-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ResponseOps][FE] Alert creation delay based on user definition #176346
[ResponseOps][FE] Alert creation delay based on user definition #176346
Conversation
…bana into alerting/notification-delay
…/kibana into alerting/notification-delay-fe
/ci |
…/kibana into alerting/alert-delay-actual-fe
/ci |
Pinging @elastic/response-ops (Team:ResponseOps) |
…/rule_form/rule_form.tsx Co-authored-by: Lisa Cawley <lcawley@elastic.co>
Related to #176346 (comment) ... IMO it would look nice to have this new field align with the "check every" field. For example, "Alert every" (or "Alert after") xx "matches" (or "consecutive matches"). Then if I'm understanding correctly, you would have a default value of "1", since generally we create alerts after a single match. |
Resolved in this commit 7faa680 , thanks for your help! 🙂 |
Thanks for the ping @pmuellr! Sorry all, I deleted my last comment because I was wrong - even I get confused about encrypted objects stuff sometimes. This is a little complicated, so bear with me...
Clear as mud? @doakalexi If you keep the default behavior of including the new attribute, there will not be a problem with ZDT, however, the attribute will always and forever be included in AAD. If the preference is to not include this attribute, I would recommend staging the changes to coincide with serverless releases (3b above). Regarding #167705, I can update this PR if necessary to account for the new attribute. I am happy to schedule a sync meeting on this to go over the details if necessary. Please let me know. |
Pretty sure we don't want this in the AAD, unless it ends up being the far easiestt way of doing this. Which implies doing the "staging" of changes across releases. @kobelb is this our first one? |
It is... I think we have two options here:
I'm guessing that 1) is going to be a lot less work than 2). Does that seem right @doakalexi and/or @pmuellr? |
So, my read is that
So, seems to me like 1) is easier. They're both weird, as the field isn't mapped, so literaly that first PR for 1) will be a one-liner (in theory) that adds it to the AAD omit list, where it's not actually even referenced anywhere. I suppose we should actually try both, to see if we missed anything. Which will be a little difficult, seems like, testing a version upgrade. We're going to need an easy way to test these "upgrade" / "rollback", using the same or very similiar "versions" of things, for situations like this ... |
I wanted to make sure everyone is aware that we already merged a PR with all the backend changes #175851 last week. This PR is for the front-end and only adds the |
As @doakalexi said, the backend changes to update the API to create a rule with Since it's not available in the UI and the API change is undocumented and the field is optional, I believe there shouldn't be any rules that have this field. Given this, should we do this from Patrick's suggestion
Just merge a PR to add the field to the AAD omit list, to be included in the next release? |
@doakalexi Thanks for pointing me to the right UI 🤦 I think the updated version is much better and solves many of my concerns. The only last (optional IMO) change is to consider hiding this initially if most users will not need this. I'd prefer the icon only option on the right, to save vertical space. But without knowing how much this is requested, i'm fine waiting to do this part later. |
…/kibana into alerting/alert-delay-actual-fe
Hi @jeramysoucy, after discussing internally the team has decided to keep the default behavior of including the new attribute. We should update #167705 to account for the new attribute. Thanks for your input and help with this! |
Thank you for the follow up @doakalexi! I know this is not ideal, and hopefully we can get #167705 completed soon to make life a little bit easier. If response ops needs to make other changes to ESOs in the meantime, please feel free to add me or the kibana security team for review. Always happy to help! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Everything looked ok to me before, except the AAD / ZDT aspect, which we have now resolved. Still LGTM given the changes since my review ...
Thanks so much for your review, I am going to go ahead and make this change in a separate PR. |
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: |
…tic#176346) Resolves elastic#173009 ## Summary Adds a new input for the user to define the `alertDelay`. This input is available for life-cycled alerts (stack and o11y) rule types. ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### To verify - Using the UI create a rule with the `alertDelay` field set. - Verify that the field is saved properly and that you can edit the `alertDelay` - Verify that you can add the alert delay to existing rules. Create a rule in a different branch and switch to this one. Edit the rule and set the `alertDelay`. Verify that the rule saves and works as expected. --------- Co-authored-by: Lisa Cawley <lcawley@elastic.co> (cherry picked from commit 68d6ab2)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
#176346) (#177051) # Backport This will backport the following commits from `main` to `8.13`: - [[ResponseOps][FE] Alert creation delay based on user definition (#176346)](#176346) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Alexi Doak","email":"109488926+doakalexi@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-02-15T17:13:06Z","message":"[ResponseOps][FE] Alert creation delay based on user definition (#176346)\n\nResolves https://github.com/elastic/kibana/issues/173009\r\n\r\n## Summary\r\n\r\nAdds a new input for the user to define the `alertDelay`. This input is\r\navailable for life-cycled alerts (stack and o11y) rule types.\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n\r\n### To verify\r\n\r\n- Using the UI create a rule with the `alertDelay` field set.\r\n- Verify that the field is saved properly and that you can edit the\r\n`alertDelay`\r\n- Verify that you can add the alert delay to existing rules. Create a\r\nrule in a different branch and switch to this one. Edit the rule and set\r\nthe `alertDelay`. Verify that the rule saves and works as expected.\r\n\r\n---------\r\n\r\nCo-authored-by: Lisa Cawley <lcawley@elastic.co>","sha":"68d6ab21354bcf0504dc3664b818ab07f94340bc","branchLabelMapping":{"^v8.14.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:ResponseOps","v8.13.0","v8.14.0"],"title":"[ResponseOps][FE] Alert creation delay based on user definition","number":176346,"url":"https://github.com/elastic/kibana/pull/176346","mergeCommit":{"message":"[ResponseOps][FE] Alert creation delay based on user definition (#176346)\n\nResolves https://github.com/elastic/kibana/issues/173009\r\n\r\n## Summary\r\n\r\nAdds a new input for the user to define the `alertDelay`. This input is\r\navailable for life-cycled alerts (stack and o11y) rule types.\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n\r\n### To verify\r\n\r\n- Using the UI create a rule with the `alertDelay` field set.\r\n- Verify that the field is saved properly and that you can edit the\r\n`alertDelay`\r\n- Verify that you can add the alert delay to existing rules. Create a\r\nrule in a different branch and switch to this one. Edit the rule and set\r\nthe `alertDelay`. Verify that the rule saves and works as expected.\r\n\r\n---------\r\n\r\nCo-authored-by: Lisa Cawley <lcawley@elastic.co>","sha":"68d6ab21354bcf0504dc3664b818ab07f94340bc"}},"sourceBranch":"main","suggestedTargetBranches":["8.13"],"targetPullRequestStates":[{"branch":"8.13","label":"v8.13.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.14.0","branchLabelMappingKey":"^v8.14.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/176346","number":176346,"mergeCommit":{"message":"[ResponseOps][FE] Alert creation delay based on user definition (#176346)\n\nResolves https://github.com/elastic/kibana/issues/173009\r\n\r\n## Summary\r\n\r\nAdds a new input for the user to define the `alertDelay`. This input is\r\navailable for life-cycled alerts (stack and o11y) rule types.\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n\r\n### To verify\r\n\r\n- Using the UI create a rule with the `alertDelay` field set.\r\n- Verify that the field is saved properly and that you can edit the\r\n`alertDelay`\r\n- Verify that you can add the alert delay to existing rules. Create a\r\nrule in a different branch and switch to this one. Edit the rule and set\r\nthe `alertDelay`. Verify that the rule saves and works as expected.\r\n\r\n---------\r\n\r\nCo-authored-by: Lisa Cawley <lcawley@elastic.co>","sha":"68d6ab21354bcf0504dc3664b818ab07f94340bc"}}]}] BACKPORT--> Co-authored-by: Alexi Doak <109488926+doakalexi@users.noreply.github.com>
…tic#176346) Resolves elastic#173009 ## Summary Adds a new input for the user to define the `alertDelay`. This input is available for life-cycled alerts (stack and o11y) rule types. ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### To verify - Using the UI create a rule with the `alertDelay` field set. - Verify that the field is saved properly and that you can edit the `alertDelay` - Verify that you can add the alert delay to existing rules. Create a rule in a different branch and switch to this one. Edit the rule and set the `alertDelay`. Verify that the rule saves and works as expected. --------- Co-authored-by: Lisa Cawley <lcawley@elastic.co>
Resolves #173009
Summary
Adds a new input for the user to define the
alertDelay
. This input is available for life-cycled alerts (stack and o11y) rule types.Checklist
Delete any items that are not applicable to this PR.
To verify
alertDelay
field set.alertDelay
alertDelay
. Verify that the rule saves and works as expected.