[Security Solution][Detections] adds bulk edit rule actions

packages/kbn-optimizer/limits.yml

@@ -93,7 +93,7 @@ pageLoadAssetSize:
   expressionShape: 34008
   interactiveSetup: 80000
   expressionTagcloud: 27505
-  securitySolution: 273763
+  securitySolution: 301655
   customIntegrations: 28810
   expressionMetricVis: 23121
   expressionLegacyMetricVis: 23121

x-pack/plugins/security_solution/common/detection_engine/schemas/common/schemas.ts

@@ -16,6 +16,13 @@ import {
   UUID,
   LimitedSizeArray,
 } from '@kbn/securitysolution-io-ts-types';
+import {
+  throttle,
+  action_group as actionGroup,
+  action_params as actionParams,
+  action_id as actionId,
+} from '@kbn/securitysolution-io-ts-alerting-types';
+
 import * as t from 'io-ts';
 
 export const author = t.array(t.string);
@@ -379,6 +386,8 @@ export enum BulkActionEditType {
   'delete_index_patterns' = 'delete_index_patterns',
   'set_index_patterns' = 'set_index_patterns',
   'set_timeline' = 'set_timeline',
+  'add_rule_actions' = 'add_rule_actions',
+  'set_rule_actions' = 'set_rule_actions',
 }
 
 const bulkActionEditPayloadTags = t.type({
@@ -418,16 +427,46 @@ const bulkActionEditPayloadTimeline = t.type({
 
 export type BulkActionEditPayloadTimeline = t.TypeOf<typeof bulkActionEditPayloadTimeline>;
 
+const bulkActionEditPayloadRuleActions = t.type({
+  type: t.union([
+    t.literal(BulkActionEditType.add_rule_actions),
+    t.literal(BulkActionEditType.set_rule_actions),
+  ]),
+  value: t.type({
+    throttle,
+    actions: t.array(
+      t.exact(
+        t.type({
+          group: actionGroup,
+          id: actionId,
+          params: actionParams,
+        })
+      )
+    ),
+  }),
+});
+
+export type bulkActionEditPayloadRuleActions = t.TypeOf<typeof bulkActionEditPayloadRuleActions>;
+
 export const bulkActionEditPayload = t.union([
   bulkActionEditPayloadTags,
   bulkActionEditPayloadIndexPatterns,
   bulkActionEditPayloadTimeline,
+  bulkActionEditPayloadRuleActions,
 ]);
 
 export type BulkActionEditPayload = t.TypeOf<typeof bulkActionEditPayload>;
 
-export type BulkActionEditForRuleAttributes = BulkActionEditPayloadTags;
+/**
+ * actions that modifies rules attributes
+ */
+export type BulkActionEditForRuleAttributes =
+  | BulkActionEditPayloadTags
+  | bulkActionEditPayloadRuleActions;
 
+/**
+ * actions that modifies rules params
+ */
 export type BulkActionEditForRuleParams =
   | BulkActionEditPayloadIndexPatterns
   | BulkActionEditPayloadTimeline;

x-pack/plugins/security_solution/common/detection_engine/schemas/request/perform_bulk_action_schema.test.ts

@@ -343,12 +343,12 @@ describe('perform_bulk_action_schema', () => {
 
         const message = retrieveValidationMessage(payload);
 
-        expect(getPaths(left(message.errors))).toEqual([
-          'Invalid value "edit" supplied to "action"',
-          'Invalid value "set_timeline" supplied to "edit,type"',
-          'Invalid value "{"timeline_title":"Test timeline title"}" supplied to "edit,value"',
-          'Invalid value "undefined" supplied to "edit,value,timeline_id"',
-        ]);
+        expect(getPaths(left(message.errors))).toEqual(
+          expect.arrayContaining([
+            'Invalid value "{"timeline_title":"Test timeline title"}" supplied to "edit,value"',
+            'Invalid value "undefined" supplied to "edit,value,timeline_id"',
+          ])
+        );
         expect(message.schema).toEqual({});
       });
 
@@ -373,5 +373,163 @@ describe('perform_bulk_action_schema', () => {
         expect(message.schema).toEqual(payload);
       });
     });
+
+    describe('rule actions', () => {
+      test('invalid request: invalid rule actions payload', () => {
+        const payload = {
+          query: 'name: test',
+          action: BulkAction.edit,
+          [BulkAction.edit]: [{ type: BulkActionEditType.add_rule_actions, value: [] }],
+        };
+
+        const message = retrieveValidationMessage(payload);
+
+        expect(getPaths(left(message.errors))).toEqual(
+          expect.arrayContaining(['Invalid value "[]" supplied to "edit,value"'])
+        );
+        expect(message.schema).toEqual({});
+      });
+
+      test('invalid request: missing throttle in payload', () => {
+        const payload = {
+          query: 'name: test',
+          action: BulkAction.edit,
+          [BulkAction.edit]: [
+            {
+              type: BulkActionEditType.add_rule_actions,
+              value: {
+                actions: [],
+              },
+            },
+          ],
+        };
+
+        const message = retrieveValidationMessage(payload);
+
+        expect(getPaths(left(message.errors))).toEqual(
+          expect.arrayContaining(['Invalid value "undefined" supplied to "edit,value,throttle"'])
+        );
+        expect(message.schema).toEqual({});
+      });
+
+      test('invalid request: missing actions in payload', () => {
+        const payload = {
+          query: 'name: test',
+          action: BulkAction.edit,
+          [BulkAction.edit]: [
+            {
+              type: BulkActionEditType.add_rule_actions,
+              value: {
+                throttle: '1h',
+              },
+            },
+          ],
+        };
+
+        const message = retrieveValidationMessage(payload);
+
+        expect(getPaths(left(message.errors))).toEqual(
+          expect.arrayContaining(['Invalid value "undefined" supplied to "edit,value,actions"'])
+        );
+        expect(message.schema).toEqual({});
+      });
+
+      test('invalid request: invalid action_type_id property in actions array', () => {
+        const payload = {
+          query: 'name: test',
+          action: BulkAction.edit,
+          [BulkAction.edit]: [
+            {
+              type: BulkActionEditType.add_rule_actions,
+              value: {
+                throttle: '1h',
+                actions: [
+                  {
+                    action_type_id: '.webhook',
+                    group: 'default',
+                    id: '458a50e0-1a28-11ed-9098-47fd8e1f3345',
+                    params: {
+                      body: {
+                        rule_id: '{{rule.id}}',
+                      },
+                    },
+                  },
+                ],
+              },
+            },
+          ],
+        };
+
+        const message = retrieveValidationMessage(payload);
+        expect(getPaths(left(message.errors))).toEqual(
+          expect.arrayContaining(['invalid keys "action_type_id"'])
+        );
+        expect(message.schema).toEqual({});
+      });
+
+      test('valid request: add_rule_actions edit action', () => {
+        const payload: PerformBulkActionSchema = {
+          query: 'name: test',
+          action: BulkAction.edit,
+          [BulkAction.edit]: [
+            {
+              type: BulkActionEditType.add_rule_actions,
+              value: {
+                throttle: '1h',
+                actions: [
+                  {
+                    group: 'default',
+                    id: '458a50e0-1a28-11ed-9098-47fd8e1f3345',
+                    params: {
+                      body: {
+                        rule_id: '{{rule.id}}',
+                      },
+                    },
+                  },
+                ],
+              },
+            },
+          ],
+        };
+
+        const message = retrieveValidationMessage(payload);
+
+        expect(getPaths(left(message.errors))).toEqual([]);
+        expect(message.schema).toEqual(payload);
+      });
+
+      test('valid request: set_rule_actions edit action', () => {
+        const payload: PerformBulkActionSchema = {
+          query: 'name: test',
+          action: BulkAction.edit,
+          [BulkAction.edit]: [
+            {
+              type: BulkActionEditType.set_rule_actions,
+              value: {
+                throttle: '1h',
+                actions: [
+                  {
+                    group: 'default',
+                    id: '458a50e0-1a28-11ed-9098-47fd8e1f3345',
+                    params: {
+                      documents: [
+                        {
+                          rule_id: '{{rule.id}}',
+                        },
+                      ],
+                    },
+                  },
+                ],
+              },
+            },
+          ],
+        };
+
+        const message = retrieveValidationMessage(payload);
+
+        expect(getPaths(left(message.errors))).toEqual([]);
+        expect(message.schema).toEqual(payload);
+      });
+    });
   });
 });

x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/get_schema.ts

@@ -0,0 +1,45 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+import type { ActionTypeRegistryContract } from '@kbn/triggers-actions-ui-plugin/public';
+import { validateRuleActionsField } from '../../../containers/detection_engine/rules/validate_rule_actions_field';
+
+import type { FormSchema } from '../../../../shared_imports';
+import type { ActionsStepRule } from '../../../pages/detection_engine/rules/types';
+
+export const getSchema = ({
+  actionTypeRegistry,
+}: {
+  actionTypeRegistry: ActionTypeRegistryContract;
+}): FormSchema<ActionsStepRule> => ({
+  actions: {
+    validations: [
+      {
+        validator: validateRuleActionsField(actionTypeRegistry),
+      },
+    ],
+  },
+  enabled: {},
+  kibanaSiemAppUrl: {},
+  throttle: {
+    label: i18n.translate(
+      'xpack.securitySolution.detectionEngine.createRule.stepRuleActions.fieldThrottleLabel',
+      {
+        defaultMessage: 'Actions frequency',
+      }
+    ),
+    helpText: i18n.translate(
+      'xpack.securitySolution.detectionEngine.createRule.stepRuleActions.fieldThrottleHelpText',
+      {
+        defaultMessage:
+          'Select when automated actions should be performed if a rule evaluates as true.',
+      }
+    ),
+  },
+});

x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/index.tsx

@@ -31,7 +31,7 @@ import {
 } from '../throttle_select_field';
 import { RuleActionsField } from '../rule_actions_field';
 import { useKibana } from '../../../../common/lib/kibana';
-import { getSchema } from './schema';
+import { getSchema } from './get_schema';
 import * as I18n from './translations';
 import { APP_UI_ID } from '../../../../../common/constants';
 import { useManageCaseAction } from './use_manage_case_action';

x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/translations.tsx

@@ -6,7 +6,6 @@
  */
 
 import { i18n } from '@kbn/i18n';
-import { startCase } from 'lodash/fp';
 
 export const COMPLETE_WITHOUT_ENABLING = i18n.translate(
   'xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.completeWithoutEnablingTitle',
@@ -29,14 +28,3 @@ export const NO_ACTIONS_READ_PERMISSIONS = i18n.translate(
       'Cannot create rule actions. You do not have "Read" permissions for the "Actions" plugin.',
   }
 );
-
-export const INVALID_MUSTACHE_TEMPLATE = (paramKey: string) =>
-  i18n.translate(
-    'xpack.securitySolution.detectionEngine.createRule.stepRuleActions.invalidMustacheTemplateErrorMessage',
-    {
-      defaultMessage: '{key} is not valid mustache template',
-      values: {
-        key: startCase(paramKey),
-      },
-    }
-  );

x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/validate_rule_actions_field/index.tsx

@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { validateRuleActionsField } from './validate_rule_actions_field';

x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/validate_rule_actions_field/translations.ts

@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+import { startCase } from 'lodash/fp';
+
+export const INVALID_MUSTACHE_TEMPLATE = (paramKey: string) =>
+  i18n.translate(
+    'xpack.securitySolution.detectionEngine.createRule.stepRuleActions.invalidMustacheTemplateErrorMessage',
+    {
+      defaultMessage: '{key} is not valid mustache template',
+      values: {
+        key: startCase(paramKey),
+      },
+    }
+  );

x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/schema.test.tsx → x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/validate_rule_actions_field/validate_rule_actions_field.test.tsx

@@ -5,13 +5,13 @@
  * 2.0.
  */
 
-import { validateSingleAction, validateRuleActionsField } from './schema';
+import { validateSingleAction, validateRuleActionsField } from './validate_rule_actions_field';
 import { getActionTypeName, validateMustache, validateActionParams } from './utils';
 import { actionTypeRegistryMock } from '@kbn/triggers-actions-ui-plugin/public/application/action_type_registry.mock';
-import type { FormHook } from '../../../../shared_imports';
+import type { FormHook } from '../../../../../shared_imports';
 jest.mock('./utils');
 
-describe('stepRuleActions schema', () => {
+describe('validate_rule_actions_field', () => {
   const actionTypeRegistry = actionTypeRegistryMock.create();
 
   describe('validateSingleAction', () => {