[Security Solution][Alerts] Remove legacy rules schema

x-pack/plugins/security_solution/common/detection_engine/schemas/request/rule_schemas.ts

@@ -284,7 +284,7 @@ const {
   patch: threatMatchPatchParams,
   response: threatMatchResponseParams,
 } = buildAPISchemas(threatMatchRuleParams);
-export { threatMatchCreateParams };
+export { threatMatchCreateParams, threatMatchResponseParams };
 
 const queryRuleParams = {
   required: {
@@ -307,7 +307,7 @@ const {
   response: queryResponseParams,
 } = buildAPISchemas(queryRuleParams);
 
-export { queryCreateParams };
+export { queryCreateParams, queryResponseParams };
 
 const savedQueryRuleParams = {
   required: {
@@ -332,7 +332,7 @@ const {
   response: savedQueryResponseParams,
 } = buildAPISchemas(savedQueryRuleParams);
 
-export { savedQueryCreateParams };
+export { savedQueryCreateParams, savedQueryResponseParams };
 
 const thresholdRuleParams = {
   required: {
@@ -356,7 +356,7 @@ const {
   response: thresholdResponseParams,
 } = buildAPISchemas(thresholdRuleParams);
 
-export { thresholdCreateParams };
+export { thresholdCreateParams, thresholdResponseParams };
 
 const machineLearningRuleParams = {
   required: {
@@ -373,7 +373,7 @@ const {
   response: machineLearningResponseParams,
 } = buildAPISchemas(machineLearningRuleParams);
 
-export { machineLearningCreateParams };
+export { machineLearningCreateParams, machineLearningResponseParams };
 
 const newTermsRuleParams = {
   required: {
@@ -397,7 +397,7 @@ const {
   response: newTermsResponseParams,
 } = buildAPISchemas(newTermsRuleParams);
 
-export { newTermsCreateParams };
+export { newTermsCreateParams, newTermsResponseParams };
 // ---------------------------------------
 // END type specific parameter definitions
 
@@ -503,14 +503,27 @@ const responseOptionalFields = {
   execution_summary: RuleExecutionSummary,
 };
 
-export const fullResponseSchema = t.intersection([
+const sharedResponseSchema = t.intersection([
   baseResponseParams,
-  responseTypeSpecific,
   t.exact(t.type(responseRequiredFields)),
   t.exact(t.partial(responseOptionalFields)),
 ]);
+type SharedResponseSchema = t.TypeOf<typeof sharedResponseSchema>;
+export const fullResponseSchema = t.intersection([sharedResponseSchema, responseTypeSpecific]);
 export type FullResponseSchema = t.TypeOf<typeof fullResponseSchema>;
 
+// Convenience types for type specific responses
+type ResponseSchema<T> = SharedResponseSchema & T;
+export type EqlResponseSchema = ResponseSchema<t.TypeOf<typeof eqlResponseParams>>;
+export type ThreatMatchResponseSchema = ResponseSchema<t.TypeOf<typeof threatMatchResponseParams>>;
+export type QueryResponseSchema = ResponseSchema<t.TypeOf<typeof queryResponseParams>>;
+export type SavedQueryResponseSchema = ResponseSchema<t.TypeOf<typeof savedQueryResponseParams>>;
+export type ThresholdResponseSchema = ResponseSchema<t.TypeOf<typeof thresholdResponseParams>>;
+export type MachineLearningResponseSchema = ResponseSchema<
+  t.TypeOf<typeof machineLearningResponseParams>
+>;
+export type NewTermsResponseSchema = ResponseSchema<t.TypeOf<typeof newTermsResponseParams>>;
+
 export interface RulePreviewLogs {
   errors: string[];
   warnings: string[];

x-pack/plugins/security_solution/common/detection_engine/schemas/response/index.ts

@@ -11,5 +11,3 @@ export * from './import_rules_schema';
 export * from './prepackaged_rules_schema';
 export * from './prepackaged_rules_status_schema';
 export * from './rules_bulk_schema';
-export * from './rules_schema';
-export * from './type_timeline_only_schema';

x-pack/plugins/security_solution/common/detection_engine/schemas/response/rules_bulk_schema.test.ts

@@ -10,12 +10,12 @@ import { pipe } from 'fp-ts/lib/pipeable';
 
 import type { RulesBulkSchema } from './rules_bulk_schema';
 import { rulesBulkSchema } from './rules_bulk_schema';
-import type { RulesSchema } from './rules_schema';
 import type { ErrorSchema } from './error_schema';
 import { exactCheck, foldLeftRight, getPaths } from '@kbn/securitysolution-io-ts-utils';
 
 import { getRulesSchemaMock } from './rules_schema.mocks';
 import { getErrorSchemaMock } from './error_schema.mocks';
+import type { FullResponseSchema } from '../request';
 
 describe('prepackaged_rule_schema', () => {
   test('it should validate a regular message and and error together with a uuid', () => {
@@ -64,24 +64,8 @@ describe('prepackaged_rule_schema', () => {
     expect(message.schema).toEqual({});
   });
 
-  test('it should NOT validate an invalid error message with a deleted value', () => {
-    const error = getErrorSchemaMock('fake id');
-    // @ts-expect-error
-    delete error.error;
-    const payload: RulesBulkSchema = [error];
-    const decoded = rulesBulkSchema.decode(payload);
-    const checked = exactCheck(payload, decoded);
-    const message = pipe(checked, foldLeftRight);
-
-    expect(getPaths(left(message.errors))).toEqual([
-      'Invalid value "undefined" supplied to "type"',
-      'Invalid value "undefined" supplied to "error"',
-    ]);
-    expect(message.schema).toEqual({});
-  });
-
   test('it should NOT validate a type of "query" when it has extra data', () => {
-    const rule: RulesSchema & { invalid_extra_data?: string } = getRulesSchemaMock();
+    const rule: FullResponseSchema & { invalid_extra_data?: string } = getRulesSchemaMock();
     rule.invalid_extra_data = 'invalid_extra_data';
     const payload: RulesBulkSchema = [rule];
     const decoded = rulesBulkSchema.decode(payload);
@@ -93,7 +77,7 @@ describe('prepackaged_rule_schema', () => {
   });
 
   test('it should NOT validate a type of "query" when it has extra data next to a valid error', () => {
-    const rule: RulesSchema & { invalid_extra_data?: string } = getRulesSchemaMock();
+    const rule: FullResponseSchema & { invalid_extra_data?: string } = getRulesSchemaMock();
     rule.invalid_extra_data = 'invalid_extra_data';
     const payload: RulesBulkSchema = [getErrorSchemaMock(), rule];
     const decoded = rulesBulkSchema.decode(payload);

x-pack/plugins/security_solution/common/detection_engine/schemas/response/rules_bulk_schema.ts

@@ -7,8 +7,8 @@
 
 import * as t from 'io-ts';
 
-import { rulesSchema } from './rules_schema';
+import { fullResponseSchema } from '../request';
 import { errorSchema } from './error_schema';
 
-export const rulesBulkSchema = t.array(t.union([rulesSchema, errorSchema]));
+export const rulesBulkSchema = t.array(t.union([fullResponseSchema, errorSchema]));
 export type RulesBulkSchema = t.TypeOf<typeof rulesBulkSchema>;

x-pack/plugins/security_solution/common/detection_engine/schemas/response/rules_schema.mocks.ts

@@ -6,13 +6,18 @@
  */
 
 import { DEFAULT_INDICATOR_SOURCE_PATH } from '../../../constants';
+import type {
+  EqlResponseSchema,
+  MachineLearningResponseSchema,
+  QueryResponseSchema,
+  SavedQueryResponseSchema,
+  ThreatMatchResponseSchema,
+} from '../request';
 import { getListArrayMock } from '../types/lists.mock';
 
-import type { RulesSchema } from './rules_schema';
-
 export const ANCHOR_DATE = '2020-02-20T03:57:54.037Z';
 
-export const getRulesSchemaMock = (anchorDate: string = ANCHOR_DATE): RulesSchema => ({
+const getResponseBaseParams = (anchorDate: string = ANCHOR_DATE) => ({
   author: [],
   id: '7a7065d7-6e8b-4aae-8d20-c93613dec9f9',
   created_at: new Date(anchorDate).toISOString(),
@@ -24,45 +29,83 @@ export const getRulesSchemaMock = (anchorDate: string = ANCHOR_DATE): RulesSchem
   from: 'now-6m',
   immutable: false,
   name: 'Query with a rule id',
-  query: 'user.name: root or user.name: admin',
   references: ['test 1', 'test 2'],
-  severity: 'high',
+  severity: 'high' as const,
   severity_mapping: [],
   updated_by: 'elastic_kibana',
   tags: ['some fake tag 1', 'some fake tag 2'],
   to: 'now',
-  type: 'query',
   threat: [],
   version: 1,
   output_index: '.siem-signals-default',
   max_signals: 100,
   risk_score: 55,
   risk_score_mapping: [],
-  language: 'kuery',
   rule_id: 'query-rule-id',
   interval: '5m',
   exceptions_list: getListArrayMock(),
   related_integrations: [],
   required_fields: [],
   setup: '',
+  throttle: 'no_actions',
+  actions: [],
+  building_block_type: undefined,
+  note: undefined,
+  license: undefined,
+  outcome: undefined,
+  alias_target_id: undefined,
+  alias_purpose: undefined,
+  timeline_id: undefined,
+  timeline_title: undefined,
+  meta: undefined,
+  rule_name_override: undefined,
+  timestamp_override: undefined,
+  timestamp_override_fallback_disabled: undefined,
+  namespace: undefined,
 });
 
-export const getRulesMlSchemaMock = (anchorDate: string = ANCHOR_DATE): RulesSchema => {
-  const basePayload = getRulesSchemaMock(anchorDate);
-  const { filters, index, query, language, ...rest } = basePayload;
+export const getRulesSchemaMock = (anchorDate: string = ANCHOR_DATE): QueryResponseSchema => ({
+  ...getResponseBaseParams(anchorDate),
+  query: 'user.name: root or user.name: admin',
+  type: 'query',
+  language: 'kuery',
+  index: undefined,
+  data_view_id: undefined,
+  filters: undefined,
+  saved_id: undefined,
+});
+export const getSavedQuerySchemaMock = (
+  anchorDate: string = ANCHOR_DATE
+): SavedQueryResponseSchema => ({
+  ...getResponseBaseParams(anchorDate),
+  query: 'user.name: root or user.name: admin',
+  type: 'saved_query',
+  saved_id: 'save id 123',
+  language: 'kuery',
+  index: undefined,
+  data_view_id: undefined,
+  filters: undefined,
+});
 
+export const getRulesMlSchemaMock = (
+  anchorDate: string = ANCHOR_DATE
+): MachineLearningResponseSchema => {
   return {
-    ...rest,
+    ...getResponseBaseParams(anchorDate),
     type: 'machine_learning',
     anomaly_threshold: 59,
     machine_learning_job_id: 'some_machine_learning_job_id',
   };
 };
 
-export const getThreatMatchingSchemaMock = (anchorDate: string = ANCHOR_DATE): RulesSchema => {
+export const getThreatMatchingSchemaMock = (
+  anchorDate: string = ANCHOR_DATE
+): ThreatMatchResponseSchema => {
   return {
-    ...getRulesSchemaMock(anchorDate),
+    ...getResponseBaseParams(anchorDate),
     type: 'threat_match',
+    query: 'user.name: root or user.name: admin',
+    language: 'kuery',
     threat_index: ['index-123'],
     threat_mapping: [{ entries: [{ field: 'host.name', type: 'mapping', value: 'host.name' }] }],
     threat_query: '*:*',
@@ -84,14 +127,24 @@ export const getThreatMatchingSchemaMock = (anchorDate: string = ANCHOR_DATE): R
         },
       },
     ],
+    index: undefined,
+    data_view_id: undefined,
+    filters: undefined,
+    saved_id: undefined,
+    threat_indicator_path: undefined,
+    threat_language: undefined,
+    concurrent_searches: undefined,
+    items_per_search: undefined,
   };
 };
 
 /**
  * Useful for e2e backend tests where it doesn't have date time and other
  * server side properties attached to it.
  */
-export const getThreatMatchingSchemaPartialMock = (enabled = false): Partial<RulesSchema> => {
+export const getThreatMatchingSchemaPartialMock = (
+  enabled = false
+): Partial<ThreatMatchResponseSchema> => {
   return {
     author: [],
     created_by: 'elastic',
@@ -160,11 +213,17 @@ export const getThreatMatchingSchemaPartialMock = (enabled = false): Partial<Rul
   };
 };
 
-export const getRulesEqlSchemaMock = (anchorDate: string = ANCHOR_DATE): RulesSchema => {
+export const getRulesEqlSchemaMock = (anchorDate: string = ANCHOR_DATE): EqlResponseSchema => {
   return {
-    ...getRulesSchemaMock(anchorDate),
+    ...getResponseBaseParams(anchorDate),
     language: 'eql',
     type: 'eql',
     query: 'process where true',
+    index: undefined,
+    data_view_id: undefined,
+    filters: undefined,
+    timestamp_field: undefined,
+    event_category_override: undefined,
+    tiebreaker_field: undefined,
   };
 };