Support installing alert rules as kibana assets in packages

x-pack/platform/plugins/shared/fleet/.storybook/context/fixtures/integration.nginx.ts

@@ -57,6 +57,7 @@ export const item: GetInfoResponse['item'] = {
   ],
   assets: {
     kibana: {
+      alert: [],
       dashboard: [
         {
           pkgkey: 'nginx-0.7.0',

x-pack/platform/plugins/shared/fleet/.storybook/context/fixtures/integration.okta.ts

@@ -43,6 +43,7 @@ export const item: GetInfoResponse['item'] = {
   ],
   assets: {
     kibana: {
+      alert: [],
       dashboard: [
         {
           pkgkey: 'okta-1.2.0',

x-pack/platform/plugins/shared/fleet/common/services/package_to_package_policy.test.ts

@@ -35,6 +35,7 @@ describe('Fleet - packageToPackagePolicy', () => {
         ml_module: [],
         security_ai_prompt: [],
         security_rule: [],
+        alert: [],
         tag: [],
         osquery_pack_asset: [],
         osquery_saved_query: [],

x-pack/platform/plugins/shared/fleet/common/types/models/epm.ts

@@ -62,6 +62,7 @@ export enum KibanaAssetType {
   securityAIPrompt = 'security_ai_prompt',
   securityRule = 'security_rule',
   cloudSecurityPostureRuleTemplate = 'csp_rule_template',
+  alert = 'alert',
   osqueryPackAsset = 'osquery_pack_asset',
   osquerySavedQuery = 'osquery_saved_query',
   tag = 'tag',
@@ -81,6 +82,7 @@ export enum KibanaSavedObjectType {
   securityAIPrompt = 'security-ai-prompt',
   securityRule = 'security-rule',
   cloudSecurityPostureRuleTemplate = 'csp-rule-template',
+  alert = 'alert',
   osqueryPackAsset = 'osquery-pack-asset',
   osquerySavedQuery = 'osquery-saved-query',
   tag = 'tag',

x-pack/platform/plugins/shared/fleet/public/applications/integrations/sections/epm/constants.tsx

@@ -71,6 +71,9 @@ export const AssetTitleMap: Record<
       defaultMessage: 'Benchmark rules',
     }
   ),
+  alert: i18n.translate('xpack.fleet.epm.assetTitles.alert', {
+    defaultMessage: 'Alert rules',
+  }),
   'ml-module': i18n.translate('xpack.fleet.epm.assetTitles.mlModules', {
     defaultMessage: 'Anomaly detection configurations',
   }),

x-pack/platform/plugins/shared/fleet/server/routes/epm/index.test.ts

@@ -189,6 +189,7 @@ describe('schema validation', () => {
     };
     const assets: AssetsGroupedByServiceByType = {
       kibana: {
+        alert: [],
         dashboard: [],
         visualization: [],
         search: [],

x-pack/platform/plugins/shared/fleet/server/services/app_context.ts

@@ -45,6 +45,7 @@ import type {
   PostAgentPolicyCreateCallback,
   PostAgentPolicyUpdateCallback,
 } from '../types';
+import { KibanaSavedObjectType } from '../types';
 import type { FleetAppContext } from '../plugin';
 import type { TelemetryEventsSender } from '../telemetry/sender';
 import { UNINSTALL_TOKENS_SAVED_OBJECT_TYPE } from '../constants';
@@ -203,7 +204,7 @@ class AppContextService {
 
     // soClient as kibana internal users, be careful on how you use it, security is not enabled
     return appContextService.getSavedObjects().getScopedClient(request, {
-      includedHiddenTypes: [UNINSTALL_TOKENS_SAVED_OBJECT_TYPE],
+      includedHiddenTypes: [UNINSTALL_TOKENS_SAVED_OBJECT_TYPE, KibanaSavedObjectType.alert],
       excludedExtensions: [SECURITY_EXTENSION_ID],
     });
   }
@@ -223,7 +224,7 @@ class AppContextService {
 
     // soClient as kibana internal users, be careful on how you use it, security is not enabled
     return appContextService.getSavedObjects().getScopedClient(request, {
-      includedHiddenTypes: [UNINSTALL_TOKENS_SAVED_OBJECT_TYPE],
+      includedHiddenTypes: [UNINSTALL_TOKENS_SAVED_OBJECT_TYPE, KibanaSavedObjectType.alert],
       excludedExtensions: [SECURITY_EXTENSION_ID],
     });
   }
@@ -242,7 +243,7 @@ class AppContextService {
     // soClient as kibana internal users, be careful on how you use it, security is not enabled
     return appContextService.getSavedObjects().getScopedClient(fakeRequest, {
       excludedExtensions: [SECURITY_EXTENSION_ID, SPACES_EXTENSION_ID],
-      includedHiddenTypes: [UNINSTALL_TOKENS_SAVED_OBJECT_TYPE],
+      includedHiddenTypes: [UNINSTALL_TOKENS_SAVED_OBJECT_TYPE, KibanaSavedObjectType.alert],
     });
   }
 

x-pack/platform/plugins/shared/fleet/server/services/epm/kibana/assets/alert.test.ts

@@ -0,0 +1,100 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { KibanaSavedObjectType } from '../../../../types';
+
+import { fillAlertDefaults } from './alert';
+
+describe('fillAlertDefaults', () => {
+  it('should fill in default values for alert saved object', () => {
+    const alertSo = {
+      id: 'test-alert',
+      type: KibanaSavedObjectType.alert,
+      attributes: {
+        name: 'Test Alert',
+      },
+      executionStatus: {
+        status: 'ok',
+        lastExecutionDate: '2023-10-01T00:00:00Z',
+      },
+    };
+
+    const context = {
+      pkgName: 'test-package',
+      spaceId: 'default',
+      assetTags: [],
+    };
+
+    const result = fillAlertDefaults(alertSo, context);
+
+    expect(result.id).toBe('test-alert');
+    expect((result.attributes as Record<string, unknown>).name).toBe('Test Alert');
+    expect(result.attributes.enabled).toBe(false);
+    expect(result.attributes.revision).toBe(0);
+    expect(result.attributes.executionStatus.status).toBe('pending');
+    expect(result.attributes.createdAt).toBeDefined();
+    expect(result.attributes.updatedAt).toBeDefined();
+    expect(result.attributes.running).toBe(false);
+    expect(result.attributes.tags).toEqual([
+      'fleet-pkg-test-package-default',
+      'fleet-managed-default',
+    ]);
+  });
+  it('should include existing tags with default tags', () => {
+    const alertSo = {
+      id: 'test-alert',
+      type: KibanaSavedObjectType.alert,
+      attributes: {
+        name: 'Test Alert',
+        tags: ['existing-tag'],
+      },
+    };
+
+    const context = {
+      pkgName: 'test-package',
+      spaceId: 'default',
+      assetTags: [],
+    };
+
+    const result = fillAlertDefaults(alertSo, context);
+
+    expect(result.attributes.tags).toEqual([
+      'existing-tag',
+      'fleet-pkg-test-package-default',
+      'fleet-managed-default',
+    ]);
+  });
+  it('should include tags from assetTags if they match', () => {
+    const alertSo = {
+      id: 'test-alert',
+      type: KibanaSavedObjectType.alert,
+      attributes: {
+        name: 'Test Alert',
+      },
+    };
+
+    const context = {
+      pkgName: 'test-package',
+      spaceId: 'default',
+      assetTags: [
+        { text: 'alert-specific-tag', asset_types: ['alert'] },
+        { text: 'other-asset-tag', asset_types: ['dashboard'] },
+        { text: 'id-specific-tag', asset_ids: ['test-alert'] },
+        { text: 'not-matching-id-tag', asset_ids: ['other-alert'] },
+      ],
+    };
+
+    const result = fillAlertDefaults(alertSo, context);
+
+    expect(result.attributes.tags).toEqual([
+      'fleet-pkg-test-package-default',
+      'fleet-managed-default',
+      'alert-specific-tag',
+      'id-specific-tag',
+    ]);
+  });
+});

x-pack/platform/plugins/shared/fleet/server/services/epm/kibana/assets/alert.ts

@@ -0,0 +1,54 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { SavedObjectToBe, InstallAssetContext } from './install';
+import { getPackageTagId, getManagedTagId } from './tag_assets';
+
+export function fillAlertDefaults(alertSo: Partial<SavedObjectToBe>, context: InstallAssetContext) {
+  const currentDateTime = new Date().toISOString();
+  const tags = getTags(alertSo.id!, context);
+  const existingTags = Array.isArray((alertSo.attributes as Record<string, unknown>).tags)
+    ? ((alertSo.attributes as Record<string, unknown>).tags as string[])
+    : [];
+
+  // Based on x-pack/platform/plugins/shared/alerting/server/application/rule/methods/create/create_rule.ts
+  const newSo = {
+    ...alertSo,
+    attributes: {
+      ...(alertSo.attributes ?? {}),
+      enabled: false,
+      revision: 0,
+      executionStatus: {
+        status: 'pending',
+        lastExecutionDate: currentDateTime,
+      },
+      createdAt: currentDateTime,
+      updatedAt: currentDateTime,
+      running: false,
+      tags: [...new Set([...existingTags, ...tags])],
+    },
+  };
+
+  return newSo;
+}
+
+function getTags(id: string, context: InstallAssetContext) {
+  const { pkgName, spaceId, assetTags } = context;
+  const tags = [getPackageTagId(spaceId, pkgName), getManagedTagId(spaceId)];
+
+  if (!assetTags || assetTags.length === 0) {
+    return tags;
+  }
+
+  const filteredAssetTags = assetTags.reduce<string[]>((_assetTags, assetTag) => {
+    if (assetTag.asset_types?.includes('alert') || assetTag.asset_ids?.includes(id)) {
+      return [..._assetTags, assetTag.text];
+    }
+    return _assetTags;
+  }, []);
+
+  return [...tags, ...filteredAssetTags];
+}

x-pack/platform/plugins/shared/fleet/server/services/epm/kibana/assets/install.test.ts

@@ -46,6 +46,11 @@ const createImportResponse = (
     successCount: successResults.length,
   } as SavedObjectsImportResponse);
 
+const mockInstallAssetContext = {
+  pkgName: 'Mock package',
+  spaceId: 'default',
+};
+
 describe('installKibanaSavedObjects', () => {
   beforeEach(() => {
     mockImporter.import.mockReset();
@@ -65,6 +70,7 @@ describe('installKibanaSavedObjects', () => {
       savedObjectsImporter: mockImporter,
       logger: mockLogger,
       kibanaAssets: [asset],
+      context: mockInstallAssetContext,
     });
 
     expect(mockImporter.import).toHaveBeenCalledTimes(2);
@@ -81,6 +87,7 @@ describe('installKibanaSavedObjects', () => {
         savedObjectsImporter: mockImporter,
         logger: mockLogger,
         kibanaAssets: [asset],
+        context: mockInstallAssetContext,
       })
     ).rejects.toEqual(expect.any(Error));
     expect(mockImporter.import).toHaveBeenCalledTimes(51);
@@ -97,6 +104,7 @@ describe('installKibanaSavedObjects', () => {
         savedObjectsImporter: mockImporter,
         logger: mockLogger,
         kibanaAssets: [asset],
+        context: mockInstallAssetContext,
       })
     ).rejects.toEqual(expect.any(Error));
   });
@@ -115,6 +123,7 @@ describe('installKibanaSavedObjects', () => {
       savedObjectsImporter: mockImporter,
       logger: mockLogger,
       kibanaAssets: [asset],
+      context: mockInstallAssetContext,
     });
 
     expect(mockImporter.import).toHaveBeenCalledTimes(1);
@@ -128,7 +137,7 @@ describe('createSavedObjectKibanaAsset', () => {
       attributes: { hello: 'world' },
       migrationVersion: { dashboard: '8.6.0' },
     });
-    const result = createSavedObjectKibanaAsset(asset);
+    const result = createSavedObjectKibanaAsset(asset, mockInstallAssetContext);
 
     expect(result.typeMigrationVersion).toEqual('8.6.0');
   });
@@ -139,7 +148,7 @@ describe('createSavedObjectKibanaAsset', () => {
       typeMigrationVersion: '8.6.0',
       coreMigrationVersion: '8.7.0',
     });
-    const result = createSavedObjectKibanaAsset(asset);
+    const result = createSavedObjectKibanaAsset(asset, mockInstallAssetContext);
 
     expect(result.typeMigrationVersion).toEqual('8.6.0');
     expect(result.coreMigrationVersion).toEqual('8.7.0');