[RAM] Alert Table from triggers_actions_ui plugin

x-pack/plugins/cases/public/components/case_view/case_view_page.tsx

@@ -5,15 +5,7 @@
  * 2.0.
  */
 
-import {
-  EuiEmptyPrompt,
-  EuiFlexGroup,
-  EuiFlexItem,
-  EuiLoadingLogo,
-  EuiSpacer,
-  EuiTab,
-  EuiTabs,
-} from '@elastic/eui';
+import { EuiFlexGroup, EuiFlexItem, EuiSpacer, EuiTab, EuiTabs } from '@elastic/eui';
 import React, { useCallback, useEffect, useMemo, useRef, useState } from 'react';
 import { Case, UpdateKey } from '../../../common/ui';
 import { useCaseViewNavigation, useUrlParams } from '../../common/navigation';
@@ -28,6 +20,7 @@ import { useTimelineContext } from '../timeline_context/use_timeline_context';
 import { useCasesTitleBreadcrumbs } from '../use_breadcrumbs';
 import { WhitePageWrapperNoBorder } from '../wrappers';
 import { CaseViewActivity } from './components/case_view_activity';
+import { CaseViewAlerts } from './components/case_view_alerts';
 import { CaseViewMetrics } from './metrics';
 import { ACTIVITY_TAB, ALERTS_TAB } from './translations';
 import { CaseViewPageProps, CASE_VIEW_PAGE_TABS } from './types';
@@ -36,7 +29,7 @@ import { useOnUpdateField } from './use_on_update_field';
 // This hardcoded constant is left here intentionally
 // as a way to hide a wip functionality
 // that will be merge in the 8.3 release.
-const ENABLE_ALERTS_TAB = false;
+const ENABLE_ALERTS_TAB = true;
 
 export const CaseViewPage = React.memo<CaseViewPageProps>(
   ({
@@ -194,12 +187,7 @@ export const CaseViewPage = React.memo<CaseViewPageProps>(
               {
                 id: CASE_VIEW_PAGE_TABS.ALERTS,
                 name: ALERTS_TAB,
-                content: (
-                  <EuiEmptyPrompt
-                    icon={<EuiLoadingLogo logo="logoKibana" size="xl" />}
-                    title={<h2>{'Alerts table placeholder'}</h2>}
-                  />
-                ),
+                content: <CaseViewAlerts caseData={caseData} />,
               },
             ]
           : []),

x-pack/plugins/cases/public/components/case_view/components/case_view_alerts.test.tsx

@@ -0,0 +1,68 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { waitFor } from '@testing-library/dom';
+import { alertCommentWithIndices, basicCase } from '../../../containers/mock';
+import { AppMockRenderer, createAppMockRenderer } from '../../../common/mock';
+import { Case } from '../../../../common';
+import { CaseViewAlerts } from './case_view_alerts';
+import * as api from '../../../containers/api';
+
+jest.mock('../../../containers/api');
+
+const caseData: Case = {
+  ...basicCase,
+  comments: [...basicCase.comments, alertCommentWithIndices],
+};
+
+describe('Case View Page activity tab', () => {
+  const getAlertsStateTableMock = jest.fn();
+  let appMockRender: AppMockRenderer;
+
+  beforeEach(() => {
+    appMockRender = createAppMockRenderer();
+    appMockRender.coreStart.triggersActionsUi.getAlertsStateTable =
+      getAlertsStateTableMock.mockReturnValue(<div data-test-subj="alerts-table" />);
+    jest.clearAllMocks();
+  });
+
+  it('should render the alerts table', async () => {
+    const result = appMockRender.render(<CaseViewAlerts caseData={caseData} />);
+    await waitFor(async () => {
+      expect(result.getByTestId('alerts-table')).toBeTruthy();
+    });
+  });
+
+  it('should call the alerts table with correct props', async () => {
+    appMockRender.render(<CaseViewAlerts caseData={caseData} />);
+    await waitFor(async () => {
+      expect(getAlertsStateTableMock).toHaveBeenCalledWith({
+        alertsTableConfigurationRegistry: expect.anything(),
+        configurationId: 'securitySolution',
+        featureIds: ['siem', 'observability'],
+        id: 'case-details-alerts-securitySolution',
+        query: {
+          ids: {
+            values: ['alert-id-1'],
+          },
+        },
+      });
+    });
+  });
+
+  it('should call the getFeatureIds with the correct registration context', async () => {
+    const getFeatureIdsMock = jest.spyOn(api, 'getFeatureIds');
+    appMockRender.render(<CaseViewAlerts caseData={caseData} />);
+    await waitFor(async () => {
+      expect(getFeatureIdsMock).toHaveBeenCalledWith(
+        { registrationContext: ['matchme'] },
+        expect.anything()
+      );
+    });
+  });
+});

x-pack/plugins/cases/public/components/case_view/components/case_view_alerts.tsx

@@ -0,0 +1,46 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useMemo } from 'react';
+
+import { Case } from '../../../../common';
+import { useKibana } from '../../../common/lib/kibana';
+import { getManualAlertIds, getRegistrationContextFromAlerts } from './helpers';
+import { useGetFeatureIds } from '../../../containers/use_get_feature_ids';
+
+interface CaseViewAlertsProps {
+  caseData: Case;
+}
+export const CaseViewAlerts = ({ caseData }: CaseViewAlertsProps) => {
+  const { triggersActionsUi } = useKibana().services;
+
+  const alertIdsQuery = useMemo(
+    () => ({
+      ids: {
+        values: getManualAlertIds(caseData.comments),
+      },
+    }),
+    [caseData.comments]
+  );
+  const alertRegistrationContexts = useMemo(
+    () => getRegistrationContextFromAlerts(caseData.comments),
+    [caseData.comments]
+  );
+
+  const alertFeatureIds = useGetFeatureIds(alertRegistrationContexts);
+
+  const alertStateProps = {
+    alertsTableConfigurationRegistry: triggersActionsUi.alertsTableConfigurationRegistry,
+    configurationId: caseData.owner,
+    id: `case-details-alerts-${caseData.owner}`,
+    featureIds: alertFeatureIds,
+    query: alertIdsQuery,
+  };
+
+  return <>{triggersActionsUi.getAlertsStateTable(alertStateProps)}</>;
+};
+CaseViewAlerts.displayName = 'CaseViewAlerts';

x-pack/plugins/cases/public/components/case_view/components/helpers.test.ts

@@ -0,0 +1,94 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { alertComment } from '../../../containers/mock';
+import { getManualAlertIds, getRegistrationContextFromAlerts } from './helpers';
+
+const comment = {
+  ...alertComment,
+  alertId: 'alert-id-1',
+  index: '.alerts-matchme.alerts',
+};
+const comment2 = {
+  ...alertComment,
+  alertId: 'alert-id-2',
+  index: '.alerts-another.alerts',
+};
+
+const comment3 = {
+  ...alertComment,
+  alertId: ['nested1', 'nested2', 'nested3'],
+};
+
+const commentSiemSignal = {
+  ...alertComment,
+  alertId: 'alert-id-siem',
+  index: '.siem-signals-default-000008',
+};
+
+const commentIsBad = {
+  ...alertComment,
+  alertId: 'alert-id-bad',
+  index: 'bad-siem-signals-default-000008',
+};
+
+const multipleIndices = {
+  ...alertComment,
+  alertId: ['test-id-1', 'test-id-2', 'test-id-3', 'test-id-4', 'test-id-5', 'test-id-6'],
+  index: [
+    '.internal.alerts-security.alerts-default-000001',
+    '.internal.alerts-observability.logs.alerts-default-000001',
+    '.internal.alerts-observability.uptime.alerts-default-000001',
+    '.internal.alerts-observability.metrics.alerts-default-000001',
+    '.internal.alerts-observability.apm.alerts-space2-000001',
+    '.internal.alerts-observability.logs.alerts-space1-000001',
+  ],
+};
+
+describe('Case view helpers', () => {
+  describe('getRegistrationContextFromAlerts', () => {
+    it('returns the correct registration context', () => {
+      const result = getRegistrationContextFromAlerts([comment, comment2, multipleIndices]);
+      expect(result).toEqual([
+        'matchme',
+        'another',
+        'security',
+        'observability.logs',
+        'observability.uptime',
+        'observability.metrics',
+        'observability.apm',
+      ]);
+    });
+
+    it('dedupes contexts', () => {
+      const result = getRegistrationContextFromAlerts([comment, comment]);
+      expect(result).toEqual(['matchme']);
+    });
+
+    it('returns the correct registration when find a .siem-signals* index', () => {
+      const result = getRegistrationContextFromAlerts([commentSiemSignal, comment2]);
+      expect(result).toEqual(['security', 'another']);
+    });
+
+    it('returns empty when the index is not formatted as expected', () => {
+      const result = getRegistrationContextFromAlerts([commentIsBad]);
+      expect(result).toEqual([]);
+    });
+  });
+
+  describe('getManualAlertIds', () => {
+    it('returns the alert ids', () => {
+      const result = getManualAlertIds([comment, comment2]);
+      expect(result).toEqual(['alert-id-1', 'alert-id-2']);
+    });
+
+    it('returns the alerts id from multiple alerts in a comment', () => {
+      const result = getManualAlertIds([comment, comment2, comment3]);
+      expect(result).toEqual(['alert-id-1', 'alert-id-2', 'nested1', 'nested2', 'nested3']);
+    });
+  });
+});

x-pack/plugins/cases/public/components/case_view/components/helpers.ts

@@ -0,0 +1,51 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { CommentType } from '../../../../common/api';
+import type { Comment } from '../../../containers/types';
+
+export const getManualAlertIds = (comments: Comment[]): string[] => {
+  const dedupeAlerts = comments.reduce((alertIds, comment: Comment) => {
+    if (comment.type === CommentType.alert) {
+      const ids = Array.isArray(comment.alertId) ? comment.alertId : [comment.alertId];
+      ids.forEach((id) => alertIds.add(id));
+      return alertIds;
+    }
+    return alertIds;
+  }, new Set<string>());
+  return Array.from(dedupeAlerts);
+};
+
+export const getRegistrationContextFromAlerts = (comments: Comment[]): string[] => {
+  const dedupeRegistrationContext = comments.reduce((registrationContexts, comment: Comment) => {
+    if (comment.type === CommentType.alert) {
+      const indices = Array.isArray(comment.index) ? comment.index : [comment.index];
+      indices.forEach((index) => {
+        // That's legacy code, we created some index alias so everything should work as expected
+        if (index.startsWith('.siem-signals')) {
+          registrationContexts.add('security');
+        } else {
+          const registrationContext = getRegistrationContextFromIndex(index);
+          if (registrationContext) {
+            registrationContexts.add(registrationContext);
+          }
+        }
+      });
+      return registrationContexts;
+    }
+    return registrationContexts;
+  }, new Set<string>());
+  return Array.from(dedupeRegistrationContext);
+};
+
+export const getRegistrationContextFromIndex = (indexName: string): string | null => {
+  const found = indexName.match(/\.alerts-(.*?).alerts/);
+  if (found && found.length > 1) {
+    return `${found[1]}`;
+  }
+  return null;
+};

x-pack/plugins/cases/public/components/user_actions/helpers.ts

@@ -6,6 +6,7 @@
  */
 
 import { isEmpty } from 'lodash';
+
 import { CommentType } from '../../../common/api';
 import type { Comment } from '../../containers/types';
 import { SUPPORTED_ACTION_TYPES } from './constants';
@@ -23,5 +24,5 @@ export const getManualAlertIdsWithNoRuleId = (comments: Comment[]): string[] =>
     }
     return alertIds;
   }, new Set<string>());
-  return [...dedupeAlerts];
+  return Array.from(dedupeAlerts);
 };

x-pack/plugins/cases/public/containers/__mocks__/api.ts

@@ -38,6 +38,7 @@ import {
   CaseStatuses,
   SingleCaseMetricsResponse,
 } from '../../../common/api';
+import type { ValidFeatureId } from '@kbn/rule-data-utils';
 
 export const getCase = async (
   caseId: string,
@@ -133,3 +134,8 @@ export const pushCase = async (
 
 export const getActionLicense = async (signal: AbortSignal): Promise<ActionLicense[]> =>
   Promise.resolve(actionLicenses);
+
+export const getFeatureIds = async (
+  _query: { registrationContext: string[] },
+  _signal: AbortSignal
+): Promise<ValidFeatureId[]> => Promise.resolve(['siem', 'observability']);

x-pack/plugins/cases/public/containers/api.test.tsx

@@ -6,6 +6,7 @@
  */
 
 import { httpServiceMock } from '@kbn/core/public/mocks';
+import { BASE_RAC_ALERTS_API_PATH } from '@kbn/rule-registry-plugin/common';
 import { KibanaServices } from '../common/lib/kibana';
 
 import { ConnectorTypes, CommentType, CaseStatuses, CaseSeverity } from '../../common/api';
@@ -31,6 +32,7 @@ import {
   createAttachments,
   pushCase,
   resolveCase,
+  getFeatureIds,
 } from './api';
 
 import {
@@ -605,4 +607,25 @@ describe('Case Configuration API', () => {
       expect(resp).toBe(undefined);
     });
   });
+
+  describe('getFeatureIds', () => {
+    beforeEach(() => {
+      fetchMock.mockClear();
+      fetchMock.mockResolvedValue(['siem', 'observability']);
+    });
+
+    test('should be called with correct check url, method, signal', async () => {
+      const resp = await getFeatureIds(
+        { registrationContext: ['security', 'observability.logs'] },
+        abortCtrl.signal
+      );
+
+      expect(fetchMock).toHaveBeenCalledWith(`${BASE_RAC_ALERTS_API_PATH}/_feature_ids`, {
+        query: { registrationContext: ['security', 'observability.logs'] },
+        signal: abortCtrl.signal,
+      });
+
+      expect(resp).toEqual(['siem', 'observability']);
+    });
+  });
 });