feat(alerts): add status update events and enhance query filters for alerts

Author: mjabascal10

backend/src/main/java/com/park/utmstack/config/Constants.java

@@ -74,6 +74,7 @@ public final class Constants {
     // - Alert index common fields
     // ----------------------------------------------------------------------------------
     public static final String alertIdKeyword = "id.keyword";
+    public static final String parentIdKeyword = "parentId.keyword";
     public static final String alertStatus = "status";
     public static final String alertTags = "tags";
     public static final String alertIsIncident = "isIncident";

backend/src/main/java/com/park/utmstack/domain/application_events/enums/ApplicationEventType.java

@@ -13,6 +13,8 @@ public enum ApplicationEventType {
     ACCESS_DENIED,
     ALERT_UPDATE_ATTEMPT,
     ALERT_UPDATE_SUCCESS,
+    ALERT_STATUS_UPDATE_ATTEMPT,
+    ALERT_STATUS_UPDATE_SUCCESS,
     ALERT_NOTE_UPDATE_ATTEMPT,
     ALERT_NOTE_UPDATE_SUCCESS,
     ALERT_TAG_UPDATE_ATTEMPT,

backend/src/main/java/com/park/utmstack/domain/chart_builder/types/query/OperatorType.java

@@ -10,6 +10,7 @@ public enum OperatorType {
     IS_ONE_OF,
     IS_NOT_ONE_OF,
     IS_ONE_OF_TERMS,
+    IS_ONE_OF_TERMS_OR,
     EXIST,
     DOES_NOT_EXIST,
     IS_BETWEEN,
@@ -22,4 +23,5 @@ public enum OperatorType {
     NOT_START_WITH,
     IS_GREATER_THAN,
     IS_LESS_THAN_OR_EQUALS
+
 }

backend/src/main/java/com/park/utmstack/service/elasticsearch/SearchUtil.java

@@ -31,8 +31,9 @@ public class SearchUtil {
     public static Query toQuery(List<FilterType> filters) {
         final String ctx = CLASSNAME + ".toQuery";
         try {
+            boolean hasShouldClauses = false;
             BoolQuery.Builder bool = new BoolQuery.Builder();
-            bool.filter(Query.of(q -> q.matchAll(MatchAllQuery.of(m -> m))));
+            /*bool.filter(Query.of(q -> q.matchAll(MatchAllQuery.of(m -> m))));*/
 
             if (!CollectionUtils.isEmpty(filters)) {
                 for (FilterType filter : filters) {
@@ -100,9 +101,18 @@ public static Query toQuery(List<FilterType> filters) {
                         case IS_LESS_THAN_OR_EQUALS:
                             buildIsLessThanOrEquals(bool, filter);
                             break;
+                        case IS_ONE_OF_TERMS_OR:
+                            hasShouldClauses = true;
+                            buildIsOneOfOr(bool, filter);
+                            break;
                     }
                 }
             }
+
+            if (hasShouldClauses) {
+                bool.minimumShouldMatch("1");
+            }
+
             return Query.of(q -> q.bool(bool.build()));
         } catch (Exception e) {
             throw new RuntimeException(ctx + ": " + e.getLocalizedMessage());
@@ -373,6 +383,16 @@ private static void buildIsLessThanOrEquals(BoolQuery.Builder bool, FilterType f
         }
     }
 
+    private static void buildIsOneOfOr(BoolQuery.Builder bool, FilterType filter) {
+        List<FieldValue> termsValues = ((List<?>) filter.getValue()).stream().map(str -> FieldValue.of((String) str)).toList();
+
+        Query termsQuery = Query.of(q -> q.terms(t -> t
+                .field(filter.getField())
+                .terms(terms -> terms.value(termsValues))));
+
+        bool.should(termsQuery);
+    }
+
     /**
      * Apply a sort to a elasticsearch query
      *

backend/src/main/java/com/park/utmstack/service/impl/UtmAlertServiceImpl.java

@@ -29,6 +29,7 @@
 import com.park.utmstack.util.exceptions.UtmElasticsearchException;
 import com.utmstack.opensearch_connector.parsers.TermAggregateParser;
 import com.utmstack.opensearch_connector.types.BucketAggregation;
+import lombok.RequiredArgsConstructor;
 import org.apache.commons.text.StringEscapeUtils;
 import org.opensearch.client.opensearch._types.query_dsl.Query;
 import org.opensearch.client.opensearch.core.SearchRequest;
@@ -52,6 +53,7 @@
 import java.util.stream.Collectors;
 
 @Service
+@RequiredArgsConstructor
 @Transactional
 public class UtmAlertServiceImpl implements UtmAlertService {
 
@@ -67,22 +69,7 @@ public class UtmAlertServiceImpl implements UtmAlertService {
     private final SocAIService socAIService;
     private final UtmAlertResponseRuleService alertResponseRuleService;
 
-    public UtmAlertServiceImpl(MailService mailService,
-                               ApplicationEventService eventService,
-                               AlertPointcut alertPointcut,
-                               UtmAlertLastRepository lastAlertRepository,
-                               ElasticsearchService elasticsearchService,
-                               UtmModuleService moduleService, SocAIService socAIService,
-                               UtmAlertResponseRuleService alertResponseRuleService) {
-        this.mailService = mailService;
-        this.eventService = eventService;
-        this.alertPointcut = alertPointcut;
-        this.lastAlertRepository = lastAlertRepository;
-        this.elasticsearchService = elasticsearchService;
-        this.moduleService = moduleService;
-        this.socAIService = socAIService;
-        this.alertResponseRuleService = alertResponseRuleService;
-    }
+
 
     @EventListener(RulesEvaluationEndEvent.class)
     public void checkForNewAlerts() {
@@ -177,13 +164,24 @@ private List<LogType> getRelatedAlerts(List<String> logs) throws UtmElasticsearc
     public void updateStatus(List<String> alertIds, int status, String statusObservation) throws
             ElasticsearchIndexDocumentUpdateException {
         final String ctx = CLASS_NAME + ".updateStatus";
+        long start = System.currentTimeMillis();
         try {
+            String alertsIds = String.join(",", alertIds);
+            Map<String, Object> extra = Map.of(
+                    "alertIds", alertsIds,
+                    "newStatus", status
+            );
+
+            String attemptMsg = String.format("Attempt to update status to %1$s for alerts with ids: %2$s",
+                AlertStatus.getByCode(status).getName(), alertsIds);
+            eventService.createEvent(attemptMsg, ApplicationEventType.ALERT_STATUS_UPDATE_ATTEMPT, extra);
             String ruleScript = "ctx._source.status=%1$s;" +
                     "ctx._source.statusLabel='%2$s';" +
                     "ctx._source.statusObservation=\"%3$s\";";
 
             List<FilterType> filters = new ArrayList<>();
-            filters.add(new FilterType(Constants.alertIdKeyword, OperatorType.IS_ONE_OF_TERMS, alertIds));
+            filters.add(new FilterType(Constants.alertIdKeyword, OperatorType.IS_ONE_OF_TERMS_OR, alertIds));
+            filters.add(new FilterType(Constants.parentIdKeyword, OperatorType.IS_ONE_OF_TERMS_OR, alertIds));
 
             String script = String.format(ruleScript, status,
                     AlertStatus.getByCode(status).getName(), StringEscapeUtils.escapeJava(statusObservation));
@@ -192,6 +190,11 @@ public void updateStatus(List<String> alertIds, int status, String statusObserva
 
             elasticsearchService.updateByQuery(SearchUtil.toQuery(filters),
                     Constants.SYS_INDEX_PATTERN.get(SystemIndexPattern.ALERTS), script);
+
+            long duration = System.currentTimeMillis() - start;
+            String successMsg = String.format("Status updated to %1$s for alerts with ids: %2$s in %3$s ms",
+                    AlertStatus.getByCode(status).getName(), alertsIds, duration);
+            eventService.createEvent(successMsg, ApplicationEventType.ALERT_NOTE_UPDATE_SUCCESS, extra);
         } catch (Exception e) {
             throw new ElasticsearchIndexDocumentUpdateException(ctx + ": " + e.getMessage());
         }

backend/src/main/java/com/park/utmstack/web/rest/elasticsearch/ElasticsearchResource.java

@@ -2,6 +2,7 @@
 
 import com.park.utmstack.domain.application_events.enums.ApplicationEventType;
 import com.park.utmstack.domain.chart_builder.types.query.FilterType;
+import com.park.utmstack.domain.chart_builder.types.query.OperatorType;
 import com.park.utmstack.domain.shared_types.CsvExportingParams;
 import com.park.utmstack.service.application_events.ApplicationEventService;
 import com.park.utmstack.service.elasticsearch.ElasticsearchService;
@@ -146,6 +147,7 @@ public ResponseEntity<Void> deleteIndex(@RequestBody List<String> indexes) {
     @PostMapping("/search")
     public ResponseEntity<List<Map>> search(@RequestBody(required = false) List<FilterType> filters,
                                             @RequestParam Integer top, @RequestParam String indexPattern,
+                                            @RequestParam(required = false, defaultValue = "false") boolean includeChildren,
                                             Pageable pageable) {
         final String ctx = CLASSNAME + ".search";
         try {
@@ -159,8 +161,24 @@ public ResponseEntity<List<Map>> search(@RequestBody(required = false) List<Filt
             HttpHeaders headers = UtilPagination.generatePaginationHttpHeaders(Math.min(hits.total().value(), top),
                     pageable.getPageNumber(), pageable.getPageSize(), "/api/elasticsearch/search");
 
-            return ResponseEntity.ok().headers(headers).body(hits.hits().stream()
-                    .map(Hit::source).collect(Collectors.toList()));
+            List<Map> results = hits.hits().stream()
+                    .map(Hit::source)
+                    .toList();
+
+            if (includeChildren) {
+                results.forEach(d -> {
+                    Object id = d.get("id");
+                    if (id != null) {
+                        boolean hasChildren = elasticsearchService.exists(
+                                List.of(new FilterType("parentId", OperatorType.IS,  id.toString())),
+                                indexPattern
+                        );
+                        d.put("hasChildren", hasChildren);
+                    }
+                });
+            }
+
+            return ResponseEntity.ok().headers(headers).body(results);
         } catch (Exception e) {
             String msg = ctx + ": " + e.getMessage();
             log.error(msg);