-
Notifications
You must be signed in to change notification settings - Fork 8.1k
/
bulk_untrack_alerts.ts
108 lines (101 loc) · 3.55 KB
/
bulk_untrack_alerts.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { omitBy } from 'lodash';
import Boom from '@hapi/boom';
import { withSpan } from '@kbn/apm-utils';
import { ALERT_RULE_UUID, ALERT_UUID } from '@kbn/rule-data-utils';
import { bulkUntrackBodySchema } from './schemas';
import type { BulkUntrackBody } from './types';
import { WriteOperations, AlertingAuthorizationEntity } from '../../../../authorization';
import { retryIfConflicts } from '../../../../lib/retry_if_conflicts';
import { ruleAuditEvent, RuleAuditAction } from '../../../../rules_client/common/audit_events';
import { RulesClientContext } from '../../../../rules_client/types';
export type { BulkUntrackBody };
export async function bulkUntrackAlerts(
context: RulesClientContext,
params: BulkUntrackBody
): Promise<void> {
try {
bulkUntrackBodySchema.validate(params);
} catch (error) {
throw Boom.badRequest(`Failed to validate params: ${error.message}`);
}
return await retryIfConflicts(
context.logger,
`rulesClient.bulkUntrack('${params.alertUuids}')`,
async () => await bulkUntrackAlertsWithOCC(context, params)
);
}
async function bulkUntrackAlertsWithOCC(context: RulesClientContext, params: BulkUntrackBody) {
try {
if (!context.alertsService) throw new Error('unable to access alertsService');
const result = await context.alertsService.setAlertsToUntracked({
...params,
featureIds: params.featureIds || [],
spaceId: context.spaceId,
getAlertIndicesAlias: context.getAlertIndicesAlias,
getAuthorizedRuleTypes: context.authorization.getAuthorizedRuleTypes.bind(
context.authorization
),
ensureAuthorized: async ({
ruleTypeId,
consumer,
}: {
ruleTypeId: string;
consumer: string;
}) =>
await withSpan({ name: 'authorization.ensureAuthorized', type: 'alerts' }, () =>
context.authorization.ensureAuthorized({
ruleTypeId,
consumer,
operation: WriteOperations.Update,
entity: AlertingAuthorizationEntity.Alert,
})
),
});
// Clear alert instances from their corresponding tasks so that they can remain untracked
const taskIds = [...new Set(result.map((doc) => doc[ALERT_RULE_UUID]))];
await context.taskManager.bulkUpdateState(taskIds, (state, id) => {
try {
const uuidsToClear = result
.filter((doc) => doc[ALERT_RULE_UUID] === id)
.map((doc) => doc[ALERT_UUID]);
const alertTypeState = {
...state.alertTypeState,
trackedAlerts: omitBy(state.alertTypeState.trackedAlerts, ({ alertUuid }) =>
uuidsToClear.includes(alertUuid)
),
};
const alertInstances = omitBy(state.alertInstances, ({ meta: { uuid } }) =>
uuidsToClear.includes(uuid)
);
return {
...state,
alertTypeState,
alertInstances,
};
} catch (e) {
context.logger.error(`Failed to untrack alerts in task ID ${id}`);
return state;
}
});
context.auditLogger?.log(
ruleAuditEvent({
action: RuleAuditAction.UNTRACK_ALERT,
outcome: 'success',
})
);
} catch (error) {
context.auditLogger?.log(
ruleAuditEvent({
action: RuleAuditAction.UNTRACK_ALERT,
error,
})
);
throw error;
}
}