[Alerting] Enforces typing of Alert's ActionGroups #86761

gmmorris · 2020-12-22T12:49:49Z

Summary

This PR tightens the typing on the Alerting framework's AlertType and its deeper typing around AlertServices and AlertExecutorOptions.

This ensures the following:

It's now impossible^✴ to schedule actions on any ActionGroup other than the groups specified on the AlertType (including the Recovery group)
It's now impossible^✴ to schedule actions with incorrect InstanceState or InstanceContext

✴ Unless they bypass the Typescript typing, which is an explicit choice to bypass type safety

Checklist

Delete any items that are not applicable to this PR.

~~Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support~~
Documentation was added for features that require explanation or tutorials
Unit or functional tests were updated or added to match the most common scenarios
~~Any UI touched in this PR is usable by keyboard only (learn more about keyboard accessibility)~~
~~Any UI touched in this PR does not create any new axe failures (run axe in browser: FF, Chrome)~~
~~This renders correctly on smaller devices using a responsive layout. (You can test this in your browser)~~
~~This was checked for cross-browser compatibility~~

For maintainers

This was checked for breaking API changes and was labeled appropriately

* master: (48 commits) Fix request with disabled aggregation (elastic#85696) [Security Solution][Detections][Threshold Rules] Threshold Rule Bug Fixes (elastic#84918) Removed a possibility to define two different names for Alert types on API and UI level. (elastic#86236) Bump Node.js from version 14.15.2 to 14.15.3 (elastic#86593) [index patterns] Fleep app - Keep saved object field list until field caps provides fields (elastic#85370) [Security Solutions] fix timeline tabs + layout (elastic#86581) Upgrade to hapi version 20 (elastic#85406) App Services: Remove remaining uiActions, expressions, data, embeddable circular dependencies. (elastic#82791) Rename chartLibrary setting to legacyChartsLibrary (elastic#86529) [CI] TeamCity updates (elastic#85843) [Maps] Use Json for mvt-tests (elastic#86492) [Rollup Jobs] Added autofocus to cron editor (elastic#86324) [Monitoring][Alerting] CCR read exceptions alert (elastic#85908) [CI] Bump memory for main CI workers (elastic#86541) Explicitly set Elasticsearch heap size during CI and local development (elastic#86513) [App Search] Updates to results on the documents view (elastic#86181) [Discover] Change default sort handling (elastic#85561) [App Search] Convert DocumentCreationModal to DocumentCreationFlyout (elastic#86508) [App Search] Sample Engines should have access to the Crawler (elastic#86502) Fixed duplication of create new modal (elastic#86489) ...

* master: (36 commits) update apm index pattern (elastic#86739) [Visualizations] Remove vis_default_editor - visualize plugins cyclic dependencies (elastic#85422) [ML] Fix alignment of values in data frame analytics results view badges (elastic#86621) [Visualizations] Remove charts - editor plugins cyclic dependencies (elastic#84887) fixing blank page (elastic#86640) Update dependency vega to ^5.17.1 (elastic#86715) [Monitoring] Convert Kibana-related server files that read from _source to typescript (elastic#86364) Uses @elastic/elasticsearch-canary (elastic#86398) [CI] Removes script previously used for Karma (elastic#86412) [build] Remove grunt checkPlugins task (elastic#85852) [build] Remove grunt docker:docs task (elastic#85848) [ML] Add doc link for classification AUC ROC evaluation (elastic#86660) [ML] Edits saved object synchronization message (elastic#86664) Uses the new es client in canvas usage collector's fetch methods (elastic#86668) [ML] Support legacy watcher URL (elastic#86661) [ML] Fix Single Metric Viewer y domain extending beyond the visible focus area (elastic#86655) Migrates search telemetry usage collector es client from legacy to new (elastic#86597) [Alerting] Encourage type safe usage of Alerting (elastic#86623) Migrates kql_telemetry usage collector es client (elastic#86585) [ML] Fix time range adjustment for the swim lane causing the infinite loop update (elastic#86461) ...

gmmorris · 2020-12-30T10:35:39Z

.../infra/server/lib/alerting/inventory_metric_threshold/inventory_metric_threshold_executor.ts

+        /**
+         * TODO: We're lying to the compiler here as explicitly  calling `scheduleActions` on
+         * the RecoveredActionGroup isn't allowed
+         */
+        (actionGroupId as unknown) as InventoryMetricThresholdAllowedActionGroups,


The InventoryMetricThreshold AlertType relies on specifying the recovery ActionGroup explicitly in order to include a context that is accessible when an instance is recovered. This approach isn't in line with how the system was designed to be used, which is why we have encountered some unforeseen side effects (alert instances recovering twice, for example).

This PR makes this kind of usage impossible unless you lie to the compiler, which is why we do so here.

I have began a dialogue with @Zacqary to find a solution that will satisfy their need, but for now, I'd still like to proceed with this PR to discourage this type of usage.

@mikecote I couldn't find an existing issue to explore ways of enabling some kind of context when an instance recovers. Are you aware of one which I can link to here?
If not, I'll open a new one and we can try and find a solution for Metrics.

@gmmorris none that I recall, just some conversations in another issue: #49405 (comment).

elasticmachine · 2020-12-30T10:59:15Z

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

mikecote

Alerting team code changes LGTM!

yctercero

LGTM detection engine side! Thanks for the type updates. Looks like the changes now specify the defaultActionGroup which for DE we only have one specified (default) here - x-pack/plugins/security_solution/server/lib/detection_engine/signals/siem_rule_action_groups.ts.

Checked out and just played around with basic DE functionality - rule creation, edit (versioning updating), enabling/disabling, and deletion. Looks great, thank you!

gmmorris · 2020-12-31T09:49:10Z

Thanks for the 👍 @yctercero

Looks like the changes now specify the defaultActionGroup which for DE we only have one specified (default) here - x-pack/plugins/security_solution/server/lib/detection_engine/signals/siem_rule_action_groups.ts.

This PR doesn't actually change that, it was already defined, but it wasn't expressed in the type signature, so all this PR did is include that in the type so that it can't be misused.
Does that make sense?

gmmorris · 2021-01-04T09:31:12Z

@elasticmachine merge upstream

kibanamachine · 2021-01-04T11:43:08Z

💚 Build Succeeded

continuous-integration/kibana-ci/pull-request
Commit: b6f4a59

Metrics [docs]

Distributable file count

id	before	after	diff
`default`	47264	48024	+760

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
`apm`	48.6KB	48.7KB	+80.0B

History

💚 Build #96410 succeeded a9f5f50
💔 Build #96402 failed c56dda5
💔 Build #96061 failed b79eb96

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

ymao1

LGTM!

phillipb

Infra type changes LGTM

ogupte

APM changes LGTM

chrisronline

LGTM for Stack Monitoring!

This PR tightens the typing on the Alerting framework's `AlertType` and its deeper typing around `AlertServices ` and `AlertExecutorOptions`. This ensures the following: 1. It's now impossible<sup>✴</sup> to schedule actions on any ActionGroup other than the groups specified on the AlertType (including the Recovery group) 2. It's now impossible<sup>✴</sup> to schedule actions with incorrect `InstanceState` or `InstanceContext` ✴ Unless they bypass the Typescript typing, which is an explicit choice to bypass type safety

This reverts commit 76b8c49.

jbudz · 2021-01-05T19:27:24Z

I temporarily reverted this due to a typecheck failure:
https://kibana-ci.elastic.co/job/elastic+kibana+master/10922/execution/node/357/log/

…lastic#86761)"" This reverts commit 051be28.

…ups` (#87382) The #86761 PR was reverted due to a small typing issue. This PR reverts that revert and adds a commit to address the issue: 9e4ab20.

…ups` (elastic#87382) The elastic#86761 PR was reverted due to a small typing issue. This PR reverts that revert and adds a commit to address the issue: elastic@9e4ab20.

…ups` (#87382) (#87454) The #86761 PR was reverted due to a small typing issue. This PR reverts that revert and adds a commit to address the issue: 9e4ab20.

kibanamachine · 2021-01-07T18:54:40Z