Skip to content

Commit

Permalink
[OAS] Adds alerts data to get rule types API (#170702)
Browse files Browse the repository at this point in the history 
(cherry picked from commit d3c51c4)
  • Loading branch information
@lcawl
lcawl committed Jan 23, 2024
1 parent cdfd4ce commit b830f93
Show file tree
Hide file tree
Showing 5 changed files with 330 additions and 4 deletions.
6 changes: 4 additions & 2 deletions docs/api/alerting/list_rule_types.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,8 @@ context and state in action parameter templates, and a short human readable
description. When you create a rule in {kib}, it uses this information to prompt
you for these variables in action parameter editors.

// `alerts`:: TBD
`alerts`::
(object) Details about alerts as data documents for this rule type, including any custom mappings.

`authorized_consumers`::
(object) The list of the plugins IDs that have access to the rule type.
Expand All @@ -82,7 +83,8 @@ action.
(boolean) Indicates whether the rule type is enabled or disabled based on the
subscription.

// `has_alerts_mappings`:: TBD
`has_alerts_mappings`::
(boolean) Indicates whether the rule type has custom mappings for the alert data.

// `has_fields_for_a_a_d`:: TBD

Expand Down
122 changes: 120 additions & 2 deletions x-pack/plugins/alerting/docs/openapi/bundled.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -895,7 +895,68 @@
}
},
"alerts": {
"type": "object"
"type": "object",
"description": "Details for writing alerts as data documents for this rule type.\n",
"properties": {
"context": {
"type": "string",
"description": "The namespace for this rule type.\n",
"enum": [
"ml.anomaly-detection",
"observability.apm",
"observability.logs",
"observability.metrics",
"observability.slo",
"observability.threshold",
"observability.uptime",
"security",
"stack"
]
},
"dynamic": {
"type": "string",
"description": "Indicates whether new fields are added dynamically.",
"enum": [
"false",
"runtime",
"strict",
"true"
]
},
"isSpaceAware": {
"type": "boolean",
"description": "Indicates whether the alerts are space-aware. If true, space-specific alert indices are used.\n"
},
"mappings": {
"type": "object",
"properties": {
"fieldMap": {
"type": "object",
"description": "Mapping information for each field supported in alerts as data documents for this rule type. For more information about mapping parameters, refer to the Elasticsearch documentation.\n",
"additionalProperties": {
"$ref": "#/components/schemas/fieldmap_properties"
}
}
}
},
"secondaryAlias": {
"type": "string",
"description": "A secondary alias. It is typically used to support the signals alias for detection rules.\n"
},
"shouldWrite": {
"type": "boolean",
"description": "Indicates whether the rule should write out alerts as data.\n"
},
"useEcs": {
"type": "boolean",
"description": "Indicates whether to include the ECS component template for the alerts.\n"
},
"useLegacyAlerts": {
"type": "boolean",
"default": false,
"description": "Indicates whether to include the legacy component template for the alerts.\n"
}
}
},
"authorized_consumers": {
"description": "The list of the plugins IDs that have access to the rule type.",
Expand Down Expand Up @@ -1046,7 +1107,8 @@
"type": "boolean"
},
"has_alerts_mappings": {
"type": "boolean"
"type": "boolean",
"description": "Indicates whether the rule type has custom mappings for the alert data."
},
"has_fields_for_a_a_d": {
"type": "boolean"
Expand Down Expand Up @@ -6777,6 +6839,62 @@
}
}
},
"fieldmap_properties": {
"title": "Field map objects in the get rule types response",
"type": "object",
"properties": {
"array": {
"type": "boolean",
"description": "Indicates whether the field is an array."
},
"dynamic": {
"type": "boolean",
"description": "Indicates whether it is a dynamic field mapping."
},
"format": {
"type": "string",
"description": "Indicates the format of the field. For example, if the `type` is `date_range`, the `format` can be `epoch_millis||strict_date_optional_time`.\n"
},
"ignore_above": {
"type": "integer",
"description": "Specifies the maximum length of a string field. Longer strings are not indexed or stored."
},
"index": {
"type": "boolean",
"description": "Indicates whether field values are indexed."
},
"path": {
"type": "string",
"description": "TBD"
},
"properties": {
"type": "object",
"description": "Details about the object properties. This property is applicable when `type` is `object`.\n",
"additionalProperties": {
"type": "object",
"properties": {
"type": {
"type": "string",
"description": "The data type for each object property."
}
}
}
},
"required": {
"type": "boolean",
"description": "Indicates whether the field is required."
},
"scaling_factor": {
"type": "integer",
"description": "The scaling factor to use when encoding values. This property is applicable when `type` is `scaled_float`. Values will be multiplied by this factor at index time and rounded to the closest long value. \n"
},
"type": {
"type": "string",
"description": "Specifies the data type for the field.",
"example": "scaled_float"
}
}
},
"400_response": {
"title": "Bad request",
"type": "object",
Expand Down
100 changes: 100 additions & 0 deletions x-pack/plugins/alerting/docs/openapi/bundled.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -569,6 +569,61 @@ paths:
type: string
alerts:
type: object
description: |
Details for writing alerts as data documents for this rule type.
properties:
context:
type: string
description: |
The namespace for this rule type.
enum:
- ml.anomaly-detection
- observability.apm
- observability.logs
- observability.metrics
- observability.slo
- observability.threshold
- observability.uptime
- security
- stack
dynamic:
type: string
description: Indicates whether new fields are added dynamically.
enum:
- 'false'
- runtime
- strict
- 'true'
isSpaceAware:
type: boolean
description: |
Indicates whether the alerts are space-aware. If true, space-specific alert indices are used.
mappings:
type: object
properties:
fieldMap:
type: object
description: |
Mapping information for each field supported in alerts as data documents for this rule type. For more information about mapping parameters, refer to the Elasticsearch documentation.
additionalProperties:
$ref: '#/components/schemas/fieldmap_properties'
secondaryAlias:
type: string
description: |
A secondary alias. It is typically used to support the signals alias for detection rules.
shouldWrite:
type: boolean
description: |
Indicates whether the rule should write out alerts as data.
useEcs:
type: boolean
description: |
Indicates whether to include the ECS component template for the alerts.
useLegacyAlerts:
type: boolean
default: false
description: |
Indicates whether to include the legacy component template for the alerts.
authorized_consumers:
description: The list of the plugins IDs that have access to the rule type.
type: object
Expand Down Expand Up @@ -668,6 +723,7 @@ paths:
type: boolean
has_alerts_mappings:
type: boolean
description: Indicates whether the rule type has custom mappings for the alert data.
has_fields_for_a_a_d:
type: boolean
id:
Expand Down Expand Up @@ -4647,6 +4703,50 @@ components:
$ref: '#/components/schemas/tags'
throttle:
$ref: '#/components/schemas/throttle'
fieldmap_properties:
title: Field map objects in the get rule types response
type: object
properties:
array:
type: boolean
description: Indicates whether the field is an array.
dynamic:
type: boolean
description: Indicates whether it is a dynamic field mapping.
format:
type: string
description: |
Indicates the format of the field. For example, if the `type` is `date_range`, the `format` can be `epoch_millis||strict_date_optional_time`.
ignore_above:
type: integer
description: Specifies the maximum length of a string field. Longer strings are not indexed or stored.
index:
type: boolean
description: Indicates whether field values are indexed.
path:
type: string
description: TBD
properties:
type: object
description: |
Details about the object properties. This property is applicable when `type` is `object`.
additionalProperties:
type: object
properties:
type:
type: string
description: The data type for each object property.
required:
type: boolean
description: Indicates whether the field is required.
scaling_factor:
type: integer
description: |
The scaling factor to use when encoding values. This property is applicable when `type` is `scaled_float`. Values will be multiplied by this factor at index time and rounded to the closest long value.
type:
type: string
description: Specifies the data type for the field.
example: scaled_float
400_response:
title: Bad request
type: object
Expand Down
47 changes: 47 additions & 0 deletions x-pack/plugins/alerting/docs/openapi/components/schemas/fieldmap_properties.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
title: Field map objects in the get rule types response
type: object
properties:
array:
type: boolean
description: Indicates whether the field is an array.
dynamic:
type: boolean
description: Indicates whether it is a dynamic field mapping.
format:
type: string
description: >
Indicates the format of the field.
For example, if the `type` is `date_range`, the `format` can be `epoch_millis||strict_date_optional_time`.
ignore_above:
type: integer
description: Specifies the maximum length of a string field. Longer strings are not indexed or stored.
index:
type: boolean
description: Indicates whether field values are indexed.
path:
type: string
description: TBD
properties:
type: object
description: >
Details about the object properties.
This property is applicable when `type` is `object`.
additionalProperties:
type: object
properties:
type:
type: string
description: The data type for each object property.
required:
type: boolean
description: Indicates whether the field is required.
scaling_factor:
type: integer
description: >
The scaling factor to use when encoding values.
This property is applicable when `type` is `scaled_float`.
Values will be multiplied by this factor at index time and rounded to the closest long value.
type:
type: string
description: Specifies the data type for the field.
example: scaled_float
Loading

0 comments on commit b830f93

Please sign in to comment.