[Cases] Refactor: Move cases action buttons out of timelines

[academo]

Summary

See epic: #123183

Follow up to #125782 and #125782
Closes #126069 and #126070

After #125782 and #125782 it is now required to remove the cases "add to new case" and "add to existing case" out of timelines.

No visual or ux changes.

Changes:

1. Removes the usage of the timelines hook useAddToCase and replace them for the new cases hooks
2. Implements the button UI inside each cases consumer plugin (security and observability)

Missing in this PR for follow up PRs:

• [Cases] Cleanup: Remove old APIs after refactors (once completed and merged) #126264
• [Cases] Cleanup: Delete dead code for timelines add to new case flyout display and hide logic #125761

Visually this is how the new flow for timelines action buttons related to cases work.

Checklist

Delete any items that are not applicable to this PR.

• Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
• Unit or functional tests were updated or added to match the most common scenarios

[peteharverson]

Tested and LGTM. Just left a question about a TODO comment.

[cnasikas]

Great job 🚀 ! Amazing as always. I tested and everything is working as expected.

[kqualters-elastic]

regardless of the ongoing context and plugin api discussion, this is still another step in the right direction. once @cnasikas 's suggestion about moving toaster usage into cases is done, lgtm 👍

[academo]

regardless of the ongoing context and plugin api discussion, this is still another step in the right direction. once @cnasikas 's suggestion about moving toaster usage into cases is done, lgtm +1

The toast had been moved :)

[mgiota]

Changes look good in the Observability Alerts page. Recently we integrated Alerts in the Overview page as well. Currently Overview page is broken

[mgiota]

@academo Also make sure to add proper labelling to the these tickets #126069 and #126070 so that they are properly linked with this PR

[mgiota]

@academo As discussed I will create a separate ticket to move all these in a separate file once this PR is merged

[academo]

@mgiota of course I can help you move that code out when you start working on it. We can make it a custom hook.

[academo]

Changes look good in the Observability Alerts page. Recently we integrated Alerts in the Overview page as well. Currently Overview page is broken

Thanks for the report @mgiota This is now fixed.

[mgiota]

@academo I confirm that Overview page is fixed after your latest changes!

[peteharverson]

Tested latest changes and confirmed the actions work on the Observability Overview page for me too.

[mgiota]

@academo Thanks for the fix. We will make sure to create a wrapper component that contains cases context so that both alerts and overview page can share

[academo]

@mgiota I was thinking on putting the CasesContext all the way up in the observability plugin. To have it available everywhere. What do you think?

[mgiota]

Yep exactly that was my thought as well. This will avoid us having to repeat the same code in multiple places

[kqualters-elastic]

why not take this line of reasoning 1 step further? 😬

[kibana-ci]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 8878fa1
• Storybooks Preview
• Webpack Bundle Analyzer

Test Failures

• [job] [logs] Security Solution Tests / Detections > Callouts indicating read-only access to resources On Detections home page We show one primary callout
• [job] [logs] Security Solution Tests / Detections > Callouts indicating read-only access to resources On Detections home page When a user clicks Dismiss on the callout We hide it and persist the dismissal
• [job] [logs] Security Solution Tests / Detections > Need Admin Callouts indicating an admin is needed to migrate the alert data set The users index_mapping_outdated is "false" and their admin callouts should not show up On Rule Details page "before each" hook for "We show 1 primary callout"
• [job] [logs] Security Solution Tests / Detections > Need Admin Callouts indicating an admin is needed to migrate the alert data set The users index_mapping_outdated is "true" and their admin callouts should show up On Detections home page We show the need admin primary callout
• [job] [logs] Security Solution Tests / Row renderers Suricata Signature tooltips do not overlap

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
cases	391	393	+2
observability	360	361	+1
total			+3

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
cases	59	61	+2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
cases	295.6KB	289.7KB	-6.0KB
observability	394.7KB	395.6KB	+896.0B
securitySolution	4.7MB	4.7MB	+693.0B
total			-4.4KB

Public APIs missing exports

Total count of every type that is part of your API that should be exported but is not. This will cause broken links in the API documentation system. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats exports for more detailed information.

id	before	after	diff
cases	20	19	-1

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
cases	74.1KB	82.6KB	+8.5KB
observability	87.3KB	87.5KB	+135.0B
total			+8.6KB

Unknown metric groups

API count

id	before	after	diff
cases	82	84	+2

History

• 💛 Build #27067 was flaky 115998c
• 💚 Build #26850 succeeded 9294657
• 💔 Build #26831 failed cf47c49
• 💔 Build #26790 failed c322fa1
• 💚 Build #26717 succeeded 9ba06da
• 💛 Build #26557 was flaky a8485ba

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @academo