[Response Ops][Alerting] Use ES client to update rule SO at end of rule run instead of SO client.

x-pack/plugins/alerting/server/saved_objects/index.ts

@@ -23,7 +23,7 @@ import { RawRule } from '../types';
 import { getImportWarnings } from './get_import_warnings';
 import { isRuleExportable } from './is_rule_exportable';
 import { RuleTypeRegistry } from '../rule_type_registry';
-export { partiallyUpdateRule } from './partially_update_rule';
+export { partiallyUpdateRule, partiallyUpdateRuleWithEs } from './partially_update_rule';
 import {
   RULES_SETTINGS_SAVED_OBJECT_TYPE,
   MAINTENANCE_WINDOW_SAVED_OBJECT_TYPE,

x-pack/plugins/alerting/server/saved_objects/partially_update_rule.test.ts

@@ -10,16 +10,22 @@ import {
   ISavedObjectsRepository,
   SavedObjectsErrorHelpers,
 } from '@kbn/core/server';
-
-import { PartiallyUpdateableRuleAttributes, partiallyUpdateRule } from './partially_update_rule';
-import { savedObjectsClientMock } from '@kbn/core/server/mocks';
+import {
+  PartiallyUpdateableRuleAttributes,
+  partiallyUpdateRule,
+  partiallyUpdateRuleWithEs,
+} from './partially_update_rule';
+import { elasticsearchServiceMock, savedObjectsClientMock } from '@kbn/core/server/mocks';
 import { RULE_SAVED_OBJECT_TYPE } from '.';
+import { ALERTING_CASES_SAVED_OBJECT_INDEX } from '@kbn/core-saved-objects-server';
+import { estypes } from '@elastic/elasticsearch';
 
 const MockSavedObjectsClientContract = savedObjectsClientMock.create();
 const MockISavedObjectsRepository =
   MockSavedObjectsClientContract as unknown as jest.Mocked<ISavedObjectsRepository>;
+const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
 
-describe('partially_update_rule', () => {
+describe('partiallyUpdateRule', () => {
   beforeEach(() => {
     jest.resetAllMocks();
   });
@@ -104,6 +110,98 @@ describe('partially_update_rule', () => {
     });
 });
 
+describe('partiallyUpdateRuleWithEs', () => {
+  beforeEach(() => {
+    jest.resetAllMocks();
+    jest.clearAllMocks();
+  });
+
+  test('should work with no options', async () => {
+    esClient.update.mockResolvedValueOnce(MockEsUpdateResponse(MockRuleId));
+
+    await partiallyUpdateRuleWithEs(esClient, MockRuleId, DefaultAttributes);
+    expect(esClient.update).toHaveBeenCalledTimes(1);
+    expect(esClient.update).toHaveBeenCalledWith({
+      id: `alert:${MockRuleId}`,
+      index: ALERTING_CASES_SAVED_OBJECT_INDEX,
+      doc: {
+        alert: DefaultAttributes,
+      },
+    });
+  });
+
+  test('should work with extraneous attributes ', async () => {
+    const attributes = ExtraneousAttributes as unknown as PartiallyUpdateableRuleAttributes;
+    esClient.update.mockResolvedValueOnce(MockEsUpdateResponse(MockRuleId));
+
+    await partiallyUpdateRuleWithEs(esClient, MockRuleId, attributes);
+    expect(esClient.update).toHaveBeenCalledWith({
+      id: `alert:${MockRuleId}`,
+      index: ALERTING_CASES_SAVED_OBJECT_INDEX,
+      doc: {
+        alert: ExtraneousAttributes,
+      },
+    });
+  });
+
+  test('should handle ES errors', async () => {
+    esClient.update.mockRejectedValueOnce(new Error('wops'));
+
+    await expect(
+      partiallyUpdateRuleWithEs(esClient, MockRuleId, DefaultAttributes)
+    ).rejects.toThrowError('wops');
+  });
+
+  test('should handle the version option', async () => {
+    esClient.update.mockResolvedValueOnce(MockEsUpdateResponse(MockRuleId));
+
+    await partiallyUpdateRuleWithEs(esClient, MockRuleId, DefaultAttributes, {
+      version: 'WzQsMV0=',
+    });
+    expect(esClient.update).toHaveBeenCalledWith({
+      id: `alert:${MockRuleId}`,
+      index: ALERTING_CASES_SAVED_OBJECT_INDEX,
+      if_primary_term: 1,
+      if_seq_no: 4,
+      doc: {
+        alert: DefaultAttributes,
+      },
+    });
+  });
+
+  test('should handle the ignore404 option', async () => {
+    esClient.update.mockResolvedValueOnce(MockEsUpdateResponse(MockRuleId));
+
+    await partiallyUpdateRuleWithEs(esClient, MockRuleId, DefaultAttributes, { ignore404: true });
+    expect(esClient.update).toHaveBeenCalledWith(
+      {
+        id: `alert:${MockRuleId}`,
+        index: ALERTING_CASES_SAVED_OBJECT_INDEX,
+        doc: {
+          alert: DefaultAttributes,
+        },
+      },
+      { ignore: [404] }
+    );
+  });
+
+  test('should handle the refresh option', async () => {
+    esClient.update.mockResolvedValueOnce(MockEsUpdateResponse(MockRuleId));
+
+    await partiallyUpdateRuleWithEs(esClient, MockRuleId, DefaultAttributes, {
+      refresh: 'wait_for',
+    });
+    expect(esClient.update).toHaveBeenCalledWith({
+      id: `alert:${MockRuleId}`,
+      index: ALERTING_CASES_SAVED_OBJECT_INDEX,
+      doc: {
+        alert: DefaultAttributes,
+      },
+      refresh: 'wait_for',
+    });
+  });
+});
+
 function getMockSavedObjectClients(): Record<
   string,
   jest.Mocked<SavedObjectsClientContract | ISavedObjectsRepository>
@@ -137,3 +235,13 @@ const MockUpdateValue = {
   },
   references: [],
 };
+
+const MockEsUpdateResponse = (id: string) => ({
+  _index: '.kibana_alerting_cases_9.0.0_001',
+  _id: `alert:${id}`,
+  _version: 3,
+  result: 'updated' as estypes.Result,
+  _shards: { total: 1, successful: 1, failed: 0 },
+  _seq_no: 5,
+  _primary_term: 1,
+});

x-pack/plugins/alerting/server/saved_objects/partially_update_rule.ts

@@ -7,10 +7,13 @@
 
 import { omit, pick } from 'lodash';
 import {
+  ElasticsearchClient,
   SavedObjectsClient,
   SavedObjectsErrorHelpers,
   SavedObjectsUpdateOptions,
 } from '@kbn/core/server';
+import { decodeRequestVersion } from '@kbn/core-saved-objects-base-server-internal';
+import { ALERTING_CASES_SAVED_OBJECT_INDEX } from '@kbn/core-saved-objects-server';
 import { RawRule } from '../types';
 
 import {
@@ -67,3 +70,33 @@ export async function partiallyUpdateRule(
     throw err;
   }
 }
+
+// direct, partial update to a rule saved object via ElasticsearchClient
+export async function partiallyUpdateRuleWithEs(
+  esClient: ElasticsearchClient,
+  id: string,
+  attributes: PartiallyUpdateableRuleAttributes,
+  options: PartiallyUpdateRuleSavedObjectOptions = {}
+): Promise<void> {
+  // ensure we only have the valid attributes that are not encrypted and are excluded from AAD
+  const attributeUpdates = omit(attributes, [
+    ...RuleAttributesToEncrypt,
+    ...RuleAttributesIncludedInAAD,
+  ]);
+
+  const updateParams = {
+    id: `alert:${id}`,
+    index: ALERTING_CASES_SAVED_OBJECT_INDEX,
+    ...(options.version ? decodeRequestVersion(options.version) : {}),
+    doc: {
+      alert: attributeUpdates,
+    },
+    ...(options.refresh ? { refresh: options.refresh } : {}),
+  };
+
+  if (options.ignore404) {
+    await esClient.update(updateParams, { ignore: [404] });
+  } else {
+    await esClient.update(updateParams);
+  }
+}

x-pack/plugins/alerting/server/task_runner/fixtures.ts

@@ -7,6 +7,7 @@
 
 import { TaskStatus } from '@kbn/task-manager-plugin/server';
 import { SavedObject } from '@kbn/core/server';
+import { ALERTING_CASES_SAVED_OBJECT_INDEX } from '@kbn/core-saved-objects-server';
 import {
   Rule,
   RuleTypeParams,
@@ -64,7 +65,7 @@ const defaultHistory = [
   },
 ];
 
-export const generateSavedObjectParams = ({
+export const generateRuleUpdateParams = ({
   error = null,
   warning = null,
   status = 'ok',
@@ -83,53 +84,59 @@ export const generateSavedObjectParams = ({
   history?: RuleMonitoring['run']['history'];
   alertsCount?: Record<string, number>;
 }) => [
-  RULE_SAVED_OBJECT_TYPE,
-  '1',
   {
-    monitoring: {
-      run: {
-        calculated_metrics: {
-          success_ratio: successRatio,
+    id: `alert:1`,
+    index: ALERTING_CASES_SAVED_OBJECT_INDEX,
+    doc: {
+      alert: {
+        monitoring: {
+          run: {
+            calculated_metrics: {
+              success_ratio: successRatio,
+            },
+            history,
+            last_run: {
+              timestamp: '1970-01-01T00:00:00.000Z',
+              metrics: {
+                duration: 0,
+                gap_duration_s: null,
+                total_alerts_created: null,
+                total_alerts_detected: null,
+                total_indexing_duration_ms: null,
+                total_search_duration_ms: null,
+              },
+            },
+          },
         },
-        history,
-        last_run: {
-          timestamp: '1970-01-01T00:00:00.000Z',
-          metrics: {
-            duration: 0,
-            gap_duration_s: null,
-            total_alerts_created: null,
-            total_alerts_detected: null,
-            total_indexing_duration_ms: null,
-            total_search_duration_ms: null,
+        executionStatus: {
+          error,
+          lastDuration: 0,
+          lastExecutionDate: '1970-01-01T00:00:00.000Z',
+          status,
+          warning,
+        },
+        lastRun: {
+          outcome,
+          outcomeOrder: RuleLastRunOutcomeOrderMap[outcome],
+          outcomeMsg:
+            (error?.message && [error?.message]) ||
+            (warning?.message && [warning?.message]) ||
+            null,
+          warning: error?.reason || warning?.reason || null,
+          alertsCount: {
+            active: 0,
+            ignored: 0,
+            new: 0,
+            recovered: 0,
+            ...(alertsCount || {}),
           },
         },
+        nextRun,
+        running: false,
       },
     },
-    executionStatus: {
-      error,
-      lastDuration: 0,
-      lastExecutionDate: '1970-01-01T00:00:00.000Z',
-      status,
-      warning,
-    },
-    lastRun: {
-      outcome,
-      outcomeOrder: RuleLastRunOutcomeOrderMap[outcome],
-      outcomeMsg:
-        (error?.message && [error?.message]) || (warning?.message && [warning?.message]) || null,
-      warning: error?.reason || warning?.reason || null,
-      alertsCount: {
-        active: 0,
-        ignored: 0,
-        new: 0,
-        recovered: 0,
-        ...(alertsCount || {}),
-      },
-    },
-    nextRun,
-    running: false,
   },
-  { refresh: false, namespace: undefined },
+  { ignore: [404] },
 ];
 
 export const GENERIC_ERROR_MESSAGE = 'GENERIC ERROR MESSAGE';