[SLO]: register alerts schema embeddable

[mgiota]

Fixes #252816
Fixes #257868

Legacy alerts embeddable saved state contained showAllGroupByInstances and slos (id, instanceId, name, groupBy).

As part of this PR we do following changes (More context on this issue):

• remove showAllGroupByInstances and keep slo_instance_id as the sole source of truth
• remove name and groupBy` from schema. An SLO with updated name for example can lead to stale UI representation in the dashboard app.

Acceptance criteria

• schemas are registered server side
• transforms are registered, where legacy stored shape is converted to REST API shape
• REST API should be snake_case
• public embeddable code should be updated to use new snake_case shape
• types should be derived from schemas, duplicative type declarations should be removed
• ensure backwards compatibility: confirm previously stored SLO error alert embeddables continue to work as expected
• drilldown support
• register SLO embeddable transform out in embeddablePlugin.registerLegacyURLTransform: Dashboard allows users to share unsaved dashboard changes. This feature stores embeddable state in URLs.

Testing OAS documentation

• add server.oas.enabled: true to config/kibana.dev.yml
• start kibana with yarn start --no-base-path
• Copy paste URL http://localhost:5601/api/oas?pathStartsWith=/api/dashboard&access=internal&version=1 into your browser.
• View panels schema and verify slo alerts embeddable schema appears in the list.

Testing validation

Try to create a few dashboards with alerts embeddable through API calls in Kibana dev tools and verify validation and creation work as expected.

POST kbn:/api/dashboards?apiVersion=1
{
  "title": "Testing empty alerts embeddable through API call",
  "panels": [
    {
      "config": {},
      "grid": {
        "x": 1,
        "y": 0
      },
      "type": "slo_alerts"
    }
  ]
}

POST kbn:/api/dashboards?apiVersion=1
{
  "title": "Test a group by SLO with all instances",
  "panels": [
    {
      "config": {
        "slos": [
            {
                "slo_id": "6b523190-9da5-4bbc-8c37-fa3f3a3f5046",
                "slo_instance_id": "*"
            }
        ]
      },
      "grid": {
        "x": 1,
        "y": 0
      },
      "type": "slo_alerts"
    }
  ]
}

POST kbn:/api/dashboards?apiVersion=1
{
  "title": "Test a group by SLO with a specific instance",
  "panels": [
    {
      "config": {
        "slos": [
            {
                "slo_id": "6b523190-9da5-4bbc-8c37-fa3f3a3f5046",
                "slo_instance_id": "something"
            }
        ]
      },
      "grid": {
        "x": 1,
        "y": 0
      },
      "type": "slo_alerts"
    }
  ]
}

Reference

Regarding removal of showAllGroupByInstances we explored two approaches, 1) keep the flag and normalize on load and 2) remove the flag entirely.

I proceeded with Option 2: remove the flag entirely plus the simplest required UI change, where SLO selector support picking all instances (*) for group-by SLOs.

I decided not to proceed with a full UI refactoring implemented in this PR. This change can be done as a follow up after the schema registration PR is merged, if we decide we want to change the way we select SLOs in the alerts embeddable.

[macroscopeapp]

Approvability

Verdict: Needs human review

This PR introduces new schema registration infrastructure for SLO alerts embeddables with drilldown support and legacy state migration. Unresolved review comments identify a potential DoS vulnerability (unbounded array in schema) and a bug in kuery generation that would cause incorrect filtering. These substantive issues require human review and resolution.

^{You can customize Macroscope's approvability policy. Learn more.}

[fkanout]

CodeQL flagged this already but worth calling out explicitly: this array has no maxSize, so a crafty API caller can stuff an arbitrarily large payload into a dashboard panel and blow up memory on the server. Something like maxSize: 100 should be more than enough — I can't imagine a real dashboard panel with 100+ SLOs in a single alerts widget.

Suggested change

	slos: schema.arrayOf(sloItemSchema, {
	slos: schema.arrayOf(sloItemSchema, {
	defaultValue: [],
	maxSize: 100,
	meta: { description: 'List of SLOs to display alerts for' },

[mgiota]

Yep maxSize:100 is good, applied in this commit

[fkanout]

Now that slo_instance_id can be '*' for "all instances", this kuery produces slo.instanceId:"*" which matches the literal string rather than all instances. For grouped SLOs the "Go to Alerts" link will filter to nothing useful. Might be worth skipping the instanceId clause when it's *:

const kuery = slos
  .map((slo) => {
    const idFilter = `slo.id:"${slo.slo_id}"`;
    return slo.slo_instance_id === ALL_VALUE
      ? idFilter
      : `(${idFilter} and slo.instanceId:"${slo.slo_instance_id}")`;
  })
  .join(' or ');

This was probably broken before too (the old toggle overrode instance filtering in the table query but the drilldown link always used the specific instanceId), but now's a good time to clean it up since the semantics are clearer.

[mgiota]

True that was broken before, but yep good time to clean it up. Here's the commit that fixes it

[fkanout]

Tested locally and LGTM, I left some comments that need to be addressed

[mgiota]

@fkanout Thanks for the review, I applied the feedback. PR is ready for review again!

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 162f52e

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
slo	1315	1317	+2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
slo	1.1MB	1.1MB	-236.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
slo	36.5KB	36.7KB	+234.0B

Unknown metric groups

async chunk count

id	before	after	diff
slo	37	39	+2

History

• 💔 Build #420454 failed 91f9ced
• 💚 Build #418544 succeeded a283dd6
• 💚 Build #417818 succeeded cd80dfd
• 💔 Build #415206 failed 576c541
• 💔 Build #413900 failed 35833dd
• 💔 Build #413561 failed 6e5ffa4

cc @mgiota

[nreese]

kibana-presentation changes LGTM
code review only