elastic · umbopepato · Jul 4, 2024 · Jun 19, 2024 · Jun 19, 2024 · Jun 19, 2024
diff --git a/packages/kbn-alerts-ui-shared/src/common/hooks/index.ts b/packages/kbn-alerts-ui-shared/src/common/hooks/index.ts
@@ -14,3 +14,4 @@ export * from './use_load_alerting_framework_health';
 export * from './use_create_rule';
 export * from './use_update_rule';
 export * from './use_resolve_rule';
+export * from './use_get_alerts_group_aggregations_query';
diff --git a/...es/kbn-alerts-ui-shared/src/common/hooks/use_get_alerts_group_aggregations_query.test.tsx b/...es/kbn-alerts-ui-shared/src/common/hooks/use_get_alerts_group_aggregations_query.test.tsx
@@ -0,0 +1,89 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import React from 'react';
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+import { renderHook } from '@testing-library/react-hooks/dom';
+import type { HttpStart } from '@kbn/core-http-browser';
+import { ToastsStart } from '@kbn/core-notifications-browser';
+import { AlertConsumers } from '@kbn/rule-data-utils';
+
+import { useGetAlertsGroupAggregationsQuery } from './use_get_alerts_group_aggregations_query';
+import { waitFor } from '@testing-library/react';
+import { BASE_RAC_ALERTS_API_PATH } from '../constants';
+
+const queryClient = new QueryClient({
+  defaultOptions: {
+    queries: {
+      retry: false,
+    },
+  },
+});
+
+const wrapper = ({ children }: { children: Node }) => (
+  <QueryClientProvider client={queryClient}>{children}</QueryClientProvider>
+);
+
+const mockHttp = {
+  post: jest.fn(),
+};
+const http = mockHttp as unknown as HttpStart;
+
+const mockToasts = {
+  addDanger: jest.fn(),
+};
+const toasts = mockToasts as unknown as ToastsStart;
+
+const params = {
+  featureIds: [AlertConsumers.STACK_ALERTS],
+  groupByField: 'kibana.alert.rule.name',
+};
+
+describe('useAlertsGroupAggregationsQuery', () => {
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  test('displays toast on errors', async () => {
+    mockHttp.post.mockRejectedValue(new Error('An error occurred'));
+    renderHook(
+      () =>
+        useGetAlertsGroupAggregationsQuery({
+          params,
+          enabled: true,
+          toasts,
+          http,
+        }),
+      { wrapper }
+    );
+
+    await waitFor(() => expect(mockToasts.addDanger).toHaveBeenCalled());
+  });
+
+  test('calls API endpoint with the correct body', async () => {
+    renderHook(
+      () =>
+        useGetAlertsGroupAggregationsQuery({
+          params,
+          enabled: true,
+          toasts,
+          http,
+        }),
+      { wrapper }
+    );
+
+    await waitFor(() =>
+      expect(mockHttp.post).toHaveBeenLastCalledWith(
+        `${BASE_RAC_ALERTS_API_PATH}/_group_aggregations`,
+        {
+          body: JSON.stringify(params),
+        }
+      )
+    );
+  });
+});
diff --git a/packages/kbn-alerts-ui-shared/src/common/hooks/use_get_alerts_group_aggregations_query.ts b/packages/kbn-alerts-ui-shared/src/common/hooks/use_get_alerts_group_aggregations_query.ts
@@ -0,0 +1,80 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { i18n } from '@kbn/i18n';
+import { useQuery } from '@tanstack/react-query';
+import type { HttpStart } from '@kbn/core-http-browser';
+import type { ToastsStart } from '@kbn/core-notifications-browser';
+import { SearchResponseBody } from '@elastic/elasticsearch/lib/api/types';
+import { AlertConsumers } from '@kbn/rule-data-utils';
+import type {
+  AggregationsAggregationContainer,
+  QueryDslQueryContainer,
+  SortCombinations,
+} from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
+import { BASE_RAC_ALERTS_API_PATH } from '../constants';
+
+export interface UseGetAlertsGroupAggregationsQueryProps {
+  http: HttpStart;
+  toasts: ToastsStart;
+  enabled?: boolean;
+  params: {
+    featureIds: AlertConsumers[];
+    groupByField: string;
+    aggregations?: Record<string, AggregationsAggregationContainer>;
+    filters?: QueryDslQueryContainer[];
+    sort?: SortCombinations[];
+    pageIndex?: number;
+    pageSize?: number;
+  };
+}
+
+/**
+ * Fetches alerts aggregations for a given groupByField.
+ *
+ * Some default aggregations are applied:
+ * - `groupByFields`, to get the buckets based on the provided grouping field,
+ *   - `unitsCount`, to count the number of alerts in each bucket,
+ * - `unitsCount`, to count the total number of alerts targeted by the query,
+ * - `groupsCount`, to count the total number of groups.
+ *
+ * The provided `aggregations` are applied within `groupByFields`. Here the `groupByField` runtime
+ * field can be used to perform grouping-based aggregations.
+ *
+ * Applies alerting RBAC through featureIds.
+ */
+export const useGetAlertsGroupAggregationsQuery = <T>({
+  http,
+  toasts,
+  enabled = true,
+  params,
+}: UseGetAlertsGroupAggregationsQueryProps) => {
+  const onErrorFn = (error: Error) => {
+    if (error) {
+      toasts.addDanger(
+        i18n.translate(
+          'alertsUIShared.hooks.useFindAlertsQuery.unableToFetchAlertsGroupingAggregations',
+          {
+            defaultMessage: 'Unable to fetch alerts grouping aggregations',
+          }
+        )
+      );
+    }
+  };
+
+  return useQuery({
+    queryKey: ['getAlertsGroupAggregations', JSON.stringify(params)],
+    queryFn: () =>
+      http.post<SearchResponseBody<{}, T>>(`${BASE_RAC_ALERTS_API_PATH}/_group_aggregations`, {
+        body: JSON.stringify(params),
+      }),
+    onError: onErrorFn,
+    refetchOnWindowFocus: false,
+    enabled,
+  });
+};
diff --git a/x-pack/plugins/rule_registry/common/types.ts b/x-pack/plugins/rule_registry/common/types.ts
@@ -11,6 +11,7 @@ import * as t from 'io-ts';
 
 import type { IFieldSubType } from '@kbn/es-query';
 import type { RuntimeField } from '@kbn/data-views-plugin/common';
+import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 
 // note: these schemas are not exhaustive. See the `Sort` type of `@elastic/elasticsearch` if you need to enhance it.
 const fieldSchema = t.string;
@@ -311,6 +312,80 @@ export const bucketAggsSchemas = t.intersection([
   ),
 ]);
 
+export const alertsAggregationsSchema = t.record(
+  t.string,
+  t.intersection([metricsAggsSchemas, bucketAggsSchemas])
+);
+
+const allowedFilterKeysSchema = t.union([
+  t.literal('bool'),
+  t.literal('boosting'),
+  t.literal('common'),
+  t.literal('combined_fields'),
+  t.literal('constant_score'),
+  t.literal('dis_max'),
+  t.literal('distance_feature'),
+  t.literal('exists'),
+  t.literal('function_score'),
+  t.literal('fuzzy'),
+  t.literal('geo_bounding_box'),
+  t.literal('geo_distance'),
+  t.literal('geo_polygon'),
+  t.literal('geo_shape'),
+  t.literal('has_child'),
+  t.literal('has_parent'),
+  t.literal('ids'),
+  t.literal('intervals'),
+  t.literal('knn'),
+  t.literal('match'),
+  t.literal('match_all'),
+  t.literal('match_bool_prefix'),
+  t.literal('match_none'),
+  t.literal('match_phrase'),
+  t.literal('match_phrase_prefix'),
+  t.literal('more_like_this'),
+  t.literal('multi_match'),
+  t.literal('nested'),
+  t.literal('parent_id'),
+  t.literal('percolate'),
+  t.literal('pinned'),
+  t.literal('prefix'),
+  t.literal('query_string'),
+  t.literal('range'),
+  t.literal('rank_feature'),
+  t.literal('regexp'),
+  t.literal('rule_query'),
+  t.literal('shape'),
+  t.literal('simple_query_string'),
+  t.literal('span_containing'),
+  t.literal('span_field_masking'),
+  t.literal('span_first'),
+  t.literal('span_multi'),
+  t.literal('span_near'),
+  t.literal('span_not'),
+  t.literal('span_or'),
+  t.literal('span_term'),
+  t.literal('span_within'),
+  t.literal('term'),
+  t.literal('terms'),
+  t.literal('terms_set'),
+  t.literal('text_expansion'),
+  t.literal('weighted_tokens'),
+  t.literal('wildcard'),
+  t.literal('wrapper'),
+  t.literal('type'),
+]);
+
+type AssertAssignable<T, U extends T> = T;
+
+// Used to check that the validation schema is aligned with the type from ES
+declare type _ = AssertAssignable<
+  keyof Omit<QueryDslQueryContainer, 'script' | 'script_score'>,
+  t.TypeOf<typeof allowedFilterKeysSchema>
+>;
+
+export const alertsGroupFilterSchema = t.record(allowedFilterKeysSchema, t.any);
+
 export type PutIndexTemplateRequest = estypes.IndicesPutIndexTemplateRequest & {
   body?: { composed_of?: string[] };
 };

diff --git a/x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.mock.ts b/x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.mock.ts
@@ -19,6 +19,7 @@ const createAlertsClientMock = () => {
     bulkUpdate: jest.fn(),
     bulkUpdateCases: jest.fn(),
     find: jest.fn(),
+    getGroupAggregations: jest.fn(),
     getFeatureIdsByRegistrationContexts: jest.fn(),
     getBrowserFields: jest.fn(),
     getAlertSummary: jest.fn(),