[8.12] [Response Ops][Actions] Fixing bug where context variables are…

… not passed in when alerts as data doc is available in action params (#175682) (#175737)

# Backport

This will backport the following commits from `main` to `8.12`:
- [[Response Ops][Actions] Fixing bug where context variables are not
passed in when alerts as data doc is available in action params
(#175682)](#175682)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Ying
Mao","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-01-26T21:36:35Z","message":"[Response
Ops][Actions] Fixing bug where context variables are not passed in when
alerts as data doc is available in action params (#175682)\n\nResolves
https://github.com/elastic/kibana/issues/175624\r\n\r\n##
Summary\r\n\r\nFixes a bug where context and state variables were not
passed to the\r\naction params for interpolation if the alert-as-data
document is\r\navailable.\r\n\r\n## To Verify\r\n* Create a rule and add
an action that fires `For each alert - on check\r\nintervals`\r\n* Add a
condition to the action, either a KQL query or a time range\r\n* Make
sure the action message references some context variables\r\n(default ES
query or Index Threshold rule messages should include\r\ncontext
variables)\r\n* Save the rule and make sure the action fired correctly
includes the\r\nreferenced context variables.\r\n\r\nCo-authored-by:
Kibana Machine
<[email protected]>","sha":"8a6ee8a4c0df7f687c57748c1e9f1155167b00aa","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Feature:Actions","Team:ResponseOps","v8.12.1","v8.13.0"],"title":"[Response
Ops][Actions] Fixing bug where context variables are not passed in when
alerts as data doc is available in action
params","number":175682,"url":"https://github.com/elastic/kibana/pull/175682","mergeCommit":{"message":"[Response
Ops][Actions] Fixing bug where context variables are not passed in when
alerts as data doc is available in action params (#175682)\n\nResolves
https://github.com/elastic/kibana/issues/175624\r\n\r\n##
Summary\r\n\r\nFixes a bug where context and state variables were not
passed to the\r\naction params for interpolation if the alert-as-data
document is\r\navailable.\r\n\r\n## To Verify\r\n* Create a rule and add
an action that fires `For each alert - on check\r\nintervals`\r\n* Add a
condition to the action, either a KQL query or a time range\r\n* Make
sure the action message references some context variables\r\n(default ES
query or Index Threshold rule messages should include\r\ncontext
variables)\r\n* Save the rule and make sure the action fired correctly
includes the\r\nreferenced context variables.\r\n\r\nCo-authored-by:
Kibana Machine
<[email protected]>","sha":"8a6ee8a4c0df7f687c57748c1e9f1155167b00aa"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","branchLabelMappingKey":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/175682","number":175682,"mergeCommit":{"message":"[Response
Ops][Actions] Fixing bug where context variables are not passed in when
alerts as data doc is available in action params (#175682)\n\nResolves
https://github.com/elastic/kibana/issues/175624\r\n\r\n##
Summary\r\n\r\nFixes a bug where context and state variables were not
passed to the\r\naction params for interpolation if the alert-as-data
document is\r\navailable.\r\n\r\n## To Verify\r\n* Create a rule and add
an action that fires `For each alert - on check\r\nintervals`\r\n* Add a
condition to the action, either a KQL query or a time range\r\n* Make
sure the action message references some context variables\r\n(default ES
query or Index Threshold rule messages should include\r\ncontext
variables)\r\n* Save the rule and make sure the action fired correctly
includes the\r\nreferenced context variables.\r\n\r\nCo-authored-by:
Kibana Machine
<[email protected]>","sha":"8a6ee8a4c0df7f687c57748c1e9f1155167b00aa"}}]}]
BACKPORT-->

Co-authored-by: Ying Mao <[email protected]>

x-pack/plugins/alerting/server/task_runner/transform_action_params.test.ts

@@ -618,6 +618,177 @@ describe('transformActionParams', () => {
           }
       `);
   });
+
+  test('alerts as data doc is passed to templates', () => {
+    const actionParams = {
+      message: 'Value "{{kibana.alert.rule.name}}" exists and {{context.foo}} exists',
+    };
+    const result = transformActionParams({
+      actionsPlugin,
+      actionTypeId,
+      actionParams,
+      state: {},
+      context: { foo: 'fooVal' },
+      alertId: '1',
+      alertType: 'rule-type-id',
+      actionId: 'action-id',
+      alertName: 'alert-name',
+      tags: ['tag-A', 'tag-B'],
+      spaceId: 'spaceId-A',
+      alertInstanceId: '2',
+      alertUuid: 'uuid-1',
+      alertActionGroup: 'action-group',
+      alertActionGroupName: 'Action Group',
+      alertParams: {},
+      flapping: false,
+      aadAlert: {
+        // @ts-expect-error
+        kibana: {
+          alert: {
+            url: '/app/management/insightsAndAlerting/triggersActions/rule/a36916ad-9e7e-4fb6-acb7-ff5ac6621fa9',
+            reason:
+              'Document count is 145 in the last 5d in .kibana-event-log* index. Alert when greater than 0.',
+            title: "rule 'test again' matched query",
+            evaluation: {
+              conditions: 'Number of matching documents is greater than 0',
+              value: '145',
+              threshold: 0,
+            },
+            rule: {
+              category: 'Elasticsearch query',
+              consumer: 'stackAlerts',
+              execution: {
+                uuid: '9db2f40d-ae46-47c6-9d94-4b7f538ccc99',
+              },
+              name: 'test again',
+              parameters: {
+                searchType: 'esQuery',
+                timeWindowSize: 5,
+                timeWindowUnit: 'd',
+                threshold: [0],
+                thresholdComparator: '>',
+                size: 100,
+                esQuery: '{\n    "query":{\n      "match_all" : {}\n    }\n  }',
+                aggType: 'count',
+                groupBy: 'all',
+                termSize: 5,
+                sourceFields: [],
+                index: ['.kibana-event-log*'],
+                timeField: '@timestamp',
+                excludeHitsFromPreviousRun: false,
+              },
+              producer: 'stackAlerts',
+              rule_type_id: '.es-query',
+              tags: [],
+              uuid: 'a36916ad-9e7e-4fb6-acb7-ff5ac6621fa9',
+              revision: 0,
+            },
+            action_group: 'query matched',
+            flapping_history: [
+              true,
+              false,
+              false,
+              false,
+              false,
+              false,
+              false,
+              false,
+              false,
+              false,
+              false,
+              false,
+              false,
+            ],
+            instance: {
+              id: 'query matched',
+            },
+            maintenance_window_ids: [],
+            status: 'active',
+            uuid: '6b02fc1e-a297-468d-a3a2-f0e8fdc03dbf',
+            workflow_status: 'open',
+            start: '2024-01-26T13:54:14.044Z',
+            time_range: {
+              gte: '2024-01-26T13:54:14.044Z',
+            },
+            duration: {
+              us: 752537000,
+            },
+            flapping: false,
+          },
+          space_ids: ['default'],
+          version: '8.13.0',
+        },
+        '@timestamp': '2024-01-26T14:06:46.581Z',
+        event: {
+          action: 'active',
+          kind: 'signal',
+        },
+        tags: [],
+      },
+    });
+    expect(result).toMatchInlineSnapshot(`
+          Object {
+            "message": "Value \\"test again\\" exists and fooVal exists",
+          }
+      `);
+  });
+
+  test('flattened alerts as data doc is passed to templates', () => {
+    const actionParams = {
+      message: 'Value "{{kibana.alert.rule.name}}" exists and {{context.foo}} exists',
+    };
+    const result = transformActionParams({
+      actionsPlugin,
+      actionTypeId,
+      actionParams,
+      state: {},
+      context: { foo: 'fooVal' },
+      alertId: '1',
+      alertType: 'rule-type-id',
+      actionId: 'action-id',
+      alertName: 'alert-name',
+      tags: ['tag-A', 'tag-B'],
+      spaceId: 'spaceId-A',
+      alertInstanceId: '2',
+      alertUuid: 'uuid-1',
+      alertActionGroup: 'action-group',
+      alertActionGroupName: 'Action Group',
+      alertParams: {},
+      flapping: false,
+      aadAlert: {
+        'kibana.alert.url':
+          '/app/management/insightsAndAlerting/triggersActions/rule/a36916ad-9e7e-4fb6-acb7-ff5ac6621fa9',
+        'kibana.alert.reason':
+          'Document count is 145 in the last 5d in .kibana-event-log* index. Alert when greater than 0.',
+        // @ts-expect-error
+        'kibana.alert.title': "rule 'test again' matched query",
+        'kibana.alert.evaluation.conditions': 'Number of matching documents is greater than 0',
+        'kibana.alert.evaluation.value': '145',
+        'kibana.alert.evaluation.threshold': 0,
+        'kibana.alert.rule.category': 'Elasticsearch query',
+        'kibana.alert.rule.consumer': 'stackAlerts',
+        'kibana.alert.rule.execution.uuid': '9db2f40d-ae46-47c6-9d94-4b7f538ccc99',
+        'kibana.alert.rule.name': 'test again',
+        'kibana.alert.rule.producer': 'stackAlerts',
+        'kibana.alert.rule.rule_type_id': '.es-query',
+        'kibana.alert.rule.uuid': 'a36916ad-9e7e-4fb6-acb7-ff5ac6621fa9',
+        'kibana.alert.action_group': 'query matched',
+        'kibana.alert.instance.id': 'query matched',
+        'kibana.alert.status': 'active',
+        'kibana.alert.start': '2024-01-26T13:54:14.044Z',
+        'kibana.alert.duration.us': 752537000,
+        '@timestamp': '2024-01-26T14:06:46.581Z',
+        'event.action': 'active',
+        'event.kind': 'signal',
+        tags: [],
+      },
+    });
+    expect(result).toMatchInlineSnapshot(`
+          Object {
+            "message": "Value \\"test again\\" exists and fooVal exists",
+          }
+      `);
+  });
 });
 
 describe('transformSummaryActionParams', () => {

x-pack/plugins/alerting/server/task_runner/transform_action_params.ts

@@ -83,39 +83,37 @@ export function transformActionParams({
   // when the list of variables we pass in here changes,
   // the UI will need to be updated as well; see:
   // x-pack/plugins/triggers_actions_ui/public/application/lib/action_variables.ts
-  const variables =
-    aadAlert !== undefined
-      ? aadAlert
-      : {
-          alertId,
-          alertName,
-          spaceId,
-          tags,
-          alertInstanceId,
-          alertActionGroup,
-          alertActionGroupName,
-          context,
-          date: new Date().toISOString(),
-          state,
-          kibanaBaseUrl,
-          params: alertParams,
-          rule: {
-            params: alertParams,
-            id: alertId,
-            name: alertName,
-            type: alertType,
-            spaceId,
-            tags,
-            url: ruleUrl,
-          },
-          alert: {
-            id: alertInstanceId,
-            uuid: alertUuid,
-            actionGroup: alertActionGroup,
-            actionGroupName: alertActionGroupName,
-            flapping,
-          },
-        };
+  const variables = {
+    alertId,
+    alertName,
+    spaceId,
+    tags,
+    alertInstanceId,
+    alertActionGroup,
+    alertActionGroupName,
+    context,
+    date: new Date().toISOString(),
+    state,
+    kibanaBaseUrl,
+    params: alertParams,
+    rule: {
+      params: alertParams,
+      id: alertId,
+      name: alertName,
+      type: alertType,
+      spaceId,
+      tags,
+      url: ruleUrl,
+    },
+    alert: {
+      id: alertInstanceId,
+      uuid: alertUuid,
+      actionGroup: alertActionGroup,
+      actionGroupName: alertActionGroupName,
+      flapping,
+    },
+    ...(aadAlert ? { ...aadAlert } : {}),
+  };
 
   return actionsPlugin.renderActionParameterTemplates(
     actionTypeId,