Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SIEM][Detection Engine] Rule Status Monitoring #54452

Merged
merged 18 commits into from Jan 14, 2020

Conversation

@dhurley14
Copy link
Contributor

dhurley14 commented Jan 10, 2020

Summary

Provides a current status per rule as well as a history of the last five errors through a new REST route.

To test the happy path for this route:

./post_rule.sh rules/queries/query_with_errors.json will post a new rule with a malformed query, so as to generate an error in the executor.

The user can then use either get_rule_by_id.sh and pass in the rule id returned after posting the rule, or utilize find_rules.sh and the current status should appear in the response, along with the rest of the data associated with a rule.

To get the last five errors for a rule the user can utilize the find_rules_statuses_by_ids.sh by providing an array of rule ids the user wishes to get the last five errors for.

ex:

# make sure no spaces in between items in array passed into this script
./find_rules_statuses_by_ids.sh '["abc-de562-645","aac-099-888"]'

which will return an object with the ids as keys and the last five errors (max) as the values.

Checklist

Use strikethroughs to remove checklist items you don't feel are applicable to this PR.

For maintainers

@dhurley14 dhurley14 self-assigned this Jan 10, 2020
const ruleStatuses = await savedObjectsClient.find({
type: ruleStatusSavedObjectType,
perPage: 10,
search: `"${id}"`,

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 10, 2020

Contributor

You want rule.id here instead of id as it is what was retrieved by either id or rue_id.

@@ -41,8 +44,24 @@ export const createReadRulesRoute: Hapi.ServerRoute = {
id,
ruleId,
});
const ruleStatuses = await savedObjectsClient.find({

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 10, 2020

Contributor

You want to move the above code because rule could be null right in this check like so:

      const rule = await readRules({
        alertsClient,
        id,
        ruleId,
      });
      if (rule != null) {
        const ruleStatuses = await savedObjectsClient.find({
          type: ruleStatusSavedObjectType,
          perPage: 10,
          search: `"${rule.id}"`,
          searchFields: ['alertId'],
        });
        ruleStatuses.saved_objects.sort((a, b) => {
          const dateA = new Date(a.attributes.statusDate);
          const dateB = new Date(b.attributes.statusDate);
          if (dateA < dateB) {
            return 1;
          } else if (dateA === dateB) {
            return 0;
          }
          return -1;
        });
        return transformOrError(rule, ruleStatuses); // update this to run with an array of rule statuses
      } else {
        return getIdError({ id, ruleId });
      }
    } catch (err) {
      return transformError(err);
    }
const ruleStatuses = await savedObjectsClient.find({
type: ruleStatusSavedObjectType,
perPage: 10,
search: `"${id}"`,

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 10, 2020

Contributor

You want rule.id here instead of id as it is what was retrieved by either id or rue_id.

search: `"${id}"`,
searchFields: ['alertId'],
});
ruleStatuses.saved_objects.sort((a, b) => {

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 10, 2020

Contributor

For the searches once you move over to date times you can do:

        const ruleStatuses = await savedObjectsClient.find({
          type: ruleStatusSavedObjectType,
          perPage: 5,
          search: `"${rule.id}"`,
          searchFields: ['alertId'],
          sortField: 'statusDate',
          sortOrder: 'desc',
        });

Where you're using sortOder: 'desc' and sortField and the perPage if you set it to 5 then it will return you 5 records and you will have everything you need.

@dhurley14 dhurley14 force-pushed the dhurley14:success-failure-running-status branch from 74a6fba to 6e71594 Jan 13, 2020
@dhurley14 dhurley14 marked this pull request as ready for review Jan 13, 2020
@elasticmachine

This comment has been minimized.

Copy link
Contributor

elasticmachine commented Jan 13, 2020

Pinging @elastic/siem (Team:SIEM)

@dhurley14 dhurley14 force-pushed the dhurley14:success-failure-running-status branch from d89dc22 to 48a6426 Jan 13, 2020
type: 'keyword',
},
statusDate: {
type: 'keyword', // TODO: CHANGE THIS TO DATE LATER

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 13, 2020

Contributor

Change this to Date

type: 'keyword', // TODO: CHANGE THIS TO DATE LATER
},
lastFailureAt: {
type: 'keyword', // TODO: CHANGE THIS TO DATE LATER

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 13, 2020

Contributor

Change this to Date

type: 'keyword', // TODO: CHANGE THIS TO DATE LATER
},
lastSuccessAt: {
type: 'keyword', // TODO: CHANGE THIS TO DATE LATER

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 13, 2020

Contributor

Change this to Date

properties: {
alertId: {
type: 'text',
},

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 13, 2020

Contributor

I think you want keyword here instead of text since its an id?

This comment has been minimized.

Copy link
@dhurley14

dhurley14 Jan 13, 2020

Author Contributor

Yes definitely. I changed it to text when I wasn't sure how I was going to search on it and never changed it to keyword. Thanks for the catch.

IRuleSavedAttributesSavedObjectAttributes
>({
type: ruleStatusSavedObjectType,
perPage: 10,

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 13, 2020

Contributor

This should work with perPage: 1 I would change it now and ensure that works out. Getting 10 per page to toss away 9 seems wasteful.

>({
type: ruleStatusSavedObjectType,
perPage: 6,
search: `${rule?.id}`,

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 13, 2020

Contributor

Avoid the rule?.id check here by just moving these blocks in the if check like so:

        try {
          const rule = await deleteRules({
            actionsClient,
            alertsClient,
            id,
            ruleId,
          });
          if (rule != null) {
            const ruleStatuses = await savedObjectsClient.find<
              IRuleSavedAttributesSavedObjectAttributes
            >({
              type: ruleStatusSavedObjectType,
              perPage: 6,
              search: `${rule.id}`,
              searchFields: ['alertId'],
            });
            ruleStatuses.saved_objects.forEach(async obj =>
              savedObjectsClient.delete(ruleStatusSavedObjectType, obj.id)
            );
            return transformOrBulkError(idOrRuleIdOrUnknown, rule);
          } else {
            return getIdBulkError({ id, ruleId });
          }
        } catch (err) {
          return transformBulkError(idOrRuleIdOrUnknown, err);
        }

Change these three:

  • delete_rules_bulk_route.ts
  • delete_rules_route.ts
  • read_rules_route.ts

You don't want to be sending searches of null down but instead skip the extra query altogether.

{
type: ruleStatusSavedObjectType,
perPage: 5,
search: `${rule?.id}`,

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 13, 2020

Contributor

Move this block below the if check and remove the ? here for a rule.id with no string interpolation

IRuleSavedAttributesSavedObjectAttributes
>({
type: ruleStatusSavedObjectType,
perPage: 6, // 0th element is current status, 1-5 is last 5 failures.

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 13, 2020

Contributor

Wouldn't 5 status be [0,5] inclusive where the first status starts at an index of 0, and the 5 ends with 4?

You have a mix of perPage: 6 of 6 vs. 5 is this all correct?

This comment has been minimized.

Copy link
@dhurley14

dhurley14 Jan 13, 2020

Author Contributor

Yes I should have added a comment in the code here - I have to store a sixth historical item as a "current status". This is for the case where a status has failed five previous times and their current status is either executing or successful, I don't want to drop the 5th error to insert this executing / successful status. So I keep a 6th one (the most recent one) as a way to track the current status of the executing rule and the other 5 spots are for the 5 errors (if a rule has five errors in its history).

This comment has been minimized.

Copy link
@dhurley14

dhurley14 Jan 13, 2020

Author Contributor

I'm going to double check that I have my logic correct though.

lastFailureAt: '1970-01-01T00:00:00Z', // default to unix epoch time
lastSuccessAt: '1970-01-01T00:00:00Z',
lastFailureMessage: '',
lastSuccessMessage: '',

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 13, 2020

Contributor

I would default any unknowns as null in the data store and on return statements the UI might or might not get these status's rather than giving it hard coded sentinel values. The contract for the front end is optionally we return the lastFailureAt, lastSuccessAt, lastFailureMessage, lastSuccessMessage but if we don't assume they are not set.

logger.debug(
`Finished signal rule name: "${name}", id: "${alertId}", rule_id: "${ruleId}"`
`[+] Initial search call of signal rule name: "${name}", id: "${alertId}", rule_id: "${ruleId}"`

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 13, 2020

Contributor

Thanks for this fix! 👍

currentStatusSavedObject.attributes.status = 'failed';
currentStatusSavedObject.attributes.statusDate = sDate;
currentStatusSavedObject.attributes.lastFailureAt = sDate;
currentStatusSavedObject.attributes.lastFailureMessage = 'There was an error!!';

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 13, 2020

Contributor

Let's give some first pass better message for this like the lines on 218.

currentStatusSavedObject.attributes.status = 'failed';
currentStatusSavedObject.attributes.statusDate = sDate;
currentStatusSavedObject.attributes.lastFailureAt = sDate;
currentStatusSavedObject.attributes.lastFailureMessage = JSON.stringify(err, null, 4);

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 13, 2020

Contributor

JavaScript trivia bug, paste this into your browser:

JSON.stringify(new Error('Hello how are you?'))
"{}"

doing a stringify on an error never does what you would hope it would do. You want to change this to a simple text error message for now but not stringify new Error types as they won't do anything.

currentStatusSavedObject.attributes.status = 'failed';
currentStatusSavedObject.attributes.statusDate = sDate;
currentStatusSavedObject.attributes.lastFailureAt = sDate;
currentStatusSavedObject.attributes.lastFailureMessage = JSON.stringify(exception, null, 4);

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 13, 2020

Contributor

Same advice, change out the stringify real quick for a regular text message

@dhurley14 dhurley14 force-pushed the dhurley14:success-failure-running-status branch from 6faede4 to cee5c6e Jan 13, 2020
.toLowerCase();
return { [newKey]: obj[item], ...acc };
}, {});
};

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 13, 2020

Contributor

I will accept this but we need to change this with a follow up PR possibly as from the discussion ticket on Kibana I think they said they didn't want us to do a looping replace.

For now, can we quickly replace this with this call:
https://lodash.com/docs/4.17.15#snakeCase

To lower our code surface area?

This comment has been minimized.

Copy link
@dhurley14

dhurley14 Jan 14, 2020

Author Contributor

Just pushed the update with the replacement using lodash. I agree. Maybe something like the transformAlertToRule function you wrote?

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 14, 2020

Contributor

Later yeah. We can use the lodash one for now to get this across the line

search: rule.id,
searchFields: ['alertId'],
});
return transformOrError(rule, ruleStatuses); // update this to run with an array of rule statuses

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 14, 2020

Contributor

You sure you don't want this to be:

return transformOrError(rule, ruleStatuses.saved_objects[0]); // update this to run with an array of rule statuses

Like in your other call?

This comment has been minimized.

Copy link
@dhurley14

dhurley14 Jan 14, 2020

Author Contributor

I probably should update this for clarity however the updates I made to the transformOrError function handle both cases.

This comment has been minimized.

Copy link
@dhurley14

dhurley14 Jan 14, 2020

Author Contributor

updated to match other use instances.

return pickBy<OutputRuleAlertRest>((value: unknown) => value != null, {
created_at: alert.params.createdAt,
updated_at: alert.params.updatedAt,
updated_at: ruleStatus?.attributes.statusDate ?? alert.params.updatedAt,

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 14, 2020

Contributor

Mistake maybe here? Just because a rule has a new status, I don't think that means the rule its self is updated? Otherwise won't we continuously show the rule being updated when its not? Every time someone goes to edit a rule or change it while its running it would show that the rule is always updated?

I would for now keep this updated_at separate from the status_date status_date

@@ -0,0 +1,12 @@
{
"name": "Query with a rule id",
"description": "Query with a rule_id that acts like an external id",

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 14, 2020

Contributor

I would change the description to match the rule test case of: Query with a rule_id that causes an error

@dhurley14 dhurley14 force-pushed the dhurley14:success-failure-running-status branch from 82dce79 to bda97e1 Jan 14, 2020


# Example: ./find_rules_statuses_by_ids.sh '["12345","6789abc"]'
curl -g -k \

This comment has been minimized.

Copy link
@FrankHassanabad

FrankHassanabad Jan 14, 2020

Contributor

You really wanted curl -s -k here, but a follow up PR we can fix that.

Copy link
Contributor

FrankHassanabad left a comment

Thanks for all the work here, can't wait to see it on the UI! Really tricky doing data joins and all the interesting corner cases, but you got them it all as far as I can tell.

LGTM!

dhurley14 added 18 commits Jan 7, 2020
…point to only respond with 'status' and not status info. Will create another endpoint to get status details for a rule which will include last five errors (if there are any). Still need tests
…ds try-catch and more logic in executor for logging errors, adds scripts and rules for testing, updates find_rules endpoint to display statuses too. Would like to look into using the alerts executor state to better manage logic for statuses, and need to update some types. Also needs unit tests still.
…le status happens when formatting REST response.
…aces provided by saved objects module. Update tests to pass - Need to write new unit tests in an upcoming commit. Next commit will be cleanup from comments then new unit tests.
…ields to the saved objects find queries.
…historical status list
…e created inside of executor so we will not be needing to create statuses directly inside of the create rules bulk route, so I removed that extraneous code.
…updates tests to represent this change. Also removes extraneous quotes inserted around alertId field when creating a new historical status.
…ges in rule statuses to just store actual message, moved querying of rules statuses under a null check, initialize everything to null when first creating rule status, update number of results returned when querying saved objects based on usage, updates saved objects mapping types to use date for dates and keyword for alertId.
…urn for find rules, delete rules, and read rules.
… update updated_at in rule on update of rule, removes unlabeled todo comment, updates scripts descriptions, removes interval from query_with_rule_id.json sample query, removes debug statement, removes verbose from curl script.
@dhurley14 dhurley14 force-pushed the dhurley14:success-failure-running-status branch from bda97e1 to bdd371d Jan 14, 2020
@kibanamachine

This comment has been minimized.

Copy link

kibanamachine commented Jan 14, 2020

💚 Build Succeeded

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@dhurley14 dhurley14 merged commit c976094 into elastic:master Jan 14, 2020
55 checks passed
55 checks passed
API integration tests node scripts/functional_tests --config test/api_integration/config.js --bail --debug
Details
Browser tests yarn run grunt test:browser-ci
Details
Build kbn_tp_sample_panel_action yarn build
Details
CLA All commits in pull request signed
Details
Check core API changes node scripts/check_core_api_changes
Details
Check file casing node scripts/check_file_casing --quiet
Details
Check licenses node scripts/check_licenses --dev
Details
Example functional tests node scripts/functional_tests --config test/examples/config.js --bail --debug
Details
Firefox smoke test node scripts/functional_tests --bail --debug --kibana-install-dir /dev/shm/workspace/kibana/build/oss/kibana-8.0.0-SNAPSHOT-linux-x86_64 --include-tag smoke --config test/functional/config.firefox.js
Details
Functional tests / Group 1 yarn run grunt run:functionalTests_ciGroup1
Details
Functional tests / Group 10 yarn run grunt run:functionalTests_ciGroup10
Details
Functional tests / Group 11 yarn run grunt run:functionalTests_ciGroup11
Details
Functional tests / Group 12 yarn run grunt run:functionalTests_ciGroup12
Details
Functional tests / Group 2 yarn run grunt run:functionalTests_ciGroup2
Details
Functional tests / Group 3 yarn run grunt run:functionalTests_ciGroup3
Details
Functional tests / Group 4 yarn run grunt run:functionalTests_ciGroup4
Details
Functional tests / Group 5 yarn run grunt run:functionalTests_ciGroup5
Details
Functional tests / Group 6 yarn run grunt run:functionalTests_ciGroup6
Details
Functional tests / Group 7 yarn run grunt run:functionalTests_ciGroup7
Details
Functional tests / Group 8 yarn run grunt run:functionalTests_ciGroup8
Details
Functional tests / Group 9 yarn run grunt run:functionalTests_ciGroup9
Details
Internationalization check node scripts/i18n_check --ignore-missing
Details
Interpreter functional tests node scripts/functional_tests --config test/interpreter_functional/config.ts --bail --debug --kibana-install-dir /dev/shm/workspace/kibana/build/oss/kibana-8.0.0-SNAPSHOT-linux-x86_64-2
Details
Jest integration tests yarn run grunt test:jest_integration
Details
Jest tests yarn run grunt test:jest
Details
Kibana accessibility tests node scripts/functional_tests --debug --bail --kibana-install-dir /dev/shm/workspace/kibana/build/oss/kibana-8.0.0-SNAPSHOT-linux-x86_64 --config test/accessibility/config.ts
Details
Mocha tests node scripts/mocha
Details
Plugin functional tests node scripts/functional_tests --config test/plugin_functional/config.js --bail --debug
Details
Project tests yarn run grunt test:projects
Details
Type check node scripts/type_check
Details
TypeScript - all files belong to a TypeScript project node scripts/check_ts_projects
Details
Verify NOTICE.txt node scripts/notice --validate
Details
Verify dependency versions yarn run grunt verifyDependencyVersions
Details
X-Pack Chrome Functional tests / Group 1 node scripts/functional_tests --debug --bail --kibana-install-dir /dev/shm/workspace/install/kibana-2 --include-tag ciGroup1
Details
X-Pack Chrome Functional tests / Group 10 node scripts/functional_tests --debug --bail --kibana-install-dir /dev/shm/workspace/install/kibana-11 --include-tag ciGroup10
Details
X-Pack Chrome Functional tests / Group 2 node scripts/functional_tests --debug --bail --kibana-install-dir /dev/shm/workspace/install/kibana-3 --include-tag ciGroup2
Details
X-Pack Chrome Functional tests / Group 3 node scripts/functional_tests --debug --bail --kibana-install-dir /dev/shm/workspace/install/kibana-4 --include-tag ciGroup3
Details
X-Pack Chrome Functional tests / Group 4 node scripts/functional_tests --debug --bail --kibana-install-dir /dev/shm/workspace/install/kibana-5 --include-tag ciGroup4
Details
X-Pack Chrome Functional tests / Group 5 node scripts/functional_tests --debug --bail --kibana-install-dir /dev/shm/workspace/install/kibana-6 --include-tag ciGroup5
Details
X-Pack Chrome Functional tests / Group 6 node scripts/functional_tests --debug --bail --kibana-install-dir /dev/shm/workspace/install/kibana-7 --include-tag ciGroup6
Details
X-Pack Chrome Functional tests / Group 7 node scripts/functional_tests --debug --bail --kibana-install-dir /dev/shm/workspace/install/kibana-8 --include-tag ciGroup7
Details
X-Pack Chrome Functional tests / Group 8 node scripts/functional_tests --debug --bail --kibana-install-dir /dev/shm/workspace/install/kibana-9 --include-tag ciGroup8
Details
X-Pack Chrome Functional tests / Group 9 node scripts/functional_tests --debug --bail --kibana-install-dir /dev/shm/workspace/install/kibana-10 --include-tag ciGroup9
Details
X-Pack Jest node scripts/jest --ci --verbose
Details
X-Pack Karma Tests yarn test:browser
Details
X-Pack SIEM cyclic dependency test node legacy/plugins/siem/scripts/check_circular_deps
Details
X-Pack accessibility tests node scripts/functional_tests --debug --bail --kibana-install-dir /dev/shm/workspace/install/kibana --config test/accessibility/config.ts
Details
X-Pack firefox smoke test node scripts/functional_tests --debug --bail --kibana-install-dir /dev/shm/workspace/install/kibana-1 --include-tag smoke --config test/functional/config.firefox.js
Details
elasticsearch-ci/docs Build finished.
Details
eslint node scripts/eslint --no-cache
Details
kibana-ci Build finished.
Details
prbot:outdated
prbot:release note labels
prbot:release version labels
sasslint node scripts/sasslint
Details
dhurley14 added a commit to dhurley14/kibana that referenced this pull request Jan 14, 2020
* Working status updates in executor. Need to update read rules api endpoint to only respond with 'status' and not status info. Will create another endpoint to get status details for a rule which will include last five errors (if there are any). Still need tests

* adds new route for getting statuses for a list of given alert ids, adds try-catch and more logic in executor for logging errors, adds scripts and rules for testing, updates find_rules endpoint to display statuses too. Would like to look into using the alerts executor state to better manage logic for statuses, and need to update some types. Also needs unit tests still.

* updated types for routes, updated how merging of alert-to-rule and rule status happens when formatting REST response.

* typecast test server as ServerFacade type

* fix bug where we were not awaiting the accumulated result in the reducer

* update rule status saved object interfaces to play nicely with interfaces provided by saved objects module. Update tests to pass - Need to write new unit tests in an upcoming commit. Next commit will be cleanup from comments then new unit tests.

* fix missed conflicts after rebase

* replace id param with rule.id when searching in statuses, adds sort fields to the saved objects find queries.

* fixes bug where 'executing' statuses were being written into failing historical status list

* camelCase to snake_case in new statuses route, also fix merge conflict

* add deletion of rule statuses to delete_rules_bulk_route. Statuses are created inside of executor so we will not be needing to create statuses directly inside of the create rules bulk route, so I removed that extraneous code.

* pr feedback I forgot to fix earlier

* remove unused import. fixes type check error generated in previous commit

* removes status information from rule when saved to signals index and updates tests to represent this change. Also removes extraneous quotes inserted around alertId field when creating a new historical status.

* adds new bash script to delete all rule statuses, updates error messages in rule statuses to just store actual message, moved querying of rules statuses under a null check, initialize everything to null when first creating rule status, update number of results returned when querying saved objects based on usage, updates saved objects mapping types to use date for dates and keyword for alertId.

* use lodash snake case and update total number of saved objects to return for find rules, delete rules, and read rules.

* updates how statuses are transformed inside of read_rules_route, only update updated_at in rule on update of rule, removes unlabeled todo comment, updates scripts descriptions, removes interval from query_with_rule_id.json sample query, removes debug statement, removes verbose from curl script.

* display rule status on update
dhurley14 added a commit that referenced this pull request Jan 14, 2020
* Working status updates in executor. Need to update read rules api endpoint to only respond with 'status' and not status info. Will create another endpoint to get status details for a rule which will include last five errors (if there are any). Still need tests

* adds new route for getting statuses for a list of given alert ids, adds try-catch and more logic in executor for logging errors, adds scripts and rules for testing, updates find_rules endpoint to display statuses too. Would like to look into using the alerts executor state to better manage logic for statuses, and need to update some types. Also needs unit tests still.

* updated types for routes, updated how merging of alert-to-rule and rule status happens when formatting REST response.

* typecast test server as ServerFacade type

* fix bug where we were not awaiting the accumulated result in the reducer

* update rule status saved object interfaces to play nicely with interfaces provided by saved objects module. Update tests to pass - Need to write new unit tests in an upcoming commit. Next commit will be cleanup from comments then new unit tests.

* fix missed conflicts after rebase

* replace id param with rule.id when searching in statuses, adds sort fields to the saved objects find queries.

* fixes bug where 'executing' statuses were being written into failing historical status list

* camelCase to snake_case in new statuses route, also fix merge conflict

* add deletion of rule statuses to delete_rules_bulk_route. Statuses are created inside of executor so we will not be needing to create statuses directly inside of the create rules bulk route, so I removed that extraneous code.

* pr feedback I forgot to fix earlier

* remove unused import. fixes type check error generated in previous commit

* removes status information from rule when saved to signals index and updates tests to represent this change. Also removes extraneous quotes inserted around alertId field when creating a new historical status.

* adds new bash script to delete all rule statuses, updates error messages in rule statuses to just store actual message, moved querying of rules statuses under a null check, initialize everything to null when first creating rule status, update number of results returned when querying saved objects based on usage, updates saved objects mapping types to use date for dates and keyword for alertId.

* use lodash snake case and update total number of saved objects to return for find rules, delete rules, and read rules.

* updates how statuses are transformed inside of read_rules_route, only update updated_at in rule on update of rule, removes unlabeled todo comment, updates scripts descriptions, removes interval from query_with_rule_id.json sample query, removes debug statement, removes verbose from curl script.

* display rule status on update
jkelastic added a commit to jkelastic/kibana that referenced this pull request Jan 17, 2020
* Working status updates in executor. Need to update read rules api endpoint to only respond with 'status' and not status info. Will create another endpoint to get status details for a rule which will include last five errors (if there are any). Still need tests

* adds new route for getting statuses for a list of given alert ids, adds try-catch and more logic in executor for logging errors, adds scripts and rules for testing, updates find_rules endpoint to display statuses too. Would like to look into using the alerts executor state to better manage logic for statuses, and need to update some types. Also needs unit tests still.

* updated types for routes, updated how merging of alert-to-rule and rule status happens when formatting REST response.

* typecast test server as ServerFacade type

* fix bug where we were not awaiting the accumulated result in the reducer

* update rule status saved object interfaces to play nicely with interfaces provided by saved objects module. Update tests to pass - Need to write new unit tests in an upcoming commit. Next commit will be cleanup from comments then new unit tests.

* fix missed conflicts after rebase

* replace id param with rule.id when searching in statuses, adds sort fields to the saved objects find queries.

* fixes bug where 'executing' statuses were being written into failing historical status list

* camelCase to snake_case in new statuses route, also fix merge conflict

* add deletion of rule statuses to delete_rules_bulk_route. Statuses are created inside of executor so we will not be needing to create statuses directly inside of the create rules bulk route, so I removed that extraneous code.

* pr feedback I forgot to fix earlier

* remove unused import. fixes type check error generated in previous commit

* removes status information from rule when saved to signals index and updates tests to represent this change. Also removes extraneous quotes inserted around alertId field when creating a new historical status.

* adds new bash script to delete all rule statuses, updates error messages in rule statuses to just store actual message, moved querying of rules statuses under a null check, initialize everything to null when first creating rule status, update number of results returned when querying saved objects based on usage, updates saved objects mapping types to use date for dates and keyword for alertId.

* use lodash snake case and update total number of saved objects to return for find rules, delete rules, and read rules.

* updates how statuses are transformed inside of read_rules_route, only update updated_at in rule on update of rule, removes unlabeled todo comment, updates scripts descriptions, removes interval from query_with_rule_id.json sample query, removes debug statement, removes verbose from curl script.

* display rule status on update
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.