Adds update functionality and update route with scripts.

x-pack/plugins/apm/server/feature.ts

@@ -23,6 +23,7 @@ export const APM_FEATURE = {
   category: DEFAULT_APP_CATEGORIES.observability,
   app: ['apm', 'ux', 'kibana'],
   catalogue: ['apm'],
+  rac: [APM_SERVER_FEATURE_ID],
   management: {
     insightsAndAlerting: ['triggersActions'],
   },
@@ -33,6 +34,9 @@ export const APM_FEATURE = {
       app: ['apm', 'ux', 'kibana'],
       api: ['apm', 'apm_write'],
       catalogue: ['apm'],
+      rac: {
+        all: [APM_SERVER_FEATURE_ID],
+      },
       savedObject: {
         all: [],
         read: [],
@@ -49,6 +53,9 @@ export const APM_FEATURE = {
       app: ['apm', 'ux', 'kibana'],
       api: ['apm'],
       catalogue: ['apm'],
+      rac: {
+        all: [APM_SERVER_FEATURE_ID],
+      },
       savedObject: {
         all: [],
         read: [],

x-pack/plugins/rule_registry/server/authorization/audit_logger.ts

@@ -49,9 +49,9 @@ export class RacAuthorizationAuditLogger {
       message,
       event: {
         action: 'rac_authorization_failure',
-        category: EventCategory.DATABASE,
+        category: 'database', // EventCategory.DATABASE,
         type,
-        outcome: EventOutcome.FAILURE,
+        outcome: 'failure', // EventOutcome.FAILURE,
       },
       user: {
         name: username,
@@ -105,9 +105,9 @@ export class RacAuthorizationAuditLogger {
       message,
       event: {
         action: 'rac_authorization_success',
-        category: EventCategory.DATABASE,
+        category: 'database',
         type,
-        outcome: EventOutcome.SUCCESS,
+        outcome: 'success',
       },
       user: {
         name: username,

x-pack/plugins/rule_registry/server/authorization/rac_authorization.ts

@@ -7,7 +7,7 @@
 import Boom from '@hapi/boom';
 
 import { KibanaRequest } from 'src/core/server';
-import { EventType, SecurityPluginStart } from '../../../security/server';
+import { SecurityPluginStart } from '../../../security/server';
 import { PluginStartContract as FeaturesPluginStart } from '../../../features/server';
 import { Space } from '../../../spaces/server';
 import { KueryNode } from '../../../../../src/plugins/data/server';
@@ -118,7 +118,7 @@ export class RacAuthorization {
             owner,
             username,
             operation,
-            type: EventType.ACCESS,
+            type: 'rac authz', // EventType.ACCESS,
           })
         );
       }
@@ -127,7 +127,7 @@ export class RacAuthorization {
           owner,
           username,
           operation,
-          type: EventType.ACCESS,
+          type: 'rac authz', // EventType.ACCESS,
         });
       } else {
         const authorizedPrivileges = privileges.kibana.reduce<string[]>((acc, privilege) => {
@@ -145,7 +145,7 @@ export class RacAuthorization {
             owner: unauthorizedPrivilages.join(','),
             username,
             operation,
-            type: EventType.ACCESS,
+            type: 'rac authz', // EventType.ACCESS,
           })
         );
       }
@@ -155,7 +155,7 @@ export class RacAuthorization {
           owner,
           username: '',
           operation,
-          type: EventType.ACCESS,
+          type: 'rac authz', // EventType.ACCESS,
         })
       );
     }

x-pack/plugins/rule_registry/server/plugin.ts

@@ -15,6 +15,7 @@ import {
   KibanaRequest,
   IContextProvider,
 } from 'src/core/server';
+import { schema } from '@kbn/config-schema';
 import { PublicMethodsOf } from '@kbn/utility-types';
 import { SecurityPluginSetup, SecurityPluginStart } from '../../security/server';
 import {
@@ -100,6 +101,36 @@ export class RuleRegistryPlugin implements Plugin<RuleRegistryPluginSetupContrac
       return res.ok();
     });
 
+    router.post(
+      {
+        path: '/update-alert',
+        validate: {
+          body: schema.object({
+            status: schema.string(),
+            ids: schema.arrayOf(schema.string()),
+          }),
+        },
+      },
+      async (context, req, res) => {
+        try {
+          const racClient = await context.ruleRegistry?.getRacClient();
+          console.error(req);
+          const { status, ids } = req.body;
+          console.error('STATUS', status);
+          console.error('ID', ids);
+          const thing = await racClient?.update({
+            ids,
+            owner: 'apm',
+            data: { status },
+          });
+          return res.ok({ body: { success: true, alerts: thing } });
+        } catch (exc) {
+          console.error('OOPS', exc);
+          return res.unauthorized();
+        }
+      }
+    );
+
     return rootRegistry;
   }
 

x-pack/plugins/rule_registry/server/rac_client/rac_client.ts

@@ -84,7 +84,8 @@ export interface FindResult<Params extends AlertTypeParams> {
 }
 
 export interface UpdateOptions<Params extends AlertTypeParams> {
-  id: string;
+  ids: string[];
+  owner: string;
   data: {
     status: string;
   };
@@ -321,9 +322,51 @@ export class RacClient {
   }
 
   public async update<Params extends AlertTypeParams = never>({
-    id,
+    ids,
+    owner,
     data,
   }: UpdateOptions<Params>): Promise<PartialAlert<Params>> {
+    try {
+      await this.authorization.ensureAuthorized(
+        // TODO: add spaceid here.. I think
+        // result.body._source?.owner,
+        owner,
+        WriteOperations.Update
+      );
+      // TODO: type alert for the get method
+
+      try {
+        const body = ids.flatMap((id) => [
+          {
+            update: {
+              _id: id,
+            },
+          },
+          {
+            doc: { 'kibana.rac.alert.status': data.status },
+          },
+        ]);
+
+        const result = await this.esClient.bulk({
+          index: '.kibana-devin-hurley-alerts-observability-apm-8.0.0',
+          body,
+        });
+        return result;
+      } catch (exc) {
+        console.error(exc);
+        console.error('THREW ERROR WHEN TRYING UPDATE', JSON.stringify(exc, null, 2));
+      }
+    } catch (error) {
+      console.error('HERES THE ERROR', error);
+      // this.auditLogger?.log(
+      //   alertAuditEvent({
+      //     action: AlertAuditAction.GET,
+      //     savedObject: { type: 'alert', id },
+      //     error,
+      //   })
+      // );
+      throw error;
+    }
     // return await retryIfConflicts(
     //   this.logger,
     //   `alertsClient.update('${id}')`,

x-pack/plugins/rule_registry/server/scripts/observer/detections_role.json

@@ -29,6 +29,7 @@
       "feature": {
         "ml": ["read"],
         "monitoring": ["all"],
+        "apm": ["all"],
         "actions": ["read"],
         "builtInAlerts": ["all"]
       },

x-pack/plugins/rule_registry/server/scripts/update_observability_alert.sh

@@ -0,0 +1,19 @@
+set -e
+
+IDS=${1}
+STATUS=${2}
+
+echo $IDS
+echo "'"$STATUS"'"
+
+cd ./hunter && sh ./post_detections_role.sh && sh ./post_detections_user.sh
+cd ../observer && sh ./post_detections_role.sh && sh ./post_detections_user.sh
+cd ..
+
+# Example: ./update_observability_alert.sh [\"my-alert-id\",\"another-alert-id\"] <closed | open>
+curl -s -k \
+ -H 'Content-Type: application/json' \
+ -H 'kbn-xsrf: 123' \
+ -u observer:changeme \
+ -X POST ${KIBANA_URL}${SPACE_URL}/update-alert \
+ -d "{\"ids\": $IDS, \"status\":\"$STATUS\"}" | jq .