Skip to content

[9.3] [One Workflow] fix: prevent alert rule actions from triggering disabled workflows (#252673)#252682

Merged
kibanamachine merged 1 commit into
elastic:9.3from
kibanamachine:backport/9.3/pr-252673
Feb 11, 2026
Merged

[9.3] [One Workflow] fix: prevent alert rule actions from triggering disabled workflows (#252673)#252682
kibanamachine merged 1 commit into
elastic:9.3from
kibanamachine:backport/9.3/pr-252673

Conversation

@kibanamachine
Copy link
Copy Markdown
Contributor

@kibanamachine kibanamachine commented Feb 11, 2026

Backport

This will backport the following commits from main to 9.3:

Questions ?

Please refer to the Backport tool documentation

@talboren @cursoragent
[One Workflow] fix: prevent alert rule actions from triggering disabl…
2e179cc 
…ed workflows (elastic#252673)

## Summary

- Alert rule actions with a "Run Workflow" connector were executing
workflows even when the workflow was disabled (`enabled: false`). The
backend connector path checked for workflow existence, definition, and
validity — but skipped the `enabled` check.
- Extracted the shared validation logic into a reusable
`validateWorkflowForExecution` assertion function that guards against
not-found, missing-definition, invalid, and **disabled** workflows
before execution.
- Added comprehensive unit tests covering all validation scenarios
including the disabled workflow case.

## References

Closes elastic/security-team#15684

Made with [Cursor](https://cursor.com)

Co-authored-by: Cursor <cursoragent@cursor.com>
(cherry picked from commit 6b7b6f3)
@kibanamachine kibanamachine added the backport This PR is a backport of another PR label Feb 11, 2026
@kibanamachine kibanamachine enabled auto-merge (squash) February 11, 2026 11:08
@kibanamachine kibanamachine mentioned this pull request Feb 11, 2026
Merged
@kibanamachine kibanamachine merged commit 1eeb661 into elastic:9.3 Feb 11, 2026
17 checks passed
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Feb 11, 2026

💚 Build Succeeded

Metrics [docs]

✅ unchanged

cc @talboren

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@talboren talboren

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kibanamachine @elasticmachine @talboren