diff --git a/docs/reference/configuration-reference/alerting-settings.md b/docs/reference/configuration-reference/alerting-settings.md index a717db4909591..ad3751e2f5d88 100644 --- a/docs/reference/configuration-reference/alerting-settings.md +++ b/docs/reference/configuration-reference/alerting-settings.md @@ -958,3 +958,18 @@ For more examples, go to [Preconfigured connectors](/reference/connectors-kibana - id: '.server-log' max: 5 ``` + +`xpack.alerting.rules.apiKeyType` {applies_to}`serverless:` {applies_to}`stack: unavailable` +: The API key type to use for executing alerting rules. The default value, corresponding to the existing behavior, is `es`, which uses an Elasticsearch API key. Set this to `uiam` to use UIAM API keys instead. + :::{note} + :applies_to: serverless: + In Serverless, you can't edit this setting. + ::: + + Data type: `string` + + For example: + + ```yaml + xpack.alerting.rules.apiKeyType: uiam + ``` diff --git a/docs/settings-gen/source/kibana-alert-action-settings.yml b/docs/settings-gen/source/kibana-alert-action-settings.yml index e098e491e6ab4..1e8235426fb8e 100644 --- a/docs/settings-gen/source/kibana-alert-action-settings.yml +++ b/docs/settings-gen/source/kibana-alert-action-settings.yml @@ -1170,7 +1170,7 @@ groups: * {applies_to}`stack: ga 9.2` Defaults to `us.anthropic.claude-sonnet-4-5-20250929-v1:0`. * {applies_to}`stack: ga 9.1` Defaults to `us.anthropic.claude-3-7-sonnet-20250219-v1:0`. * {applies_to}`stack: ga 9.0` Defaults to `anthropic.claude-3-5-sonnet-20240620-v1:0`. - * For a [{{gemini}} connector](/reference/connectors-kibana/gemini-action-type.md), current support is for the Gemini models. + * For a [{{gemini}} connector](/reference/connectors-kibana/gemini-action-type.md), current support is for the Gemini models. * {applies_to}`serverless: ga` Defaults to `gemini-2.5-pro`. * {applies_to}`stack: ga 9.1` Defaults to `gemini-2.5-pro`. * {applies_to}`stack: ga 9.0` Defaults to `gemini-1.5-pro-002`. @@ -2601,3 +2601,23 @@ groups: - id: '.server-log' max: 5 ``` + + - setting: xpack.alerting.rules.apiKeyType + description: | + The API key type to use for executing alerting rules. The default value, corresponding to the existing behavior, is `es`, which uses an Elasticsearch API key. Set this to `uiam` to use UIAM API keys instead. + datatype: string + default: es + options: + - option: es + description: Elasticsearch API key + - option: uiam + description: UIAM api key + applies_to: + deployment: + ess: all + example: | + For example: + + ```yaml + xpack.alerting.rules.apiKeyType: uiam + ``` diff --git a/x-pack/platform/plugins/shared/alerting/server/config.test.ts b/x-pack/platform/plugins/shared/alerting/server/config.test.ts index 653b8a8b02a60..fa9997eb346d1 100644 --- a/x-pack/platform/plugins/shared/alerting/server/config.test.ts +++ b/x-pack/platform/plugins/shared/alerting/server/config.test.ts @@ -22,6 +22,7 @@ describe('config validation', () => { "removalDelay": "1h", }, "rules": Object { + "apiKeyType": "es", "maxScheduledPerMinute": 32000, "minimumScheduleInterval": Object { "enforce": false, diff --git a/x-pack/platform/plugins/shared/alerting/server/config.ts b/x-pack/platform/plugins/shared/alerting/server/config.ts index 05b08a7fc1b79..93d5e03c97261 100644 --- a/x-pack/platform/plugins/shared/alerting/server/config.ts +++ b/x-pack/platform/plugins/shared/alerting/server/config.ts @@ -61,6 +61,9 @@ const rulesSchema = schema.object({ }), ruleTypeOverrides: schema.maybe(schema.arrayOf(ruleTypeSchema)), }), + apiKeyType: schema.oneOf([schema.literal('es'), schema.literal('uiam')], { + defaultValue: 'es', + }), }); export const configSchema = schema.object({ diff --git a/x-pack/platform/plugins/shared/alerting/server/plugin.ts b/x-pack/platform/plugins/shared/alerting/server/plugin.ts index c0fc1f8769c30..39e7a0c00bfae 100644 --- a/x-pack/platform/plugins/shared/alerting/server/plugin.ts +++ b/x-pack/platform/plugins/shared/alerting/server/plugin.ts @@ -54,6 +54,7 @@ import type { MonitoringCollectionSetup } from '@kbn/monitoring-collection-plugi import type { SharePluginStart } from '@kbn/share-plugin/server'; import type { MaintenanceWindowsServerStart } from '@kbn/maintenance-windows-plugin/server'; +import { ApiKeyType } from './task_runner/types'; import { RuleTypeRegistry } from './rule_type_registry'; import { TaskRunnerFactory } from './task_runner'; import { RulesClientFactory } from './rules_client_factory'; @@ -733,6 +734,7 @@ export class AlertingPlugin { usageCounter: this.usageCounter, getEventLogClient: (request: KibanaRequest) => plugins.eventLog.getClient(request), isServerless: this.isServerless, + apiKeyType: (this.config.rules.apiKeyType as ApiKeyType) ?? ApiKeyType.ES, }); this.eventLogService!.registerSavedObjectProvider( diff --git a/x-pack/platform/plugins/shared/alerting/server/routes/rule/apis/create/create_rule_route.test.ts b/x-pack/platform/plugins/shared/alerting/server/routes/rule/apis/create/create_rule_route.test.ts index e88942c2eb882..359f2b1d7afcb 100644 --- a/x-pack/platform/plugins/shared/alerting/server/routes/rule/apis/create/create_rule_route.test.ts +++ b/x-pack/platform/plugins/shared/alerting/server/routes/rule/apis/create/create_rule_route.test.ts @@ -21,6 +21,7 @@ import { actionsClientMock } from '@kbn/actions-plugin/server/mocks'; import { docLinksServiceMock } from '@kbn/core/server/mocks'; import type { CoreSetup } from '@kbn/core/server'; import type { AlertingPluginsStart } from '../../../../plugin'; +import { ApiKeyType } from '../../../../task_runner/types'; const rulesClient = rulesClientMock.create(); @@ -60,6 +61,7 @@ describe('createRuleRoute', () => { max: 1000, }, }, + apiKeyType: ApiKeyType.ES, }, rulesSettings: { enabled: true, @@ -68,7 +70,7 @@ describe('createRuleRoute', () => { maintenanceWindow: { enabled: true, }, - }; + } as const; const action: RuleAction = { actionTypeId: 'test', group: 'default', diff --git a/x-pack/platform/plugins/shared/alerting/server/task_runner/ad_hoc_task_runner.test.ts b/x-pack/platform/plugins/shared/alerting/server/task_runner/ad_hoc_task_runner.test.ts index db744fa8bd6c2..5a3cde0605b6e 100644 --- a/x-pack/platform/plugins/shared/alerting/server/task_runner/ad_hoc_task_runner.test.ts +++ b/x-pack/platform/plugins/shared/alerting/server/task_runner/ad_hoc_task_runner.test.ts @@ -30,6 +30,7 @@ import { TaskPriority, TaskStatus } from '@kbn/task-manager-plugin/server'; import { usageCountersServiceMock } from '@kbn/usage-collection-plugin/server/usage_counters/usage_counters_service.mock'; import { AdHocTaskRunner } from './ad_hoc_task_runner'; import type { TaskRunnerContext } from './types'; +import { ApiKeyType } from './types'; import { backfillClientMock } from '../backfill_client/backfill_client.mock'; import { ruleTypeRegistryMock } from '../rule_type_registry.mock'; import type { ContextOpts } from '../lib/alerting_event_logger/alerting_event_logger'; @@ -189,6 +190,7 @@ const taskRunnerFactoryInitializerParams: TaskRunnerFactoryInitializerParamsType usageCounter: mockUsageCounter, isServerless: false, getEventLogClient: jest.fn(), + apiKeyType: ApiKeyType.ES, }; const mockedTaskInstance: ConcreteTaskInstance = { diff --git a/x-pack/platform/plugins/shared/alerting/server/task_runner/task_runner.test.ts b/x-pack/platform/plugins/shared/alerting/server/task_runner/task_runner.test.ts index 30ebd881310bc..f6ec624c154f4 100644 --- a/x-pack/platform/plugins/shared/alerting/server/task_runner/task_runner.test.ts +++ b/x-pack/platform/plugins/shared/alerting/server/task_runner/task_runner.test.ts @@ -32,6 +32,7 @@ import { TaskErrorSource, } from '@kbn/task-manager-plugin/server'; import type { TaskRunnerContext } from './types'; +import { ApiKeyType } from './types'; import { TaskRunner } from './task_runner'; import { encryptedSavedObjectsMock } from '@kbn/encrypted-saved-objects-plugin/server/mocks'; import { @@ -203,6 +204,7 @@ describe('Task Runner', () => { usageCounter: mockUsageCounter, isServerless: false, getEventLogClient: jest.fn().mockReturnValue(eventLogClientMock.create()), + apiKeyType: ApiKeyType.ES, }; beforeEach(() => { diff --git a/x-pack/platform/plugins/shared/alerting/server/task_runner/task_runner_alerts_client.test.ts b/x-pack/platform/plugins/shared/alerting/server/task_runner/task_runner_alerts_client.test.ts index f4cce01ef7fc6..869065d4d9c0a 100644 --- a/x-pack/platform/plugins/shared/alerting/server/task_runner/task_runner_alerts_client.test.ts +++ b/x-pack/platform/plugins/shared/alerting/server/task_runner/task_runner_alerts_client.test.ts @@ -20,6 +20,7 @@ import type { import { DEFAULT_FLAPPING_SETTINGS, DEFAULT_QUERY_DELAY_SETTINGS } from '../types'; import type { ConcreteTaskInstance } from '@kbn/task-manager-plugin/server'; import type { TaskRunnerContext } from './types'; +import { ApiKeyType } from './types'; import { TaskRunner } from './task_runner'; import { encryptedSavedObjectsMock } from '@kbn/encrypted-saved-objects-plugin/server/mocks'; import { @@ -229,6 +230,7 @@ describe('Task Runner', () => { usageCounter: mockUsageCounter, isServerless: false, getEventLogClient: jest.fn().mockReturnValue(eventLogClientMock.create()), + apiKeyType: ApiKeyType.ES, }; describe(`using ${label} for alert indices`, () => { diff --git a/x-pack/platform/plugins/shared/alerting/server/task_runner/task_runner_cancel.test.ts b/x-pack/platform/plugins/shared/alerting/server/task_runner/task_runner_cancel.test.ts index 3f11defa5c838..7bb44b575e5fd 100644 --- a/x-pack/platform/plugins/shared/alerting/server/task_runner/task_runner_cancel.test.ts +++ b/x-pack/platform/plugins/shared/alerting/server/task_runner/task_runner_cancel.test.ts @@ -58,6 +58,7 @@ import { alertsServiceMock } from '../alerts_service/alerts_service.mock'; import { ConnectorAdapterRegistry } from '../connector_adapters/connector_adapter_registry'; import { RULE_SAVED_OBJECT_TYPE } from '../saved_objects'; import type { TaskRunnerContext } from './types'; +import { ApiKeyType } from './types'; import { backfillClientMock } from '../backfill_client/backfill_client.mock'; import type { UntypedNormalizedRuleType } from '../rule_type_registry'; import { rulesSettingsServiceMock } from '../rules_settings/rules_settings_service.mock'; @@ -156,6 +157,7 @@ describe('Task Runner Cancel', () => { usageCounter: mockUsageCounter, isServerless: false, getEventLogClient: jest.fn().mockReturnValue(eventLogClientMock.create()), + apiKeyType: ApiKeyType.ES, }; beforeEach(() => { diff --git a/x-pack/platform/plugins/shared/alerting/server/task_runner/task_runner_factory.test.ts b/x-pack/platform/plugins/shared/alerting/server/task_runner/task_runner_factory.test.ts index f9dc50bf134d8..efc5d083e721c 100644 --- a/x-pack/platform/plugins/shared/alerting/server/task_runner/task_runner_factory.test.ts +++ b/x-pack/platform/plugins/shared/alerting/server/task_runner/task_runner_factory.test.ts @@ -32,6 +32,7 @@ import { alertsServiceMock } from '../alerts_service/alerts_service.mock'; import { schema } from '@kbn/config-schema'; import { ConnectorAdapterRegistry } from '../connector_adapters/connector_adapter_registry'; import type { TaskRunnerContext } from './types'; +import { ApiKeyType } from './types'; import { backfillClientMock } from '../backfill_client/backfill_client.mock'; import { rulesSettingsServiceMock } from '../rules_settings/rules_settings_service.mock'; import { maintenanceWindowsServiceMock } from './maintenance_windows/maintenance_windows_service.mock'; @@ -132,6 +133,7 @@ describe('Task Runner Factory', () => { usageCounter: mockUsageCounter, isServerless: false, getEventLogClient: jest.fn().mockReturnValue(eventLogClientMock.create()), + apiKeyType: ApiKeyType.ES, }; beforeEach(() => { diff --git a/x-pack/platform/plugins/shared/alerting/server/task_runner/types.ts b/x-pack/platform/plugins/shared/alerting/server/task_runner/types.ts index f498cb5d4776c..90d62210ca955 100644 --- a/x-pack/platform/plugins/shared/alerting/server/task_runner/types.ts +++ b/x-pack/platform/plugins/shared/alerting/server/task_runner/types.ts @@ -165,6 +165,11 @@ export interface RuleRunnerErrorStackTraceLog { stackTrace?: string; } +export enum ApiKeyType { + ES = 'es', + UIAM = 'uiam', +} + export interface TaskRunnerContext { actionsConfigMap: ActionsConfigMap; actionsPlugin: ActionsPluginStartContract; @@ -185,6 +190,7 @@ export interface TaskRunnerContext { maxAlerts: number; ruleTypeRegistry: RuleTypeRegistry; rulesSettingsService: RulesSettingsService; + apiKeyType: ApiKeyType; savedObjects: SavedObjectsServiceStart; share: SharePluginStart; spaceIdToNamespace: SpaceIdToNamespaceFunction; diff --git a/x-pack/platform/plugins/shared/alerting/server/test_utils/index.ts b/x-pack/platform/plugins/shared/alerting/server/test_utils/index.ts index afe2f1332c4e3..7d91e47287876 100644 --- a/x-pack/platform/plugins/shared/alerting/server/test_utils/index.ts +++ b/x-pack/platform/plugins/shared/alerting/server/test_utils/index.ts @@ -5,6 +5,7 @@ * 2.0. */ +import { ApiKeyType } from '../task_runner/types'; import type { RawAlertInstance } from '../../common'; import type { AlertingConfig } from '../config'; @@ -70,6 +71,7 @@ export function generateAlertingConfig(overwrites: Partial = {}) max: 1000, }, }, + apiKeyType: ApiKeyType.ES, }, rulesSettings: { enabled: true, cacheInterval: 60000 }, ...overwrites,