Commit Graph

338 Commits

Author SHA1 Message Date
uboness 54923420d9 [cleanup] - added forbidden apis mvn plugin
- fixed the use of the found forbidden APIs
- changed `FiredAlert.State` values to lower case (for consistency sake)

Original commit: elastic/x-pack-elasticsearch@9b3f8383d9
2015-02-17 16:31:18 +01:00
uboness 37d9fd062e Replacing "trigger" with "condition"
- renamed "trigger" notion to "condition"

- the main parts that make an alert are:
 - **schedule** - determines when/how often should the alert be checked
 - **condition** - determines whether the alert should execute
 - **actions** - define what the alert should do

- the lifecycle terminology of a fired alert changed as well, to the following
 - **fired** - the schedule fired an event indicating the alert should be **checked**
 - **checked** - the condition associated with the alert was checked - either it was met (indicating the the alert should be executed) or it wasn't (indicating the alert should not be executed)
 - **throttled** - although the condition was met, the system decided **not** to execute the alert after all based on the throttling logic
 - **executed** - the condition of the alert was met, and the system decided it should not throttle it, thefore the actions of the alert were executed.

- `FiredAlert.State` changed to reflect the new lifecycle (as described above)

Original commit: elastic/x-pack-elasticsearch@d67d13d982
2015-02-17 14:51:38 +01:00
uboness 61761286e0 Refactoring
- moved alert execution logic to the history service (the history service now listener to schedule events)
- introduced `AlertLockService` - used by both alerts service and history service to lock alerts across services
- the history service is now responsible for executing the previous "not yet executed" fired alerts.
- renamed `AlertContext` to `ExecutionContext`
- renamed `AlertRun` to `AlertExecution`
- improved actions result parsing logic (`success` field is mandatory)
- renamed the alert history type to `fired_alert` (used to be `alerthistory`)
- renamed fired alert `error_msg` to just `message`.

Original commit: elastic/x-pack-elasticsearch@09f26ce3cf
2015-02-17 12:14:00 +01:00
Brian Murphy 8b83d74994 Fix DateTime issues
We were using DateTime without a timezone to pick the history index to write the alert runs to.
This caused tests to fail because we use UTC internally (as we should)

Original commit: elastic/x-pack-elasticsearch@6d6f57fb9e
2015-02-13 17:07:46 -08:00
Brian Murphy ba15a197ea Make all tests pass
This change fixes the compilation errors in
`EmailTemplateTest` `WebhookTest` `AlertActionsTest` `AbstractAlertingTests` and `ActionHistoryIndexNameTest`.
Fix alert parsing.
Don't attempt to emit a null body template.
Add inject to parser construction.
Fix Alert serialization.
Fix json template to work with the NWO.
Fix ToXContent of Actions.
Add equals methods to Actions and Schedule to facilitate testing.
Changes after rebase to take new EmailAction into account.
Fix `AlertSerializationTest`
Many serialization fixes.
Fix alerthistory template
This change brings the alert history index template uptodate with the code.
Fix createAlertSource
This change brings createAlertSource uptodate with the NWO
Fix Webhook test
Change default template in webhook action to use the simple constructor.
Shutdown the thread pool in the `EmailActionTest`
Don't try to throttle if this alert has never run before.
Add serialization to AlertRun and fix serialization for FiredAlert
This change also makes all trigger and action results serializable and de-serializable.
Parsers now implement parseResult() and the registries for actions and triggers also have matching calls.
Add alert_run to alert history JSON.
Fix logging in index action.
Fix Ack serialization.
Change payload of index action ... IndexResponse isn't serializing properly.
Fix success of index action.
Fix TimeThrottler to use lastExecutedTime instead of lastRunTime.
Fix ThrottleTest
We don't need to assert busy here. The sleeps should be enough. If they aren't something is wrong.
Horrible hack to get around thread pool issues.
Fix Bootstrap test
Also always request version when loading alert history
Fix bootstrap test and set the correct cron into the future.

Original commit: elastic/x-pack-elasticsearch@d3a6c8c3aa
2015-02-13 15:15:36 -08:00
Martijn van Groningen 6392007c72 - Made the threadpools fixed and the size based on the number of processors in a node.
- Removed the the queue reading in the HistoryService.
- Let the HistoryService use the alerts threadpool directly for executing fired alerts, which will use the internal queueing of ThreadPool is all threads are busy.
- Moved the alert thread pool startup to the start of the history service.
- Enforce versioning check if fired alerts are updated.

Closes elastic/elasticsearch#101

Original commit: elastic/x-pack-elasticsearch@39b0de7112
2015-02-13 18:17:40 +01:00
uboness 70b5d36098 Enhanced email action
- Introducing the notion of email account (i.e. smtp account). It is now possible to configure multiple email accounts (in node settings) via which the emails will be sent. The email alert action can be configured with an account name, to indicate which account should be used, if no account is configured, the email will be sent with the _default account_. The default account can also be configured using the `default_account` node setting.
- `InternalEmailService` maintains the email sessions and responsible for sending emails.
- the account settings are dynamic (configurable at runtime)
- `Email` class was introduces to abstract away the email structure (`javax.mail`'s `Message` is not the most intuitive construct to deal with. `Email` enables setting both `text` and `html` content and also support normal and inlined attachments.
- "profiles" were added to support different email message formats. Unfortunately the different email systems don't fully comply to the standards and each has their own way of structuring the mime message (especially when it comes to attachments). The `Profile` enum abstracts this by letting the user define what email system structure it wants to support. we define 4 profiles - `GMAIL`, `MAC`, `OUTLOOK` and `STANDARD`. `STANDARD` is the official way of structuring the mime message according to the different RFC standard (it also serves as the default profile).
- The `EmailAction` only task is to create an `Email` based on the action settings and the payload, and send it via the `EmailService`.

Original commit: elastic/x-pack-elasticsearch@2b893c8127
2015-02-10 18:19:11 -08:00
uboness ec42ec8fdc introduced AlertContext
Represents the context of an alert run. It's passed as an argument to all the different constructs that execute during an alert run - trigger, throttler, transform and action. This will provide each execution phase access to to all the results of the previous phase. It also holds the current payload in the execution.

Action results representing failures now hold the `reason` for the failure. This will provide insight on failed action execution as these messages will end up in the fired alert history.

Original commit: elastic/x-pack-elasticsearch@6846a49247
2015-02-09 20:41:42 +01:00
uboness 157c7b6fd6 Introduced the `payload` and `transform` constructs
A payload represents a the payload the is originally created by the trigger and passed all the way down to the executing actions. The action may use this payload during their execution, for example, the email action may use this payload as the model behind the email templats.

A transform represents a transformation of a payload. In its core, it accepts a payload applies a transformation to it and outputs the outcome of the transformation as a payload. This simple design makes transforms chainable, meaning, a list of transformations can be applied in a well defined order to a payload.

The transform is applied on the payload initially generated by the trigger. The output of the transformation will be provided to the actions as a payload when they're executed.

Currently we only have two transform types - `noop` and `search`. The former is a transform construct that doesn't actually do any transformation, but instead outputs the same payload it's applied on. The latter (`search`) perform a search on elasticsearch and uses the output of the search (the search response) as the payload it outputs.

Original commit: elastic/x-pack-elasticsearch@6d40337635
2015-02-07 01:25:47 +01:00
uboness 241444437f Refactored `Alert` and `Alert.Status`
- all alerts are now ackable (there's no way to define an "unackable" alert)
 - `Alert.Status` now holds an `ack` that represents the ack status
 - `Alert.Status` now holds a `lastThrottle` that represents the state of the last throttle (will be `null` if not throttled yet)
 - changed the `Alert.Status.Ack.State` to hold more intuitive values - `awaits_execution`, `ackable` and `acked`
 - `Alert.Status` is now streamble
 - introduced additional info method on `Alert.Status` (e.g. `executed()`, `triggered()`, `ran()`)

Original commit: elastic/x-pack-elasticsearch@3eda1c211a
2015-02-06 18:33:11 +01:00
Brian Murphy 0470fdf6af Add EmailSettingsService to hold global email settings.
This change adds a service to hold the dynamically updateable email settings.
Added logging and made inner settings holding class static.

Original commit: elastic/x-pack-elasticsearch@e1690fa292
2015-02-06 11:08:28 -05:00
Brian Murphy da1f446b49 Add HttpClient to encapsulate HttpRequest from `WebhookAction`
Create a `HttpClient` in alerts.support to handle http requests.
`HttpClient` is an injectable AbstractComponent.

Original commit: elastic/x-pack-elasticsearch@8e70962ddf
2015-02-06 11:02:24 -05:00
Martijn van Groningen f261d8aeaf Componentized the history service and alert record parser.
Renamed AlertRecord to FiredAlert
Refactored the persistence part of FiredAlert out of HistoryService to HistoryStore.
Moved AlertActionState to FiredAlert.State

Original commit: elastic/x-pack-elasticsearch@595c733cfc
2015-02-06 08:23:27 +01:00
Brian Murphy 31a3907bed Use `ParseField` when parsing actions
Use parse fields when parsing and building XContent in Actions.

Original commit: elastic/x-pack-elasticsearch@db48702b76
2015-02-05 16:57:30 -05:00
Brian Murphy 3147927e20 Refactor actions to match trigger refactoring.
This change refactors the old AlertActions code into Actions to mirror the triggers code.
This work also includes the configuration changes and webhook changes from master.
TemplateUtils has been renamed to StringTemplateUtils. References to the old AlertActions code have been removed and updated
to reference the new code.
Action.Result now implements ToXContent
This allows the FiredAlerts to track the history of the actions.

Original commit: elastic/x-pack-elasticsearch@a3d5d3bd4d
2015-02-05 16:42:45 -05:00
uboness 01375a320d updated the alert service and store
Original commit: elastic/x-pack-elasticsearch@61c75d8258
2015-02-05 12:37:08 +01:00
uboness af7cf03a1c removed compound throttler in favour of an alert throttler
We don't really need a generic compound throttler. Instead we now have an `AlertThrottler` that can be configured with optional `AckThrottler` and `PeriodThrottler`.

The logic of what throttler is applied first has therefore moved from the `Alert` to the `AlertThrottler` (back to its natural place)

Original commit: elastic/x-pack-elasticsearch@b81e467c97
2015-02-05 12:08:50 +01:00
uboness 7d9d0aae05 Refactoring of the codebase
Original commit: elastic/x-pack-elasticsearch@08872f71ea
2015-02-05 10:00:48 +01:00
uboness 79ee2ed62e [cleanup] Refactoring of the code base
- Renamed `AlertingModule` to `AlertsModule`
- Started modularizing the code base.. each module has its own guice module and `AlertsModule` spawn all the sub-modules
- Renamed `*Helper` classes to `*Utils` for consistency sake and moved all utilities to `support` package
- Moved `AlertsPlugin` to the base package (no need for `plugin` package... it just creates noise)
- Moved `State` to be inner enum within `AlertsService` (that's where it belongs)
- Moved all the rest actions to `rest.action` package

Original commit: elastic/x-pack-elasticsearch@4ce9bf8dcd
2015-02-03 14:55:28 +01:00
uboness 4b38006f64 Changed the alerts client to wrap es client
Instead of having another client interface, the alerts client should be a wrapper around the standard es client. This will make sure that whatever logic that is applied on these std clients will also be applied to any requests/actions that are executed in the alerts client.

Using the es client introduces a cyclic dependency for all those services that use the es client and that are also injected into the transport actions. For this reason, instead of using the es client and script service directory, we're using proxies. The proxies are initialized lazily be a new `InitializationService`.

Also introduced the `AlertsClientModule` and `AlertsTransportModule`

Closes elastic/elasticsearch#56

Original commit: elastic/x-pack-elasticsearch@58990a7c85
2015-02-03 11:54:08 +01:00
Brian Murphy 8c6aad11ed Add username to SMTP settings.
This partially addresses elastic/elasticsearch#69 until I can make the changes suggested in the code review.

Original commit: elastic/x-pack-elasticsearch@0f1433d9b4
2015-01-30 11:31:15 -05:00
Martijn van Groningen 27b6aa50f7 Add version and build information to the stats api
Also set the current maven version to -SNAPSHOT

Original commit: elastic/x-pack-elasticsearch@964c740373
2015-01-30 17:08:19 +01:00
Martijn van Groningen f5605db41b Share all libraries and noop-ed quartz logging
Original commit: elastic/x-pack-elasticsearch@88228b7f46
2015-01-30 17:02:28 +01:00
Martijn van Groningen d68cad9b72 Renamed AlertActionEntry to AlertHistory.
Original commit: elastic/x-pack-elasticsearch@cc48a27a3c
2015-01-29 21:08:34 +01:00
Martijn van Groningen 57e65fccf1 Rename *Manager to *Service
Original commit: elastic/x-pack-elasticsearch@f37d301660
2015-01-29 20:53:51 +01:00
Martijn van Groningen 61af10f7c0 Added jdoc explanation why the execution of fired alerts is split it into two operations.
Original commit: elastic/x-pack-elasticsearch@03c8645e9d
2015-01-29 17:00:28 +01:00
Martijn van Groningen 11864df421 Fix thread pool name
Original commit: elastic/x-pack-elasticsearch@0ed6327768
2015-01-29 16:20:11 +01:00
Martijn van Groningen 2892154ace Merge pull request elastic/elasticsearch#64 from joehillen/fix-email-port
Fix email port setting

Original commit: elastic/x-pack-elasticsearch@ee669b55d8
2015-01-16 21:24:43 +01:00
Brian Murphy c81a37a2ee Fix the email template test to be a lightweight unit test case and not start any unneeded services.
Original commit: elastic/x-pack-elasticsearch@93fc61d61a
2015-01-15 16:54:48 -05:00
Brian Murphy cef0976a6c Change the version to 1.0.0-beta2i
Original commit: elastic/x-pack-elasticsearch@aace18a423
2015-01-15 16:54:25 -05:00
Joe Hillenbrand 5c904dfafa Fix email port setting
The setting was mistyped as 'smpt' when it should have been 'smtp', but
it is better to change it to 'email' to be consistent with the other settings.

Original commit: elastic/x-pack-elasticsearch@0e610d89b5
2015-01-15 12:55:30 -08:00
Brian Murphy a458e2df1d Register the ack handler again.
Original commit: elastic/x-pack-elasticsearch@b229c52f78
2015-01-15 10:31:59 -05:00
Brian Murphy cdd222aad5 Add email templating.
This commit adds support for email templating to alerting.

Original commit: elastic/x-pack-elasticsearch@6280801ce5
2015-01-15 09:34:17 -05:00
Brian Murphy f90d600a22 Add webhook action
This action can be added to an alert as :
      "webhook" : {
        "url" : "http://localhost:8080/alert/{{alert_name}}",
        "method" : "GET"
      }

Original commit: elastic/x-pack-elasticsearch@34e04229ab
2015-01-15 09:31:23 -05:00
Martijn van Groningen 30506ef41d Only primary shards are now required to be available during alerting initialization.
Original commit: elastic/x-pack-elasticsearch@4ef5fd87dc
2015-01-15 10:43:07 +01:00
Martijn van Groningen fc5cbd5d08 Fixed typo
Original commit: elastic/x-pack-elasticsearch@a549bd9e18
2015-01-15 10:15:49 +01:00
Martijn van Groningen 9f014a9bf9 slightly improved logging.
Original commit: elastic/x-pack-elasticsearch@7a131bc4d8
2014-12-23 16:41:16 +01:00
Martijn van Groningen df7fc714e7 Ensure that the refresh has ran on all shards.
Original commit: elastic/x-pack-elasticsearch@6214514956
2014-12-23 16:30:04 +01:00
Martijn van Groningen a7e85df649 Move the get alert api over to be a master node api and that it fetches the alert from the in memory alert store instead via core get api from an index.
Original commit: elastic/x-pack-elasticsearch@6bf471bf74
2014-12-05 19:59:58 +01:00
Martijn van Groningen 05848603d8 Added missing rest handler
Original commit: elastic/x-pack-elasticsearch@749dfc61f5
2014-12-05 19:24:11 +01:00
Martijn van Groningen b039f8bbdb Changed to use indexBlockedException instead of indicesBlockedException
Original commit: elastic/x-pack-elasticsearch@33f581ddd2
2014-12-05 19:13:31 +01:00
Martijn van Groningen bbaa122d7e Removed unused field.
Original commit: elastic/x-pack-elasticsearch@b6b0d926ba
2014-12-05 19:11:24 +01:00
Martijn van Groningen 45e5c13369 Disallow dynamic mapping
Added config mapping

Original commit: elastic/x-pack-elasticsearch@f3de2c17bd
2014-12-05 17:03:26 +01:00
Brian Murphy c97e083a59 Move the saving of configs to the manager.
Original commit: elastic/x-pack-elasticsearch@aa8372d34e
2014-12-05 15:55:19 +00:00
Martijn van Groningen ac45a4fe99 Changes the configuration manager to rely more on alert store for the .alerts index / templated to be loaded. This simplified to loading logic in the configuration manager.
Original commit: elastic/x-pack-elasticsearch@ccd7a23243
2014-12-05 16:42:58 +01:00
Brian Murphy 780c89ec23 Move settings checking to the creation of SMTP alert actions.
Original commit: elastic/x-pack-elasticsearch@30da14cb9e
2014-12-05 15:09:07 +00:00
Martijn van Groningen 203cf5c024 Remove redundant config manager start checking
Original commit: elastic/x-pack-elasticsearch@5369765398
2014-12-05 16:02:28 +01:00
Martijn van Groningen 984d7d615a removed log statements
Original commit: elastic/x-pack-elasticsearch@c4b7b16cd4
2014-12-05 15:36:18 +01:00
Martijn van Groningen aeacbe44ca Removed redundant if statement
Original commit: elastic/x-pack-elasticsearch@2de43dc7d5
2014-12-05 15:34:44 +01:00
Martijn van Groningen 1258a4c327 Renamed ConfigManager#isReady() to ConfigManager#start()
Add ConfigManager#stop()
Simplified config loading
smpt alert action settings are now also updated

Original commit: elastic/x-pack-elasticsearch@acb180f88c
2014-12-05 15:14:24 +01:00