fix misconfigured alerts between Kibana ndjson & Elastalert

infrastructure/monitoring/elastalert/rules/alert.yaml

@@ -26,13 +26,13 @@ filter:
       should:
         - term:
             rule.name.keyword:
-              value: 'Available disk space in data partition'
+              value: 'Available disk space in root file system'
         - term:
             rule.name.keyword:
               value: 'CPU under heavy load'
         - term:
             rule.name.keyword:
-              value: 'Low on available disk space'
+              value: 'Low on available disk space in data partition'
       minimum_should_match: 1
 
 alert: post2

package.json

@@ -18,7 +18,7 @@
   "scripts": {
     "dev": "yarn start",
     "precommit": "lint-staged",
-    "test": "echo 'no tests, yet'",
+    "test": "vitest",
     "test:compilation": "tsc --noEmit",
     "lint": "eslint -c .eslintrc.js",
     "start": "cross-env NODE_ENV=development NODE_OPTIONS=--dns-result-order=ipv4first nodemon --exec ts-node -r tsconfig-paths/register src/index.ts",
@@ -34,8 +34,8 @@
     "@graphql-codegen/add": "^3.1.1",
     "@graphql-codegen/cli": "^3.3.1",
     "@graphql-codegen/introspection": "^3.0.1",
-    "@graphql-codegen/typescript-operations": "^3.0.4",
     "@graphql-codegen/typescript": "^3.0.4",
+    "@graphql-codegen/typescript-operations": "^3.0.4",
     "@inquirer/editor": "^1.2.13",
     "@octokit/core": "4.2.1",
     "@types/google-libphonenumber": "^7.4.23",
@@ -49,19 +49,21 @@
     "@typescript-eslint/eslint-plugin": "^5.60.1",
     "@typescript-eslint/parser": "^5.60.1",
     "cypress-xpath": "^2.0.1",
+    "eslint": "^8.43.0",
     "eslint-config-prettier": "^8.8.0",
     "eslint-plugin-prettier": "^4.2.1",
-    "eslint": "^8.43.0",
     "husky": "1.0.0-rc.13",
     "inquirer": "^9.2.12",
+    "js-yaml": "^4.1.0",
     "kleur": "^4.1.5",
     "libsodium-wrappers": "^0.7.13",
     "lint-staged": "^7.1.0",
     "node-ssh": "^13.2.0",
     "nodemon": "^2.0.22",
     "pino-pretty": "^11.0.0",
     "prettier": "^2.8.8",
-    "react-intl": "^6.4.3"
+    "react-intl": "^6.4.3",
+    "vitest": "^2.1.2"
   },
   "dependencies": {
     "@faker-js/faker": "^6.0.0-alpha.5",
@@ -76,8 +78,8 @@
     "@types/hapi__hapi": "^20.0.0",
     "@types/jwt-decode": "^2.2.1",
     "@types/lodash": "^4.14.117",
-    "@types/node-fetch": "^2.6.2",
     "@types/node": "^10.12.5",
+    "@types/node-fetch": "^2.6.2",
     "@types/nodemailer": "^6.4.14",
     "app-module-path": "^2.2.0",
     "chalk": "^2.4.1",
@@ -89,8 +91,8 @@
     "dotenv": "^16.4.5",
     "esbuild": "^0.18.9",
     "google-libphonenumber": "^3.2.32",
-    "graphql-tag": "^2.12.6",
     "graphql": "^16.3.0",
+    "graphql-tag": "^2.12.6",
     "handlebars": "^4.7.7",
     "hapi-auth-jwt2": "10.4.0",
     "hapi-pino": "^9.0.0",

tests/verify-elastalert-kibana-alerts-match.test.ts

@@ -0,0 +1,54 @@
+import { readdirSync, readFileSync } from 'fs'
+import yaml from 'js-yaml'
+import { join } from 'path'
+import { expect, it } from 'vitest'
+
+function findAllValuesByKey(obj: unknown, key: string): any[] {
+  const result: any[] = []
+
+  const recurse = (item: unknown) => {
+    if (Array.isArray(item)) {
+      for (const element of item) {
+        recurse(element)
+      }
+    } else if (typeof item === 'object' && item !== null) {
+      for (const k in item) {
+        if (k === key) {
+          result.push(item[k])
+        }
+        recurse(item[k])
+      }
+    }
+  }
+
+  recurse(obj)
+  return result
+}
+
+it('all tests defined in Kibana config are also defined in Elastalert config', () => {
+  const allAlertNames = readFileSync(
+    join(__dirname, '../infrastructure/monitoring/kibana', 'config.ndjson'),
+    'utf8'
+  )
+    .split('\n')
+    .map((str) => JSON.parse(str))
+    .filter((item) => item.type === 'alert')
+    .map((item) => item.attributes.name)
+    .sort()
+    .filter((value, index, self) => self.indexOf(value) === index)
+
+  const ruleNameFilters = readdirSync(
+    join(__dirname, '../infrastructure/monitoring/elastalert/rules')
+  )
+    .map((file) =>
+      join(__dirname, '../infrastructure/monitoring/elastalert/rules', file)
+    )
+    .map((file) => readFileSync(file, 'utf8'))
+    .map((file) => yaml.load(file))
+    .flatMap((rule) => findAllValuesByKey(rule, 'rule.name.keyword'))
+    .map((x) => x.value)
+    .sort()
+    .filter((value, index, self) => self.indexOf(value) === index)
+
+  expect(ruleNameFilters).toEqual(allAlertNames)
+})