Add rule model versions in alerting

[ersin-erdal]

Towards: #166967

This PR adds ruleModelVersion to saved object registry and latestRuleVersion to ruleTypeRegistry.
These new assets will be used in a follow-on PR for skipping the rule task executions when there is version mismatch.

POC for the issue: #167128

[ersin-erdal]

As this is used by Kibana to validate the saved_object just before saving it, we can remove the below schema from createRule method of the rulesClient.

https://github.com/elastic/kibana/blob/main/x-pack/plugins/alerting/server/application/rule/methods/create/schemas/create_rule_data_schema.ts

[elasticmachine]

Pinging @elastic/response-ops (Team:ResponseOps)

[jloleysens]

Core changes lgtm

[ersin-erdal]

This is/was a new field and causes a validation error.

[pmuellr]

I don't understand the purpose of field and useAlertDataForTemplate. Is for use in the future? It seems like it could have been a test you were running locally, didn't intend to commit, but you added a comment, so seems not.

[ersin-erdal]

Someone added that new field and forgot to update the rawRuleSchema, therefore createRule method fails.
I added it to fix the problem.

[ersin-erdal]

I don't know how they missed that, task execution would be skipped when that field is in any rule.

[pmuellr]

Interesting! I wonder if it coincided with some other "leniency" PRs where we might have been more lenient in accepting some objects validating schemas (allowing extra fields, but ignoring).

I was going to suggest opening an issue to figure out how this happened, because it doesn't seem good. However, we ARE now catching it :-), so ... not sure it matters. Presumably we'd catch the next time this happens.

[ersin-erdal]

Actually that's why we decided to use modelVersions. It will force developers to bump the version.
No overlooked new fields anymore :)

[ymao1]

Are there any specific steps to verify this PR or things to look for?

[ersin-erdal]

Are there any specific steps to verify this PR or things to look for?

As the modelVersions schema is called on create testing rule creation should be enough. There shouldn't be any validation error.
Other than this, there is no change this PR introduces.

[ersin-erdal]

closed by mistake

[ymao1]

This is the PR that added it: #170162
Looks like it's behind a feature flag and there were no FTs added with the feature flag enabled. I just tried it tho and you are correct that rules with this field are skipped by task manager.

[kibana-ci]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: c893a8d

Failed CI Steps

• Security Solution Cypress Tests #1

Test Failures

• [job] [logs] Security Solution Cypress Tests #1 / Detection ES|QL rules, creation creation creates an ES|QL rule creates an ES|QL rule

Metrics [docs]

✅ unchanged

History

• 💚 Build #179242 succeeded 72ecc73
• 💚 Build #178902 succeeded 8612f9e
• 💔 Build #178863 failed 77496a5
• 💔 Build #178831 failed 2c916a3

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @ersin-erdal

[ymao1]

LGTM. Was able to create and update rule and see them running with no issues.

[pmuellr]

My turn for a late review. LGTM, left one comment about a schema change which I think is harmless, but I'm curious about.

[pmuellr]

I'm curious why we needed the schema.maybe() - I don't think it needs to be, unless someone is referencing fields in pararms and the typing was messed up. And I don't see any references to the field in the PR ... But I don't think there's any harm in this either. I'm more curious than concerned. :-)

Though there is a different field params in this file ^^^ (above the new field property) which uses the same schema bits, but differently:

  params: schema.maybe(schema.recordOf(schema.string(), schema.any())), // better type?

I just tried the following, and it only failed on the last one - I wasn't sure about the second, but it appears to have validated .

  it('tests schema.any()', () => {
    const testSchema = schema.object({
      params: schema.recordOf(schema.string(), schema.maybe(schema.any())),
    });

    testSchema.validate({ params: { test: 'test' } });
    testSchema.validate({ params: { test: undefined } });
    testSchema.validate({ params: {} });
    testSchema.validate({});
  });

[ersin-erdal]

In one of the test a team uses the second. { params: { test: undefined } } and it blows up schema.any() :)

[pmuellr]

My "test" was using your code, I wanted to remove the schema.maybe() to see if the second would pass - but I believe you! :-) . Thx!