Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[8.x] [Response Ops][Alerting] Use ES client to update rule SO at end…
… of rule run instead of SO client. (#193341) (#194444) # Backport This will backport the following commits from `main` to `8.x`: - [[Response Ops][Alerting] Use ES client to update rule SO at end of rule run instead of SO client. (#193341)](#193341) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Ying Mao","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-09-30T14:40:02Z","message":"[Response Ops][Alerting] Use ES client to update rule SO at end of rule run instead of SO client. (#193341)\n\nResolves https://github.com/elastic/kibana/issues/192397\r\n\r\n## Summary\r\n\r\nUpdates alerting task runner end of run updates to use the ES client\r\nupdate function for a true partial update instead of the saved objects\r\nclient update function that performs a GET then an update.\r\n\r\n## To verify\r\nCreate a rule in multiple spaces and ensure they run correctly and their\r\nexecution status and monitoring history are updated at the end of each\r\nrun. Because we're performing a partial update on attributes that are\r\nnot in the AAD, the rule should continue running without any encryption\r\nerrors.\r\n\r\n## Risk Matrix\r\n\r\n| Risk | Probability | Severity | Mitigation/Notes |\r\n\r\n|---------------------------|-------------|----------|-------------------------|\r\n| Updating saved object directly using ES client will break BWC | Medium\r\n| High | Response Ops follows an intermediate release strategy for any\r\nchanges to the rule saved object where schema changes are introduced in\r\nan intermediate release before any changes to the saved object are\r\nactually made in a followup release. This ensures that any rollbacks\r\nthat may be required in a release will roll back to a version that is\r\nalready aware of the new schema. The team is socialized to this strategy\r\nas we are requiring users of the alerting framework to also follow this\r\nstrategy. This should address any backward compatibility issues that\r\nmight arise by circumventing the saved objects client update function. |\r\n| Updating saved object directly using ES client will break AAD | Medium\r\n| High | An explicit allowlist of non-AAD fields that are allowed to be\r\npartially updated has been introduced and any fields not in this\r\nallowlist will not be included in the partial update. Any updates to the\r\nrule saved object that might break AAD would show up with > 1 execution\r\nof a rule and we have a plethora of functional tests that rely on\r\nmultiple executions of a rule that would flag if there were issues\r\nrunning due to AAD issues. |\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"05926c20c57b7abc69c6c068d5733f29306f73ba","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Feature:Alerting","release_note:skip","Team:ResponseOps","v9.0.0","backport:prev-minor","v8.16.0"],"title":"[Response Ops][Alerting] Use ES client to update rule SO at end of rule run instead of SO client.","number":193341,"url":"https://github.com/elastic/kibana/pull/193341","mergeCommit":{"message":"[Response Ops][Alerting] Use ES client to update rule SO at end of rule run instead of SO client. (#193341)\n\nResolves https://github.com/elastic/kibana/issues/192397\r\n\r\n## Summary\r\n\r\nUpdates alerting task runner end of run updates to use the ES client\r\nupdate function for a true partial update instead of the saved objects\r\nclient update function that performs a GET then an update.\r\n\r\n## To verify\r\nCreate a rule in multiple spaces and ensure they run correctly and their\r\nexecution status and monitoring history are updated at the end of each\r\nrun. Because we're performing a partial update on attributes that are\r\nnot in the AAD, the rule should continue running without any encryption\r\nerrors.\r\n\r\n## Risk Matrix\r\n\r\n| Risk | Probability | Severity | Mitigation/Notes |\r\n\r\n|---------------------------|-------------|----------|-------------------------|\r\n| Updating saved object directly using ES client will break BWC | Medium\r\n| High | Response Ops follows an intermediate release strategy for any\r\nchanges to the rule saved object where schema changes are introduced in\r\nan intermediate release before any changes to the saved object are\r\nactually made in a followup release. This ensures that any rollbacks\r\nthat may be required in a release will roll back to a version that is\r\nalready aware of the new schema. The team is socialized to this strategy\r\nas we are requiring users of the alerting framework to also follow this\r\nstrategy. This should address any backward compatibility issues that\r\nmight arise by circumventing the saved objects client update function. |\r\n| Updating saved object directly using ES client will break AAD | Medium\r\n| High | An explicit allowlist of non-AAD fields that are allowed to be\r\npartially updated has been introduced and any fields not in this\r\nallowlist will not be included in the partial update. Any updates to the\r\nrule saved object that might break AAD would show up with > 1 execution\r\nof a rule and we have a plethora of functional tests that rely on\r\nmultiple executions of a rule that would flag if there were issues\r\nrunning due to AAD issues. |\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"05926c20c57b7abc69c6c068d5733f29306f73ba"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/193341","number":193341,"mergeCommit":{"message":"[Response Ops][Alerting] Use ES client to update rule SO at end of rule run instead of SO client. (#193341)\n\nResolves https://github.com/elastic/kibana/issues/192397\r\n\r\n## Summary\r\n\r\nUpdates alerting task runner end of run updates to use the ES client\r\nupdate function for a true partial update instead of the saved objects\r\nclient update function that performs a GET then an update.\r\n\r\n## To verify\r\nCreate a rule in multiple spaces and ensure they run correctly and their\r\nexecution status and monitoring history are updated at the end of each\r\nrun. Because we're performing a partial update on attributes that are\r\nnot in the AAD, the rule should continue running without any encryption\r\nerrors.\r\n\r\n## Risk Matrix\r\n\r\n| Risk | Probability | Severity | Mitigation/Notes |\r\n\r\n|---------------------------|-------------|----------|-------------------------|\r\n| Updating saved object directly using ES client will break BWC | Medium\r\n| High | Response Ops follows an intermediate release strategy for any\r\nchanges to the rule saved object where schema changes are introduced in\r\nan intermediate release before any changes to the saved object are\r\nactually made in a followup release. This ensures that any rollbacks\r\nthat may be required in a release will roll back to a version that is\r\nalready aware of the new schema. The team is socialized to this strategy\r\nas we are requiring users of the alerting framework to also follow this\r\nstrategy. This should address any backward compatibility issues that\r\nmight arise by circumventing the saved objects client update function. |\r\n| Updating saved object directly using ES client will break AAD | Medium\r\n| High | An explicit allowlist of non-AAD fields that are allowed to be\r\npartially updated has been introduced and any fields not in this\r\nallowlist will not be included in the partial update. Any updates to the\r\nrule saved object that might break AAD would show up with > 1 execution\r\nof a rule and we have a plethora of functional tests that rely on\r\nmultiple executions of a rule that would flag if there were issues\r\nrunning due to AAD issues. |\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"05926c20c57b7abc69c6c068d5733f29306f73ba"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Ying Mao <[email protected]>
- Loading branch information
1 parent
464430d
commit ce42c68