[7.x] [RAC] - Update field names (#107857)

packages/kbn-rule-data-utils/src/technical_field_names.ts

@@ -17,25 +17,18 @@ const CONSUMERS = `${KIBANA_NAMESPACE}.consumers` as const;
 const ECS_VERSION = 'ecs.version' as const;
 const EVENT_ACTION = 'event.action' as const;
 const EVENT_KIND = 'event.kind' as const;
-const RULE_CATEGORY = 'rule.category' as const;
-const RULE_CONSUMERS = 'rule.consumers' as const;
-const RULE_ID = 'rule.id' as const;
-const RULE_NAME = 'rule.name' as const;
-const RULE_UUID = 'rule.uuid' as const;
 const SPACE_IDS = `${KIBANA_NAMESPACE}.space_ids` as const;
 const TAGS = 'tags' as const;
 const TIMESTAMP = '@timestamp' as const;
 const VERSION = `${KIBANA_NAMESPACE}.version` as const;
 
+// Fields pertaining to the alert
 const ALERT_ACTION_GROUP = `${ALERT_NAMESPACE}.action_group` as const;
 const ALERT_DURATION = `${ALERT_NAMESPACE}.duration.us` as const;
 const ALERT_END = `${ALERT_NAMESPACE}.end` as const;
 const ALERT_EVALUATION_THRESHOLD = `${ALERT_NAMESPACE}.evaluation.threshold` as const;
 const ALERT_EVALUATION_VALUE = `${ALERT_NAMESPACE}.evaluation.value` as const;
 const ALERT_ID = `${ALERT_NAMESPACE}.id` as const;
-const ALERT_OWNER = `${ALERT_NAMESPACE}.owner` as const;
-const ALERT_CONSUMERS = `${ALERT_NAMESPACE}.consumers` as const;
-const ALERT_PRODUCER = `${ALERT_NAMESPACE}.producer` as const;
 const ALERT_REASON = `${ALERT_NAMESPACE}.reason` as const;
 const ALERT_RISK_SCORE = `${ALERT_NAMESPACE}.risk_score` as const;
 const ALERT_SEVERITY = `${ALERT_NAMESPACE}.severity` as const;
@@ -49,8 +42,8 @@ const ALERT_WORKFLOW_REASON = `${ALERT_NAMESPACE}.workflow_reason` as const;
 const ALERT_WORKFLOW_STATUS = `${ALERT_NAMESPACE}.workflow_status` as const;
 const ALERT_WORKFLOW_USER = `${ALERT_NAMESPACE}.workflow_user` as const;
 
+// Fields pertaining to the rule associated with the alert
 const ALERT_RULE_AUTHOR = `${ALERT_RULE_NAMESPACE}.author` as const;
-const ALERT_RULE_CONSUMERS = `${ALERT_RULE_NAMESPACE}.consumers` as const;
 const ALERT_RULE_CREATED_AT = `${ALERT_RULE_NAMESPACE}.created_at` as const;
 const ALERT_RULE_CREATED_BY = `${ALERT_RULE_NAMESPACE}.created_by` as const;
 const ALERT_RULE_DESCRIPTION = `${ALERT_RULE_NAMESPACE}.description` as const;
@@ -59,6 +52,7 @@ const ALERT_RULE_FROM = `${ALERT_RULE_NAMESPACE}.from` as const;
 const ALERT_RULE_ID = `${ALERT_RULE_NAMESPACE}.id` as const;
 const ALERT_RULE_INTERVAL = `${ALERT_RULE_NAMESPACE}.interval` as const;
 const ALERT_RULE_LICENSE = `${ALERT_RULE_NAMESPACE}.license` as const;
+const ALERT_RULE_CATEGORY = `${ALERT_RULE_NAMESPACE}.category` as const;
 const ALERT_RULE_NAME = `${ALERT_RULE_NAMESPACE}.name` as const;
 const ALERT_RULE_NOTE = `${ALERT_RULE_NAMESPACE}.note` as const;
 const ALERT_RULE_REFERENCES = `${ALERT_RULE_NAMESPACE}.references` as const;
@@ -75,6 +69,15 @@ const ALERT_RULE_TYPE_ID = `${ALERT_RULE_NAMESPACE}.rule_type_id` as const;
 const ALERT_RULE_UPDATED_AT = `${ALERT_RULE_NAMESPACE}.updated_at` as const;
 const ALERT_RULE_UPDATED_BY = `${ALERT_RULE_NAMESPACE}.updated_by` as const;
 const ALERT_RULE_VERSION = `${ALERT_RULE_NAMESPACE}.version` as const;
+// the feature instantiating a rule type.
+// Rule created in stack --> alerts
+// Rule created in siem --> siem
+const ALERT_RULE_CONSUMER = `${ALERT_RULE_NAMESPACE}.consumer` as const;
+// the plugin that registered the rule type.
+// Rule type apm.error_rate --> apm
+// Rule type siem.signals --> siem
+const ALERT_RULE_PRODUCER = `${ALERT_RULE_NAMESPACE}.producer` as const;
+const ALERT_RULE_UUID = `${ALERT_RULE_NAMESPACE}.uuid` as const;
 
 const namespaces = {
   KIBANA_NAMESPACE,
@@ -87,11 +90,6 @@ const fields = {
   ECS_VERSION,
   EVENT_KIND,
   EVENT_ACTION,
-  RULE_CATEGORY,
-  RULE_CONSUMERS,
-  RULE_ID,
-  RULE_NAME,
-  RULE_UUID,
   TAGS,
   TIMESTAMP,
   ALERT_ACTION_GROUP,
@@ -100,13 +98,11 @@ const fields = {
   ALERT_EVALUATION_THRESHOLD,
   ALERT_EVALUATION_VALUE,
   ALERT_ID,
-  ALERT_OWNER,
-  ALERT_CONSUMERS,
-  ALERT_PRODUCER,
+  ALERT_RULE_CONSUMER,
+  ALERT_RULE_PRODUCER,
   ALERT_REASON,
   ALERT_RISK_SCORE,
   ALERT_RULE_AUTHOR,
-  ALERT_RULE_CONSUMERS,
   ALERT_RULE_CREATED_AT,
   ALERT_RULE_CREATED_BY,
   ALERT_RULE_DESCRIPTION,
@@ -141,6 +137,8 @@ const fields = {
   ALERT_WORKFLOW_REASON,
   ALERT_WORKFLOW_STATUS,
   ALERT_WORKFLOW_USER,
+  ALERT_RULE_UUID,
+  ALERT_RULE_CATEGORY,
   SPACE_IDS,
   VERSION,
 };
@@ -154,17 +152,15 @@ export {
   ALERT_ID,
   ALERT_NAMESPACE,
   ALERT_RULE_NAMESPACE,
-  ALERT_OWNER,
-  ALERT_CONSUMERS,
-  ALERT_PRODUCER,
+  ALERT_RULE_CONSUMER,
+  ALERT_RULE_PRODUCER,
   ALERT_REASON,
   ALERT_RISK_SCORE,
   ALERT_STATUS,
   ALERT_WORKFLOW_REASON,
   ALERT_WORKFLOW_STATUS,
   ALERT_WORKFLOW_USER,
   ALERT_RULE_AUTHOR,
-  ALERT_RULE_CONSUMERS,
   ALERT_RULE_CREATED_AT,
   ALERT_RULE_CREATED_BY,
   ALERT_RULE_DESCRIPTION,
@@ -200,11 +196,8 @@ export {
   EVENT_ACTION,
   EVENT_KIND,
   KIBANA_NAMESPACE,
-  RULE_CATEGORY,
-  RULE_CONSUMERS,
-  RULE_ID,
-  RULE_NAME,
-  RULE_UUID,
+  ALERT_RULE_UUID,
+  ALERT_RULE_CATEGORY,
   TAGS,
   TIMESTAMP,
   SPACE_IDS,

x-pack/plugins/alerting/server/authorization/alerting_authorization.test.ts

@@ -1013,14 +1013,14 @@ describe('AlertingAuthorization', () => {
           await alertAuthorization.getFindAuthorizationFilter(AlertingAuthorizationEntity.Rule, {
             type: AlertingAuthorizationFilterType.KQL,
             fieldNames: {
-              ruleTypeId: 'path.to.rule.id',
+              ruleTypeId: 'path.to.rule_type_id',
               consumer: 'consumer-field',
             },
           })
         ).filter
       ).toEqual(
         esKuery.fromKueryExpression(
-          `((path.to.rule.id:myAppAlertType and consumer-field:(myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule.id:myOtherAppAlertType and consumer-field:(myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule.id:mySecondAppAlertType and consumer-field:(myApp or myOtherApp or myAppWithSubFeature)))`
+          `((path.to.rule_type_id:myAppAlertType and consumer-field:(myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule_type_id:myOtherAppAlertType and consumer-field:(myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule_type_id:mySecondAppAlertType and consumer-field:(myApp or myOtherApp or myAppWithSubFeature)))`
         )
       );
       expect(auditLogger.logAuthorizationSuccess).not.toHaveBeenCalled();

x-pack/plugins/alerting/server/authorization/alerting_authorization_kuery.test.ts

@@ -37,14 +37,16 @@ describe('asKqlFiltersByRuleTypeAndConsumer', () => {
         {
           type: AlertingAuthorizationFilterType.KQL,
           fieldNames: {
-            ruleTypeId: 'path.to.rule.id',
+            ruleTypeId: 'path.to.rule_type_id',
             consumer: 'consumer-field',
           },
         },
         'space1'
       )
     ).toEqual(
-      esKuery.fromKueryExpression(`((path.to.rule.id:myAppAlertType and consumer-field:(myApp)))`)
+      esKuery.fromKueryExpression(
+        `((path.to.rule_type_id:myAppAlertType and consumer-field:(myApp)))`
+      )
     );
   });
 
@@ -72,15 +74,15 @@ describe('asKqlFiltersByRuleTypeAndConsumer', () => {
         {
           type: AlertingAuthorizationFilterType.KQL,
           fieldNames: {
-            ruleTypeId: 'path.to.rule.id',
+            ruleTypeId: 'path.to.rule_type_id',
             consumer: 'consumer-field',
           },
         },
         'space1'
       )
     ).toEqual(
       esKuery.fromKueryExpression(
-        `((path.to.rule.id:myAppAlertType and consumer-field:(alerts or myApp or myOtherApp)))`
+        `((path.to.rule_type_id:myAppAlertType and consumer-field:(alerts or myApp or myOtherApp)))`
       )
     );
   });
@@ -144,15 +146,15 @@ describe('asKqlFiltersByRuleTypeAndConsumer', () => {
         {
           type: AlertingAuthorizationFilterType.KQL,
           fieldNames: {
-            ruleTypeId: 'path.to.rule.id',
+            ruleTypeId: 'path.to.rule_type_id',
             consumer: 'consumer-field',
           },
         },
         'space1'
       )
     ).toEqual(
       esKuery.fromKueryExpression(
-        `((path.to.rule.id:myAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule.id:myOtherAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule.id:mySecondAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)))`
+        `((path.to.rule_type_id:myAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule_type_id:myOtherAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule_type_id:mySecondAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)))`
       )
     );
   });
@@ -199,7 +201,7 @@ describe('asKqlFiltersByRuleTypeAndConsumer', () => {
         {
           type: AlertingAuthorizationFilterType.KQL,
           fieldNames: {
-            ruleTypeId: 'path.to.rule.id',
+            ruleTypeId: 'path.to.rule_type_id',
             consumer: 'consumer-field',
             spaceIds: 'path.to.spaceIds',
           },
@@ -208,7 +210,7 @@ describe('asKqlFiltersByRuleTypeAndConsumer', () => {
       )
     ).toEqual(
       esKuery.fromKueryExpression(
-        `((path.to.rule.id:myAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature) and path.to.spaceIds:space1) or (path.to.rule.id:myOtherAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature) and path.to.spaceIds:space1))`
+        `((path.to.rule_type_id:myAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature) and path.to.spaceIds:space1) or (path.to.rule_type_id:myOtherAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature) and path.to.spaceIds:space1))`
       )
     );
   });
@@ -255,7 +257,7 @@ describe('asKqlFiltersByRuleTypeAndConsumer', () => {
         {
           type: AlertingAuthorizationFilterType.KQL,
           fieldNames: {
-            ruleTypeId: 'path.to.rule.id',
+            ruleTypeId: 'path.to.rule_type_id',
             consumer: 'consumer-field',
             spaceIds: 'path.to.spaceIds',
           },
@@ -264,7 +266,7 @@ describe('asKqlFiltersByRuleTypeAndConsumer', () => {
       )
     ).toEqual(
       esKuery.fromKueryExpression(
-        `((path.to.rule.id:myAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule.id:myOtherAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)))`
+        `((path.to.rule_type_id:myAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)) or (path.to.rule_type_id:myOtherAppAlertType and consumer-field:(alerts or myApp or myOtherApp or myAppWithSubFeature)))`
       )
     );
   });
@@ -293,7 +295,7 @@ describe('asEsDslFiltersByRuleTypeAndConsumer', () => {
         {
           type: AlertingAuthorizationFilterType.ESDSL,
           fieldNames: {
-            ruleTypeId: 'path.to.rule.id',
+            ruleTypeId: 'path.to.rule_type_id',
             consumer: 'consumer-field',
           },
         },
@@ -307,7 +309,7 @@ describe('asEsDslFiltersByRuleTypeAndConsumer', () => {
               should: [
                 {
                   match: {
-                    'path.to.rule.id': 'myAppAlertType',
+                    'path.to.rule_type_id': 'myAppAlertType',
                   },
                 },
               ],
@@ -355,7 +357,7 @@ describe('asEsDslFiltersByRuleTypeAndConsumer', () => {
         {
           type: AlertingAuthorizationFilterType.ESDSL,
           fieldNames: {
-            ruleTypeId: 'path.to.rule.id',
+            ruleTypeId: 'path.to.rule_type_id',
             consumer: 'consumer-field',
           },
         },
@@ -366,7 +368,7 @@ describe('asEsDslFiltersByRuleTypeAndConsumer', () => {
         filter: [
           {
             bool: {
-              should: [{ match: { 'path.to.rule.id': 'myAppAlertType' } }],
+              should: [{ match: { 'path.to.rule_type_id': 'myAppAlertType' } }],
               minimum_should_match: 1,
             },
           },
@@ -459,7 +461,7 @@ describe('asEsDslFiltersByRuleTypeAndConsumer', () => {
         {
           type: AlertingAuthorizationFilterType.ESDSL,
           fieldNames: {
-            ruleTypeId: 'path.to.rule.id',
+            ruleTypeId: 'path.to.rule_type_id',
             consumer: 'consumer-field',
           },
         },
@@ -473,7 +475,7 @@ describe('asEsDslFiltersByRuleTypeAndConsumer', () => {
               filter: [
                 {
                   bool: {
-                    should: [{ match: { 'path.to.rule.id': 'myAppAlertType' } }],
+                    should: [{ match: { 'path.to.rule_type_id': 'myAppAlertType' } }],
                     minimum_should_match: 1,
                   },
                 },
@@ -516,7 +518,7 @@ describe('asEsDslFiltersByRuleTypeAndConsumer', () => {
               filter: [
                 {
                   bool: {
-                    should: [{ match: { 'path.to.rule.id': 'myOtherAppAlertType' } }],
+                    should: [{ match: { 'path.to.rule_type_id': 'myOtherAppAlertType' } }],
                     minimum_should_match: 1,
                   },
                 },
@@ -559,7 +561,7 @@ describe('asEsDslFiltersByRuleTypeAndConsumer', () => {
               filter: [
                 {
                   bool: {
-                    should: [{ match: { 'path.to.rule.id': 'mySecondAppAlertType' } }],
+                    should: [{ match: { 'path.to.rule_type_id': 'mySecondAppAlertType' } }],
                     minimum_should_match: 1,
                   },
                 },
@@ -611,7 +613,7 @@ describe('asFiltersBySpaceId', () => {
         {
           type: AlertingAuthorizationFilterType.ESDSL,
           fieldNames: {
-            ruleTypeId: 'path.to.rule.id',
+            ruleTypeId: 'path.to.rule_type_id',
             consumer: 'consumer-field',
             spaceIds: 'path.to.space.id',
           },
@@ -629,7 +631,7 @@ describe('asFiltersBySpaceId', () => {
         {
           type: AlertingAuthorizationFilterType.KQL,
           fieldNames: {
-            ruleTypeId: 'path.to.rule.id',
+            ruleTypeId: 'path.to.rule_type_id',
             consumer: 'consumer-field',
             spaceIds: 'path.to.space.id',
           },
@@ -645,7 +647,7 @@ describe('asFiltersBySpaceId', () => {
         {
           type: AlertingAuthorizationFilterType.ESDSL,
           fieldNames: {
-            ruleTypeId: 'path.to.rule.id',
+            ruleTypeId: 'path.to.rule_type_id',
             consumer: 'consumer-field',
           },
         },
@@ -660,7 +662,7 @@ describe('asFiltersBySpaceId', () => {
         {
           type: AlertingAuthorizationFilterType.ESDSL,
           fieldNames: {
-            ruleTypeId: 'path.to.rule.id',
+            ruleTypeId: 'path.to.rule_type_id',
             consumer: 'consumer-field',
             spaceIds: 'path.to.space.id',
           },

x-pack/plugins/apm/public/components/app/error_group_details/Distribution/index.tsx

@@ -19,7 +19,7 @@ import {
 import { EuiTitle } from '@elastic/eui';
 import d3 from 'd3';
 import React, { Suspense, useState } from 'react';
-import { RULE_ID } from '@kbn/rule-data-utils/target/technical_field_names';
+import { ALERT_RULE_TYPE_ID } from '@kbn/rule-data-utils/target/technical_field_names';
 import { useApmServiceContext } from '../../../../context/apm_service/use_apm_service_context';
 import { APIReturnType } from '../../../../services/rest/createCallApmApi';
 import { asRelativeDateTimeRange } from '../../../../../common/utils/formatters';
@@ -124,7 +124,7 @@ export function ErrorDistribution({ distribution, title }: Props) {
           />
           {getAlertAnnotations({
             alerts: alerts?.filter(
-              (alert) => alert[RULE_ID]?.[0] === AlertType.ErrorCount
+              (alert) => alert[ALERT_RULE_TYPE_ID]?.[0] === AlertType.ErrorCount
             ),
             chartStartTime: buckets[0]?.x0,
             getFormatter,