alerts API changes

Signed-off-by: Riya Saxena <[email protected]>

src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java

@@ -57,7 +57,7 @@
 import org.opensearch.securityanalytics.action.AckAlertsAction;
 import org.opensearch.securityanalytics.action.CreateIndexMappingsAction;
 import org.opensearch.securityanalytics.action.CorrelatedFindingAction;
-import org.opensearch.securityanalytics.action.CorrelationAckAlertsAction;
+import org.opensearch.securityanalytics.action.AckCorrelationAlertsAction;
 import org.opensearch.securityanalytics.action.DeleteCustomLogTypeAction;
 import org.opensearch.securityanalytics.action.DeleteDetectorAction;
 import org.opensearch.securityanalytics.action.DeleteRuleAction;
@@ -367,7 +367,7 @@ public List<Setting<?>> getSettings() {
                 new ActionHandler<>(DeleteCustomLogTypeAction.INSTANCE, TransportDeleteCustomLogTypeAction.class),
                 new ActionHandler<>(PutTIFJobAction.INSTANCE, TransportPutTIFJobAction.class),
                 new ActionPlugin.ActionHandler<>(GetCorrelationAlertsAction.INSTANCE, TransportGetCorrelationAlertsAction.class),
-                new ActionPlugin.ActionHandler<>(CorrelationAckAlertsAction.INSTANCE, TransportAckCorrelationAlertsAction.class)
+                new ActionPlugin.ActionHandler<>(AckCorrelationAlertsAction.INSTANCE, TransportAckCorrelationAlertsAction.class)
         );
     }
 

src/main/java/org/opensearch/securityanalytics/action/AckCorrelationAlertsAction.java

@@ -0,0 +1,20 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+package org.opensearch.securityanalytics.action;
+
+import org.opensearch.action.ActionType;
+
+/**
+ * Acknowledge Correlation Alert Action
+ */
+public class AckCorrelationAlertsAction extends ActionType<AckCorrelationAlertsResponse> {
+    public static final String NAME = "cluster:admin/opensearch/securityanalytics/correlationAlerts/ack";
+    public static final AckCorrelationAlertsAction INSTANCE = new AckCorrelationAlertsAction();
+
+    public AckCorrelationAlertsAction() {
+        super(NAME, AckCorrelationAlertsResponse::new);
+    }
+}
+

src/main/java/org/opensearch/securityanalytics/action/CorrelationAckAlertsRequest.java → src/main/java/org/opensearch/securityanalytics/action/AckCorrelationAlertsRequest.java

@@ -12,14 +12,14 @@
 import java.util.Collections;
 import java.util.List;
 
-public class CorrelationAckAlertsRequest extends ActionRequest {
+public class AckCorrelationAlertsRequest extends ActionRequest {
     private final List<String> correlationAlertIds;
 
-    public CorrelationAckAlertsRequest(List<String> correlationAlertIds) {
+    public AckCorrelationAlertsRequest(List<String> correlationAlertIds) {
         this.correlationAlertIds = correlationAlertIds;
     }
 
-    public CorrelationAckAlertsRequest(StreamInput in) throws IOException {
+    public AckCorrelationAlertsRequest(StreamInput in) throws IOException {
         correlationAlertIds = Collections.unmodifiableList(in.readStringList());
     }
 

src/main/java/org/opensearch/securityanalytics/action/CorrelationAckAlertsResponse.java → src/main/java/org/opensearch/securityanalytics/action/AckCorrelationAlertsResponse.java

@@ -11,17 +11,17 @@
 import java.util.Collections;
 import java.util.List;
 
-public class CorrelationAckAlertsResponse  extends ActionResponse implements ToXContentObject {
+public class AckCorrelationAlertsResponse extends ActionResponse implements ToXContentObject {
 
     private final List<CorrelationAlert> acknowledged;
     private final List<CorrelationAlert> failed;
 
-    public CorrelationAckAlertsResponse(List<CorrelationAlert> acknowledged, List<CorrelationAlert> failed) {
+    public AckCorrelationAlertsResponse(List<CorrelationAlert> acknowledged, List<CorrelationAlert> failed) {
         this.acknowledged = acknowledged;
         this.failed = failed;
     }
 
-    public CorrelationAckAlertsResponse(StreamInput sin) throws IOException {
+    public AckCorrelationAlertsResponse(StreamInput sin) throws IOException {
         this(
                 Collections.unmodifiableList(sin.readList(CorrelationAlert::new)),
                 Collections.unmodifiableList(sin.readList(CorrelationAlert::new))

src/main/java/org/opensearch/securityanalytics/correlation/alert/CorrelationAlertService.java

@@ -18,11 +18,6 @@
 import org.opensearch.common.lucene.uid.Versions;
 import org.opensearch.commons.alerting.model.Alert;
 import org.opensearch.commons.alerting.model.Table;
-import org.opensearch.client.Client;
-import org.opensearch.common.lucene.uid.Versions;
-import org.opensearch.commons.alerting.model.ActionExecutionResult;
-import org.opensearch.commons.alerting.model.Alert;
-import org.opensearch.commons.authuser.User;
 import org.opensearch.common.unit.TimeValue;
 import org.opensearch.common.xcontent.LoggingDeprecationHandler;
 import org.opensearch.common.xcontent.XContentFactory;
@@ -42,14 +37,8 @@
 import org.opensearch.search.sort.FieldSortBuilder;
 import org.opensearch.search.sort.SortBuilders;
 import org.opensearch.search.sort.SortOrder;
-import org.opensearch.securityanalytics.action.CorrelationAckAlertsResponse;
+import org.opensearch.securityanalytics.action.AckCorrelationAlertsResponse;
 import org.opensearch.securityanalytics.action.GetCorrelationAlertsResponse;
-import org.opensearch.core.xcontent.XContentParserUtils;
-import org.opensearch.index.query.BoolQueryBuilder;
-import org.opensearch.index.query.QueryBuilders;
-import org.opensearch.search.SearchHit;
-import org.opensearch.search.builder.SearchSourceBuilder;
-import org.opensearch.commons.alerting.model.CorrelationAlert;
 import org.opensearch.securityanalytics.util.CorrelationIndices;
 import java.io.IOException;
 import java.time.Instant;
@@ -205,7 +194,7 @@ public void getCorrelationAlerts(String ruleId, Table tableProp, ActionListener<
         ));
     }
 
-    public void acknowledgeAlerts(List<String> alertIds, ActionListener<CorrelationAckAlertsResponse> listener) {
+    public void acknowledgeAlerts(List<String> alertIds, ActionListener<AckCorrelationAlertsResponse> listener) {
         BulkRequest bulkRequest = new BulkRequest();
         List<CorrelationAlert> acknowledgedAlerts = new ArrayList<>();
         List<CorrelationAlert> failedAlerts = new ArrayList<>();
@@ -255,7 +244,7 @@ public void onResponse(BulkResponse bulkResponse) {
                                 }
                             }
                             // Create and pass the CorrelationAckAlertsResponse to the listener
-                            listener.onResponse(new CorrelationAckAlertsResponse(acknowledgedAlerts, failedAlerts));
+                            listener.onResponse(new AckCorrelationAlertsResponse(acknowledgedAlerts, failedAlerts));
                         }
 
                         @Override
@@ -266,7 +255,7 @@ public void onFailure(Exception e) {
                     });
                 } else {
                     // If there are no update requests, return an empty response
-                    listener.onResponse(new CorrelationAckAlertsResponse(acknowledgedAlerts, failedAlerts));
+                    listener.onResponse(new AckCorrelationAlertsResponse(acknowledgedAlerts, failedAlerts));
                 }
             }
 

src/main/java/org/opensearch/securityanalytics/resthandler/RestAcknowledgeCorrelationAlertsAction.java

@@ -6,8 +6,8 @@
 import org.opensearch.rest.RestRequest;
 import org.opensearch.rest.action.RestToXContentListener;
 import org.opensearch.securityanalytics.SecurityAnalyticsPlugin;
-import org.opensearch.securityanalytics.action.CorrelationAckAlertsAction;
-import org.opensearch.securityanalytics.action.CorrelationAckAlertsRequest;
+import org.opensearch.securityanalytics.action.AckCorrelationAlertsAction;
+import org.opensearch.securityanalytics.action.AckCorrelationAlertsRequest;
 
 import java.io.IOException;
 import java.util.ArrayList;
@@ -40,9 +40,9 @@ public List<Route> routes() {
     @Override
     protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient nodeClient) throws IOException {
         List<String> alertIds = getAlertIds(request.contentParser());
-        CorrelationAckAlertsRequest CorrelationAckAlertsRequest = new CorrelationAckAlertsRequest(alertIds);
+        AckCorrelationAlertsRequest CorrelationAckAlertsRequest = new AckCorrelationAlertsRequest(alertIds);
         return channel -> nodeClient.execute(
-                CorrelationAckAlertsAction.INSTANCE,
+                AckCorrelationAlertsAction.INSTANCE,
                 CorrelationAckAlertsRequest,
                 new RestToXContentListener<>(channel)
         );

src/main/java/org/opensearch/securityanalytics/transport/TransportAckCorrelationAlertsAction.java

@@ -13,17 +13,16 @@
 import org.opensearch.core.action.ActionListener;
 import org.opensearch.core.rest.RestStatus;
 import org.opensearch.core.xcontent.NamedXContentRegistry;
-import org.opensearch.securityanalytics.action.CorrelationAckAlertsAction;
-import org.opensearch.securityanalytics.action.GetCorrelationAlertsAction;
-import org.opensearch.securityanalytics.action.CorrelationAckAlertsRequest;
-import org.opensearch.securityanalytics.action.CorrelationAckAlertsResponse;
+import org.opensearch.securityanalytics.action.AckCorrelationAlertsAction;
+import org.opensearch.securityanalytics.action.AckCorrelationAlertsRequest;
+import org.opensearch.securityanalytics.action.AckCorrelationAlertsResponse;
 import org.opensearch.securityanalytics.correlation.alert.CorrelationAlertService;
 import org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings;
 import org.opensearch.tasks.Task;
 import org.opensearch.threadpool.ThreadPool;
 import org.opensearch.transport.TransportService;
 
-public class TransportAckCorrelationAlertsAction extends HandledTransportAction<CorrelationAckAlertsRequest, CorrelationAckAlertsResponse> implements SecureTransportAction {
+public class TransportAckCorrelationAlertsAction extends HandledTransportAction<AckCorrelationAlertsRequest, AckCorrelationAlertsResponse> implements SecureTransportAction {
 
     private final NamedXContentRegistry xContentRegistry;
 
@@ -41,10 +40,10 @@ public class TransportAckCorrelationAlertsAction extends HandledTransportAction<
 
 
     @Inject
-    public TransportAckCorrelationAlertsAction(TransportService transportService, ActionFilters actionFilters, ClusterService clusterService, CorrelationAckAlertsAction correlationAckAlertsAction, ThreadPool threadPool, Settings settings, NamedXContentRegistry xContentRegistry, Client client) {
-        super(correlationAckAlertsAction.NAME, transportService, actionFilters, CorrelationAckAlertsRequest::new);
+    public TransportAckCorrelationAlertsAction(TransportService transportService, CorrelationAlertService correlationAlertService, ActionFilters actionFilters, ClusterService clusterService, AckCorrelationAlertsAction correlationAckAlertsAction, ThreadPool threadPool, Settings settings, NamedXContentRegistry xContentRegistry, Client client) {
+        super(correlationAckAlertsAction.NAME, transportService, actionFilters, AckCorrelationAlertsRequest::new);
         this.xContentRegistry = xContentRegistry;
-        this.correlationAlertService = new CorrelationAlertService(client, xContentRegistry);
+        this.correlationAlertService = correlationAlertService;
         this.clusterService = clusterService;
         this.threadPool = threadPool;
         this.settings = settings;
@@ -53,7 +52,7 @@ public TransportAckCorrelationAlertsAction(TransportService transportService, Ac
     }
 
     @Override
-    protected void doExecute(Task task, CorrelationAckAlertsRequest request, ActionListener<CorrelationAckAlertsResponse> actionListener) {
+    protected void doExecute(Task task, AckCorrelationAlertsRequest request, ActionListener<AckCorrelationAlertsResponse> actionListener) {
 
         User user = readUserFromThreadContext(this.threadPool);
 

src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCorrelationRuleAction.java

@@ -47,11 +47,12 @@ public class TransportDeleteCorrelationRuleAction extends HandledTransportAction
     public TransportDeleteCorrelationRuleAction(
         TransportService transportService,
         Client client,
-        ActionFilters actionFilters
+        ActionFilters actionFilters,
+        CorrelationAlertService correlationAlertService
     ) {
         super(DeleteCorrelationRuleAction.NAME, transportService, actionFilters, DeleteCorrelationRuleRequest::new);
         this.client = client;
-        this.correlationAlertService = new CorrelationAlertService(client, new NamedXContentRegistry(Collections.emptyList()));
+        this.correlationAlertService = correlationAlertService;
     }
 
     @Override

src/main/java/org/opensearch/securityanalytics/transport/TransportGetCorrelationAlertsAction.java

@@ -38,10 +38,10 @@ public class TransportGetCorrelationAlertsAction extends HandledTransportAction<
 
 
     @Inject
-    public TransportGetCorrelationAlertsAction(TransportService transportService, ActionFilters actionFilters, ClusterService clusterService, GetCorrelationAlertsAction getCorrelationAlertsAction, ThreadPool threadPool, Settings settings, NamedXContentRegistry xContentRegistry, Client client) {
+    public TransportGetCorrelationAlertsAction(TransportService transportService, CorrelationAlertService correlationAlertService, ActionFilters actionFilters, ClusterService clusterService, GetCorrelationAlertsAction getCorrelationAlertsAction, ThreadPool threadPool, Settings settings, NamedXContentRegistry xContentRegistry, Client client) {
         super(getCorrelationAlertsAction.NAME, transportService, actionFilters, GetCorrelationAlertsRequest::new);
         this.xContentRegistry = xContentRegistry;
-        this.correlationAlertService = new CorrelationAlertService(client, xContentRegistry);
+        this.correlationAlertService = correlationAlertService;
         this.clusterService = clusterService;
         this.threadPool = threadPool;
         this.settings = settings;