[Response Ops] Fix cases action owner on o11y serverless project#224537
Merged
jcger merged 18 commits intoelastic:mainfrom Jun 27, 2025
Merged
[Response Ops] Fix cases action owner on o11y serverless project#224537jcger merged 18 commits intoelastic:mainfrom
jcger merged 18 commits intoelastic:mainfrom
Conversation
jcger
added
backport:version
…-action-creates-stack-cases-bug-o11y
cnasikas
added
bug
Contributor
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
…-action-creates-stack-cases-bug-o11y
cnasikas
reviewed
Jun 27, 2025
Member
cnasikas
left a comment
cnasikas
left a comment
There was a problem hiding this comment.
I tested and everything is working as expected! I left some comments.
| */ | ||
|
|
||
| import type { OWNERS } from './owners'; | ||
| import type { SERVERLESS_PROJECT_TYPES, OWNERS } from './owners'; |
Member
There was a problem hiding this comment.
Interesting how this does not create circular dependencies. It also seems that this is only used to construct the types. Could we just create the union manually and add es and chat to the list?
Contributor
Author
There was a problem hiding this comment.
I prefer this to be done in a follow-up PR, I'll create the GH issue
Member
There was a problem hiding this comment.
Opening an issue only for adding two variables seems like an overkill. Either we do it know or we do not do it at all. Up to you!
Contributor
Author
There was a problem hiding this comment.
I wouldn't know how to fill everything in
[SECURITY_SOLUTION_OWNER]: {
id: SECURITY_SOLUTION_OWNER,
appId: 'securitySolutionUI',
label: 'Security',
iconType: 'logoSecurity',
appRoute: '/app/security',
validRuleConsumers: [AlertConsumers.SIEM],
serverlessProjectType: SECURITY_PROJECT_TYPE_ID,
},
for es and chat. Maybe you are talking about something else?
Member
There was a problem hiding this comment.
I see what you mean. I was only suggested to add them in SERVERLESS_PROJECT_TYPES. Not to fill the OWNER_INFO with the extra information. But you have a point, better to leave it as it is.
x-pack/platform/plugins/shared/cases/common/utils/owner.test.ts
Outdated
Show resolved
Hide resolved
x-pack/platform/plugins/shared/cases/common/utils/owner.test.ts
Outdated
Show resolved
Hide resolved
x-pack/platform/plugins/shared/cases/common/utils/owner.test.ts
Outdated
Show resolved
Hide resolved
Member
There was a problem hiding this comment.
Could you please add a similar test such as renders security templates if the project is serverless security observability?
Member
There was a problem hiding this comment.
Could you please add a similar test, such as correctly overrides the consumer and producer if the project is serverless security, for observability?
|
|
||
| const owner = isServerlessSecurity | ||
| ? SECURITY_SOLUTION_OWNER | ||
| const owner = serverlessProjectType |
Member
There was a problem hiding this comment.
Here we assign the project type, which may not be the same as the owner's. Should we use the same logic as in x-pack/platform/plugins/shared/cases/common/utils/owner.ts?
Co-authored-by: Christos Nasikas <xristosnasikas@gmail.com>
Co-authored-by: Christos Nasikas <xristosnasikas@gmail.com>
Co-authored-by: Christos Nasikas <xristosnasikas@gmail.com>
cnasikas
approved these changes
Jun 27, 2025
…of github.com:jcger/kibana into issue-186270-case-action-creates-stack-cases-bug-o11y
cnasikas
removed
ci:project-deploy-elasticsearch
jcger
added
bug
Contributor
|
Starting backport for target branches: 8.19, 9.1 https://github.com/elastic/kibana/actions/runs/15932247586 |
Contributor
💚 Build Succeeded
Metrics [docs]Async chunks
Page load bundle
History
|
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jun 27, 2025
…stic#224537) ## Summary Serverless observability project would throw when creating a rule with a system case action. `Action 'system-connector-.cases' failed: an error occurred while running the action: Failed to bulk create cases: Error: Unauthorized to create case with owners: "cases"` To fix it, we set the owner to be the serverless project type and if serverless but unknown, we default the owner to "cases" ### How to test 1. Start ES with cloud projectId flag like this: `yarn es serverless --projectType=oblt -E xpack.cloud.serverless.project_id: test-123` 2. Go to management rules page by searching for `rules` in the top searchbar  3. Create a stack rule (index threshold) and add the cases action 4. When an alert is triggered confirm you can view the case in the cases page --------- Co-authored-by: Christos Nasikas <xristosnasikas@gmail.com> (cherry picked from commit 1914673)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jun 27, 2025
…stic#224537) ## Summary Serverless observability project would throw when creating a rule with a system case action. `Action 'system-connector-.cases' failed: an error occurred while running the action: Failed to bulk create cases: Error: Unauthorized to create case with owners: "cases"` To fix it, we set the owner to be the serverless project type and if serverless but unknown, we default the owner to "cases" ### How to test 1. Start ES with cloud projectId flag like this: `yarn es serverless --projectType=oblt -E xpack.cloud.serverless.project_id: test-123` 2. Go to management rules page by searching for `rules` in the top searchbar  3. Create a stack rule (index threshold) and add the cases action 4. When an alert is triggered confirm you can view the case in the cases page --------- Co-authored-by: Christos Nasikas <xristosnasikas@gmail.com> (cherry picked from commit 1914673)
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Jun 27, 2025
#224537) (#225690) # Backport This will backport the following commits from `main` to `9.1`: - [[Response Ops] Fix cases action owner on o11y serverless project (#224537)](#224537) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Julian Gernun","email":"17549662+jcger@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-06-27T17:25:52Z","message":"[Response Ops] Fix cases action owner on o11y serverless project (#224537)\n\n## Summary\n\nServerless observability project would throw when creating a rule with a\nsystem case action.\n\n`Action 'system-connector-.cases' failed: an error occurred while\nrunning the action: Failed to bulk create cases: Error: Unauthorized to\ncreate case with owners: \"cases\"`\n\nTo fix it, we set the owner to be the serverless project type and if\nserverless but unknown, we default the owner to \"cases\"\n\n### How to test\n\n1. Start ES with cloud projectId flag like this: `yarn es serverless\n--projectType=oblt -E xpack.cloud.serverless.project_id: test-123`\n2. Go to management rules page by searching for `rules` in the top\nsearchbar\n\n\n\n\n3. Create a stack rule (index threshold) and add the cases action\n4. When an alert is triggered confirm you can view the case in the cases\npage\n\n---------\n\nCo-authored-by: Christos Nasikas <xristosnasikas@gmail.com>","sha":"1914673ca3b8e6f56148507a66a5add7071dda20","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","backport:version","v9.1.0","v8.19.0","v9.2.0"],"title":"[Response Ops] Fix cases action owner on o11y serverless project","number":224537,"url":"https://github.com/elastic/kibana/pull/224537","mergeCommit":{"message":"[Response Ops] Fix cases action owner on o11y serverless project (#224537)\n\n## Summary\n\nServerless observability project would throw when creating a rule with a\nsystem case action.\n\n`Action 'system-connector-.cases' failed: an error occurred while\nrunning the action: Failed to bulk create cases: Error: Unauthorized to\ncreate case with owners: \"cases\"`\n\nTo fix it, we set the owner to be the serverless project type and if\nserverless but unknown, we default the owner to \"cases\"\n\n### How to test\n\n1. Start ES with cloud projectId flag like this: `yarn es serverless\n--projectType=oblt -E xpack.cloud.serverless.project_id: test-123`\n2. Go to management rules page by searching for `rules` in the top\nsearchbar\n\n\n\n\n3. Create a stack rule (index threshold) and add the cases action\n4. When an alert is triggered confirm you can view the case in the cases\npage\n\n---------\n\nCo-authored-by: Christos Nasikas <xristosnasikas@gmail.com>","sha":"1914673ca3b8e6f56148507a66a5add7071dda20"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19"],"targetPullRequestStates":[{"branch":"9.1","label":"v9.1.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/224537","number":224537,"mergeCommit":{"message":"[Response Ops] Fix cases action owner on o11y serverless project (#224537)\n\n## Summary\n\nServerless observability project would throw when creating a rule with a\nsystem case action.\n\n`Action 'system-connector-.cases' failed: an error occurred while\nrunning the action: Failed to bulk create cases: Error: Unauthorized to\ncreate case with owners: \"cases\"`\n\nTo fix it, we set the owner to be the serverless project type and if\nserverless but unknown, we default the owner to \"cases\"\n\n### How to test\n\n1. Start ES with cloud projectId flag like this: `yarn es serverless\n--projectType=oblt -E xpack.cloud.serverless.project_id: test-123`\n2. Go to management rules page by searching for `rules` in the top\nsearchbar\n\n\n\n\n3. Create a stack rule (index threshold) and add the cases action\n4. When an alert is triggered confirm you can view the case in the cases\npage\n\n---------\n\nCo-authored-by: Christos Nasikas <xristosnasikas@gmail.com>","sha":"1914673ca3b8e6f56148507a66a5add7071dda20"}}]}] BACKPORT--> Co-authored-by: Julian Gernun <17549662+jcger@users.noreply.github.com> Co-authored-by: Christos Nasikas <xristosnasikas@gmail.com>
kibanamachine
added a commit
that referenced
this pull request
Jun 27, 2025
…ct (#224537) (#225689) # Backport This will backport the following commits from `main` to `8.19`: - [[Response Ops] Fix cases action owner on o11y serverless project (#224537)](#224537) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Julian Gernun","email":"17549662+jcger@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-06-27T17:25:52Z","message":"[Response Ops] Fix cases action owner on o11y serverless project (#224537)\n\n## Summary\n\nServerless observability project would throw when creating a rule with a\nsystem case action.\n\n`Action 'system-connector-.cases' failed: an error occurred while\nrunning the action: Failed to bulk create cases: Error: Unauthorized to\ncreate case with owners: \"cases\"`\n\nTo fix it, we set the owner to be the serverless project type and if\nserverless but unknown, we default the owner to \"cases\"\n\n### How to test\n\n1. Start ES with cloud projectId flag like this: `yarn es serverless\n--projectType=oblt -E xpack.cloud.serverless.project_id: test-123`\n2. Go to management rules page by searching for `rules` in the top\nsearchbar\n\n\n\n\n3. Create a stack rule (index threshold) and add the cases action\n4. When an alert is triggered confirm you can view the case in the cases\npage\n\n---------\n\nCo-authored-by: Christos Nasikas <xristosnasikas@gmail.com>","sha":"1914673ca3b8e6f56148507a66a5add7071dda20","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","backport:version","v9.1.0","v8.19.0","v9.2.0"],"title":"[Response Ops] Fix cases action owner on o11y serverless project","number":224537,"url":"https://github.com/elastic/kibana/pull/224537","mergeCommit":{"message":"[Response Ops] Fix cases action owner on o11y serverless project (#224537)\n\n## Summary\n\nServerless observability project would throw when creating a rule with a\nsystem case action.\n\n`Action 'system-connector-.cases' failed: an error occurred while\nrunning the action: Failed to bulk create cases: Error: Unauthorized to\ncreate case with owners: \"cases\"`\n\nTo fix it, we set the owner to be the serverless project type and if\nserverless but unknown, we default the owner to \"cases\"\n\n### How to test\n\n1. Start ES with cloud projectId flag like this: `yarn es serverless\n--projectType=oblt -E xpack.cloud.serverless.project_id: test-123`\n2. Go to management rules page by searching for `rules` in the top\nsearchbar\n\n\n\n\n3. Create a stack rule (index threshold) and add the cases action\n4. When an alert is triggered confirm you can view the case in the cases\npage\n\n---------\n\nCo-authored-by: Christos Nasikas <xristosnasikas@gmail.com>","sha":"1914673ca3b8e6f56148507a66a5add7071dda20"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19"],"targetPullRequestStates":[{"branch":"9.1","label":"v9.1.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/224537","number":224537,"mergeCommit":{"message":"[Response Ops] Fix cases action owner on o11y serverless project (#224537)\n\n## Summary\n\nServerless observability project would throw when creating a rule with a\nsystem case action.\n\n`Action 'system-connector-.cases' failed: an error occurred while\nrunning the action: Failed to bulk create cases: Error: Unauthorized to\ncreate case with owners: \"cases\"`\n\nTo fix it, we set the owner to be the serverless project type and if\nserverless but unknown, we default the owner to \"cases\"\n\n### How to test\n\n1. Start ES with cloud projectId flag like this: `yarn es serverless\n--projectType=oblt -E xpack.cloud.serverless.project_id: test-123`\n2. Go to management rules page by searching for `rules` in the top\nsearchbar\n\n\n\n\n3. Create a stack rule (index threshold) and add the cases action\n4. When an alert is triggered confirm you can view the case in the cases\npage\n\n---------\n\nCo-authored-by: Christos Nasikas <xristosnasikas@gmail.com>","sha":"1914673ca3b8e6f56148507a66a5add7071dda20"}}]}] BACKPORT--> Co-authored-by: Julian Gernun <17549662+jcger@users.noreply.github.com> Co-authored-by: Christos Nasikas <xristosnasikas@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Serverless observability project would throw when creating a rule with a system case action.
Action 'system-connector-.cases' failed: an error occurred while running the action: Failed to bulk create cases: Error: Unauthorized to create case with owners: "cases"To fix it, we set the owner to be the serverless project type and if serverless but unknown, we default the owner to "cases"
How to test
Start ES with cloud projectId flag like this:
yarn es serverless --projectType=oblt -E xpack.cloud.serverless.project_id: test-123Go to management rules page by searching for
rulesin the top searchbarCreate a stack rule (index threshold) and add the cases action
When an alert is triggered confirm you can view the case in the cases page