elastic · XavierM · Oct 4, 2023 · Sep 28, 2023 · Sep 28, 2023 · Sep 28, 2023
diff --git a/x-pack/plugins/alerting/common/routes/rule/apis/bulk_untrack/index.ts b/x-pack/plugins/alerting/common/routes/rule/apis/bulk_untrack/index.ts
@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { bulkUntrackBodySchema } from './schemas/latest';
+export { bulkUntrackBodySchema as bulkUntrackBodySchemaV1 } from './schemas/v1';
+
+export type { BulkUntrackRequestBody } from './types/latest';
+export type { BulkUntrackRequestBody as BulkUntrackRequestBodyV1 } from './types/v1';
diff --git a/x-pack/plugins/alerting/common/routes/rule/apis/bulk_untrack/schemas/latest.ts b/x-pack/plugins/alerting/common/routes/rule/apis/bulk_untrack/schemas/latest.ts
@@ -0,0 +1,7 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+export { bulkUntrackBodySchema } from './v1';
diff --git a/x-pack/plugins/alerting/common/routes/rule/apis/bulk_untrack/schemas/v1.ts b/x-pack/plugins/alerting/common/routes/rule/apis/bulk_untrack/schemas/v1.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { schema } from '@kbn/config-schema';
+
+export const bulkUntrackBodySchema = schema.object({
+  indices: schema.arrayOf(schema.string()),
+  alert_uuids: schema.arrayOf(schema.string()),
+});
diff --git a/x-pack/plugins/alerting/common/routes/rule/apis/bulk_untrack/types/latest.ts b/x-pack/plugins/alerting/common/routes/rule/apis/bulk_untrack/types/latest.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export type { BulkUntrackRequestBody } from './v1';
diff --git a/x-pack/plugins/alerting/common/routes/rule/apis/bulk_untrack/types/v1.ts b/x-pack/plugins/alerting/common/routes/rule/apis/bulk_untrack/types/v1.ts
@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { TypeOf } from '@kbn/config-schema';
+import { bulkUntrackBodySchemaV1 } from '..';
+
+export type BulkUntrackRequestBody = TypeOf<typeof bulkUntrackBodySchemaV1>;
diff --git a/x-pack/plugins/alerting/server/alerts_client/alerts_client.test.ts b/x-pack/plugins/alerting/server/alerts_client/alerts_client.test.ts
@@ -2331,53 +2331,6 @@ describe('Alerts Client', () => {
           expect(recoveredAlert.hit).toBeUndefined();
         });
       });
-
-      describe('setAlertStatusToUntracked()', () => {
-        test('should call updateByQuery on provided ruleIds', async () => {
-          const alertsClient = new AlertsClient<{}, {}, {}, 'default', 'recovered'>(
-            alertsClientParams
-          );
-
-          const opts = {
-            maxAlerts,
-            ruleLabel: `test: rule-name`,
-            flappingSettings: DEFAULT_FLAPPING_SETTINGS,
-            activeAlertsFromState: {},
-            recoveredAlertsFromState: {},
-          };
-          await alertsClient.initializeExecution(opts);
-
-          await alertsClient.setAlertStatusToUntracked(['test-index'], ['test-rule']);
-
-          expect(clusterClient.updateByQuery).toHaveBeenCalledTimes(1);
-        });
-
-        test('should retry updateByQuery on failure', async () => {
-          clusterClient.updateByQuery.mockResponseOnce({
-            total: 10,
-            updated: 8,
-          });
-          const alertsClient = new AlertsClient<{}, {}, {}, 'default', 'recovered'>(
-            alertsClientParams
-          );
-
-          const opts = {
-            maxAlerts,
-            ruleLabel: `test: rule-name`,
-            flappingSettings: DEFAULT_FLAPPING_SETTINGS,
-            activeAlertsFromState: {},
-            recoveredAlertsFromState: {},
-          };
-          await alertsClient.initializeExecution(opts);
-
-          await alertsClient.setAlertStatusToUntracked(['test-index'], ['test-rule']);
-
-          expect(clusterClient.updateByQuery).toHaveBeenCalledTimes(2);
-          expect(logger.warn).toHaveBeenCalledWith(
-            'Attempt 1: Failed to untrack 2 of 10; indices test-index, ruleIds test-rule'
-          );
-        });
-      });
     });
   }
 });
diff --git a/x-pack/plugins/alerting/server/alerts_client/alerts_client.ts b/x-pack/plugins/alerting/server/alerts_client/alerts_client.ts
@@ -6,14 +6,7 @@
  */
 
 import { ElasticsearchClient } from '@kbn/core/server';
-import {
-  ALERT_INSTANCE_ID,
-  ALERT_RULE_UUID,
-  ALERT_STATUS,
-  ALERT_STATUS_UNTRACKED,
-  ALERT_STATUS_ACTIVE,
-  ALERT_UUID,
-} from '@kbn/rule-data-utils';
+import { ALERT_INSTANCE_ID, ALERT_RULE_UUID, ALERT_STATUS, ALERT_UUID } from '@kbn/rule-data-utils';
 import { chunk, flatMap, get, isEmpty, keys } from 'lodash';
 import { SearchRequest } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 import type { Alert } from '@kbn/alerts-as-data-utils';
@@ -206,51 +199,6 @@ export class AlertsClient<
     return { hits, total };
   }
 
-  public async setAlertStatusToUntracked(indices: string[], ruleIds: string[]) {
-    const esClient = await this.options.elasticsearchClientPromise;
-    const terms: Array<{ term: Record<string, { value: string }> }> = ruleIds.map((ruleId) => ({
-      term: {
-        [ALERT_RULE_UUID]: { value: ruleId },
-      },
-    }));
-    terms.push({
-      term: {
-        [ALERT_STATUS]: { value: ALERT_STATUS_ACTIVE },
-      },
-    });
-
-    try {
-      // Retry this updateByQuery up to 3 times to make sure the number of documents
-      // updated equals the number of documents matched
-      for (let retryCount = 0; retryCount < 3; retryCount++) {
-        const response = await esClient.updateByQuery({
-          index: indices,
-          allow_no_indices: true,
-          body: {
-            conflicts: 'proceed',
-            script: {
-              source: UNTRACK_UPDATE_PAINLESS_SCRIPT,
-              lang: 'painless',
-            },
-            query: {
-              bool: {
-                must: terms,
-              },
-            },
-          },
-        });
-        if (response.total === response.updated) break;
-        this.options.logger.warn(
-          `Attempt ${retryCount + 1}: Failed to untrack ${
-            (response.total ?? 0) - (response.updated ?? 0)
-          } of ${response.total}; indices ${indices}, ruleIds ${ruleIds}`
-        );
-      }
-    } catch (err) {
-      this.options.logger.error(`Error marking ${ruleIds} as untracked - ${err.message}`);
-    }
-  }
-
   public report(
     alert: ReportedAlert<
       AlertData,
@@ -621,11 +569,3 @@ export class AlertsClient<
     return this._isUsingDataStreams;
   }
 }
-
-const UNTRACK_UPDATE_PAINLESS_SCRIPT = `
-// Certain rule types don't flatten their AAD values, apply the ALERT_STATUS key to them directly
-if (!ctx._source.containsKey('${ALERT_STATUS}') || ctx._source['${ALERT_STATUS}'].empty) {
-  ctx._source.${ALERT_STATUS} = '${ALERT_STATUS_UNTRACKED}';
-} else {
-  ctx._source['${ALERT_STATUS}'] = '${ALERT_STATUS_UNTRACKED}'
-}`;
diff --git a/x-pack/plugins/alerting/server/alerts_client/types.ts b/x-pack/plugins/alerting/server/alerts_client/types.ts
@@ -81,7 +81,6 @@ export interface IAlertsClient<
     alertsToReturn: Record<string, RawAlertInstance>;
     recoveredAlertsToReturn: Record<string, RawAlertInstance>;
   };
-  setAlertStatusToUntracked(indices: string[], ruleIds: string[]): Promise<void>;
   factory(): PublicAlertFactory<
     State,
     Context,

diff --git a/x-pack/plugins/alerting/server/alerts_service/alerts_service.mock.ts b/x-pack/plugins/alerting/server/alerts_service/alerts_service.mock.ts
@@ -12,6 +12,7 @@ const creatAlertsServiceMock = () => {
       isInitialized: jest.fn(),
       getContextInitializationPromise: jest.fn(),
       createAlertsClient: jest.fn(),
+      setAlertsToUntracked: jest.fn(),
     };
   });
 };

diff --git a/x-pack/plugins/alerting/server/alerts_service/alerts_service.ts b/x-pack/plugins/alerting/server/alerts_service/alerts_service.ts
@@ -44,6 +44,7 @@ import {
 import type { LegacyAlertsClientParams, AlertRuleData } from '../alerts_client';
 import { AlertsClient } from '../alerts_client';
 import { IAlertsClient } from '../alerts_client/types';
+import { setAlertsToUntracked, SetAlertsToUntrackedOpts } from './lib/set_alerts_to_untracked';
 
 export const TOTAL_FIELDS_LIMIT = 2500;
 const LEGACY_ALERT_CONTEXT = 'legacy-alert';
@@ -458,4 +459,12 @@ export class AlertsService implements IAlertsService {
       });
     }
   }
+
+  public async setAlertsToUntracked(opts: SetAlertsToUntrackedOpts) {
+    return setAlertsToUntracked({
+      logger: this.options.logger,
+      esClient: await this.options.elasticsearchClientPromise,
+      ...opts,
+    });
+  }
 }