diff --git a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/common.ts b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/common.ts index 549bbcff4cdfe..20c84109b0be1 100644 --- a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/common.ts +++ b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/common.ts @@ -359,8 +359,9 @@ export const syntheticsRuleTypeFieldMap = { ...legacyExperimentalFieldMap, }; -export const SyntheticsRuleTypeAlertDefinition: IRuleTypeAlerts = { +export const SyntheticsRuleTypeAlertDefinition: IRuleTypeAlerts = { context: SYNTHETICS_RULE_TYPES_ALERT_CONTEXT, mappings: { fieldMap: syntheticsRuleTypeFieldMap }, useLegacyAlerts: true, + shouldWrite: true, }; diff --git a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/monitor_status_rule.ts b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/monitor_status_rule.ts index d042e8d323302..c823abe7d083f 100644 --- a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/monitor_status_rule.ts +++ b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/monitor_status_rule.ts @@ -8,13 +8,11 @@ import { DEFAULT_APP_CATEGORIES } from '@kbn/core/server'; import { isEmpty } from 'lodash'; import { ActionGroupIdsOf } from '@kbn/alerting-plugin/common'; -import { PluginSetupContract } from '@kbn/alerting-plugin/server'; import { GetViewInAppRelativeUrlFnOpts, AlertInstanceContext as AlertContext, RuleExecutorOptions, AlertsClientError, - IRuleTypeAlerts, } from '@kbn/alerting-plugin/server'; import { observabilityPaths } from '@kbn/observability-plugin/common'; import { ObservabilityUptimeAlert } from '@kbn/alerts-as-data-utils'; @@ -55,16 +53,15 @@ type MonitorStatusAlert = ObservabilityUptimeAlert; export const registerSyntheticsStatusCheckRule = ( server: SyntheticsServerSetup, plugins: SyntheticsPluginsSetupDependencies, - syntheticsMonitorClient: SyntheticsMonitorClient, - alerting: PluginSetupContract + syntheticsMonitorClient: SyntheticsMonitorClient ) => { - if (!alerting) { + if (!plugins.alerting) { throw new Error( 'Cannot register the synthetics monitor status rule type. The alerting plugin needs to be enabled.' ); } - alerting.registerType({ + plugins.alerting.registerType({ id: SYNTHETICS_ALERT_RULE_TYPES.MONITOR_STATUS, category: DEFAULT_APP_CATEGORIES.observability.id, producer: 'uptime', @@ -172,10 +169,7 @@ export const registerSyntheticsStatusCheckRule = ( state: updateState(ruleState, !isEmpty(downConfigs), { downConfigs }), }; }, - alerts: { - ...SyntheticsRuleTypeAlertDefinition, - shouldWrite: true, - } as IRuleTypeAlerts, + alerts: SyntheticsRuleTypeAlertDefinition, fieldsForAAD: Object.keys(syntheticsRuleFieldMap), getViewInAppRelativeUrl: ({ rule }: GetViewInAppRelativeUrlFnOpts<{}>) => observabilityPaths.ruleDetails(rule.id), diff --git a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/message_utils.test.ts b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/message_utils.test.ts new file mode 100644 index 0000000000000..e07ba00c1de6c --- /dev/null +++ b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/message_utils.test.ts @@ -0,0 +1,167 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { IBasePath } from '@kbn/core/server'; +import { AlertsLocatorParams } from '@kbn/observability-plugin/common'; +import { LocatorPublic } from '@kbn/share-plugin/common'; +import { setTLSRecoveredAlertsContext } from './message_utils'; +import { TLSLatestPing } from './tls_rule_executor'; + +describe('setTLSRecoveredAlertsContext', () => { + const timestamp = new Date().toISOString(); + const alertUuid = 'alert-id'; + const configId = '12345'; + const basePath = { + publicBaseUrl: 'https://localhost:5601', + } as IBasePath; + const alertsLocatorMock = { + getLocation: jest.fn().mockImplementation(() => ({ + path: 'https://localhost:5601/app/observability/alerts/alert-id', + })), + } as any as LocatorPublic; + const alertState = { + summary: 'test-summary', + status: 'has expired', + sha256: 'cert-1-sha256', + commonName: 'cert-1', + issuer: 'test-issuer', + monitorName: 'test-monitor', + monitorType: 'test-monitor-type', + locationName: 'test-location-name', + monitorUrl: 'test-monitor-url', + configId, + }; + + it('sets context correctly when monitor cert has been updated', async () => { + const alertsClientMock = { + report: jest.fn(), + getAlertLimitValue: jest.fn().mockReturnValue(10), + setAlertLimitReached: jest.fn(), + getRecoveredAlerts: jest.fn().mockReturnValue([ + { + alert: { + getId: () => alertUuid, + getState: () => alertState, + setContext: jest.fn(), + getUuid: () => alertUuid, + getStart: () => new Date().toISOString(), + }, + }, + ]), + setAlertData: jest.fn(), + isTrackedAlert: jest.fn(), + }; + await setTLSRecoveredAlertsContext({ + alertsClient: alertsClientMock, + basePath, + defaultStartedAt: timestamp, + spaceId: 'default', + alertsLocator: alertsLocatorMock, + latestPings: [ + { + config_id: configId, + '@timestamp': timestamp, + tls: { + server: { + hash: { + sha256: 'cert-2-sha256', + }, + x509: { + subject: { + common_name: 'cert-2', + }, + not_after: timestamp, + }, + }, + }, + } as TLSLatestPing, + ], + }); + expect(alertsClientMock.setAlertData).toBeCalledWith({ + context: { + alertDetailsUrl: 'https://localhost:5601/app/observability/alerts/alert-id', + commonName: 'cert-1', + configId: '12345', + issuer: 'test-issuer', + locationName: 'test-location-name', + monitorName: 'test-monitor', + monitorType: 'test-monitor-type', + monitorUrl: 'test-monitor-url', + newStatus: expect.stringContaining('Certificate cert-2 Expired on'), + previousStatus: 'Certificate cert-1 test-summary', + sha256: 'cert-1-sha256', + status: 'has expired', + summary: 'Monitor certificate has been updated.', + }, + id: 'alert-id', + }); + }); + + it('sets context correctly when monitor cert expiry/age threshold has been updated', async () => { + const alertsClientMock = { + report: jest.fn(), + getAlertLimitValue: jest.fn().mockReturnValue(10), + setAlertLimitReached: jest.fn(), + getRecoveredAlerts: jest.fn().mockReturnValue([ + { + alert: { + getId: () => alertUuid, + getState: () => alertState, + setContext: jest.fn(), + getUuid: () => alertUuid, + getStart: () => new Date().toISOString(), + }, + }, + ]), + setAlertData: jest.fn(), + isTrackedAlert: jest.fn(), + }; + await setTLSRecoveredAlertsContext({ + alertsClient: alertsClientMock, + basePath, + defaultStartedAt: timestamp, + spaceId: 'default', + alertsLocator: alertsLocatorMock, + latestPings: [ + { + config_id: configId, + '@timestamp': timestamp, + tls: { + server: { + hash: { + sha256: 'cert-1-sha256', + }, + x509: { + subject: { + common_name: 'cert-1', + }, + not_after: timestamp, + }, + }, + }, + } as TLSLatestPing, + ], + }); + expect(alertsClientMock.setAlertData).toBeCalledWith({ + context: { + alertDetailsUrl: 'https://localhost:5601/app/observability/alerts/alert-id', + commonName: 'cert-1', + configId: '12345', + issuer: 'test-issuer', + locationName: 'test-location-name', + monitorName: 'test-monitor', + monitorType: 'test-monitor-type', + monitorUrl: 'test-monitor-url', + newStatus: 'Certificate cert-1 test-summary', + previousStatus: 'Certificate cert-1 test-summary', + sha256: 'cert-1-sha256', + status: 'has expired', + summary: 'Expiry/Age threshold has been updated.', + }, + id: 'alert-id', + }); + }); +}); diff --git a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/message_utils.ts b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/message_utils.ts index 78e073d9233a9..5fc23a370caea 100644 --- a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/message_utils.ts +++ b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/message_utils.ts @@ -9,12 +9,19 @@ import moment from 'moment/moment'; import { IBasePath } from '@kbn/core-http-server'; import { LocatorPublic } from '@kbn/share-plugin/common'; import { AlertsLocatorParams, getAlertUrl } from '@kbn/observability-plugin/common'; -import { RuleExecutorServices } from '@kbn/alerting-plugin/server'; +import { + AlertInstanceContext as AlertContext, + AlertInstanceState as AlertState, + ActionGroupIdsOf, +} from '@kbn/alerting-plugin/server'; import { i18n } from '@kbn/i18n'; +import { PublicAlertsClient } from '@kbn/alerting-plugin/server/alerts_client/types'; +import { ObservabilityUptimeAlert } from '@kbn/alerts-as-data-utils'; import { TLSLatestPing } from './tls_rule_executor'; import { ALERT_DETAILS_URL } from '../action_variables'; import { Cert } from '../../../common/runtime_types'; import { tlsTranslations } from '../translations'; +import { MonitorStatusActionGroup } from '../../../common/constants/synthetics_alerts'; interface TLSContent { summary: string; status?: string; @@ -75,35 +82,34 @@ export const getCertSummary = (cert: Cert, expirationThreshold: number, ageThres }; }; -type CertSummary = ReturnType; - export const setTLSRecoveredAlertsContext = async ({ - alertFactory, + alertsClient, basePath, defaultStartedAt, - getAlertStartedDate, spaceId, alertsLocator, - getAlertUuid, latestPings, }: { - alertFactory: RuleExecutorServices['alertFactory']; + alertsClient: PublicAlertsClient< + ObservabilityUptimeAlert, + AlertState, + AlertContext, + ActionGroupIdsOf + >; defaultStartedAt: string; - getAlertStartedDate: (alertInstanceId: string) => string | null; basePath: IBasePath; spaceId: string; alertsLocator?: LocatorPublic; - getAlertUuid?: (alertId: string) => string | null; latestPings: TLSLatestPing[]; }) => { - const { getRecoveredAlerts } = alertFactory.done(); + const recoveredAlerts = alertsClient.getRecoveredAlerts() ?? []; - for await (const alert of getRecoveredAlerts()) { - const recoveredAlertId = alert.getId(); - const alertUuid = getAlertUuid?.(recoveredAlertId) || null; - const indexedStartedAt = getAlertStartedDate(recoveredAlertId) ?? defaultStartedAt; + for (const recoveredAlert of recoveredAlerts) { + const recoveredAlertId = recoveredAlert.alert.getId(); + const alertUuid = recoveredAlert.alert.getUuid(); + const indexedStartedAt = recoveredAlert.alert.getStart() ?? defaultStartedAt; - const state = alert.getState() as CertSummary; + const state = recoveredAlert.alert.getState(); const alertUrl = await getAlertUrl( alertUuid, spaceId, @@ -144,12 +150,13 @@ export const setTLSRecoveredAlertsContext = async ({ newStatus = previousStatus; } - alert.setContext({ + const context = { ...state, newStatus, previousStatus, summary: newSummary, [ALERT_DETAILS_URL]: alertUrl, - }); + }; + alertsClient.setAlertData({ id: recoveredAlertId, context }); } }; diff --git a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/tls_rule.ts b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/tls_rule.ts index b251e950a5d4a..3aaafcaf17468 100644 --- a/x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/tls_rule.ts +++ b/x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/tls_rule.ts @@ -7,8 +7,12 @@ import { DEFAULT_APP_CATEGORIES } from '@kbn/core/server'; import { ActionGroupIdsOf } from '@kbn/alerting-plugin/common'; -import { GetViewInAppRelativeUrlFnOpts } from '@kbn/alerting-plugin/server'; -import { createLifecycleRuleTypeFactory, IRuleDataClient } from '@kbn/rule-registry-plugin/server'; +import { + GetViewInAppRelativeUrlFnOpts, + AlertInstanceContext as AlertContext, + RuleExecutorOptions, + AlertsClientError, +} from '@kbn/alerting-plugin/server'; import { asyncForEach } from '@kbn/std'; import { ALERT_REASON, ALERT_UUID } from '@kbn/rule-data-utils'; import { @@ -19,6 +23,7 @@ import { } from '@kbn/observability-plugin/common'; import { LocatorPublic } from '@kbn/share-plugin/common'; import { schema } from '@kbn/config-schema'; +import { ObservabilityUptimeAlert } from '@kbn/alerts-as-data-utils'; import { syntheticsRuleFieldMap } from '../../../common/rules/synthetics_rule_field_map'; import { SyntheticsPluginsSetupDependencies, SyntheticsServerSetup } from '../../types'; import { TlsTranslations } from '../../../common/rules/synthetics/translations'; @@ -39,21 +44,27 @@ import { import { generateAlertMessage, SyntheticsRuleTypeAlertDefinition, updateState } from '../common'; import { ALERT_DETAILS_URL, getActionVariables } from '../action_variables'; import { SyntheticsMonitorClient } from '../../synthetics_service/synthetics_monitor/synthetics_monitor_client'; +import { TLSParams } from '../../../common/runtime_types/alerts/tls'; -export type ActionGroupIds = ActionGroupIdsOf; +type TLSRuleTypeParams = TLSParams; +type TLSActionGroups = ActionGroupIdsOf; +type TLSRuleTypeState = SyntheticsCommonState; +type TLSAlertState = ReturnType; +type TLSAlertContext = AlertContext; +type TLSAlert = ObservabilityUptimeAlert; export const registerSyntheticsTLSCheckRule = ( server: SyntheticsServerSetup, plugins: SyntheticsPluginsSetupDependencies, - syntheticsMonitorClient: SyntheticsMonitorClient, - ruleDataClient: IRuleDataClient + syntheticsMonitorClient: SyntheticsMonitorClient ) => { - const createLifecycleRuleType = createLifecycleRuleTypeFactory({ - ruleDataClient, - logger: server.logger, - }); + if (!plugins.alerting) { + throw new Error( + 'Cannot register the synthetics TLS check rule type. The alerting plugin needs to be enabled.' + ); + } - return createLifecycleRuleType({ + plugins.alerting.registerType({ id: SYNTHETICS_ALERT_RULE_TYPES.TLS, category: DEFAULT_APP_CATEGORIES.observability.id, producer: 'uptime', @@ -71,22 +82,25 @@ export const registerSyntheticsTLSCheckRule = ( isExportable: true, minimumLicenseRequired: 'basic', doesSetRecoveryContext: true, - async executor({ state, params, services, spaceId, previousStartedAt, startedAt }) { - const ruleState = state as SyntheticsCommonState; - + executor: async ( + options: RuleExecutorOptions< + TLSRuleTypeParams, + TLSRuleTypeState, + TLSAlertState, + TLSAlertContext, + TLSActionGroups, + TLSAlert + > + ) => { + const { state: ruleState, params, services, spaceId, previousStartedAt, startedAt } = options; + const { alertsClient, savedObjectsClient, scopedClusterClient } = services; + if (!alertsClient) { + throw new AlertsClientError(); + } const { basePath, share } = server; const alertsLocator: LocatorPublic | undefined = share.url.locators.get(alertsLocatorID); - const { - alertFactory, - getAlertUuid, - savedObjectsClient, - scopedClusterClient, - alertWithLifecycle, - getAlertStartedDate, - } = services; - const tlsRule = new TLSRuleExecutor( previousStartedAt, params, @@ -107,45 +121,45 @@ export const registerSyntheticsTLSCheckRule = ( } const alertId = cert.sha256; - const alertUuid = getAlertUuid(alertId); - const indexedStartedAt = getAlertStartedDate(alertId) ?? startedAt.toISOString(); - - const alertInstance = alertWithLifecycle({ + const { uuid, start } = alertsClient.report({ id: alertId, - fields: { - [CERT_COMMON_NAME]: cert.common_name, - [CERT_ISSUER_NAME]: cert.issuer, - [CERT_VALID_NOT_AFTER]: cert.not_after, - [CERT_VALID_NOT_BEFORE]: cert.not_before, - [CERT_HASH_SHA256]: cert.sha256, - [ALERT_UUID]: alertUuid, - [ALERT_REASON]: generateAlertMessage(TlsTranslations.defaultActionMessage, summary), - }, + actionGroup: TLS_CERTIFICATE.id, + state: { ...updateState(ruleState, foundCerts), ...summary }, }); - - alertInstance.replaceState({ - ...updateState(ruleState, foundCerts), - ...summary, - }); - - alertInstance.scheduleActions(TLS_CERTIFICATE.id, { + const indexedStartedAt = start ?? startedAt.toISOString(); + + const payload = { + [CERT_COMMON_NAME]: cert.common_name, + [CERT_ISSUER_NAME]: cert.issuer, + [CERT_VALID_NOT_AFTER]: cert.not_after, + [CERT_VALID_NOT_BEFORE]: cert.not_before, + [CERT_HASH_SHA256]: cert.sha256, + [ALERT_UUID]: uuid, + [ALERT_REASON]: generateAlertMessage(TlsTranslations.defaultActionMessage, summary), + }; + + const context = { [ALERT_DETAILS_URL]: await getAlertUrl( - alertUuid, + uuid, spaceId, indexedStartedAt, alertsLocator, basePath.publicBaseUrl ), ...summary, + }; + + alertsClient.setAlertData({ + id: alertId, + payload, + context, }); }); await setTLSRecoveredAlertsContext({ - alertFactory, + alertsClient, basePath, defaultStartedAt: startedAt.toISOString(), - getAlertStartedDate, - getAlertUuid, spaceId, alertsLocator, latestPings, diff --git a/x-pack/plugins/observability_solution/synthetics/server/server.ts b/x-pack/plugins/observability_solution/synthetics/server/server.ts index b394e4ffc6883..77937c57590e7 100644 --- a/x-pack/plugins/observability_solution/synthetics/server/server.ts +++ b/x-pack/plugins/observability_solution/synthetics/server/server.ts @@ -138,16 +138,6 @@ export const initSyntheticsServer = ( } }); - const { alerting } = plugins; - - registerSyntheticsStatusCheckRule(server, plugins, syntheticsMonitorClient, alerting); - - const tlsRule = registerSyntheticsTLSCheckRule( - server, - plugins, - syntheticsMonitorClient, - ruleDataClient - ); - - alerting.registerType(tlsRule); + registerSyntheticsStatusCheckRule(server, plugins, syntheticsMonitorClient); + registerSyntheticsTLSCheckRule(server, plugins, syntheticsMonitorClient); };