Add ALERT_RULE_PARAMETERS to the common fields in Rule Registry (#147458)

## Summary Every Alert in the Alerts-As-Data should have the ALERT_RULE_PARAMETERS field added to the data. This field is required for each rule in Observability to support future plans for the Alert Detail page. I was originally going to add this field individually to each rule but settled on this more efficient solution. Closes #146037 Closes #146021 Closes #146024 Closes #146028 Closes #146029 Closes #146031 Closes #146033 Closes #146035 Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2025-04-24 17:59:23 -04:00 · 2023-01-19 17:55:04 -07:00 · 2023-01-19 17:55:04 -07:00 · bbce4f0885
commit bbce4f0885
parent 356337f0a2
6 changed files with 77 additions and 12 deletions
--- a/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/inventory_metric_threshold_executor.ts
+++ b/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/inventory_metric_threshold_executor.ts
@ -6,7 +6,7 @@
 */

 import { i18n } from '@kbn/i18n';
-import { ALERT_REASON, ALERT_RULE_PARAMETERS } from '@kbn/rule-data-utils';
+import { ALERT_REASON } from '@kbn/rule-data-utils';
 import { first, get } from 'lodash';
 import {
  ActionGroup,
@ -95,7 +95,6 @@ export const createInventoryMetricThresholdExecutor = (libs: InfraBackendLibs) =
        id,
        fields: {
          [ALERT_REASON]: reason,
-          [ALERT_RULE_PARAMETERS]: params as any, // the type assumes the object is already flattened when writing the same way as when reading https://github.com/elastic/kibana/blob/main/x-pack/plugins/rule_registry/common/field_map/runtime_type_from_fieldmap.ts#L60
          ...flattenAdditionalContext(additionalContext),
        },
      });
--- a/x-pack/plugins/rule_registry/common/schemas/8.7.0/index.ts
+++ b/x-pack/plugins/rule_registry/common/schemas/8.7.0/index.ts
@ -0,0 +1,54 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { Values } from '@kbn/utility-types';
+import {
+  ALERT_INSTANCE_ID,
+  ALERT_UUID,
+  ALERT_RULE_CATEGORY,
+  ALERT_RULE_CONSUMER,
+  ALERT_RULE_EXECUTION_UUID,
+  ALERT_RULE_NAME,
+  ALERT_RULE_PRODUCER,
+  ALERT_RULE_TYPE_ID,
+  ALERT_RULE_UUID,
+  SPACE_IDS,
+  ALERT_RULE_TAGS,
+  TIMESTAMP,
+  ALERT_RULE_PARAMETERS,
+} from '@kbn/rule-data-utils';
+
+/* DO NOT MODIFY THIS SCHEMA TO ADD NEW FIELDS. These types represent the alerts that shipped in 8.7.0.
+Any changes to these types should be bug fixes so the types more accurately represent the alerts from 8.7.0.
+
+If you are adding new fields for a new release of Kibana, create a new sibling folder to this one
+for the version to be released and add the field(s) to the schema in that folder.
+
+Then, update `../index.ts` to import from the new folder that has the latest schemas, add the
+new schemas to the union of all alert schemas, and re-export the new schemas as the `*Latest` schemas.
+*/
+
+const commonAlertIdFieldNames = [ALERT_INSTANCE_ID, ALERT_UUID];
+export type CommonAlertIdFieldName870 = Values<typeof commonAlertIdFieldNames>;
+
+export interface CommonAlertFields870 {
+  [ALERT_RULE_PARAMETERS]: Record<string, unknown>;
+  [ALERT_RULE_CATEGORY]: string;
+  [ALERT_RULE_CONSUMER]: string;
+  [ALERT_RULE_EXECUTION_UUID]: string;
+  [ALERT_RULE_NAME]: string;
+  [ALERT_RULE_PRODUCER]: string;
+  [ALERT_RULE_TYPE_ID]: string;
+  [ALERT_RULE_UUID]: string;
+  [SPACE_IDS]: string[];
+  [ALERT_RULE_TAGS]: string[];
+  [TIMESTAMP]: string;
+}
+
+export type CommonAlertFieldName870 = keyof CommonAlertFields870;
+
+export type AlertWithCommonFields870<T> = T & CommonAlertFields870;
--- a/x-pack/plugins/rule_registry/common/schemas/index.ts
+++ b/x-pack/plugins/rule_registry/common/schemas/index.ts
@ -6,15 +6,15 @@
 */

 import type {
-  CommonAlertFieldName800,
-  CommonAlertIdFieldName800,
-  CommonAlertFields800,
-  AlertWithCommonFields800,
-} from './8.0.0';
+  CommonAlertFieldName870,
+  CommonAlertIdFieldName870,
+  CommonAlertFields870,
+  AlertWithCommonFields870,
+} from './8.7.0';

 export type {
-  CommonAlertFieldName800 as CommonAlertFieldNameLatest,
-  CommonAlertIdFieldName800 as CommonAlertIdFieldNameLatest,
-  CommonAlertFields800 as CommonAlertFieldsLatest,
-  AlertWithCommonFields800 as AlertWithCommonFieldsLatest,
+  CommonAlertFieldName870 as CommonAlertFieldNameLatest,
+  CommonAlertIdFieldName870 as CommonAlertIdFieldNameLatest,
+  CommonAlertFields870 as CommonAlertFieldsLatest,
+  AlertWithCommonFields870 as AlertWithCommonFieldsLatest,
 };
--- a/x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type.test.ts
+++ b/x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type.test.ts
@ -101,7 +101,7 @@ function createRule(shouldWriteAlerts: boolean = true) {
        executionId: 'b33f65d7-6e8b-4aae-8d20-c93613dec9f9',
        logger: loggerMock.create(),
        namespace: 'namespace',
-        params: {},
+        params: { threshold: 1, operator: '>' },
        previousStartedAt,
        rule: {
          id: 'alertId',
@ -246,6 +246,10 @@ describe('createLifecycleRuleTypeFactory', () => {
              "kibana.alert.rule.consumer": "consumer",
              "kibana.alert.rule.execution.uuid": "b33f65d7-6e8b-4aae-8d20-c93613dec9f9",
              "kibana.alert.rule.name": "name",
+              "kibana.alert.rule.parameters": Object {
+                "operator": ">",
+                "threshold": 1,
+              },
              "kibana.alert.rule.producer": "producer",
              "kibana.alert.rule.rule_type_id": "ruleTypeId",
              "kibana.alert.rule.tags": Array [
@ -278,6 +282,10 @@ describe('createLifecycleRuleTypeFactory', () => {
              "kibana.alert.rule.consumer": "consumer",
              "kibana.alert.rule.execution.uuid": "b33f65d7-6e8b-4aae-8d20-c93613dec9f9",
              "kibana.alert.rule.name": "name",
+              "kibana.alert.rule.parameters": Object {
+                "operator": ">",
+                "threshold": 1,
+              },
              "kibana.alert.rule.producer": "producer",
              "kibana.alert.rule.rule_type_id": "ruleTypeId",
              "kibana.alert.rule.tags": Array [
--- a/x-pack/plugins/rule_registry/server/utils/get_common_alert_fields.ts
+++ b/x-pack/plugins/rule_registry/server/utils/get_common_alert_fields.ts
@ -16,6 +16,7 @@ import {
  SPACE_IDS,
  ALERT_RULE_TAGS,
  TIMESTAMP,
+  ALERT_RULE_PARAMETERS,
 } from '@kbn/rule-data-utils';

 import { RuleExecutorOptions } from '@kbn/alerting-plugin/server';
@ -25,6 +26,7 @@ export const getCommonAlertFields = (
  options: RuleExecutorOptions<any, any, any, any, any>
 ): CommonAlertFieldsLatest => {
  return {
+    [ALERT_RULE_PARAMETERS]: options.params,
    [ALERT_RULE_CATEGORY]: options.rule.ruleTypeName,
    [ALERT_RULE_CONSUMER]: options.rule.consumer,
    [ALERT_RULE_EXECUTION_UUID]: options.executionId,
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.test.ts
@ -36,6 +36,7 @@ import {
  ALERT_RULE_CONSUMER,
  ALERT_RULE_EXECUTION_UUID,
  ALERT_RULE_NAME,
+  ALERT_RULE_PARAMETERS,
  ALERT_RULE_PRODUCER,
  ALERT_RULE_TAGS,
  ALERT_RULE_TYPE_ID,
@ -62,6 +63,7 @@ describe('searchAfterAndBulkCreate', () => {
    match_all: {},
  };
  const mockCommonFields: CommonAlertFieldsLatest = {
+    [ALERT_RULE_PARAMETERS]: {},
    [ALERT_RULE_CATEGORY]: 'Custom Query Rule',
    [ALERT_RULE_CONSUMER]: SERVER_APP_ID,
    [ALERT_RULE_EXECUTION_UUID]: '97e8f53a-4971-4935-bb54-9b8f86930cc7',