Merge pull request #1519 from jertel/jertel/fixmspwr

fix power automate opensearch integration

CHANGELOG.md

@@ -4,7 +4,7 @@
 - TBD
 
 ## New features
-- [MS Power Automate] New Alert Channel with Microsoft Power Automate - [#1505](https://github.com/jertel/elastalert2/pull/1505)  [#1513](https://github.com/jertel/elastalert2/pull/1513) - @marssilva
+- [MS Power Automate] New Alert Channel with Microsoft Power Automate - [#1505](https://github.com/jertel/elastalert2/pull/1505)  [#1513](https://github.com/jertel/elastalert2/pull/1513) [#1519](https://github.com/jertel/elastalert2/pull/1519) - @marssilva, @jertel
 
 ## Other changes
 - [Indexer] Fixed fields types error on instance indexer_alert_config in schema.yml - [#1499](https://github.com/jertel/elastalert2/pull/1499) - @olehpalanskyi

docs/source/alerts.rst

@@ -1648,8 +1648,6 @@ Optional:
 
 ``ms_power_automate_alert_summary``: Microsoft Power Automate use this value for notification title, defaults to `alert_subject <https://elastalert2.readthedocs.io/en/latest/alerts.html#alert-subject>`_. You can set this value with arbitrary text if you don't want to use the default.
 
-``ms_power_automate_kibana_discover_color``: By default, the alert will be published with the ``default`` type blue if not specified. If set to ``positive``, action is displayed with a positive style (typically the button becomes accent color), If set to ``destructive``, Action is displayed with a destructive style (typically the button becomes red)
-
 ``ms_power_automate_proxy``: By default ElastAlert 2 will not use a network proxy to send notifications to MS Teams. Set this option using ``hostname:port`` if you need to use a proxy. only supports https.
 
 ``ms_power_automate_teams_card_width_full``: By default, this is ``False`` and the notification will be sent to MS Teams without rendering full width in Microsoft Teams. Setting this attribute to ``True`` will render the alert in full width. `doc feature <https://github.com/microsoft/AdaptiveCards/issues/8102>`_.
@@ -1668,10 +1666,14 @@ Example ms_power_automate_alert_facts::
 
 ``ms_power_automate_kibana_discover_title``: The title of the Kibana Discover url attachment. Defaults to ``Discover in Kibana``.
 
+``ms_power_automate_kibana_discover_color``: By default, the alert will be published with the ``default`` type blue if not specified. If set to ``positive``, action is displayed with a positive style (typically the button becomes accent color), If set to ``destructive``, Action is displayed with a destructive style (typically the button becomes red)
+
 ``ms_power_automate_opensearch_discover_attach_url``: Enables the attachment of the ``opensearch_discover_url`` to the MS Teams notification. The config ``generate_opensearch_discover_url`` must also be ``True`` in order to generate the url. Defaults to ``False``.
 
 ``ms_power_automate_opensearch_discover_title``: The title of the Opensearch Discover url attachment. Defaults to ``Discover in opensearch``.
 
+``ms_power_automate_opensearch_discover_color``: By default, the alert will be published with the ``default`` type blue if not specified. If set to ``positive``, action is displayed with a positive style (typically the button becomes accent color), If set to ``destructive``, Action is displayed with a destructive style (typically the button becomes red)
+
 Example ms_power_automate_kibana_discover_attach_url, ms_power_automate_kibana_discover_title::
 
     # (Required)

elastalert/alerters/powerautomate.py

@@ -20,12 +20,13 @@ def __init__(self, rule):
         self.ms_power_automate_alert_summary = self.rule.get('ms_power_automate_alert_summary', None)
         self.ms_power_automate_summary_text_size = self.rule.get('ms_power_automate_summary_text_size', 'large')
         self.ms_power_automate_body_text_size = self.rule.get('ms_power_automate_body_text_size', '')
-        self.ms_power_automate_kibana_discover_color = self.rule.get('ms_power_automate_kibana_discover_color', 'default')
         self.ms_power_automate_ca_certs = self.rule.get('ms_power_automate_ca_certs')
         self.ms_power_automate_ignore_ssl_errors = self.rule.get('ms_power_automate_ignore_ssl_errors', False)
         self.ms_power_automate_alert_facts = self.rule.get('ms_power_automate_alert_facts', '')
+        self.ms_power_automate_kibana_discover_color = self.rule.get('ms_power_automate_kibana_discover_color', 'default')
         self.ms_power_automate_kibana_discover_attach_url = self.rule.get('ms_power_automate_kibana_discover_attach_url', False)
         self.ms_power_automate_kibana_discover_title = self.rule.get('ms_power_automate_kibana_discover_title', 'Discover in Kibana')
+        self.ms_power_automate_opensearch_discover_color = self.rule.get('ms_power_automate_opensearch_discover_color', 'default')
         self.ms_power_automate_opensearch_discover_attach_url = self.rule.get('ms_power_automate_opensearch_discover_attach_url', False)
         self.ms_power_automate_opensearch_discover_title = self.rule.get('ms_power_automate_opensearch_discover_title', 'Discover in opensearch')
         self.ms_power_automate_teams_card_width_full = self.rule.get('ms_power_automate_teams_card_width_full', False)
@@ -118,7 +119,7 @@ def alert(self, matches):
                     "type": "Action.OpenUrl",
                     "title": self.ms_power_automate_opensearch_discover_title,
                     "url": opensearch_discover_url,
-                    "style": self.ms_power_automate_kibana_discover_color
+                    "style": self.ms_power_automate_opensearch_discover_color
                 })                     
 
         for url in self.ms_power_automate_webhook_url:

elastalert/schema.yaml

@@ -699,6 +699,7 @@ properties:
   ms_power_automate_ignore_ssl_errors: {type: boolean}
   ms_power_automate_opensearch_discover_attach_url: {type: boolean}
   ms_power_automate_opensearch_discover_title: {type: string}
+  ms_power_automate_opensearch_discover_color: {type: string, enum: ['default', 'positive', 'destructive']}
   ms_power_automate_teams_card_width_full: {type: boolean}
 
   ### Opsgenie

tests/alerters/powerautomate_test.py

@@ -434,6 +434,212 @@ def test_ms_power_automate_kibana_discover_color_when_destructive():
     assert expected_data == actual_data
 
 
+def test_ms_power_automate_opensearch_discover_attach_url_when_generated():
+    rule = {
+        'name': 'Test Rule',
+        'type': 'any',
+        'ms_power_automate_opensearch_discover_attach_url': True,
+        'ms_power_automate_webhook_url': 'http://test.webhook.url',
+        'ms_power_automate_alert_summary': 'Alert from ElastAlert',
+        'alert': [],
+        'alert_subject': 'Cool subject',
+    }
+    rules_loader = FileRulesLoader({})
+    rules_loader.load_modules(rule)
+    alert = MsPowerAutomateAlerter(rule)
+    match = {
+        '@timestamp': '2024-07-19T00:00:00',
+        'opensearch_discover_url': 'http://opensearch#discover'
+    }
+    with mock.patch('requests.post') as mock_post_request:
+        alert.alert([match])
+
+    expected_data = {
+        "type": "message",
+        "attachments": [
+            {
+                "contentType": "application/vnd.microsoft.card.adaptive",
+                "content": {
+                    "type": "AdaptiveCard",
+                    "$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
+                    "version": "1.4",
+                    "body": [
+                        {
+                            "type": "TextBlock",
+                            "text": rule['ms_power_automate_alert_summary'],
+                            "weight": "Bolder",
+                            "wrap": True,
+                            "size": "large"
+                        },
+                        {
+                            "type": "TextBlock",
+                            "text": BasicMatchString(rule, match).__str__(),
+                            "spacing": "Large",
+                            "wrap": True
+                        }
+                    ],
+                    "actions": [
+                        {
+                            "type": "Action.OpenUrl",
+                            "title": "Discover in opensearch",
+                            "url": match['opensearch_discover_url'],
+                            "style": "default"
+                        }
+                    ],
+                }
+            }
+        ]
+    }
+
+    mock_post_request.assert_called_once_with(
+        rule['ms_power_automate_webhook_url'],
+        data=mock.ANY,
+        headers={'content-type': 'application/json'},
+        proxies=None,
+        verify=True
+    )
+    actual_data = json.loads(mock_post_request.call_args_list[0][1]['data'])
+    assert expected_data == actual_data
+
+
+def test_ms_power_automate_opensearch_discover_color_when_positive():
+    rule = {
+        'name': 'Test Rule',
+        'type': 'any',
+        'ms_power_automate_opensearch_discover_attach_url': 'true',
+        'ms_power_automate_opensearch_discover_color': 'positive',
+        'ms_power_automate_webhook_url': 'http://test.webhook.url',
+        'ms_power_automate_alert_summary': 'Alert from ElastAlert',
+        'alert': [],
+        'alert_subject': 'Cool subject',
+    }
+    rules_loader = FileRulesLoader({})
+    rules_loader.load_modules(rule)
+    alert = MsPowerAutomateAlerter(rule)
+    match = {
+        '@timestamp': '2024-07-19T00:00:00',
+        'opensearch_discover_url': 'http://opensearch#discover'
+    }
+    with mock.patch('requests.post') as mock_post_request:
+        alert.alert([match])
+
+    expected_data = {
+        "type": "message",
+        "attachments": [
+            {
+                "contentType": "application/vnd.microsoft.card.adaptive",
+                "content": {
+                    "type": "AdaptiveCard",
+                    "$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
+                    "version": "1.4",
+                    "body": [
+                        {
+                            "type": "TextBlock",
+                            "text": rule['ms_power_automate_alert_summary'],
+                            "weight": "Bolder",
+                            "wrap": True,
+                            "size": "large"
+                        },
+                        {
+                            "type": "TextBlock",
+                            "text": BasicMatchString(rule, match).__str__(),
+                            "spacing": "Large",
+                            "wrap": True
+                        }
+                    ],
+                    "actions": [
+                        {
+                            "type": "Action.OpenUrl",
+                            "title": "Discover in opensearch",
+                            "url": match['opensearch_discover_url'],
+                            "style": rule['ms_power_automate_opensearch_discover_color']
+                        }
+                    ],
+                }
+            }
+        ]
+    }
+
+    mock_post_request.assert_called_once_with(
+        rule['ms_power_automate_webhook_url'],
+        data=mock.ANY,
+        headers={'content-type': 'application/json'},
+        proxies=None,
+        verify=True
+    )
+    actual_data = json.loads(mock_post_request.call_args_list[0][1]['data'])
+    assert expected_data == actual_data
+
+
+def test_ms_power_automate_opensearch_discover_color_when_destructive():
+    rule = {
+        'name': 'Test Rule',
+        'type': 'any',
+        'ms_power_automate_opensearch_discover_attach_url': 'true',
+        'ms_power_automate_opensearch_discover_color': 'destructive',
+        'ms_power_automate_webhook_url': 'http://test.webhook.url',
+        'ms_power_automate_alert_summary': 'Alert from ElastAlert',
+        'alert': [],
+        'alert_subject': 'Cool subject',
+    }
+    rules_loader = FileRulesLoader({})
+    rules_loader.load_modules(rule)
+    alert = MsPowerAutomateAlerter(rule)
+    match = {
+        '@timestamp': '2024-07-19T00:00:00',
+        'opensearch_discover_url': 'http://opensearch#discover'
+    }
+    with mock.patch('requests.post') as mock_post_request:
+        alert.alert([match])
+
+    expected_data = {
+        "type": "message",
+        "attachments": [
+            {
+                "contentType": "application/vnd.microsoft.card.adaptive",
+                "content": {
+                    "type": "AdaptiveCard",
+                    "$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
+                    "version": "1.4",
+                    "body": [
+                        {
+                            "type": "TextBlock",
+                            "text": rule['ms_power_automate_alert_summary'],
+                            "weight": "Bolder",
+                            "wrap": True,
+                            "size": "large"
+                        },
+                        {
+                            "type": "TextBlock",
+                            "text": BasicMatchString(rule, match).__str__(),
+                            "spacing": "Large",
+                            "wrap": True
+                        }
+                    ],
+                    "actions": [
+                        {
+                            "type": "Action.OpenUrl",
+                            "title": "Discover in opensearch",
+                            "url": match['opensearch_discover_url'],
+                            "style": rule['ms_power_automate_opensearch_discover_color']
+                        }
+                    ],
+                }
+            }
+        ]
+    }
+
+    mock_post_request.assert_called_once_with(
+        rule['ms_power_automate_webhook_url'],
+        data=mock.ANY,
+        headers={'content-type': 'application/json'},
+        proxies=None,
+        verify=True
+    )
+    actual_data = json.loads(mock_post_request.call_args_list[0][1]['data'])
+    assert expected_data == actual_data
+
+
 def test_ms_power_automate_teams_card_width_full():
     rule = {
         'name': 'Test Rule',