListArrayOrUndefined } from '@kbn/securitysolution-io-ts-list-types'; import type { VersionOrUndefined } from '@kbn/securitysolution-io-ts-types'; -import { AlertNotifyWhenType, SanitizedAlert } from '../../../../../alerting/common'; +import { AlertAction, AlertNotifyWhenType, SanitizedAlert } from '../../../../../alerting/common'; import { DescriptionOrUndefined, AnomalyThresholdOrUndefined, @@ -61,6 +61,9 @@ import { NOTIFICATION_THROTTLE_RULE, } from '../../../../common/constants'; import { RulesClient } from '../../../../../alerting/server'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__RuleActions } from '../rule_actions/do_not_use_types'; +import { FullResponseSchema } from '../../../../common/detection_engine/schemas/request'; export const calculateInterval = ( interval: string | undefined, @@ -213,24 +216,61 @@ export const transformToAlertThrottle = (throttle: string | null | undefined): s } }; +/** + * Given a set of actions from an "alerting" Saved Object (SO) this will transform it into a "security_solution" alert action. + * If this detects any legacy rule actions it will transform it. If both are sent in which is not typical but possible due to + * the split nature of the API's this will prefer the usage of the non-legacy version. Eventually the "legacyRuleActions" should + * be removed. + * @param alertAction The alert action form a "alerting" Saved Object (SO). + * @param legacyRuleActions Legacy "side car" rule actions that if it detects it being passed it in will transform using it. + * @returns The actions of the FullResponseSchema + */ +export const transformActions = ( + alertAction: AlertAction[] | undefined, + legacyRuleActions: __DO_NOT_USE__RuleActions | null | undefined +): FullResponseSchema['actions'] => { + if (alertAction != null && alertAction.length !== 0) { + return alertAction.map((action) => ({ + group: action.group, + id: action.id, + action_type_id: action.actionTypeId, + params: action.params, + })); + } else if (legacyRuleActions != null) { + return legacyRuleActions.actions; + } else { + return []; + } +}; + /** * Given a throttle from an "alerting" Saved Object (SO) this will transform it into a "security_solution" - * throttle type. - * @params throttle The throttle from a "alerting" Saved Object (SO) + * throttle type. If given the "legacyRuleActions" but we detect that the rule for an unknown reason has actions + * on it to which should not be typical but possible due to the split nature of the API's, this will prefer the + * usage of the non-legacy version. Eventually the "legacyRuleActions" should be removed. + * @param throttle The throttle from a "alerting" Saved Object (SO) + * @param legacyRuleActions Legacy "side car" rule actions that if it detects it being passed it in will transform using it. * @returns The "security_solution" throttle */ -export const transformFromAlertThrottle = (rule: SanitizedAlert): string => { - if (rule.muteAll || rule.actions.length === 0) { - return NOTIFICATION_THROTTLE_NO_ACTIONS; - } else if ( - rule.notifyWhen === 'onActiveAlert' || - (rule.throttle == null && rule.notifyWhen == null) - ) { - return NOTIFICATION_THROTTLE_RULE; - } else if (rule.throttle == null) { - return NOTIFICATION_THROTTLE_NO_ACTIONS; +export const transformFromAlertThrottle = ( + rule: SanitizedAlert, + legacyRuleActions: __DO_NOT_USE__RuleActions | null | undefined +): string => { + if (legacyRuleActions == null || (rule.actions != null && rule.actions.length > 0)) { + if (rule.muteAll || rule.actions.length === 0) { + return NOTIFICATION_THROTTLE_NO_ACTIONS; + } else if ( + rule.notifyWhen === 'onActiveAlert' || + (rule.throttle == null && rule.notifyWhen == null) + ) { + return NOTIFICATION_THROTTLE_RULE; + } else if (rule.throttle == null) { + return NOTIFICATION_THROTTLE_NO_ACTIONS; + } else { + return rule.throttle; + } } else { - return rule.throttle; + return legacyRuleActions.ruleThrottle; } }; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/schemas/rule_converters.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/schemas/rule_converters.ts index 5214be513a0e6..aba4a5fb02ea6 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/schemas/rule_converters.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/schemas/rule_converters.ts @@ -35,8 +35,11 @@ import { transformFromAlertThrottle, transformToAlertThrottle, transformToNotifyWhen, + transformActions, } from '../rules/utils'; import { ruleTypeMappings } from '../signals/utils'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__RuleActions } from '../rule_actions/do_not_use_types'; // These functions provide conversions from the request API schema to the internal rule schema and from the internal rule schema // to the response API schema. This provides static type-check assurances that the internal schema is in sync with the API schema for @@ -279,7 +282,8 @@ export const commonParamsCamelToSnake = (params: BaseRuleParams) => { export const internalRuleToAPIResponse = ( rule: SanitizedAlert, - ruleStatus?: IRuleStatusSOAttributes + ruleStatus?: IRuleStatusSOAttributes, + legacyRuleActions?: __DO_NOT_USE__RuleActions | null ): FullResponseSchema => { const mergedStatus = ruleStatus ? mergeAlertWithSidecarStatus(rule, ruleStatus) : undefined; return { @@ -298,14 +302,8 @@ export const internalRuleToAPIResponse = ( // Type specific security solution rule params ...typeSpecificCamelToSnake(rule.params), // Actions - throttle: transformFromAlertThrottle(rule), - actions: - rule?.actions.map((action) => ({ - group: action.group, - id: action.id, - action_type_id: action.actionTypeId, - params: action.params, - })) ?? [], + throttle: transformFromAlertThrottle(rule, legacyRuleActions), + actions: transformActions(rule.actions, legacyRuleActions), // Rule status status: mergedStatus?.status ?? undefined, status_date: mergedStatus?.statusDate ?? undefined, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/legacy_notifications/one_action.json b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/legacy_notifications/one_action.json new file mode 100644 index 0000000000000..0726c63becdf9 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/legacy_notifications/one_action.json @@ -0,0 +1,14 @@ +{ + "name": "Legacy notification with one action", + "interval": "1m", + "actions": [ + { + "id": "21f1c6e0-09d5-11ec-908c-57a10fa3ee91", + "group": "default", + "params": { + "message": "Hourly\nRule {{context.rule.name}} generated {{state.signals_count}} alerts" + }, + "actionTypeId": ".slack" + } + ] +} diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/post_legacy_notification.sh b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/post_legacy_notification.sh new file mode 100755 index 0000000000000..f3bd23bf14d87 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/post_legacy_notification.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +# +# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +# or more contributor license agreements. Licensed under the Elastic License +# 2.0; you may not use this file except in compliance with the Elastic License +# 2.0. +# + +set -e +./check_env_variables.sh + +# Uses a default if no argument is specified +NOTIFICATIONS=${2:-./legacy_notifications/one_action.json} + +# Posts a legacy notification "side car". This should be removed once there are no more legacy notifications. +# First argument should be a valid alert_id and the second argument should be to a notification file which contains the legacy notification +# Example: ./post_legacy_notification.sh acd008d0-1b19-11ec-b5bd-7733d658a2ea +# Example: ./post_legacy_notification.sh acd008d0-1b19-11ec-b5bd-7733d658a2ea ./legacy_notifications/one_action.json +curl -s -k \ + -H 'Content-Type: application/json' \ + -H 'kbn-xsrf: 123' \ + -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} \ + -X POST ${KIBANA_URL}${SPACE_URL}/internal/api/detection/do_not_use/notifications?alert_id="$1" \ + -d @${NOTIFICATIONS} | jq . diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts index 14da8ca650960..3504c4ccf3e8e 100644 --- a/x-pack/plugins/security_solution/server/plugin.ts +++ b/x-pack/plugins/security_solution/server/plugin.ts @@ -67,7 +67,7 @@ import { APP_ID, SERVER_APP_ID, SIGNALS_ID, - NOTIFICATIONS_ID, + __DO_NOT_USE__NOTIFICATIONS_ID, QUERY_RULE_TYPE_ID, DEFAULT_SPACE_ID, INDICATOR_RULE_TYPE_ID, @@ -104,6 +104,10 @@ import { getKibanaPrivilegesFeaturePrivileges } from './features'; import { EndpointMetadataService } from './endpoint/services/metadata'; import { CreateRuleOptions } from './lib/detection_engine/rule_types/types'; import { ctiFieldMap } from './lib/detection_engine/rule_types/field_maps/cti'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__rulesNotificationAlertType } from './lib/detection_engine/notifications/do_not_use_rules_notification_alert_type'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__isNotificationAlertExecutor } from './lib/detection_engine/notifications/do_not_use_types'; export interface SetupPlugins { alerting: AlertingSetup; @@ -296,7 +300,7 @@ export class Plugin implements IPlugin { diff --git a/x-pack/plugins/security_solution/server/routes/index.ts b/x-pack/plugins/security_solution/server/routes/index.ts index d68bfa0846b96..4151f254167db 100644 --- a/x-pack/plugins/security_solution/server/routes/index.ts +++ b/x-pack/plugins/security_solution/server/routes/index.ts @@ -56,6 +56,8 @@ import { persistPinnedEventRoute } from '../lib/timeline/routes/pinned_events'; import { SetupPlugins } from '../plugin'; import { ConfigType } from '../config'; import { installPrepackedTimelinesRoute } from '../lib/timeline/routes/prepackaged_timelines/install_prepackaged_timelines'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__createLegacyNotificationRoute } from '../lib/detection_engine/routes/rules/do_not_use_create_legacy_notification'; export const initRoutes = ( router: SecuritySolutionPluginRouter, @@ -75,6 +77,9 @@ export const initRoutes = ( deleteRulesRoute(router, isRuleRegistryEnabled); findRulesRoute(router, isRuleRegistryEnabled); + // Once we no longer have the legacy notifications system/"side car actions" this should be removed. + __DO_NOT_USE__createLegacyNotificationRoute(router); + // TODO: pass isRuleRegistryEnabled to all relevant routes addPrepackedRulesRoute(router, config, security, isRuleRegistryEnabled); diff --git a/x-pack/plugins/security_solution/server/saved_objects.ts b/x-pack/plugins/security_solution/server/saved_objects.ts index 42abb3dab2ac4..b875d691d07d6 100644 --- a/x-pack/plugins/security_solution/server/saved_objects.ts +++ b/x-pack/plugins/security_solution/server/saved_objects.ts @@ -12,7 +12,8 @@ import { type as ruleStatusType, ruleAssetType, } from './lib/detection_engine/rules/saved_object_mappings'; -import { type as ruleActionsType } from './lib/detection_engine/rule_actions/saved_object_mappings'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__type as __DO_NOT_USE__ruleActionsType } from './lib/detection_engine/rule_actions/do_not_use_saved_object_mappings'; import { type as signalsMigrationType } from './lib/detection_engine/migrations/saved_objects'; import { exceptionsArtifactType, @@ -22,7 +23,7 @@ import { const types = [ noteType, pinnedEventType, - ruleActionsType, + __DO_NOT_USE__ruleActionsType, ruleStatusType, ruleAssetType, timelineType, diff --git a/x-pack/plugins/security_solution/server/types.ts b/x-pack/plugins/security_solution/server/types.ts index f47944b5fd392..7822a5b8ba3c5 100644 --- a/x-pack/plugins/security_solution/server/types.ts +++ b/x-pack/plugins/security_solution/server/types.ts @@ -12,6 +12,7 @@ import type { AlertingApiRequestHandlerContext } from '../../alerting/server'; import { AppClient } from './client'; import { RuleExecutionLogClient } from './lib/detection_engine/rule_execution_log/rule_execution_log_client'; +import type { ActionsApiRequestHandlerContext } from '../../actions/server'; export { AppClient }; @@ -25,6 +26,7 @@ export type SecuritySolutionRequestHandlerContext = RequestHandlerContext & { securitySolution: AppRequestContext; licensing: LicensingApiRequestHandlerContext; alerting: AlertingApiRequestHandlerContext; + actions: ActionsApiRequestHandlerContext; lists?: ListsApiRequestHandlerContext; }; From 9ff556b19da9c6eda8a5e7e19d8016fe8677bc9c Mon Sep 17 00:00:00 2001 From: FrankHassanabad Date: Wed, 22 Sep 2021 13:40:50 -0600 Subject: [PATCH 02/12] Fixes wording --- .eslintrc.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.eslintrc.js b/.eslintrc.js index a7615664e838f..bf9be69e0c175 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -935,7 +935,7 @@ module.exports = { { // prevents code from importing files that contain the name "do_not_use" within their name. This is a mechanism // to help deprecation and prevent accidental re-use/continued use of code we plan on removing. If you are - // finding yourself turning this off a lot for "new code" consider renaming the file and functions if it is valid uses. + // finding yourself turning this off a lot for "new code" consider renaming the file and functions if it is has valid uses. patterns: ['*do_not_use*'], }, ], @@ -1206,7 +1206,7 @@ module.exports = { { // prevents code from importing files that contain the name "do_not_use" within their name. This is a mechanism // to help deprecation and prevent accidental re-use/continued use of code we plan on removing. If you are - // finding yourself turning this off a lot for "new code" consider renaming the file and functions if it is valid uses. + // finding yourself turning this off a lot for "new code" consider renaming the file and functions if it has valid uses. patterns: ['*do_not_use*'], }, ], @@ -1327,7 +1327,7 @@ module.exports = { { // prevents code from importing files that contain the name "do_not_use" within their name. This is a mechanism // to help deprecation and prevent accidental re-use/continued use of code we plan on removing. If you are - // finding yourself turning this off a lot for "new code" consider renaming the file and functions if it is valid uses. + // finding yourself turning this off a lot for "new code" consider renaming the file and functions if it has valid uses. patterns: ['*do_not_use*'], }, ], From ef52e18914cdcf17d2a516678945c898ae196116 Mon Sep 17 00:00:00 2001 From: FrankHassanabad Date: Wed, 22 Sep 2021 18:01:24 -0600 Subject: [PATCH 03/12] Updated example --- .../scripts/legacy_notifications/one_action.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/legacy_notifications/one_action.json b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/legacy_notifications/one_action.json index 0726c63becdf9..b1500ac6fa6b7 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/legacy_notifications/one_action.json +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/legacy_notifications/one_action.json @@ -3,7 +3,7 @@ "interval": "1m", "actions": [ { - "id": "21f1c6e0-09d5-11ec-908c-57a10fa3ee91", + "id": "879e8ff0-1be1-11ec-a722-83da1c22a481", "group": "default", "params": { "message": "Hourly\nRule {{context.rule.name}} generated {{state.signals_count}} alerts" From 94fc0afa466d2eb8f85dbd486f85fc90d4d48565 Mon Sep 17 00:00:00 2001 From: FrankHassanabad Date: Wed, 22 Sep 2021 18:52:43 -0600 Subject: [PATCH 04/12] Updated find_route, read_route to work with the legacy actions side car --- .../routes/rules/read_rules_route.ts | 14 +- .../routes/rules/utils.test.ts | 110 +----------- .../detection_engine/routes/rules/utils.ts | 64 ++----- .../detection_engine/routes/rules/validate.ts | 12 +- .../lib/detection_engine/routes/utils.test.ts | 164 ------------------ .../lib/detection_engine/routes/utils.ts | 70 -------- .../lib/detection_engine/rules/types.ts | 13 +- 7 files changed, 33 insertions(+), 414 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/read_rules_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/read_rules_route.ts index 6b643bde22b17..86b2a7c989b38 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/read_rules_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/read_rules_route.ts @@ -19,6 +19,8 @@ import { buildSiemResponse } from '../utils'; import { readRules } from '../../rules/read_rules'; import { RuleExecutionStatus } from '../../../../../common/detection_engine/schemas/common/schemas'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__getRuleActionsSavedObject } from '../../rule_actions/do_not_use_get_rule_actions_saved_object'; export const readRulesRoute = ( router: SecuritySolutionPluginRouter, @@ -53,6 +55,7 @@ export const readRulesRoute = ( } const ruleStatusClient = context.securitySolution.getExecutionLogClient(); + const savedObjectsClient = context.core.savedObjects.client; const rule = await readRules({ id, isRuleRegistryEnabled, @@ -60,6 +63,10 @@ export const readRulesRoute = ( ruleId, }); if (rule != null) { + const legacyRuleActions = await __DO_NOT_USE__getRuleActionsSavedObject({ + savedObjectsClient, + ruleAlertId: rule.id, + }); const ruleStatuses = await ruleStatusClient.find({ logsCount: 1, ruleId: rule.id, @@ -74,7 +81,12 @@ export const readRulesRoute = ( rule.executionStatus.lastExecutionDate.toISOString(); currentStatus.attributes.status = RuleExecutionStatus.failed; } - const transformed = transform(rule, currentStatus, isRuleRegistryEnabled); + const transformed = transform( + rule, + currentStatus, + isRuleRegistryEnabled, + legacyRuleActions + ); if (transformed == null) { return siemResponse.error({ statusCode: 500, body: 'Internal error transforming' }); } else { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.test.ts index a6f491b067303..4a5a4e097b919 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.test.ts @@ -15,16 +15,14 @@ import { transform, transformTags, getIdBulkError, - transformOrBulkError, transformAlertsToRules, - transformOrImportError, getDuplicates, getTupleDuplicateErrorsAndUniqueRules, } from './utils'; import { getAlertMock } from '../__mocks__/request_responses'; import { INTERNAL_IDENTIFIER } from '../../../../../common/constants'; import { PartialFilter } from '../../types'; -import { BulkError, ImportSuccessError } from '../utils'; +import { BulkError } from '../utils'; import { getOutputRuleAlertForRest } from '../__mocks__/utils'; import { PartialAlert } from '../../../../../../alerting/server'; import { createRulesStreamFromNdJson } from '../../rules/create_rules_stream_from_ndjson'; @@ -402,44 +400,6 @@ describe.each([ }); }); - describe('transformOrBulkError', () => { - test('outputs 200 if the data is of type siem alert', () => { - const output = transformOrBulkError( - 'rule-1', - getAlertMock(isRuleRegistryEnabled, getQueryRuleParams()), - { - id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', - actions: [], - ruleThrottle: 'no_actions', - alertThrottle: null, - }, - isRuleRegistryEnabled - ); - const expected = getOutputRuleAlertForRest(); - expect(output).toEqual(expected); - }); - - test('returns 500 if the data is not of type siem alert', () => { - const unsafeCast = { name: 'something else' } as unknown as PartialAlert; - const output = transformOrBulkError( - 'rule-1', - unsafeCast, - { - id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', - actions: [], - ruleThrottle: 'no_actions', - alertThrottle: null, - }, - isRuleRegistryEnabled - ); - const expected: BulkError = { - rule_id: 'rule-1', - error: { message: 'Internal error transforming', status_code: 500 }, - }; - expect(output).toEqual(expected); - }); - }); - describe('transformAlertsToRules', () => { test('given an empty array returns an empty array', () => { expect(transformAlertsToRules([])).toEqual([]); @@ -467,74 +427,6 @@ describe.each([ }); }); - describe('transformOrImportError', () => { - test('returns 1 given success if the alert is an alert type and the existing success count is 0', () => { - const output = transformOrImportError( - 'rule-1', - getAlertMock(isRuleRegistryEnabled, getQueryRuleParams()), - { - success: true, - success_count: 0, - errors: [], - }, - isRuleRegistryEnabled - ); - const expected: ImportSuccessError = { - success: true, - errors: [], - success_count: 1, - }; - expect(output).toEqual(expected); - }); - - test('returns 2 given successes if the alert is an alert type and the existing success count is 1', () => { - const output = transformOrImportError( - 'rule-1', - getAlertMock(isRuleRegistryEnabled, getQueryRuleParams()), - { - success: true, - success_count: 1, - errors: [], - }, - isRuleRegistryEnabled - ); - const expected: ImportSuccessError = { - success: true, - errors: [], - success_count: 2, - }; - expect(output).toEqual(expected); - }); - - test('returns 1 error and success of false if the data is not of type siem alert', () => { - const unsafeCast = { name: 'something else' } as unknown as PartialAlert; - const output = transformOrImportError( - 'rule-1', - unsafeCast, - { - success: true, - success_count: 1, - errors: [], - }, - isRuleRegistryEnabled - ); - const expected: ImportSuccessError = { - success: false, - errors: [ - { - rule_id: 'rule-1', - error: { - message: 'Internal error transforming', - status_code: 500, - }, - }, - ], - success_count: 1, - }; - expect(output).toEqual(expected); - }); - }); - describe('getDuplicates', () => { test("returns array of ruleIds showing the duplicate keys of 'value2' and 'value3'", () => { const output = getDuplicates( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.ts index 12afa6f99f93a..fe0798e035d9f 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.ts @@ -18,18 +18,10 @@ import { RuleAlertType, isAlertType, IRuleSavedAttributesSavedObjectAttributes, - isRuleStatusFindType, isRuleStatusSavedObjectType, IRuleStatusSOAttributes, } from '../../rules/types'; -import { - createBulkErrorObject, - BulkError, - createSuccessObject, - ImportSuccessError, - createImportErrorObject, - OutputError, -} from '../utils'; +import { createBulkErrorObject, BulkError, OutputError } from '../utils'; import { internalRuleToAPIResponse } from '../../schemas/rule_converters'; import { RuleParams } from '../../schemas/rule_schemas'; import { SanitizedAlert } from '../../../../../../alerting/common'; @@ -105,9 +97,10 @@ export const transformTags = (tags: string[]): string[] => { // those on the export export const transformAlertToRule = ( alert: SanitizedAlert, - ruleStatus?: SavedObject + ruleStatus?: SavedObject, + legacyRuleActions?: __DO_NOT_USE__RulesActionsSavedObject | null ): Partial => { - return internalRuleToAPIResponse(alert, ruleStatus?.attributes); + return internalRuleToAPIResponse(alert, ruleStatus?.attributes, legacyRuleActions); }; export const transformAlertsToRules = (alerts: RuleAlertType[]): Array> => { @@ -117,7 +110,7 @@ export const transformAlertsToRules = (alerts: RuleAlertType[]): Array, ruleStatuses: { [key: string]: IRuleStatusSOAttributes[] | undefined }, - ruleActions: Record + legacyRuleActions: Record ): { page: number; perPage: number; @@ -131,7 +124,7 @@ export const transformFindAlerts = ( data: findResults.data.map((alert) => { const statuses = ruleStatuses[alert.id]; const status = statuses ? statuses[0] : undefined; - return internalRuleToAPIResponse(alert, status, ruleActions[alert.id]); + return internalRuleToAPIResponse(alert, status, legacyRuleActions[alert.id]); }), }; }; @@ -139,57 +132,20 @@ export const transformFindAlerts = ( export const transform = ( alert: PartialAlert, ruleStatus?: SavedObject, - isRuleRegistryEnabled?: boolean + isRuleRegistryEnabled?: boolean, + legacyRuleActions?: __DO_NOT_USE__RulesActionsSavedObject | null ): Partial | null => { if (isAlertType(isRuleRegistryEnabled ?? false, alert)) { return transformAlertToRule( alert, - isRuleStatusSavedObjectType(ruleStatus) ? ruleStatus : undefined + isRuleStatusSavedObjectType(ruleStatus) ? ruleStatus : undefined, + legacyRuleActions ); } return null; }; -export const transformOrBulkError = ( - ruleId: string, - alert: PartialAlert, - ruleStatus?: unknown, - isRuleRegistryEnabled?: boolean -): Partial | BulkError => { - if (isAlertType(isRuleRegistryEnabled ?? false, alert)) { - if (isRuleStatusFindType(ruleStatus) && ruleStatus?.saved_objects.length > 0) { - return transformAlertToRule(alert, ruleStatus?.saved_objects[0] ?? ruleStatus); - } else { - return transformAlertToRule(alert); - } - } else { - return createBulkErrorObject({ - ruleId, - statusCode: 500, - message: 'Internal error transforming', - }); - } -}; - -export const transformOrImportError = ( - ruleId: string, - alert: PartialAlert, - existingImportSuccessError: ImportSuccessError, - isRuleRegistryEnabled: boolean -): ImportSuccessError => { - if (isAlertType(isRuleRegistryEnabled, alert)) { - return createSuccessObject(existingImportSuccessError); - } else { - return createImportErrorObject({ - ruleId, - statusCode: 500, - message: 'Internal error transforming', - existingImportSuccessError, - }); - } -}; - export const getDuplicates = (ruleDefinitions: CreateRulesBulkSchema, by: 'rule_id'): string[] => { const mappedDuplicates = countBy( by, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/validate.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/validate.ts index c1969c5088bc0..ed297e81915a0 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/validate.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/validate.ts @@ -26,13 +26,16 @@ import { import { createBulkErrorObject, BulkError } from '../utils'; import { transform, transformAlertToRule } from './utils'; import { RuleParams } from '../../schemas/rule_schemas'; +// eslint-disable-next-line no-restricted-imports +import { __DO_NOT_USE__RulesActionsSavedObject } from '../../rule_actions/do_not_use_get_rule_actions_saved_object'; export const transformValidate = ( alert: PartialAlert, ruleStatus?: SavedObject, - isRuleRegistryEnabled?: boolean + isRuleRegistryEnabled?: boolean, + legacyRuleActions?: __DO_NOT_USE__RulesActionsSavedObject | null ): [RulesSchema | null, string | null] => { - const transformed = transform(alert, ruleStatus, isRuleRegistryEnabled); + const transformed = transform(alert, ruleStatus, isRuleRegistryEnabled, legacyRuleActions); if (transformed == null) { return [null, 'Internal error transforming']; } else { @@ -43,9 +46,10 @@ export const transformValidate = ( export const newTransformValidate = ( alert: PartialAlert, ruleStatus?: SavedObject, - isRuleRegistryEnabled?: boolean + isRuleRegistryEnabled?: boolean, + legacyRuleActions?: __DO_NOT_USE__RulesActionsSavedObject | null ): [FullResponseSchema | null, string | null] => { - const transformed = transform(alert, ruleStatus, isRuleRegistryEnabled); + const transformed = transform(alert, ruleStatus, isRuleRegistryEnabled, legacyRuleActions); if (transformed == null) { return [null, 'Internal error transforming']; } else { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/utils.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/utils.test.ts index 23a65b456e6bc..10472fe1c0a03 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/utils.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/utils.test.ts @@ -15,10 +15,6 @@ import { BadRequestError } from '@kbn/securitysolution-es-utils'; import { transformBulkError, BulkError, - createSuccessObject, - ImportSuccessError, - createImportErrorObject, - transformImportError, convertToSnakeCase, SiemResponseFactory, mergeStatuses, @@ -86,166 +82,6 @@ describe.each([ }); }); - describe('createSuccessObject', () => { - test('it should increment the existing success object by 1', () => { - const success = createSuccessObject({ - success_count: 0, - success: true, - errors: [], - }); - const expected: ImportSuccessError = { - success_count: 1, - success: true, - errors: [], - }; - expect(success).toEqual(expected); - }); - - test('it should increment the existing success object by 1 and not touch the boolean or errors', () => { - const success = createSuccessObject({ - success_count: 0, - success: false, - errors: [ - { rule_id: 'rule-1', error: { status_code: 500, message: 'some sad sad sad error' } }, - ], - }); - const expected: ImportSuccessError = { - success_count: 1, - success: false, - errors: [ - { rule_id: 'rule-1', error: { status_code: 500, message: 'some sad sad sad error' } }, - ], - }; - expect(success).toEqual(expected); - }); - }); - - describe('createImportErrorObject', () => { - test('it creates an error message and does not increment the success count', () => { - const error = createImportErrorObject({ - ruleId: 'some-rule-id', - statusCode: 400, - message: 'some-message', - existingImportSuccessError: { - success_count: 1, - success: true, - errors: [], - }, - }); - const expected: ImportSuccessError = { - success_count: 1, - success: false, - errors: [{ rule_id: 'some-rule-id', error: { status_code: 400, message: 'some-message' } }], - }; - expect(error).toEqual(expected); - }); - - test('appends a second error message and does not increment the success count', () => { - const error = createImportErrorObject({ - ruleId: 'some-rule-id', - statusCode: 400, - message: 'some-message', - existingImportSuccessError: { - success_count: 1, - success: false, - errors: [ - { rule_id: 'rule-1', error: { status_code: 500, message: 'some sad sad sad error' } }, - ], - }, - }); - const expected: ImportSuccessError = { - success_count: 1, - success: false, - errors: [ - { rule_id: 'rule-1', error: { status_code: 500, message: 'some sad sad sad error' } }, - { rule_id: 'some-rule-id', error: { status_code: 400, message: 'some-message' } }, - ], - }; - expect(error).toEqual(expected); - }); - }); - - describe('transformImportError', () => { - test('returns transformed object if it is a boom object', () => { - const boom = new Boom.Boom('some boom message', { statusCode: 400 }); - const transformed = transformImportError('rule-1', boom, { - success_count: 1, - success: false, - errors: [{ rule_id: 'some-rule-id', error: { status_code: 400, message: 'some-message' } }], - }); - const expected: ImportSuccessError = { - success_count: 1, - success: false, - errors: [ - { rule_id: 'some-rule-id', error: { status_code: 400, message: 'some-message' } }, - { rule_id: 'rule-1', error: { status_code: 400, message: 'some boom message' } }, - ], - }; - expect(transformed).toEqual(expected); - }); - - test('returns a normal error if it is some non boom object that has a statusCode', () => { - const error: Error & { statusCode?: number } = { - statusCode: 403, - name: 'some name', - message: 'some message', - }; - const transformed = transformImportError('rule-1', error, { - success_count: 1, - success: false, - errors: [{ rule_id: 'some-rule-id', error: { status_code: 400, message: 'some-message' } }], - }); - const expected: ImportSuccessError = { - success_count: 1, - success: false, - errors: [ - { rule_id: 'some-rule-id', error: { status_code: 400, message: 'some-message' } }, - { rule_id: 'rule-1', error: { status_code: 403, message: 'some message' } }, - ], - }; - expect(transformed).toEqual(expected); - }); - - test('returns a 500 if the status code is not set', () => { - const error: Error & { statusCode?: number } = { - name: 'some name', - message: 'some message', - }; - const transformed = transformImportError('rule-1', error, { - success_count: 1, - success: false, - errors: [{ rule_id: 'some-rule-id', error: { status_code: 400, message: 'some-message' } }], - }); - const expected: ImportSuccessError = { - success_count: 1, - success: false, - errors: [ - { rule_id: 'some-rule-id', error: { status_code: 400, message: 'some-message' } }, - { rule_id: 'rule-1', error: { status_code: 500, message: 'some message' } }, - ], - }; - expect(transformed).toEqual(expected); - }); - - test('it detects a BadRequestError and returns a Boom status of 400', () => { - const error: BadRequestError = new BadRequestError('I have a type error'); - const transformed = transformImportError('rule-1', error, { - success_count: 1, - success: false, - errors: [{ rule_id: 'some-rule-id', error: { status_code: 400, message: 'some-message' } }], - }); - const expected: ImportSuccessError = { - success_count: 1, - success: false, - errors: [ - { rule_id: 'some-rule-id', error: { status_code: 400, message: 'some-message' } }, - { rule_id: 'rule-1', error: { status_code: 400, message: 'I have a type error' } }, - ], - }; - expect(transformed).toEqual(expected); - }); - }); - describe('convertToSnakeCase', () => { it('converts camelCase to snakeCase', () => { const values = { myTestCamelCaseKey: 'something' }; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/utils.ts index b03050da59f49..a15dc4f176232 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/utils.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/utils.ts @@ -100,76 +100,6 @@ export const isImportRegular = ( return !has('error', importRuleResponse) && has('status_code', importRuleResponse); }; -export interface ImportSuccessError { - success: boolean; - success_count: number; - errors: BulkError[]; -} - -export const createSuccessObject = ( - existingImportSuccessError: ImportSuccessError -): ImportSuccessError => { - return { - success_count: existingImportSuccessError.success_count + 1, - success: existingImportSuccessError.success, - errors: existingImportSuccessError.errors, - }; -}; - -export const createImportErrorObject = ({ - ruleId, - statusCode, - message, - existingImportSuccessError, -}: { - ruleId: string; - statusCode: number; - message: string; - existingImportSuccessError: ImportSuccessError; -}): ImportSuccessError => { - return { - success: false, - errors: [ - ...existingImportSuccessError.errors, - createBulkErrorObject({ - ruleId, - statusCode, - message, - }), - ], - success_count: existingImportSuccessError.success_count, - }; -}; - -export const transformImportError = ( - ruleId: string, - err: Error & { statusCode?: number }, - existingImportSuccessError: ImportSuccessError -): ImportSuccessError => { - if (Boom.isBoom(err)) { - return createImportErrorObject({ - ruleId, - statusCode: err.output.statusCode, - message: err.message, - existingImportSuccessError, - }); - } else if (err instanceof BadRequestError) { - return createImportErrorObject({ - ruleId, - statusCode: 400, - message: err.message, - existingImportSuccessError, - }); - } else { - return createImportErrorObject({ - ruleId, - statusCode: err.statusCode ?? 500, - message: err.message, - existingImportSuccessError, - }); - } -}; - export const transformBulkError = ( ruleId: string, err: Error & { statusCode?: number } diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/types.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/types.ts index 5417417caad6b..cceda063e987b 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/types.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/types.ts @@ -8,12 +8,7 @@ import { get } from 'lodash/fp'; import { Readable } from 'stream'; -import { - SavedObject, - SavedObjectAttributes, - SavedObjectsFindResponse, - SavedObjectsFindResult, -} from 'kibana/server'; +import { SavedObject, SavedObjectAttributes, SavedObjectsFindResult } from 'kibana/server'; import type { MachineLearningJobIdOrUndefined, From, @@ -216,12 +211,6 @@ export const isRuleStatusSavedObjectType = ( return get('attributes', obj) != null; }; -export const isRuleStatusFindType = ( - obj: unknown -): obj is SavedObjectsFindResponse => { - return get('saved_objects', obj) != null; -}; - export interface CreateRulesOptions { rulesClient: RulesClient; anomalyThreshold: AnomalyThresholdOrUndefined; From d2be38cce511a15aaec32ee41d9c0fbbcc70ecc5 Mon Sep 17 00:00:00 2001 From: FrankHassanabad Date: Wed, 22 Sep 2021 19:51:33 -0600 Subject: [PATCH 05/12] Used legacy pattern instead of too strong of DO_NOT_USE pattern --- .../security_solution/common/constants.ts | 2 +- .../do_not_use_find_notifications.test.ts | 24 ------- ...d_tags.test.ts => legacy_add_tags.test.ts} | 12 ++-- ...not_use_add_tags.ts => legacy_add_tags.ts} | 2 +- ...ts => legacy_create_notifications.test.ts} | 8 +-- ...ions.ts => legacy_create_notifications.ts} | 21 +++--- .../legacy_find_notifications.test.ts | 24 +++++++ ...ations.ts => legacy_find_notifications.ts} | 16 ++--- ...t.ts => legacy_read_notifications.test.ts} | 65 +++++++++---------- ...ations.ts => legacy_read_notifications.ts} | 17 ++--- ...acy_rules_notification_alert_type.test.ts} | 12 ++-- ...> legacy_rules_notification_alert_type.ts} | 10 +-- .../{do_not_use_types.ts => legacy_types.ts} | 44 +++++-------- .../routes/__mocks__/request_responses.ts | 10 +-- .../routes/rules/find_rules_route.ts | 4 +- ...s => legacy_create_legacy_notification.ts} | 26 ++++---- .../routes/rules/read_rules_route.ts | 4 +- .../detection_engine/routes/rules/utils.ts | 8 +-- .../detection_engine/routes/rules/validate.ts | 6 +- ...egacy_create_rule_actions_saved_object.ts} | 26 ++++---- ...acy_get_bulk_rule_actions_saved_object.ts} | 28 ++++---- ...> legacy_get_rule_actions_saved_object.ts} | 22 +++---- ...use_migrations.ts => legacy_migrations.ts} | 8 +-- ...ngs.ts => legacy_saved_object_mappings.ts} | 14 ++-- .../{do_not_use_types.ts => legacy_types.ts} | 16 ++--- ...te_or_create_rule_actions_saved_object.ts} | 21 +++--- ...egacy_update_rule_actions_saved_object.ts} | 23 ++++--- .../{do_not_use_utils.ts => legacy_utils.ts} | 8 +-- .../lib/detection_engine/rules/utils.ts | 6 +- .../schemas/rule_converters.ts | 4 +- .../scripts/post_legacy_notification.sh | 2 +- .../security_solution/server/plugin.ts | 12 ++-- .../security_solution/server/routes/index.ts | 4 +- .../security_solution/server/saved_objects.ts | 4 +- 34 files changed, 239 insertions(+), 274 deletions(-) delete mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_find_notifications.test.ts rename x-pack/plugins/security_solution/server/lib/detection_engine/notifications/{do_not_use_add_tags.test.ts => legacy_add_tags.test.ts} (71%) rename x-pack/plugins/security_solution/server/lib/detection_engine/notifications/{do_not_use_add_tags.ts => legacy_add_tags.ts} (85%) rename x-pack/plugins/security_solution/server/lib/detection_engine/notifications/{do_not_use_create_notifications.test.ts => legacy_create_notifications.test.ts} (89%) rename x-pack/plugins/security_solution/server/lib/detection_engine/notifications/{do_not_use_create_notifications.ts => legacy_create_notifications.ts} (57%) create mode 100644 x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_find_notifications.test.ts rename x-pack/plugins/security_solution/server/lib/detection_engine/notifications/{do_not_use_find_notifications.ts => legacy_find_notifications.ts} (58%) rename x-pack/plugins/security_solution/server/lib/detection_engine/notifications/{do_not_use_read_notifications.test.ts => legacy_read_notifications.test.ts} (60%) rename x-pack/plugins/security_solution/server/lib/detection_engine/notifications/{do_not_use_read_notifications.ts => legacy_read_notifications.ts} (72%) rename x-pack/plugins/security_solution/server/lib/detection_engine/notifications/{do_not_use_rules_notification_alert_type.test.ts => legacy_rules_notification_alert_type.test.ts} (95%) rename x-pack/plugins/security_solution/server/lib/detection_engine/notifications/{do_not_use_rules_notification_alert_type.ts => legacy_rules_notification_alert_type.ts} (92%) rename x-pack/plugins/security_solution/server/lib/detection_engine/notifications/{do_not_use_types.ts => legacy_types.ts} (61%) rename x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/{do_not_use_create_legacy_notification.ts => legacy_create_legacy_notification.ts} (74%) rename x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/{do_not_use_create_rule_actions_saved_object.ts => legacy_create_rule_actions_saved_object.ts} (56%) rename x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/{do_not_use_get_bulk_rule_actions_saved_object.ts => legacy_get_bulk_rule_actions_saved_object.ts} (51%) rename x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/{do_not_use_get_rule_actions_saved_object.ts => legacy_get_rule_actions_saved_object.ts} (59%) rename x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/{do_not_use_migrations.ts => legacy_migrations.ts} (94%) rename x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/{do_not_use_saved_object_mappings.ts => legacy_saved_object_mappings.ts} (81%) rename x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/{do_not_use_types.ts => legacy_types.ts} (75%) rename x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/{do_not_use_update_or_create_rule_actions_saved_object.ts => legacy_update_or_create_rule_actions_saved_object.ts} (59%) rename x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/{do_not_use_update_rule_actions_saved_object.ts => legacy_update_rule_actions_saved_object.ts} (64%) rename x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/{do_not_use_utils.ts => legacy_utils.ts} (79%) diff --git a/x-pack/plugins/security_solution/common/constants.ts b/x-pack/plugins/security_solution/common/constants.ts index 2d3a3cd92d28e..75fb90c61c75e 100644 --- a/x-pack/plugins/security_solution/common/constants.ts +++ b/x-pack/plugins/security_solution/common/constants.ts @@ -203,7 +203,7 @@ export const THRESHOLD_RULE_TYPE_ID = `${RULE_TYPE_PREFIX}.thresholdRule` as con * Id for the notifications alerting type * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const __DO_NOT_USE__NOTIFICATIONS_ID = `siem.notifications`; +export const LEGACY_NOTIFICATIONS_ID = `siem.notifications`; /** * Special internal structure for tags for signals. This is used diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_find_notifications.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_find_notifications.test.ts deleted file mode 100644 index 701962ea2e55d..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_find_notifications.test.ts +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -// eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__getFilter } from './do_not_use_find_notifications'; -import { __DO_NOT_USE__NOTIFICATIONS_ID } from '../../../../common/constants'; - -describe('__DO_NOT_USE__find_notifications', () => { - test('it returns a full filter with an AND if sent down', () => { - expect(__DO_NOT_USE__getFilter('alert.attributes.enabled: true')).toEqual( - `alert.attributes.alertTypeId: ${__DO_NOT_USE__NOTIFICATIONS_ID} AND alert.attributes.enabled: true` - ); - }); - - test('it returns existing filter with no AND when not set', () => { - expect(__DO_NOT_USE__getFilter(null)).toEqual( - `alert.attributes.alertTypeId: ${__DO_NOT_USE__NOTIFICATIONS_ID}` - ); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_add_tags.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_add_tags.test.ts similarity index 71% rename from x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_add_tags.test.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_add_tags.test.ts index 923c3f6211d34..95051ad3d8021 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_add_tags.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_add_tags.test.ts @@ -6,23 +6,23 @@ */ // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__addTags } from './do_not_use_add_tags'; +import { legacyAddTags } from './legacy_add_tags'; import { INTERNAL_RULE_ALERT_ID_KEY } from '../../../../common/constants'; -describe('__DO_NOT_USE__add_tags', () => { +describe('legacyAdd_tags', () => { test('it should add a rule id as an internal structure', () => { - const tags = __DO_NOT_USE__addTags([], 'rule-1'); + const tags = legacyAddTags([], 'rule-1'); expect(tags).toEqual([`${INTERNAL_RULE_ALERT_ID_KEY}:rule-1`]); }); test('it should not allow duplicate tags to be created', () => { - const tags = __DO_NOT_USE__addTags(['tag-1', 'tag-1'], 'rule-1'); + const tags = legacyAddTags(['tag-1', 'tag-1'], 'rule-1'); expect(tags).toEqual(['tag-1', `${INTERNAL_RULE_ALERT_ID_KEY}:rule-1`]); }); test('it should not allow duplicate internal tags to be created when called two times in a row', () => { - const tags1 = __DO_NOT_USE__addTags(['tag-1'], 'rule-1'); - const tags2 = __DO_NOT_USE__addTags(tags1, 'rule-1'); + const tags1 = legacyAddTags(['tag-1'], 'rule-1'); + const tags2 = legacyAddTags(tags1, 'rule-1'); expect(tags2).toEqual(['tag-1', `${INTERNAL_RULE_ALERT_ID_KEY}:rule-1`]); }); }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_add_tags.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_add_tags.ts similarity index 85% rename from x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_add_tags.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_add_tags.ts index 3e07a6d16dbaf..78ab27a810347 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_add_tags.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_add_tags.ts @@ -10,5 +10,5 @@ import { INTERNAL_RULE_ALERT_ID_KEY } from '../../../../common/constants'; /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const __DO_NOT_USE__addTags = (tags: string[], ruleAlertId: string): string[] => +export const legacyAddTags = (tags: string[], ruleAlertId: string): string[] => Array.from(new Set([...tags, `${INTERNAL_RULE_ALERT_ID_KEY}:${ruleAlertId}`])); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_create_notifications.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_create_notifications.test.ts similarity index 89% rename from x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_create_notifications.test.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_create_notifications.test.ts index 925309737ae36..ba8a0e9c83413 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_create_notifications.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_create_notifications.test.ts @@ -7,12 +7,12 @@ import { rulesClientMock } from '../../../../../alerting/server/mocks'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__createNotifications } from './do_not_use_create_notifications'; +import { legacyCreateNotifications } from './legacy_create_notifications'; /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -describe('__DO_NOT_USE__createNotifications', () => { +describe('legacyCreateNotifications', () => { let rulesClient: ReturnType; beforeEach(() => { @@ -22,7 +22,7 @@ describe('__DO_NOT_USE__createNotifications', () => { it('calls the rulesClient with proper params', async () => { const ruleAlertId = 'rule-04128c15-0d1b-4716-a4c5-46997ac7f3bd'; - await __DO_NOT_USE__createNotifications({ + await legacyCreateNotifications({ rulesClient, actions: [], ruleAlertId, @@ -49,7 +49,7 @@ describe('__DO_NOT_USE__createNotifications', () => { params: { message: 'Rule generated {{state.signals_count}} signals' }, actionTypeId: '.slack', }; - await __DO_NOT_USE__createNotifications({ + await legacyCreateNotifications({ rulesClient, actions: [action], ruleAlertId: 'new-rule-id', diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_create_notifications.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_create_notifications.ts similarity index 57% rename from x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_create_notifications.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_create_notifications.ts index a18c811df771a..9b96c95106adc 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_create_notifications.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_create_notifications.ts @@ -6,33 +6,28 @@ */ import { SanitizedAlert } from '../../../../../alerting/common'; -import { SERVER_APP_ID, __DO_NOT_USE__NOTIFICATIONS_ID } from '../../../../common/constants'; +import { SERVER_APP_ID, LEGACY_NOTIFICATIONS_ID } from '../../../../common/constants'; // eslint-disable-next-line no-restricted-imports -import { - CreateNotificationParams, - __DO_NOT_USE__RuleNotificationAlertTypeParams, -} from './do_not_use_types'; +import { CreateNotificationParams, LegacyRuleNotificationAlertTypeParams } from './legacy_types'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__addTags } from './do_not_use_add_tags'; +import { legacyAddTags } from './legacy_add_tags'; /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const __DO_NOT_USE__createNotifications = async ({ +export const legacyCreateNotifications = async ({ rulesClient, actions, enabled, ruleAlertId, interval, name, -}: CreateNotificationParams): Promise< - SanitizedAlert<__DO_NOT_USE__RuleNotificationAlertTypeParams> -> => - rulesClient.create<__DO_NOT_USE__RuleNotificationAlertTypeParams>({ +}: CreateNotificationParams): Promise> => + rulesClient.create({ data: { name, - tags: __DO_NOT_USE__addTags([], ruleAlertId), - alertTypeId: __DO_NOT_USE__NOTIFICATIONS_ID, + tags: legacyAddTags([], ruleAlertId), + alertTypeId: LEGACY_NOTIFICATIONS_ID, consumer: SERVER_APP_ID, params: { ruleAlertId, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_find_notifications.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_find_notifications.test.ts new file mode 100644 index 0000000000000..32a1b0eacd55b --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_find_notifications.test.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +// eslint-disable-next-line no-restricted-imports +import { legacyGetFilter } from './legacy_find_notifications'; +import { LEGACY_NOTIFICATIONS_ID } from '../../../../common/constants'; + +describe('legacyFind_notifications', () => { + test('it returns a full filter with an AND if sent down', () => { + expect(legacyGetFilter('alert.attributes.enabled: true')).toEqual( + `alert.attributes.alertTypeId: ${LEGACY_NOTIFICATIONS_ID} AND alert.attributes.enabled: true` + ); + }); + + test('it returns existing filter with no AND when not set', () => { + expect(legacyGetFilter(null)).toEqual( + `alert.attributes.alertTypeId: ${LEGACY_NOTIFICATIONS_ID}` + ); + }); +}); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_find_notifications.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_find_notifications.ts similarity index 58% rename from x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_find_notifications.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_find_notifications.ts index 26f1c4e7e38c9..2146f25e381b8 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_find_notifications.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_find_notifications.ts @@ -6,25 +6,25 @@ */ import { AlertTypeParams, FindResult } from '../../../../../alerting/server'; -import { __DO_NOT_USE__NOTIFICATIONS_ID } from '../../../../common/constants'; +import { LEGACY_NOTIFICATIONS_ID } from '../../../../common/constants'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__FindNotificationParams } from './do_not_use_types'; +import { LegacyFindNotificationParams } from './legacy_types'; /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const __DO_NOT_USE__getFilter = (filter: string | null | undefined) => { +export const legacyGetFilter = (filter: string | null | undefined) => { if (filter == null) { - return `alert.attributes.alertTypeId: ${__DO_NOT_USE__NOTIFICATIONS_ID}`; + return `alert.attributes.alertTypeId: ${LEGACY_NOTIFICATIONS_ID}`; } else { - return `alert.attributes.alertTypeId: ${__DO_NOT_USE__NOTIFICATIONS_ID} AND ${filter}`; + return `alert.attributes.alertTypeId: ${LEGACY_NOTIFICATIONS_ID} AND ${filter}`; } }; /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const __DO_NOT_USE__findNotifications = async ({ +export const legacyFindNotifications = async ({ rulesClient, perPage, page, @@ -32,13 +32,13 @@ export const __DO_NOT_USE__findNotifications = async ({ filter, sortField, sortOrder, -}: __DO_NOT_USE__FindNotificationParams): Promise> => +}: LegacyFindNotificationParams): Promise> => rulesClient.find({ options: { fields, page, perPage, - filter: __DO_NOT_USE__getFilter(filter), + filter: legacyGetFilter(filter), sortOrder, sortField, }, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_read_notifications.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_read_notifications.test.ts similarity index 60% rename from x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_read_notifications.test.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_read_notifications.test.ts index d9095033a3fe0..b450976c6bf53 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_read_notifications.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_read_notifications.test.ts @@ -6,15 +6,14 @@ */ // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__readNotifications } from './do_not_use_read_notifications'; +import { legacyReadNotifications } from './legacy_read_notifications'; import { rulesClientMock } from '../../../../../alerting/server/mocks'; import { - __DO_NOT_USE__getNotificationResult, - __DO_NOT_USE__getFindNotificationsResultWithSingleHit, + legacyGetNotificationResult, + legacyGetFindNotificationsResultWithSingleHit, } from '../routes/__mocks__/request_responses'; -// eslint-disable-next-line @typescript-eslint/naming-convention -class __DO_NOT_USE__TestError extends Error { +class LegacyTestError extends Error { constructor() { super(); @@ -24,7 +23,7 @@ class __DO_NOT_USE__TestError extends Error { public output: { statusCode: number }; } -describe('__DO_NOT_USE__read_notifications', () => { +describe('legacyRead_notifications', () => { let rulesClient: ReturnType; beforeEach(() => { @@ -33,22 +32,22 @@ describe('__DO_NOT_USE__read_notifications', () => { describe('readNotifications', () => { test('should return the output from rulesClient if id is set but ruleAlertId is undefined', async () => { - rulesClient.get.mockResolvedValue(__DO_NOT_USE__getNotificationResult()); + rulesClient.get.mockResolvedValue(legacyGetNotificationResult()); - const rule = await __DO_NOT_USE__readNotifications({ + const rule = await legacyReadNotifications({ rulesClient, id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', ruleAlertId: undefined, }); - expect(rule).toEqual(__DO_NOT_USE__getNotificationResult()); + expect(rule).toEqual(legacyGetNotificationResult()); }); test('should return null if saved object found by alerts client given id is not alert type', async () => { - const result = __DO_NOT_USE__getNotificationResult(); + const result = legacyGetNotificationResult(); // @ts-expect-error delete result.alertTypeId; rulesClient.get.mockResolvedValue(result); - const rule = await __DO_NOT_USE__readNotifications({ + const rule = await legacyReadNotifications({ rulesClient, id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', ruleAlertId: undefined, @@ -58,10 +57,10 @@ describe('__DO_NOT_USE__read_notifications', () => { test('should return error if alerts client throws 404 error on get', async () => { rulesClient.get.mockImplementation(() => { - throw new __DO_NOT_USE__TestError(); + throw new LegacyTestError(); }); - const rule = await __DO_NOT_USE__readNotifications({ + const rule = await legacyReadNotifications({ rulesClient, id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', ruleAlertId: undefined, @@ -74,7 +73,7 @@ describe('__DO_NOT_USE__read_notifications', () => { throw new Error('Test error'); }); try { - await __DO_NOT_USE__readNotifications({ + await legacyReadNotifications({ rulesClient, id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', ruleAlertId: undefined, @@ -85,33 +84,33 @@ describe('__DO_NOT_USE__read_notifications', () => { }); test('should return the output from rulesClient if id is set but ruleAlertId is null', async () => { - rulesClient.get.mockResolvedValue(__DO_NOT_USE__getNotificationResult()); + rulesClient.get.mockResolvedValue(legacyGetNotificationResult()); - const rule = await __DO_NOT_USE__readNotifications({ + const rule = await legacyReadNotifications({ rulesClient, id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', ruleAlertId: null, }); - expect(rule).toEqual(__DO_NOT_USE__getNotificationResult()); + expect(rule).toEqual(legacyGetNotificationResult()); }); test('should return the output from rulesClient if id is undefined but ruleAlertId is set', async () => { - rulesClient.get.mockResolvedValue(__DO_NOT_USE__getNotificationResult()); - rulesClient.find.mockResolvedValue(__DO_NOT_USE__getFindNotificationsResultWithSingleHit()); + rulesClient.get.mockResolvedValue(legacyGetNotificationResult()); + rulesClient.find.mockResolvedValue(legacyGetFindNotificationsResultWithSingleHit()); - const rule = await __DO_NOT_USE__readNotifications({ + const rule = await legacyReadNotifications({ rulesClient, id: undefined, ruleAlertId: 'rule-1', }); - expect(rule).toEqual(__DO_NOT_USE__getNotificationResult()); + expect(rule).toEqual(legacyGetNotificationResult()); }); test('should return null if the output from rulesClient with ruleAlertId set is empty', async () => { - rulesClient.get.mockResolvedValue(__DO_NOT_USE__getNotificationResult()); + rulesClient.get.mockResolvedValue(legacyGetNotificationResult()); rulesClient.find.mockResolvedValue({ data: [], page: 0, perPage: 1, total: 0 }); - const rule = await __DO_NOT_USE__readNotifications({ + const rule = await legacyReadNotifications({ rulesClient, id: undefined, ruleAlertId: 'rule-1', @@ -120,22 +119,22 @@ describe('__DO_NOT_USE__read_notifications', () => { }); test('should return the output from rulesClient if id is null but ruleAlertId is set', async () => { - rulesClient.get.mockResolvedValue(__DO_NOT_USE__getNotificationResult()); - rulesClient.find.mockResolvedValue(__DO_NOT_USE__getFindNotificationsResultWithSingleHit()); + rulesClient.get.mockResolvedValue(legacyGetNotificationResult()); + rulesClient.find.mockResolvedValue(legacyGetFindNotificationsResultWithSingleHit()); - const rule = await __DO_NOT_USE__readNotifications({ + const rule = await legacyReadNotifications({ rulesClient, id: null, ruleAlertId: 'rule-1', }); - expect(rule).toEqual(__DO_NOT_USE__getNotificationResult()); + expect(rule).toEqual(legacyGetNotificationResult()); }); test('should return null if id and ruleAlertId are null', async () => { - rulesClient.get.mockResolvedValue(__DO_NOT_USE__getNotificationResult()); - rulesClient.find.mockResolvedValue(__DO_NOT_USE__getFindNotificationsResultWithSingleHit()); + rulesClient.get.mockResolvedValue(legacyGetNotificationResult()); + rulesClient.find.mockResolvedValue(legacyGetFindNotificationsResultWithSingleHit()); - const rule = await __DO_NOT_USE__readNotifications({ + const rule = await legacyReadNotifications({ rulesClient, id: null, ruleAlertId: null, @@ -144,10 +143,10 @@ describe('__DO_NOT_USE__read_notifications', () => { }); test('should return null if id and ruleAlertId are undefined', async () => { - rulesClient.get.mockResolvedValue(__DO_NOT_USE__getNotificationResult()); - rulesClient.find.mockResolvedValue(__DO_NOT_USE__getFindNotificationsResultWithSingleHit()); + rulesClient.get.mockResolvedValue(legacyGetNotificationResult()); + rulesClient.find.mockResolvedValue(legacyGetFindNotificationsResultWithSingleHit()); - const rule = await __DO_NOT_USE__readNotifications({ + const rule = await legacyReadNotifications({ rulesClient, id: undefined, ruleAlertId: undefined, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_read_notifications.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_read_notifications.ts similarity index 72% rename from x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_read_notifications.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_read_notifications.ts index 6623ec58a2895..e1acb7109fdf9 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_read_notifications.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_read_notifications.ts @@ -7,26 +7,23 @@ import { AlertTypeParams, SanitizedAlert } from '../../../../../alerting/common'; // eslint-disable-next-line no-restricted-imports -import { - __DO_NOT_USE__ReadNotificationParams, - __DO_NOT_USE__isAlertType, -} from './do_not_use_types'; +import { LegacyReadNotificationParams, legacyIsAlertType } from './legacy_types'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__findNotifications } from './do_not_use_find_notifications'; +import { legacyFindNotifications } from './legacy_find_notifications'; import { INTERNAL_RULE_ALERT_ID_KEY } from '../../../../common/constants'; /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const __DO_NOT_USE__readNotifications = async ({ +export const legacyReadNotifications = async ({ rulesClient, id, ruleAlertId, -}: __DO_NOT_USE__ReadNotificationParams): Promise | null> => { +}: LegacyReadNotificationParams): Promise | null> => { if (id != null) { try { const notification = await rulesClient.get({ id }); - if (__DO_NOT_USE__isAlertType(notification)) { + if (legacyIsAlertType(notification)) { return notification; } else { return null; @@ -40,14 +37,14 @@ export const __DO_NOT_USE__readNotifications = async ({ } } } else if (ruleAlertId != null) { - const notificationFromFind = await __DO_NOT_USE__findNotifications({ + const notificationFromFind = await legacyFindNotifications({ rulesClient, filter: `alert.attributes.tags: "${INTERNAL_RULE_ALERT_ID_KEY}:${ruleAlertId}"`, page: 1, }); if ( notificationFromFind.data.length === 0 || - !__DO_NOT_USE__isAlertType(notificationFromFind.data[0]) + !legacyIsAlertType(notificationFromFind.data[0]) ) { return null; } else { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_rules_notification_alert_type.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.test.ts similarity index 95% rename from x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_rules_notification_alert_type.test.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.test.ts index 12be1a2ed84c0..7f4b15745e6a4 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_rules_notification_alert_type.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.test.ts @@ -8,11 +8,11 @@ import { loggingSystemMock } from 'src/core/server/mocks'; import { getAlertMock } from '../routes/__mocks__/request_responses'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__rulesNotificationAlertType } from './do_not_use_rules_notification_alert_type'; +import { legacyRulesNotificationAlertType } from './legacy_rules_notification_alert_type'; import { buildSignalsSearchQuery } from './build_signals_query'; import { alertsMock, AlertServicesMock } from '../../../../../alerting/server/mocks'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__NotificationExecutorOptions } from './do_not_use_types'; +import { LegacyNotificationExecutorOptions } from './legacy_types'; import { sampleDocSearchResultsNoSortIdNoVersion, sampleDocSearchResultsWithSortId, @@ -27,9 +27,9 @@ jest.mock('./build_signals_query'); /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -describe('__DO_NOT_USE__rules_notification_alert_type', () => { - let payload: __DO_NOT_USE__NotificationExecutorOptions; - let alert: ReturnType; +describe('legacyRules_notification_alert_type', () => { + let payload: LegacyNotificationExecutorOptions; + let alert: ReturnType; let logger: ReturnType; let alertServices: AlertServicesMock; @@ -70,7 +70,7 @@ describe('__DO_NOT_USE__rules_notification_alert_type', () => { }, }; - alert = __DO_NOT_USE__rulesNotificationAlertType({ + alert = legacyRulesNotificationAlertType({ logger, }); }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_rules_notification_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.ts similarity index 92% rename from x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_rules_notification_alert_type.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.ts index a62cfcca3c00b..c8b36da7ff19f 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_rules_notification_alert_type.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.ts @@ -10,12 +10,12 @@ import { schema } from '@kbn/config-schema'; import { parseScheduleDates } from '@kbn/securitysolution-io-ts-utils'; import { DEFAULT_RULE_NOTIFICATION_QUERY_SIZE, - __DO_NOT_USE__NOTIFICATIONS_ID, + LEGACY_NOTIFICATIONS_ID, SERVER_APP_ID, } from '../../../../common/constants'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__NotificationAlertTypeDefinition } from './do_not_use_types'; +import { LegacyNotificationAlertTypeDefinition } from './legacy_types'; import { AlertAttributes } from '../signals/types'; import { siemRuleActionGroups } from '../signals/siem_rule_action_groups'; import { scheduleNotificationActions } from './schedule_notification_actions'; @@ -25,12 +25,12 @@ import { getSignals } from './get_signals'; /** * @deprecated Once legacy notifications/"side car actions" goes away this should also be removed */ -export const __DO_NOT_USE__rulesNotificationAlertType = ({ +export const legacyRulesNotificationAlertType = ({ logger, }: { logger: Logger; -}): __DO_NOT_USE__NotificationAlertTypeDefinition => ({ - id: __DO_NOT_USE__NOTIFICATIONS_ID, +}): LegacyNotificationAlertTypeDefinition => ({ + id: LEGACY_NOTIFICATIONS_ID, name: 'SIEM notification', actionGroups: siemRuleActionGroups, defaultActionGroupId: 'default', diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_types.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_types.ts similarity index 61% rename from x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_types.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_types.ts index 5046d119b0d40..4267a6497a1ae 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/do_not_use_types.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_types.ts @@ -16,28 +16,24 @@ import { AlertExecutorOptions, } from '../../../../../alerting/server'; import { Alert, AlertAction } from '../../../../../alerting/common'; -import { __DO_NOT_USE__NOTIFICATIONS_ID } from '../../../../common/constants'; +import { LEGACY_NOTIFICATIONS_ID } from '../../../../common/constants'; /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -// eslint-disable-next-line @typescript-eslint/naming-convention -export interface __DO_NOT_USE__RuleNotificationAlertTypeParams extends AlertTypeParams { +export interface LegacyRuleNotificationAlertTypeParams extends AlertTypeParams { ruleAlertId: string; } /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -// eslint-disable-next-line @typescript-eslint/naming-convention -export type __DO_NOT_USE__RuleNotificationAlertType = - Alert<__DO_NOT_USE__RuleNotificationAlertTypeParams>; +export type LegacyRuleNotificationAlertType = Alert; /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -// eslint-disable-next-line @typescript-eslint/naming-convention -export interface __DO_NOT_USE__FindNotificationParams { +export interface LegacyFindNotificationParams { rulesClient: RulesClient; perPage?: number; page?: number; @@ -50,16 +46,14 @@ export interface __DO_NOT_USE__FindNotificationParams { /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -// eslint-disable-next-line @typescript-eslint/naming-convention -export interface __DO_NOT_USE__Clients { +export interface LegacyClients { rulesClient: RulesClient; } /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -// eslint-disable-next-line @typescript-eslint/naming-convention -export interface __DO_NOT_USE__NotificationAlertParams { +export interface LegacyNotificationAlertParams { actions: AlertAction[]; enabled: boolean; ruleAlertId: string; @@ -70,14 +64,12 @@ export interface __DO_NOT_USE__NotificationAlertParams { /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export type CreateNotificationParams = __DO_NOT_USE__NotificationAlertParams & - __DO_NOT_USE__Clients; +export type CreateNotificationParams = LegacyNotificationAlertParams & LegacyClients; /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -// eslint-disable-next-line @typescript-eslint/naming-convention -export interface __DO_NOT_USE__ReadNotificationParams { +export interface LegacyReadNotificationParams { rulesClient: RulesClient; id?: string | null; ruleAlertId?: string | null; @@ -86,18 +78,17 @@ export interface __DO_NOT_USE__ReadNotificationParams { /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const __DO_NOT_USE__isAlertType = ( +export const legacyIsAlertType = ( partialAlert: PartialAlert -): partialAlert is __DO_NOT_USE__RuleNotificationAlertType => { - return partialAlert.alertTypeId === __DO_NOT_USE__NOTIFICATIONS_ID; +): partialAlert is LegacyRuleNotificationAlertType => { + return partialAlert.alertTypeId === LEGACY_NOTIFICATIONS_ID; }; /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -// eslint-disable-next-line @typescript-eslint/naming-convention -export type __DO_NOT_USE__NotificationExecutorOptions = AlertExecutorOptions< - __DO_NOT_USE__RuleNotificationAlertTypeParams, +export type LegacyNotificationExecutorOptions = AlertExecutorOptions< + LegacyRuleNotificationAlertTypeParams, AlertTypeState, AlertInstanceState, AlertInstanceContext @@ -108,8 +99,8 @@ export type __DO_NOT_USE__NotificationExecutorOptions = AlertExecutorOptions< * since we are only increasing the strictness of params. * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const __DO_NOT_USE__isNotificationAlertExecutor = ( - obj: __DO_NOT_USE__NotificationAlertTypeDefinition +export const legacyIsNotificationAlertExecutor = ( + obj: LegacyNotificationAlertTypeDefinition ): obj is AlertType< AlertTypeParams, AlertTypeParams, @@ -123,8 +114,7 @@ export const __DO_NOT_USE__isNotificationAlertExecutor = ( /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -// eslint-disable-next-line @typescript-eslint/naming-convention -export type __DO_NOT_USE__NotificationAlertTypeDefinition = Omit< +export type LegacyNotificationAlertTypeDefinition = Omit< AlertType< AlertTypeParams, AlertTypeParams, @@ -139,5 +129,5 @@ export type __DO_NOT_USE__NotificationAlertTypeDefinition = Omit< services, params, state, - }: __DO_NOT_USE__NotificationExecutorOptions) => Promise; + }: LegacyNotificationExecutorOptions) => Promise; }; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts index df6ebcc7522b8..d7ddabd558c54 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts @@ -41,7 +41,7 @@ import { RuleExecutionStatus } from '../../../../../common/detection_engine/sche import { FindBulkExecutionLogResponse } from '../../rule_execution_log/types'; import { ruleTypeMappings } from '../../signals/utils'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__RuleNotificationAlertType } from '../../notifications/do_not_use_types'; +import type { LegacyRuleNotificationAlertType } from '../../notifications/legacy_types'; export const typicalSetStatusSignalByIdsPayload = (): SetSignalsStatusSchemaDecoded => ({ signal_ids: ['somefakeid1', 'somefakeid2'], @@ -599,7 +599,7 @@ export const getSignalsMigrationStatusRequest = () => /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const __DO_NOT_USE__getNotificationResult = (): __DO_NOT_USE__RuleNotificationAlertType => ({ +export const legacyGetNotificationResult = (): LegacyRuleNotificationAlertType => ({ id: '200dbf2f-b269-4bf9-aa85-11ba32ba73ba', name: 'Notification for Rule Test', tags: ['__internal_rule_alert_id:85b64e8a-2e40-4096-86af-5ac172c10825'], @@ -643,10 +643,10 @@ export const __DO_NOT_USE__getNotificationResult = (): __DO_NOT_USE__RuleNotific /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const __DO_NOT_USE__getFindNotificationsResultWithSingleHit = - (): FindHit<__DO_NOT_USE__RuleNotificationAlertType> => ({ +export const legacyGetFindNotificationsResultWithSingleHit = + (): FindHit => ({ page: 1, perPage: 1, total: 1, - data: [__DO_NOT_USE__getNotificationResult()], + data: [legacyGetNotificationResult()], }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/find_rules_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/find_rules_route.ts index 48ee76068491b..bd8d2bd9685cf 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/find_rules_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/find_rules_route.ts @@ -18,7 +18,7 @@ import { buildSiemResponse } from '../utils'; import { buildRouteValidation } from '../../../../utils/build_validation/route_validation'; import { transformFindAlerts } from './utils'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__getBulkRuleActionsSavedObject } from '../../rule_actions/do_not_use_get_bulk_rule_actions_saved_object'; +import { legacyGetBulkRuleActionsSavedObject } from '../../rule_actions/legacy_get_bulk_rule_actions_saved_object'; export const findRulesRoute = ( router: SecuritySolutionPluginRouter, @@ -71,7 +71,7 @@ export const findRulesRoute = ( logsCount: 1, spaceId: context.securitySolution.getSpaceId(), }), - __DO_NOT_USE__getBulkRuleActionsSavedObject({ alertIds, savedObjectsClient }), + legacyGetBulkRuleActionsSavedObject({ alertIds, savedObjectsClient }), ]); const transformed = transformFindAlerts(rules, ruleStatuses, ruleActions); if (transformed == null) { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/do_not_use_create_legacy_notification.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/legacy_create_legacy_notification.ts similarity index 74% rename from x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/do_not_use_create_legacy_notification.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/legacy_create_legacy_notification.ts index 7251d000caf01..e2d2fb0dc3966 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/do_not_use_create_legacy_notification.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/legacy_create_legacy_notification.ts @@ -8,15 +8,15 @@ import { schema } from '@kbn/config-schema'; import type { SecuritySolutionPluginRouter } from '../../../../types'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__updateOrCreateRuleActionsSavedObject } from '../../rule_actions/do_not_use_update_or_create_rule_actions_saved_object'; +import { legacyUpdateOrCreateRuleActionsSavedObject } from '../../rule_actions/legacy_update_or_create_rule_actions_saved_object'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__readNotifications } from '../../notifications/do_not_use_read_notifications'; +import { legacyReadNotifications } from '../../notifications/legacy_read_notifications'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__RuleNotificationAlertTypeParams } from '../../notifications/do_not_use_types'; +import { LegacyRuleNotificationAlertTypeParams } from '../../notifications/legacy_types'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__addTags } from '../../notifications/do_not_use_add_tags'; +import { legacyAddTags } from '../../notifications/legacy_add_tags'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__createNotifications } from '../../notifications/do_not_use_create_notifications'; +import { legacyCreateNotifications } from '../../notifications/legacy_create_notifications'; /** * Given an "alert_id" and a valid "action_id" this will create a legacy notification. This is for testing @@ -25,12 +25,10 @@ import { __DO_NOT_USE__createNotifications } from '../../notifications/do_not_us * @deprecated Once we no longer have legacy notifications and "side car actions" this can be removed. * @param router The router */ -export const __DO_NOT_USE__createLegacyNotificationRoute = ( - router: SecuritySolutionPluginRouter -): void => { +export const legacyCreateLegacyNotificationRoute = (router: SecuritySolutionPluginRouter): void => { router.post( { - path: '/internal/api/detection/do_not_use/notifications', + path: '/internal/api/detection/legacy/notifications', validate: { query: schema.object({ alert_id: schema.string() }), body: schema.object({ @@ -60,16 +58,16 @@ export const __DO_NOT_USE__createLegacyNotificationRoute = ( try { // This is to ensure it exists before continuing. await rulesClient.get({ id: ruleAlertId }); - const notification = await __DO_NOT_USE__readNotifications({ + const notification = await legacyReadNotifications({ rulesClient, id: undefined, ruleAlertId, }); if (notification != null) { - await rulesClient.update<__DO_NOT_USE__RuleNotificationAlertTypeParams>({ + await rulesClient.update({ id: notification.id, data: { - tags: __DO_NOT_USE__addTags([], ruleAlertId), + tags: legacyAddTags([], ruleAlertId), name, schedule: { interval, @@ -83,7 +81,7 @@ export const __DO_NOT_USE__createLegacyNotificationRoute = ( }, }); } else { - await __DO_NOT_USE__createNotifications({ + await legacyCreateNotifications({ rulesClient, actions: [], enabled: true, @@ -92,7 +90,7 @@ export const __DO_NOT_USE__createLegacyNotificationRoute = ( name, }); } - await __DO_NOT_USE__updateOrCreateRuleActionsSavedObject({ + await legacyUpdateOrCreateRuleActionsSavedObject({ ruleAlertId, savedObjectsClient, actions, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/read_rules_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/read_rules_route.ts index 86b2a7c989b38..6abe3086d6bb8 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/read_rules_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/read_rules_route.ts @@ -20,7 +20,7 @@ import { buildSiemResponse } from '../utils'; import { readRules } from '../../rules/read_rules'; import { RuleExecutionStatus } from '../../../../../common/detection_engine/schemas/common/schemas'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__getRuleActionsSavedObject } from '../../rule_actions/do_not_use_get_rule_actions_saved_object'; +import { legacyGetRuleActionsSavedObject } from '../../rule_actions/legacy_get_rule_actions_saved_object'; export const readRulesRoute = ( router: SecuritySolutionPluginRouter, @@ -63,7 +63,7 @@ export const readRulesRoute = ( ruleId, }); if (rule != null) { - const legacyRuleActions = await __DO_NOT_USE__getRuleActionsSavedObject({ + const legacyRuleActions = await legacyGetRuleActionsSavedObject({ savedObjectsClient, ruleAlertId: rule.id, }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.ts index fe0798e035d9f..afc48386a2986 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.ts @@ -26,7 +26,7 @@ import { internalRuleToAPIResponse } from '../../schemas/rule_converters'; import { RuleParams } from '../../schemas/rule_schemas'; import { SanitizedAlert } from '../../../../../../alerting/common'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__RulesActionsSavedObject } from '../../rule_actions/do_not_use_get_rule_actions_saved_object'; +import { LegacyRulesActionsSavedObject } from '../../rule_actions/legacy_get_rule_actions_saved_object'; type PromiseFromStreams = ImportRulesSchemaDecoded | Error; @@ -98,7 +98,7 @@ export const transformTags = (tags: string[]): string[] => { export const transformAlertToRule = ( alert: SanitizedAlert, ruleStatus?: SavedObject, - legacyRuleActions?: __DO_NOT_USE__RulesActionsSavedObject | null + legacyRuleActions?: LegacyRulesActionsSavedObject | null ): Partial => { return internalRuleToAPIResponse(alert, ruleStatus?.attributes, legacyRuleActions); }; @@ -110,7 +110,7 @@ export const transformAlertsToRules = (alerts: RuleAlertType[]): Array, ruleStatuses: { [key: string]: IRuleStatusSOAttributes[] | undefined }, - legacyRuleActions: Record + legacyRuleActions: Record ): { page: number; perPage: number; @@ -133,7 +133,7 @@ export const transform = ( alert: PartialAlert, ruleStatus?: SavedObject, isRuleRegistryEnabled?: boolean, - legacyRuleActions?: __DO_NOT_USE__RulesActionsSavedObject | null + legacyRuleActions?: LegacyRulesActionsSavedObject | null ): Partial | null => { if (isAlertType(isRuleRegistryEnabled ?? false, alert)) { return transformAlertToRule( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/validate.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/validate.ts index ed297e81915a0..307b6c96da3e5 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/validate.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/validate.ts @@ -27,13 +27,13 @@ import { createBulkErrorObject, BulkError } from '../utils'; import { transform, transformAlertToRule } from './utils'; import { RuleParams } from '../../schemas/rule_schemas'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__RulesActionsSavedObject } from '../../rule_actions/do_not_use_get_rule_actions_saved_object'; +import { LegacyRulesActionsSavedObject } from '../../rule_actions/legacy_get_rule_actions_saved_object'; export const transformValidate = ( alert: PartialAlert, ruleStatus?: SavedObject, isRuleRegistryEnabled?: boolean, - legacyRuleActions?: __DO_NOT_USE__RulesActionsSavedObject | null + legacyRuleActions?: LegacyRulesActionsSavedObject | null ): [RulesSchema | null, string | null] => { const transformed = transform(alert, ruleStatus, isRuleRegistryEnabled, legacyRuleActions); if (transformed == null) { @@ -47,7 +47,7 @@ export const newTransformValidate = ( alert: PartialAlert, ruleStatus?: SavedObject, isRuleRegistryEnabled?: boolean, - legacyRuleActions?: __DO_NOT_USE__RulesActionsSavedObject | null + legacyRuleActions?: LegacyRulesActionsSavedObject | null ): [FullResponseSchema | null, string | null] => { const transformed = transform(alert, ruleStatus, isRuleRegistryEnabled, legacyRuleActions); if (transformed == null) { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_create_rule_actions_saved_object.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_create_rule_actions_saved_object.ts similarity index 56% rename from x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_create_rule_actions_saved_object.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_create_rule_actions_saved_object.ts index 110c1c31a8022..91b7265e90e6b 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_create_rule_actions_saved_object.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_create_rule_actions_saved_object.ts @@ -7,24 +7,20 @@ import { AlertServices } from '../../../../../alerting/server'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__ruleActionsSavedObjectType } from './do_not_use_saved_object_mappings'; +import { legacyRuleActionsSavedObjectType } from './legacy_saved_object_mappings'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes } from './do_not_use_types'; +import { LegacyIRuleActionsAttributesSavedObjectAttributes } from './legacy_types'; // eslint-disable-next-line no-restricted-imports -import { - __DO_NOT_USE__getThrottleOptions, - __DO_NOT_USE__getRuleActionsFromSavedObject, -} from './do_not_use_utils'; +import { legacyGetThrottleOptions, legacyGetRuleActionsFromSavedObject } from './legacy_utils'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__RulesActionsSavedObject } from './do_not_use_get_rule_actions_saved_object'; +import { LegacyRulesActionsSavedObject } from './legacy_get_rule_actions_saved_object'; import { AlertAction } from '../../../../../alerting/common'; import { transformAlertToRuleAction } from '../../../../common/detection_engine/transform_actions'; /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -// eslint-disable-next-line @typescript-eslint/naming-convention -interface __DO_NOT_USE__CreateRuleActionsSavedObject { +interface LegacyCreateRuleActionsSavedObject { ruleAlertId: string; savedObjectsClient: AlertServices['savedObjectsClient']; actions: AlertAction[] | undefined; @@ -34,21 +30,21 @@ interface __DO_NOT_USE__CreateRuleActionsSavedObject { /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const __DO_NOT_USE__createRuleActionsSavedObject = async ({ +export const legacyCreateRuleActionsSavedObject = async ({ ruleAlertId, savedObjectsClient, actions = [], throttle, -}: __DO_NOT_USE__CreateRuleActionsSavedObject): Promise<__DO_NOT_USE__RulesActionsSavedObject> => { +}: LegacyCreateRuleActionsSavedObject): Promise => { const ruleActionsSavedObject = - await savedObjectsClient.create<__DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes>( - __DO_NOT_USE__ruleActionsSavedObjectType, + await savedObjectsClient.create( + legacyRuleActionsSavedObjectType, { ruleAlertId, actions: actions.map((action) => transformAlertToRuleAction(action)), - ...__DO_NOT_USE__getThrottleOptions(throttle), + ...legacyGetThrottleOptions(throttle), } ); - return __DO_NOT_USE__getRuleActionsFromSavedObject(ruleActionsSavedObject); + return legacyGetRuleActionsFromSavedObject(ruleActionsSavedObject); }; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_get_bulk_rule_actions_saved_object.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_get_bulk_rule_actions_saved_object.ts similarity index 51% rename from x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_get_bulk_rule_actions_saved_object.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_get_bulk_rule_actions_saved_object.ts index 8e7feb61743aa..b6f0133f85620 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_get_bulk_rule_actions_saved_object.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_get_bulk_rule_actions_saved_object.ts @@ -7,20 +7,19 @@ import { AlertServices } from '../../../../../alerting/server'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__ruleActionsSavedObjectType } from './do_not_use_saved_object_mappings'; +import { legacyRuleActionsSavedObjectType } from './legacy_saved_object_mappings'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes } from './do_not_use_types'; +import { LegacyIRuleActionsAttributesSavedObjectAttributes } from './legacy_types'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__getRuleActionsFromSavedObject } from './do_not_use_utils'; +import { legacyGetRuleActionsFromSavedObject } from './legacy_utils'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__RulesActionsSavedObject } from './do_not_use_get_rule_actions_saved_object'; +import { LegacyRulesActionsSavedObject } from './legacy_get_rule_actions_saved_object'; import { buildChunkedOrFilter } from '../signals/utils'; /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -// eslint-disable-next-line @typescript-eslint/naming-convention -interface __DO_NOT_USE__GetBulkRuleActionsSavedObject { +interface LegacyGetBulkRuleActionsSavedObject { alertIds: string[]; savedObjectsClient: AlertServices['savedObjectsClient']; } @@ -28,28 +27,25 @@ interface __DO_NOT_USE__GetBulkRuleActionsSavedObject { /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const __DO_NOT_USE__getBulkRuleActionsSavedObject = async ({ +export const legacyGetBulkRuleActionsSavedObject = async ({ alertIds, savedObjectsClient, -}: __DO_NOT_USE__GetBulkRuleActionsSavedObject): Promise< - Record -> => { +}: LegacyGetBulkRuleActionsSavedObject): Promise> => { const filter = buildChunkedOrFilter( - `${__DO_NOT_USE__ruleActionsSavedObjectType}.attributes.ruleAlertId`, + `${legacyRuleActionsSavedObjectType}.attributes.ruleAlertId`, alertIds ); const { // eslint-disable-next-line @typescript-eslint/naming-convention saved_objects, - } = await savedObjectsClient.find<__DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes>({ - type: __DO_NOT_USE__ruleActionsSavedObjectType, + } = await savedObjectsClient.find({ + type: legacyRuleActionsSavedObjectType, perPage: 10000, filter, }); return saved_objects.reduce( - (acc: { [key: string]: __DO_NOT_USE__RulesActionsSavedObject }, savedObject) => { - acc[savedObject.attributes.ruleAlertId] = - __DO_NOT_USE__getRuleActionsFromSavedObject(savedObject); + (acc: { [key: string]: LegacyRulesActionsSavedObject }, savedObject) => { + acc[savedObject.attributes.ruleAlertId] = legacyGetRuleActionsFromSavedObject(savedObject); return acc; }, {} diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_get_rule_actions_saved_object.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_get_rule_actions_saved_object.ts similarity index 59% rename from x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_get_rule_actions_saved_object.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_get_rule_actions_saved_object.ts index 192737cc4629c..35636fd59b0e0 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_get_rule_actions_saved_object.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_get_rule_actions_saved_object.ts @@ -8,17 +8,16 @@ import { RuleAlertAction } from '../../../../common/detection_engine/types'; import { AlertServices } from '../../../../../alerting/server'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__ruleActionsSavedObjectType } from './do_not_use_saved_object_mappings'; +import { legacyRuleActionsSavedObjectType } from './legacy_saved_object_mappings'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes } from './do_not_use_types'; +import { LegacyIRuleActionsAttributesSavedObjectAttributes } from './legacy_types'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__getRuleActionsFromSavedObject } from './do_not_use_utils'; +import { legacyGetRuleActionsFromSavedObject } from './legacy_utils'; /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -// eslint-disable-next-line @typescript-eslint/naming-convention -interface __DO_NOT_USE__GetRuleActionsSavedObject { +interface LegacyGetRuleActionsSavedObject { ruleAlertId: string; savedObjectsClient: AlertServices['savedObjectsClient']; } @@ -26,8 +25,7 @@ interface __DO_NOT_USE__GetRuleActionsSavedObject { /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -// eslint-disable-next-line @typescript-eslint/naming-convention -export interface __DO_NOT_USE__RulesActionsSavedObject { +export interface LegacyRulesActionsSavedObject { id: string; actions: RuleAlertAction[]; alertThrottle: string | null; @@ -37,15 +35,15 @@ export interface __DO_NOT_USE__RulesActionsSavedObject { /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const __DO_NOT_USE__getRuleActionsSavedObject = async ({ +export const legacyGetRuleActionsSavedObject = async ({ ruleAlertId, savedObjectsClient, -}: __DO_NOT_USE__GetRuleActionsSavedObject): Promise<__DO_NOT_USE__RulesActionsSavedObject | null> => { +}: LegacyGetRuleActionsSavedObject): Promise => { const { // eslint-disable-next-line @typescript-eslint/naming-convention saved_objects, - } = await savedObjectsClient.find<__DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes>({ - type: __DO_NOT_USE__ruleActionsSavedObjectType, + } = await savedObjectsClient.find({ + type: legacyRuleActionsSavedObjectType, perPage: 1, search: `${ruleAlertId}`, searchFields: ['ruleAlertId'], @@ -54,6 +52,6 @@ export const __DO_NOT_USE__getRuleActionsSavedObject = async ({ if (!saved_objects[0]) { return null; } else { - return __DO_NOT_USE__getRuleActionsFromSavedObject(saved_objects[0]); + return legacyGetRuleActionsFromSavedObject(saved_objects[0]); } }; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_migrations.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_migrations.ts similarity index 94% rename from x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_migrations.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_migrations.ts index 2c62d03e023ec..996ff595c5567 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_migrations.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_migrations.ts @@ -12,7 +12,7 @@ import { SavedObjectAttributes, } from '../../../../../../../src/core/server'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes } from './do_not_use_types'; +import { LegacyIRuleActionsAttributesSavedObjectAttributes } from './legacy_types'; /** * We keep this around to migrate and update data for the old deprecated rule actions saved object mapping but we @@ -35,10 +35,10 @@ function isEmptyObject(obj: {}) { * needed then it will be safe to remove this saved object and all its migrations * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const __DO_NOT_USE__ruleActionsSavedObjectMigration = { +export const legacyRuleActionsSavedObjectMigration = { '7.11.2': ( - doc: SavedObjectUnsanitizedDoc<__DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes> - ): SavedObjectSanitizedDoc<__DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes> => { + doc: SavedObjectUnsanitizedDoc + ): SavedObjectSanitizedDoc => { const { actions } = doc.attributes; const newActions = actions.reduce((acc, action) => { if ( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_saved_object_mappings.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_saved_object_mappings.ts similarity index 81% rename from x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_saved_object_mappings.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_saved_object_mappings.ts index ca1c9345b4ce4..52dd4a0691e3b 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_saved_object_mappings.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_saved_object_mappings.ts @@ -7,7 +7,7 @@ import { SavedObjectsType } from '../../../../../../../src/core/server'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__ruleActionsSavedObjectMigration } from './do_not_use_migrations'; +import { legacyRuleActionsSavedObjectMigration } from './legacy_migrations'; /** * We keep this around to migrate and update data for the old deprecated rule actions saved object mapping but we @@ -15,7 +15,7 @@ import { __DO_NOT_USE__ruleActionsSavedObjectMigration } from './do_not_use_migr * needed then it will be safe to remove this saved object and all its migrations. * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const __DO_NOT_USE__ruleActionsSavedObjectType = 'siem-detection-engine-rule-actions'; +export const legacyRuleActionsSavedObjectType = 'siem-detection-engine-rule-actions'; /** * We keep this around to migrate and update data for the old deprecated rule actions saved object mapping but we @@ -23,7 +23,7 @@ export const __DO_NOT_USE__ruleActionsSavedObjectType = 'siem-detection-engine-r * needed then it will be safe to remove this saved object and all its migrations. * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -const __DO_NOT_USE__ruleActionsSavedObjectMappings: SavedObjectsType['mappings'] = { +const legacyRuleActionsSavedObjectMappings: SavedObjectsType['mappings'] = { properties: { alertThrottle: { type: 'keyword', @@ -60,10 +60,10 @@ const __DO_NOT_USE__ruleActionsSavedObjectMappings: SavedObjectsType['mappings'] * needed then it will be safe to remove this saved object and all its migrations. * @deprecated Remove this once we no longer need legacy migrations for rule actions (8.0.0) */ -export const __DO_NOT_USE__type: SavedObjectsType = { - name: __DO_NOT_USE__ruleActionsSavedObjectType, +export const legacyType: SavedObjectsType = { + name: legacyRuleActionsSavedObjectType, hidden: false, namespaceType: 'single', - mappings: __DO_NOT_USE__ruleActionsSavedObjectMappings, - migrations: __DO_NOT_USE__ruleActionsSavedObjectMigration, + mappings: legacyRuleActionsSavedObjectMappings, + migrations: legacyRuleActionsSavedObjectMigration, }; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_types.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_types.ts similarity index 75% rename from x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_types.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_types.ts index acd20439d8ea9..0573829755c79 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_types.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_types.ts @@ -5,8 +5,6 @@ * 2.0. */ -/* eslint-disable @typescript-eslint/naming-convention */ - import { SavedObjectAttributes } from 'kibana/server'; import { RuleAlertAction } from '../../../../common/detection_engine/types'; @@ -14,10 +12,10 @@ import { RuleAlertAction } from '../../../../common/detection_engine/types'; * We keep this around to migrate and update data for the old deprecated rule actions saved object mapping but we * do not use it anymore within the code base. Once we feel comfortable that users are upgrade far enough and this is no longer * needed then it will be safe to remove this saved object and all its migrations. - * @deprecated + * @deprecated Remove this once the legacy notification/side car is gone */ // eslint-disable-next-line @typescript-eslint/no-explicit-any -export interface __DO_NOT_USE__IRuleActionsAttributes extends Record { +export interface LegacyIRuleActionsAttributes extends Record { ruleAlertId: string; actions: RuleAlertAction[]; ruleThrottle: string; @@ -28,16 +26,16 @@ export interface __DO_NOT_USE__IRuleActionsAttributes extends Record => { - const ruleActions = await __DO_NOT_USE__getRuleActionsSavedObject({ +}: LegacyUpdateOrCreateRuleActionsSavedObject): Promise => { + const ruleActions = await legacyGetRuleActionsSavedObject({ ruleAlertId, savedObjectsClient, }); if (ruleActions != null) { - return __DO_NOT_USE__updateRuleActionsSavedObject({ + return legacyUpdateRuleActionsSavedObject({ ruleAlertId, savedObjectsClient, actions, @@ -50,7 +49,7 @@ export const __DO_NOT_USE__updateOrCreateRuleActionsSavedObject = async ({ ruleActions, }); } else { - return __DO_NOT_USE__createRuleActionsSavedObject({ + return legacyCreateRuleActionsSavedObject({ ruleAlertId, savedObjectsClient, actions, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_update_rule_actions_saved_object.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_update_rule_actions_saved_object.ts similarity index 64% rename from x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_update_rule_actions_saved_object.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_update_rule_actions_saved_object.ts index 9198f563a088a..28a22345b685d 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_update_rule_actions_saved_object.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_update_rule_actions_saved_object.ts @@ -7,40 +7,39 @@ import { AlertServices } from '../../../../../alerting/server'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__ruleActionsSavedObjectType } from './do_not_use_saved_object_mappings'; +import { legacyRuleActionsSavedObjectType } from './legacy_saved_object_mappings'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__RulesActionsSavedObject } from './do_not_use_get_rule_actions_saved_object'; +import { LegacyRulesActionsSavedObject } from './legacy_get_rule_actions_saved_object'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__getThrottleOptions } from './do_not_use_utils'; +import { legacyGetThrottleOptions } from './legacy_utils'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes } from './do_not_use_types'; +import { LegacyIRuleActionsAttributesSavedObjectAttributes } from './legacy_types'; import { AlertAction } from '../../../../../alerting/common'; import { transformAlertToRuleAction } from '../../../../common/detection_engine/transform_actions'; /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -// eslint-disable-next-line @typescript-eslint/naming-convention -interface __DO_NOT_USE__UpdateRuleActionsSavedObject { +interface LegacyUpdateRuleActionsSavedObject { ruleAlertId: string; savedObjectsClient: AlertServices['savedObjectsClient']; actions: AlertAction[] | undefined; throttle: string | null | undefined; - ruleActions: __DO_NOT_USE__RulesActionsSavedObject; + ruleActions: LegacyRulesActionsSavedObject; } /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const __DO_NOT_USE__updateRuleActionsSavedObject = async ({ +export const legacyUpdateRuleActionsSavedObject = async ({ ruleAlertId, savedObjectsClient, actions, throttle, ruleActions, -}: __DO_NOT_USE__UpdateRuleActionsSavedObject): Promise<__DO_NOT_USE__RulesActionsSavedObject> => { +}: LegacyUpdateRuleActionsSavedObject): Promise => { const throttleOptions = throttle - ? __DO_NOT_USE__getThrottleOptions(throttle) + ? legacyGetThrottleOptions(throttle) : { ruleThrottle: ruleActions.ruleThrottle, alertThrottle: ruleActions.alertThrottle, @@ -54,8 +53,8 @@ export const __DO_NOT_USE__updateRuleActionsSavedObject = async ({ ...throttleOptions, }; - await savedObjectsClient.update<__DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes>( - __DO_NOT_USE__ruleActionsSavedObjectType, + await savedObjectsClient.update( + legacyRuleActionsSavedObjectType, ruleActions.id, { ruleAlertId, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_utils.ts similarity index 79% rename from x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_utils.ts rename to x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_utils.ts index f7828b1020ea0..cf1ce74d8e080 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/do_not_use_utils.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_utils.ts @@ -8,12 +8,12 @@ import { SavedObjectsUpdateResponse } from 'kibana/server'; import { RuleAlertAction } from '../../../../common/detection_engine/types'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes } from './do_not_use_types'; +import { LegacyIRuleActionsAttributesSavedObjectAttributes } from './legacy_types'; /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const __DO_NOT_USE__getThrottleOptions = ( +export const legacyGetThrottleOptions = ( throttle: string | undefined | null = 'no_actions' ): { ruleThrottle: string; @@ -26,8 +26,8 @@ export const __DO_NOT_USE__getThrottleOptions = ( /** * @deprecated Once legacy notifications/"side car actions" goes away this should be removed */ -export const __DO_NOT_USE__getRuleActionsFromSavedObject = ( - savedObject: SavedObjectsUpdateResponse<__DO_NOT_USE__IRuleActionsAttributesSavedObjectAttributes> +export const legacyGetRuleActionsFromSavedObject = ( + savedObject: SavedObjectsUpdateResponse ): { id: string; actions: RuleAlertAction[]; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.ts index 88e0353dd2e69..a54e606e92053 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.ts @@ -62,7 +62,7 @@ import { } from '../../../../common/constants'; import { RulesClient } from '../../../../../alerting/server'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__RuleActions } from '../rule_actions/do_not_use_types'; +import { LegacyRuleActions } from '../rule_actions/legacy_types'; import { FullResponseSchema } from '../../../../common/detection_engine/schemas/request'; export const calculateInterval = ( @@ -227,7 +227,7 @@ export const transformToAlertThrottle = (throttle: string | null | undefined): s */ export const transformActions = ( alertAction: AlertAction[] | undefined, - legacyRuleActions: __DO_NOT_USE__RuleActions | null | undefined + legacyRuleActions: LegacyRuleActions | null | undefined ): FullResponseSchema['actions'] => { if (alertAction != null && alertAction.length !== 0) { return alertAction.map((action) => ({ @@ -254,7 +254,7 @@ export const transformActions = ( */ export const transformFromAlertThrottle = ( rule: SanitizedAlert, - legacyRuleActions: __DO_NOT_USE__RuleActions | null | undefined + legacyRuleActions: LegacyRuleActions | null | undefined ): string => { if (legacyRuleActions == null || (rule.actions != null && rule.actions.length > 0)) { if (rule.muteAll || rule.actions.length === 0) { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/schemas/rule_converters.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/schemas/rule_converters.ts index aba4a5fb02ea6..eef20af0e564d 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/schemas/rule_converters.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/schemas/rule_converters.ts @@ -39,7 +39,7 @@ import { } from '../rules/utils'; import { ruleTypeMappings } from '../signals/utils'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__RuleActions } from '../rule_actions/do_not_use_types'; +import { LegacyRuleActions } from '../rule_actions/legacy_types'; // These functions provide conversions from the request API schema to the internal rule schema and from the internal rule schema // to the response API schema. This provides static type-check assurances that the internal schema is in sync with the API schema for @@ -283,7 +283,7 @@ export const commonParamsCamelToSnake = (params: BaseRuleParams) => { export const internalRuleToAPIResponse = ( rule: SanitizedAlert, ruleStatus?: IRuleStatusSOAttributes, - legacyRuleActions?: __DO_NOT_USE__RuleActions | null + legacyRuleActions?: LegacyRuleActions | null ): FullResponseSchema => { const mergedStatus = ruleStatus ? mergeAlertWithSidecarStatus(rule, ruleStatus) : undefined; return { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/post_legacy_notification.sh b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/post_legacy_notification.sh index f3bd23bf14d87..f160d1e899a55 100755 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/post_legacy_notification.sh +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/post_legacy_notification.sh @@ -21,5 +21,5 @@ curl -s -k \ -H 'Content-Type: application/json' \ -H 'kbn-xsrf: 123' \ -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} \ - -X POST ${KIBANA_URL}${SPACE_URL}/internal/api/detection/do_not_use/notifications?alert_id="$1" \ + -X POST ${KIBANA_URL}${SPACE_URL}/internal/api/detection/legacy/notifications?alert_id="$1" \ -d @${NOTIFICATIONS} | jq . diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts index 3504c4ccf3e8e..59bf5057f2796 100644 --- a/x-pack/plugins/security_solution/server/plugin.ts +++ b/x-pack/plugins/security_solution/server/plugin.ts @@ -67,7 +67,7 @@ import { APP_ID, SERVER_APP_ID, SIGNALS_ID, - __DO_NOT_USE__NOTIFICATIONS_ID, + LEGACY_NOTIFICATIONS_ID, QUERY_RULE_TYPE_ID, DEFAULT_SPACE_ID, INDICATOR_RULE_TYPE_ID, @@ -105,9 +105,9 @@ import { EndpointMetadataService } from './endpoint/services/metadata'; import { CreateRuleOptions } from './lib/detection_engine/rule_types/types'; import { ctiFieldMap } from './lib/detection_engine/rule_types/field_maps/cti'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__rulesNotificationAlertType } from './lib/detection_engine/notifications/do_not_use_rules_notification_alert_type'; +import { legacyRulesNotificationAlertType } from './lib/detection_engine/notifications/legacy_rules_notification_alert_type'; // eslint-disable-next-line no-restricted-imports -import { __DO_NOT_USE__isNotificationAlertExecutor } from './lib/detection_engine/notifications/do_not_use_types'; +import { legacyIsNotificationAlertExecutor } from './lib/detection_engine/notifications/legacy_types'; export interface SetupPlugins { alerting: AlertingSetup; @@ -300,7 +300,7 @@ export class Plugin implements IPlugin Date: Wed, 22 Sep 2021 19:52:09 -0600 Subject: [PATCH 06/12] Updated eslint to look for any imports of the word legacy --- .eslintrc.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.eslintrc.js b/.eslintrc.js index bf9be69e0c175..c78a9f4aca2ac 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -933,10 +933,10 @@ module.exports = { 'no-restricted-imports': [ 'error', { - // prevents code from importing files that contain the name "do_not_use" within their name. This is a mechanism + // prevents code from importing files that contain the name "legacy" within their name. This is a mechanism // to help deprecation and prevent accidental re-use/continued use of code we plan on removing. If you are // finding yourself turning this off a lot for "new code" consider renaming the file and functions if it is has valid uses. - patterns: ['*do_not_use*'], + patterns: ['*legacy*'], }, ], }, @@ -1204,10 +1204,10 @@ module.exports = { 'no-restricted-imports': [ 'error', { - // prevents code from importing files that contain the name "do_not_use" within their name. This is a mechanism + // prevents code from importing files that contain the name "legacy" within their name. This is a mechanism // to help deprecation and prevent accidental re-use/continued use of code we plan on removing. If you are // finding yourself turning this off a lot for "new code" consider renaming the file and functions if it has valid uses. - patterns: ['*do_not_use*'], + patterns: ['*legacy*'], }, ], }, @@ -1325,10 +1325,10 @@ module.exports = { 'no-restricted-imports': [ 'error', { - // prevents code from importing files that contain the name "do_not_use" within their name. This is a mechanism + // prevents code from importing files that contain the name "legacy" within their name. This is a mechanism // to help deprecation and prevent accidental re-use/continued use of code we plan on removing. If you are // finding yourself turning this off a lot for "new code" consider renaming the file and functions if it has valid uses. - patterns: ['*do_not_use*'], + patterns: ['*legacy*'], }, ], }, From 526cb3094542153e71d0a54f4d31bf9b09eaab5b Mon Sep 17 00:00:00 2001 From: FrankHassanabad Date: Thu, 23 Sep 2021 16:34:08 -0600 Subject: [PATCH 07/12] Added comments from code review --- .../legacy_rules_notification_alert_type.ts | 23 +++++++++++++++---- .../legacy_create_legacy_notification.ts | 2 +- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.ts index c8b36da7ff19f..665009646ba56 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.ts @@ -31,7 +31,7 @@ export const legacyRulesNotificationAlertType = ({ logger: Logger; }): LegacyNotificationAlertTypeDefinition => ({ id: LEGACY_NOTIFICATIONS_ID, - name: 'SIEM notification', + name: 'Security Solution notification (Legacy)', actionGroups: siemRuleActionGroups, defaultActionGroupId: 'default', producer: SERVER_APP_ID, @@ -43,15 +43,30 @@ export const legacyRulesNotificationAlertType = ({ minimumLicenseRequired: 'basic', isExportable: false, async executor({ startedAt, previousStartedAt, alertId, services, params }) { + // TODO: Change this to be a link to documentation on how to migrate: https://github.com/elastic/kibana/issues/113055 + logger.warn( + 'Security Solution notification (Legacy) system detected still running. Please see documentation on how to the new notification system.' + ); const ruleAlertSavedObject = await services.savedObjectsClient.get( 'alert', params.ruleAlertId ); if (!ruleAlertSavedObject.attributes.params) { - logger.error(`Saved object for alert ${params.ruleAlertId} was not found`); + logger.error( + `Security Solution notification (Legacy) Saved object for alert ${params.ruleAlertId} was not found` + ); return; } + logger.warn( + [ + 'Security Solution notification (Legacy) system still active for alert with', + `name: "${ruleAlertSavedObject.attributes.name}"`, + `description: "${ruleAlertSavedObject.attributes.params.description}"`, + `id: "${ruleAlertSavedObject.id}".`, + `Please see documentation on how to migrate to the new notification system.`, + ].join(' ') + ); const { params: ruleAlertParams, name: ruleName } = ruleAlertSavedObject.attributes; const ruleParams = { ...ruleAlertParams, name: ruleName, id: ruleAlertSavedObject.id }; @@ -85,8 +100,8 @@ export const legacyRulesNotificationAlertType = ({ ?.kibana_siem_app_url, }); - logger.info( - `Found ${signalsCount} signals using signal rule name: "${ruleParams.name}", id: "${params.ruleAlertId}", rule_id: "${ruleParams.ruleId}" in "${ruleParams.outputIndex}" index` + logger.debug( + `Security Solution notification (Legacy) found ${signalsCount} signals using signal rule name: "${ruleParams.name}", id: "${params.ruleAlertId}", rule_id: "${ruleParams.ruleId}" in "${ruleParams.outputIndex}" index` ); if (signalsCount !== 0) { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/legacy_create_legacy_notification.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/legacy_create_legacy_notification.ts index e2d2fb0dc3966..248b864bef9ed 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/legacy_create_legacy_notification.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/legacy_create_legacy_notification.ts @@ -83,7 +83,7 @@ export const legacyCreateLegacyNotificationRoute = (router: SecuritySolutionPlug } else { await legacyCreateNotifications({ rulesClient, - actions: [], + actions, enabled: true, ruleAlertId, interval, From d7f7f024625a44c5ff27b158580112ec8c22856a Mon Sep 17 00:00:00 2001 From: FrankHassanabad Date: Thu, 23 Sep 2021 17:00:48 -0600 Subject: [PATCH 08/12] Added unit test from code review --- .../lib/detection_engine/rules/utils.test.ts | 137 +++++++++++++++++- 1 file changed, 136 insertions(+), 1 deletion(-) diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.test.ts index c193903103c33..f04f25f44b33c 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.test.ts @@ -12,13 +12,17 @@ import { transformToNotifyWhen, transformToAlertThrottle, transformFromAlertThrottle, + transformActions, } from './utils'; -import { SanitizedAlert } from '../../../../../alerting/common'; +import { AlertAction, SanitizedAlert } from '../../../../../alerting/common'; import { RuleParams } from '../schemas/rule_schemas'; import { NOTIFICATION_THROTTLE_NO_ACTIONS, NOTIFICATION_THROTTLE_RULE, } from '../../../../common/constants'; +import { FullResponseSchema } from '../../../../common/detection_engine/schemas/request'; +// eslint-disable-next-line no-restricted-imports +import { LegacyRuleActions } from '../rule_actions/legacy_types'; describe('utils', () => { describe('#calculateInterval', () => { @@ -362,4 +366,135 @@ describe('utils', () => { ).toEqual(NOTIFICATION_THROTTLE_RULE); }); }); + + describe('#transformActions', () => { + test('It transforms two alert actions', () => { + const alertAction: AlertAction[] = [ + { + id: 'id_1', + group: 'group', + actionTypeId: 'actionTypeId', + params: {}, + }, + { + id: 'id_2', + group: 'group', + actionTypeId: 'actionTypeId', + params: {}, + }, + ]; + + const transformed = transformActions(alertAction, null); + expect(transformed).toEqual([ + { + id: 'id_1', + group: 'group', + action_type_id: 'actionTypeId', + params: {}, + }, + { + id: 'id_2', + group: 'group', + action_type_id: 'actionTypeId', + params: {}, + }, + ]); + }); + + test('It transforms two alert actions but not a legacyRuleActions if this is also passed in', () => { + const alertAction: AlertAction[] = [ + { + id: 'id_1', + group: 'group', + actionTypeId: 'actionTypeId', + params: {}, + }, + { + id: 'id_2', + group: 'group', + actionTypeId: 'actionTypeId', + params: {}, + }, + ]; + const legacyRuleActions: LegacyRuleActions = { + id: 'id_1', + ruleThrottle: '', + alertThrottle: '', + actions: [ + { + id: 'id_2', + group: 'group', + action_type_id: 'actionTypeId', + params: {}, + }, + ], + }; + const transformed = transformActions(alertAction, legacyRuleActions); + expect(transformed).toEqual([ + { + id: 'id_1', + group: 'group', + action_type_id: 'actionTypeId', + params: {}, + }, + { + id: 'id_2', + group: 'group', + action_type_id: 'actionTypeId', + params: {}, + }, + ]); + }); + + test('It will transform the legacyRuleActions if the alertAction is an empty array', () => { + const alertAction: AlertAction[] = []; + const legacyRuleActions: LegacyRuleActions = { + id: 'id_1', + ruleThrottle: '', + alertThrottle: '', + actions: [ + { + id: 'id_2', + group: 'group', + action_type_id: 'actionTypeId', + params: {}, + }, + ], + }; + const transformed = transformActions(alertAction, legacyRuleActions); + expect(transformed).toEqual([ + { + id: 'id_2', + group: 'group', + action_type_id: 'actionTypeId', + params: {}, + }, + ]); + }); + + test('It will transform the legacyRuleActions if the alertAction is undefined', () => { + const legacyRuleActions: LegacyRuleActions = { + id: 'id_1', + ruleThrottle: '', + alertThrottle: '', + actions: [ + { + id: 'id_2', + group: 'group', + action_type_id: 'actionTypeId', + params: {}, + }, + ], + }; + const transformed = transformActions(undefined, legacyRuleActions); + expect(transformed).toEqual([ + { + id: 'id_2', + group: 'group', + action_type_id: 'actionTypeId', + params: {}, + }, + ]); + }); + }); }); From 14e9394c7e9df2cff87f5909d10dba462ae56ea2 Mon Sep 17 00:00:00 2001 From: FrankHassanabad Date: Thu, 23 Sep 2021 17:13:25 -0600 Subject: [PATCH 09/12] Updated unit tests per PR comments --- .../lib/detection_engine/rules/utils.test.ts | 88 +++++++++++++++++++ .../lib/detection_engine/rules/utils.ts | 8 +- 2 files changed, 90 insertions(+), 6 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.test.ts index f04f25f44b33c..2cf7e95f3c621 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.test.ts @@ -365,6 +365,94 @@ describe('utils', () => { ) ).toEqual(NOTIFICATION_THROTTLE_RULE); }); + + test('it will use the "rule" and not the "legacyRuleActions" if the rule and actions is defined', () => { + const legacyRuleActions: LegacyRuleActions = { + id: 'id_1', + ruleThrottle: '', + alertThrottle: '', + actions: [ + { + id: 'id_2', + group: 'group', + action_type_id: 'actionTypeId', + params: {}, + }, + ], + }; + + expect( + transformFromAlertThrottle( + { + muteAll: true, + notifyWhen: 'onActiveAlert', + actions: [ + { + group: 'group', + id: 'id-123', + actionTypeId: 'id-456', + params: {}, + }, + ], + } as SanitizedAlert, + legacyRuleActions + ) + ).toEqual(NOTIFICATION_THROTTLE_NO_ACTIONS); + }); + + test('it will use the "legacyRuleActions" and not the "rule" if the rule actions is an empty array', () => { + const legacyRuleActions: LegacyRuleActions = { + id: 'id_1', + ruleThrottle: NOTIFICATION_THROTTLE_RULE, + alertThrottle: null, + actions: [ + { + id: 'id_2', + group: 'group', + action_type_id: 'actionTypeId', + params: {}, + }, + ], + }; + + expect( + transformFromAlertThrottle( + { + muteAll: true, + notifyWhen: 'onActiveAlert', + actions: [], + } as unknown as SanitizedAlert, + legacyRuleActions + ) + ).toEqual(NOTIFICATION_THROTTLE_RULE); + }); + + test('it will use the "legacyRuleActions" and not the "rule" if the rule actions is a null', () => { + const legacyRuleActions: LegacyRuleActions = { + id: 'id_1', + ruleThrottle: NOTIFICATION_THROTTLE_RULE, + alertThrottle: null, + actions: [ + { + id: 'id_2', + group: 'group', + action_type_id: 'actionTypeId', + params: {}, + }, + ], + }; + + expect( + transformFromAlertThrottle( + { + muteAll: true, + notifyWhen: 'onActiveAlert', + actions: null, + } as unknown as SanitizedAlert, + legacyRuleActions + ) + ).toEqual(NOTIFICATION_THROTTLE_RULE); + }); }); describe('#transformActions', () => { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.ts index a54e606e92053..4647a4a9951df 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.ts @@ -64,6 +64,7 @@ import { RulesClient } from '../../../../../alerting/server'; // eslint-disable-next-line no-restricted-imports import { LegacyRuleActions } from '../rule_actions/legacy_types'; import { FullResponseSchema } from '../../../../common/detection_engine/schemas/request'; +import { transformAlertToRuleAction } from '../../../../common/detection_engine/transform_actions'; export const calculateInterval = ( interval: string | undefined, @@ -230,12 +231,7 @@ export const transformActions = ( legacyRuleActions: LegacyRuleActions | null | undefined ): FullResponseSchema['actions'] => { if (alertAction != null && alertAction.length !== 0) { - return alertAction.map((action) => ({ - group: action.group, - id: action.id, - action_type_id: action.actionTypeId, - params: action.params, - })); + return alertAction.map((action) => transformAlertToRuleAction(action)); } else if (legacyRuleActions != null) { return legacyRuleActions.actions; } else { From 9dbaae6c94fb90c31a42a42c43c57a38a4e3fb17 Mon Sep 17 00:00:00 2001 From: FrankHassanabad Date: Fri, 24 Sep 2021 11:22:46 -0600 Subject: [PATCH 10/12] Fixed test from strings changed --- .../notifications/legacy_rules_notification_alert_type.test.ts | 2 +- .../notifications/legacy_rules_notification_alert_type.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.test.ts index 7f4b15745e6a4..e2d7422f9422b 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.test.ts @@ -88,7 +88,7 @@ describe('legacyRules_notification_alert_type', () => { }); await alert.executor(payload); expect(logger.error).toHaveBeenCalledWith( - `Saved object for alert ${payload.params.ruleAlertId} was not found` + `Security Solution notification (Legacy) saved object for alert ${payload.params.ruleAlertId} was not found` ); }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.ts index 665009646ba56..efdeb66f76fc2 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.ts @@ -54,7 +54,7 @@ export const legacyRulesNotificationAlertType = ({ if (!ruleAlertSavedObject.attributes.params) { logger.error( - `Security Solution notification (Legacy) Saved object for alert ${params.ruleAlertId} was not found` + `Security Solution notification (Legacy) saved object for alert ${params.ruleAlertId} was not found` ); return; } From ba00ba3593507b7123c25fde0c0cc3030984fc4e Mon Sep 17 00:00:00 2001 From: FrankHassanabad Date: Mon, 27 Sep 2021 12:49:06 -0600 Subject: [PATCH 11/12] Added tests and fixed things per PR review --- .../legacy_read_notifications.test.ts | 2 +- .../legacy_rules_notification_alert_type.ts | 2 +- .../routes/rules/utils.test.ts | 66 +++++++++++++++++++ 3 files changed, 68 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_read_notifications.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_read_notifications.test.ts index b450976c6bf53..efe4e51e761b9 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_read_notifications.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_read_notifications.test.ts @@ -23,7 +23,7 @@ class LegacyTestError extends Error { public output: { statusCode: number }; } -describe('legacyRead_notifications', () => { +describe('legacyReadNotifications', () => { let rulesClient: ReturnType; beforeEach(() => { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.ts index efdeb66f76fc2..04492e4407f9f 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.ts @@ -45,7 +45,7 @@ export const legacyRulesNotificationAlertType = ({ async executor({ startedAt, previousStartedAt, alertId, services, params }) { // TODO: Change this to be a link to documentation on how to migrate: https://github.com/elastic/kibana/issues/113055 logger.warn( - 'Security Solution notification (Legacy) system detected still running. Please see documentation on how to the new notification system.' + 'Security Solution notification (Legacy) system detected still running. Please see documentation on how to migrate to the new notification system.' ); const ruleAlertSavedObject = await services.savedObjectsClient.get( 'alert', diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.test.ts index 4a5a4e097b919..672a834731b45 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.test.ts @@ -36,6 +36,9 @@ import { getQueryRuleParams, getThreatRuleParams, } from '../../schemas/rule_schemas.mock'; +// eslint-disable-next-line no-restricted-imports +import { LegacyRulesActionsSavedObject } from '../../rule_actions/legacy_get_rule_actions_saved_object'; +import { RuleAlertAction } from '../../../../../common/detection_engine/types'; type PromiseFromStreams = ImportRulesSchemaDecoded | Error; @@ -279,6 +282,69 @@ describe.each([ data: [expected], }); }); + + test('outputs 200 if the data is of type siem alert and has undefined for the legacyRuleActions', () => { + const output = transformFindAlerts( + { + page: 1, + perPage: 0, + total: 0, + data: [getAlertMock(isRuleRegistryEnabled, getQueryRuleParams())], + }, + {}, + { + '123': undefined, + } + ); + const expected = getOutputRuleAlertForRest(); + expect(output).toEqual({ + page: 1, + perPage: 0, + total: 0, + data: [expected], + }); + }); + + test('outputs 200 if the data is of type siem alert and has a legacy rule action', () => { + const actions: RuleAlertAction[] = [ + { + id: '456', + params: {}, + group: '', + action_type_id: 'action_123', + }, + ]; + + const legacyRuleActions: Record = { + [getAlertMock(isRuleRegistryEnabled, getQueryRuleParams()).id]: { + id: '123', + actions, + alertThrottle: '1h', + ruleThrottle: '1h', + }, + }; + const output = transformFindAlerts( + { + page: 1, + perPage: 0, + total: 0, + data: [getAlertMock(isRuleRegistryEnabled, getQueryRuleParams())], + }, + {}, + legacyRuleActions + ); + const expected = { + ...getOutputRuleAlertForRest(), + throttle: '1h', + actions, + }; + expect(output).toEqual({ + page: 1, + perPage: 0, + total: 0, + data: [expected], + }); + }); }); describe('transform', () => { From cdf4d8168d601681d7cdca2481472900dd56c0f5 Mon Sep 17 00:00:00 2001 From: FrankHassanabad Date: Mon, 27 Sep 2021 14:19:22 -0600 Subject: [PATCH 12/12] Updated deprecation message per PR comments --- .../security_solution/common/constants.ts | 2 +- .../notifications/legacy_add_tags.ts | 2 +- .../legacy_create_notifications.test.ts | 2 +- .../legacy_create_notifications.ts | 2 +- .../legacy_find_notifications.ts | 4 ++-- .../legacy_read_notifications.ts | 2 +- ...gacy_rules_notification_alert_type.test.ts | 2 +- .../legacy_rules_notification_alert_type.ts | 2 +- .../notifications/legacy_types.ts | 22 +++++++++---------- .../routes/__mocks__/request_responses.ts | 4 ++-- ...legacy_create_rule_actions_saved_object.ts | 4 ++-- ...gacy_get_bulk_rule_actions_saved_object.ts | 4 ++-- .../legacy_get_rule_actions_saved_object.ts | 6 ++--- .../rule_actions/legacy_migrations.ts | 10 ++------- .../legacy_saved_object_mappings.ts | 10 ++------- ...ate_or_create_rule_actions_saved_object.ts | 4 ++-- ...legacy_update_rule_actions_saved_object.ts | 4 ++-- .../rule_actions/legacy_utils.ts | 4 ++-- 18 files changed, 39 insertions(+), 51 deletions(-) diff --git a/x-pack/plugins/security_solution/common/constants.ts b/x-pack/plugins/security_solution/common/constants.ts index 8ada7689bef91..092875c57fbd0 100644 --- a/x-pack/plugins/security_solution/common/constants.ts +++ b/x-pack/plugins/security_solution/common/constants.ts @@ -202,7 +202,7 @@ export const THRESHOLD_RULE_TYPE_ID = `${RULE_TYPE_PREFIX}.thresholdRule` as con /** * Id for the notifications alerting type - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const LEGACY_NOTIFICATIONS_ID = `siem.notifications`; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_add_tags.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_add_tags.ts index 78ab27a810347..b17d8d7226a64 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_add_tags.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_add_tags.ts @@ -8,7 +8,7 @@ import { INTERNAL_RULE_ALERT_ID_KEY } from '../../../../common/constants'; /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const legacyAddTags = (tags: string[], ruleAlertId: string): string[] => Array.from(new Set([...tags, `${INTERNAL_RULE_ALERT_ID_KEY}:${ruleAlertId}`])); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_create_notifications.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_create_notifications.test.ts index ba8a0e9c83413..cc9e885d49644 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_create_notifications.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_create_notifications.test.ts @@ -10,7 +10,7 @@ import { rulesClientMock } from '../../../../../alerting/server/mocks'; import { legacyCreateNotifications } from './legacy_create_notifications'; /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ describe('legacyCreateNotifications', () => { let rulesClient: ReturnType; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_create_notifications.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_create_notifications.ts index 9b96c95106adc..13e4b405ca26b 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_create_notifications.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_create_notifications.ts @@ -13,7 +13,7 @@ import { CreateNotificationParams, LegacyRuleNotificationAlertTypeParams } from import { legacyAddTags } from './legacy_add_tags'; /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const legacyCreateNotifications = async ({ rulesClient, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_find_notifications.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_find_notifications.ts index 2146f25e381b8..51584879a4bd9 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_find_notifications.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_find_notifications.ts @@ -11,7 +11,7 @@ import { LEGACY_NOTIFICATIONS_ID } from '../../../../common/constants'; import { LegacyFindNotificationParams } from './legacy_types'; /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const legacyGetFilter = (filter: string | null | undefined) => { if (filter == null) { @@ -22,7 +22,7 @@ export const legacyGetFilter = (filter: string | null | undefined) => { }; /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const legacyFindNotifications = async ({ rulesClient, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_read_notifications.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_read_notifications.ts index e1acb7109fdf9..9e2fb9515bb82 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_read_notifications.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_read_notifications.ts @@ -13,7 +13,7 @@ import { legacyFindNotifications } from './legacy_find_notifications'; import { INTERNAL_RULE_ALERT_ID_KEY } from '../../../../common/constants'; /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const legacyReadNotifications = async ({ rulesClient, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.test.ts index e2d7422f9422b..6c0ffa65a9afa 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.test.ts @@ -25,7 +25,7 @@ import { getQueryRuleParams } from '../schemas/rule_schemas.mock'; jest.mock('./build_signals_query'); /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ describe('legacyRules_notification_alert_type', () => { let payload: LegacyNotificationExecutorOptions; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.ts index 04492e4407f9f..07f571bc7be1b 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_rules_notification_alert_type.ts @@ -23,7 +23,7 @@ import { getNotificationResultsLink } from './utils'; import { getSignals } from './get_signals'; /** - * @deprecated Once legacy notifications/"side car actions" goes away this should also be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const legacyRulesNotificationAlertType = ({ logger, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_types.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_types.ts index 4267a6497a1ae..2a52f14379845 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_types.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_types.ts @@ -19,19 +19,19 @@ import { Alert, AlertAction } from '../../../../../alerting/common'; import { LEGACY_NOTIFICATIONS_ID } from '../../../../common/constants'; /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export interface LegacyRuleNotificationAlertTypeParams extends AlertTypeParams { ruleAlertId: string; } /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export type LegacyRuleNotificationAlertType = Alert; /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export interface LegacyFindNotificationParams { rulesClient: RulesClient; @@ -44,14 +44,14 @@ export interface LegacyFindNotificationParams { } /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export interface LegacyClients { rulesClient: RulesClient; } /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export interface LegacyNotificationAlertParams { actions: AlertAction[]; @@ -62,12 +62,12 @@ export interface LegacyNotificationAlertParams { } /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export type CreateNotificationParams = LegacyNotificationAlertParams & LegacyClients; /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export interface LegacyReadNotificationParams { rulesClient: RulesClient; @@ -76,7 +76,7 @@ export interface LegacyReadNotificationParams { } /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const legacyIsAlertType = ( partialAlert: PartialAlert @@ -85,7 +85,7 @@ export const legacyIsAlertType = ( }; /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export type LegacyNotificationExecutorOptions = AlertExecutorOptions< LegacyRuleNotificationAlertTypeParams, @@ -97,7 +97,7 @@ export type LegacyNotificationExecutorOptions = AlertExecutorOptions< /** * This returns true because by default a NotificationAlertTypeDefinition is an AlertType * since we are only increasing the strictness of params. - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const legacyIsNotificationAlertExecutor = ( obj: LegacyNotificationAlertTypeDefinition @@ -112,7 +112,7 @@ export const legacyIsNotificationAlertExecutor = ( }; /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export type LegacyNotificationAlertTypeDefinition = Omit< AlertType< diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts index d7ddabd558c54..c3c3ac47baf9a 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts @@ -597,7 +597,7 @@ export const getSignalsMigrationStatusRequest = () => }); /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const legacyGetNotificationResult = (): LegacyRuleNotificationAlertType => ({ id: '200dbf2f-b269-4bf9-aa85-11ba32ba73ba', @@ -641,7 +641,7 @@ export const legacyGetNotificationResult = (): LegacyRuleNotificationAlertType = }); /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const legacyGetFindNotificationsResultWithSingleHit = (): FindHit => ({ diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_create_rule_actions_saved_object.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_create_rule_actions_saved_object.ts index 91b7265e90e6b..00607b884cec9 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_create_rule_actions_saved_object.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_create_rule_actions_saved_object.ts @@ -18,7 +18,7 @@ import { AlertAction } from '../../../../../alerting/common'; import { transformAlertToRuleAction } from '../../../../common/detection_engine/transform_actions'; /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ interface LegacyCreateRuleActionsSavedObject { ruleAlertId: string; @@ -28,7 +28,7 @@ interface LegacyCreateRuleActionsSavedObject { } /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const legacyCreateRuleActionsSavedObject = async ({ ruleAlertId, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_get_bulk_rule_actions_saved_object.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_get_bulk_rule_actions_saved_object.ts index b6f0133f85620..40b359c30219d 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_get_bulk_rule_actions_saved_object.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_get_bulk_rule_actions_saved_object.ts @@ -17,7 +17,7 @@ import { LegacyRulesActionsSavedObject } from './legacy_get_rule_actions_saved_o import { buildChunkedOrFilter } from '../signals/utils'; /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ interface LegacyGetBulkRuleActionsSavedObject { alertIds: string[]; @@ -25,7 +25,7 @@ interface LegacyGetBulkRuleActionsSavedObject { } /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const legacyGetBulkRuleActionsSavedObject = async ({ alertIds, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_get_rule_actions_saved_object.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_get_rule_actions_saved_object.ts index 35636fd59b0e0..e73735503825b 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_get_rule_actions_saved_object.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_get_rule_actions_saved_object.ts @@ -15,7 +15,7 @@ import { LegacyIRuleActionsAttributesSavedObjectAttributes } from './legacy_type import { legacyGetRuleActionsFromSavedObject } from './legacy_utils'; /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ interface LegacyGetRuleActionsSavedObject { ruleAlertId: string; @@ -23,7 +23,7 @@ interface LegacyGetRuleActionsSavedObject { } /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export interface LegacyRulesActionsSavedObject { id: string; @@ -33,7 +33,7 @@ export interface LegacyRulesActionsSavedObject { } /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const legacyGetRuleActionsSavedObject = async ({ ruleAlertId, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_migrations.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_migrations.ts index 996ff595c5567..8edb372e62e44 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_migrations.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_migrations.ts @@ -15,10 +15,7 @@ import { import { LegacyIRuleActionsAttributesSavedObjectAttributes } from './legacy_types'; /** - * We keep this around to migrate and update data for the old deprecated rule actions saved object mapping but we - * do not use it anymore within the code base. Once we feel comfortable that users are upgrade far enough and this is no longer - * needed then it will be safe to remove this saved object and all its migrations - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ function isEmptyObject(obj: {}) { for (const attr in obj) { @@ -30,10 +27,7 @@ function isEmptyObject(obj: {}) { } /** - * We keep this around to migrate and update data for the old deprecated rule actions saved object mapping but we - * do not use it anymore within the code base. Once we feel comfortable that users are upgrade far enough and this is no longer - * needed then it will be safe to remove this saved object and all its migrations - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const legacyRuleActionsSavedObjectMigration = { '7.11.2': ( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_saved_object_mappings.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_saved_object_mappings.ts index 52dd4a0691e3b..d821ca851b6b1 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_saved_object_mappings.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_saved_object_mappings.ts @@ -10,18 +10,12 @@ import { SavedObjectsType } from '../../../../../../../src/core/server'; import { legacyRuleActionsSavedObjectMigration } from './legacy_migrations'; /** - * We keep this around to migrate and update data for the old deprecated rule actions saved object mapping but we - * do not use it anymore within the code base. Once we feel comfortable that users are upgrade far enough and this is no longer - * needed then it will be safe to remove this saved object and all its migrations. - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const legacyRuleActionsSavedObjectType = 'siem-detection-engine-rule-actions'; /** - * We keep this around to migrate and update data for the old deprecated rule actions saved object mapping but we - * do not use it anymore within the code base. Once we feel comfortable that users are upgrade far enough and this is no longer - * needed then it will be safe to remove this saved object and all its migrations. - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ const legacyRuleActionsSavedObjectMappings: SavedObjectsType['mappings'] = { properties: { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_update_or_create_rule_actions_saved_object.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_update_or_create_rule_actions_saved_object.ts index 0e70911464b99..ce78bf92af490 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_update_or_create_rule_actions_saved_object.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_update_or_create_rule_actions_saved_object.ts @@ -17,7 +17,7 @@ import { legacyUpdateRuleActionsSavedObject } from './legacy_update_rule_actions import { LegacyRuleActions } from './legacy_types'; /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ interface LegacyUpdateOrCreateRuleActionsSavedObject { ruleAlertId: string; @@ -27,7 +27,7 @@ interface LegacyUpdateOrCreateRuleActionsSavedObject { } /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const legacyUpdateOrCreateRuleActionsSavedObject = async ({ savedObjectsClient, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_update_rule_actions_saved_object.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_update_rule_actions_saved_object.ts index 28a22345b685d..84c64c6a0d531 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_update_rule_actions_saved_object.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_update_rule_actions_saved_object.ts @@ -18,7 +18,7 @@ import { AlertAction } from '../../../../../alerting/common'; import { transformAlertToRuleAction } from '../../../../common/detection_engine/transform_actions'; /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ interface LegacyUpdateRuleActionsSavedObject { ruleAlertId: string; @@ -29,7 +29,7 @@ interface LegacyUpdateRuleActionsSavedObject { } /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const legacyUpdateRuleActionsSavedObject = async ({ ruleAlertId, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_utils.ts index cf1ce74d8e080..6be894c391b81 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_utils.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions/legacy_utils.ts @@ -11,7 +11,7 @@ import { RuleAlertAction } from '../../../../common/detection_engine/types'; import { LegacyIRuleActionsAttributesSavedObjectAttributes } from './legacy_types'; /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const legacyGetThrottleOptions = ( throttle: string | undefined | null = 'no_actions' @@ -24,7 +24,7 @@ export const legacyGetThrottleOptions = ( }); /** - * @deprecated Once legacy notifications/"side car actions" goes away this should be removed + * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function */ export const legacyGetRuleActionsFromSavedObject = ( savedObject: SavedObjectsUpdateResponse