detection_rules/action.py

# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
# or more contributor license agreements. Licensed under the Elastic License
# 2.0; you may not use this file except in compliance with the Elastic License
# 2.0.

"""Dataclasses for Action."""

from dataclasses import dataclass
from pathlib import Path
from typing import Any

from .mixins import MarshmallowDataclassMixin
from .schemas import definitions


@dataclass(frozen=True)
class ActionMeta(MarshmallowDataclassMixin):
    """Data stored in an exception's [metadata] section of TOML."""

    creation_date: definitions.Date
    rule_id: list[definitions.UUIDString]
    rule_name: str
    updated_date: definitions.Date

    # Optional fields
    deprecation_date: definitions.Date | None = None
    comments: str | None = None
    maturity: definitions.Maturity | None = None


@dataclass(frozen=True)
class Action(MarshmallowDataclassMixin):
    """Data object for rule Action."""

    @dataclass
    class ActionParams:
        """Data object for rule Action params."""

        body: str

    action_type_id: definitions.ActionTypeId
    group: str
    params: ActionParams

    id: str | None = None
    frequency: dict[str, Any] | None = None
    alerts_filter: dict[str, Any] | None = None


@dataclass(frozen=True)
class TOMLActionContents(MarshmallowDataclassMixin):
    """Object for action from TOML file."""

    metadata: ActionMeta
    actions: list[Action]


@dataclass(frozen=True)
class TOMLAction:
    """Object for action from TOML file."""

    contents: TOMLActionContents
    path: Path

    @property
    def name(self) -> str:
        return self.contents.metadata.rule_name

    @property
    def id(self) -> list[definitions.UUIDString]:
        return self.contents.metadata.rule_id
[DaC] Beta Release (#3889 ) 2024-08-06 18:07:12 -04:00			`# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one`
			`# or more contributor license agreements. Licensed under the Elastic License`
			`# 2.0; you may not use this file except in compliance with the Elastic License`
			`# 2.0.`

			`"""Dataclasses for Action."""`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00
[DaC] Beta Release (#3889 ) 2024-08-06 18:07:12 -04:00			`from dataclasses import dataclass`
			`from pathlib import Path`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`from typing import Any`
[DaC] Beta Release (#3889 ) 2024-08-06 18:07:12 -04:00
			`from .mixins import MarshmallowDataclassMixin`
			`from .schemas import definitions`


			`@dataclass(frozen=True)`
			`class ActionMeta(MarshmallowDataclassMixin):`
			`"""Data stored in an exception's [metadata] section of TOML."""`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00
[DaC] Beta Release (#3889 ) 2024-08-06 18:07:12 -04:00			`creation_date: definitions.Date`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`rule_id: list[definitions.UUIDString]`
[DaC] Beta Release (#3889 ) 2024-08-06 18:07:12 -04:00			`rule_name: str`
			`updated_date: definitions.Date`

			`# Optional fields`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`deprecation_date: definitions.Date \| None = None`
			`comments: str \| None = None`
			`maturity: definitions.Maturity \| None = None`
[DaC] Beta Release (#3889 ) 2024-08-06 18:07:12 -04:00

fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`@dataclass(frozen=True)`
[DaC] Beta Release (#3889 ) 2024-08-06 18:07:12 -04:00			`class Action(MarshmallowDataclassMixin):`
			`"""Data object for rule Action."""`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00
[DaC] Beta Release (#3889 ) 2024-08-06 18:07:12 -04:00			`@dataclass`
			`class ActionParams:`
			`"""Data object for rule Action params."""`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00
[DaC] Beta Release (#3889 ) 2024-08-06 18:07:12 -04:00			`body: str`

			`action_type_id: definitions.ActionTypeId`
			`group: str`
			`params: ActionParams`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00
			`id: str \| None = None`
			`frequency: dict[str, Any] \| None = None`
			`alerts_filter: dict[str, Any] \| None = None`
[DaC] Beta Release (#3889 ) 2024-08-06 18:07:12 -04:00

			`@dataclass(frozen=True)`
			`class TOMLActionContents(MarshmallowDataclassMixin):`
			`"""Object for action from TOML file."""`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00
[DaC] Beta Release (#3889 ) 2024-08-06 18:07:12 -04:00			`metadata: ActionMeta`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`actions: list[Action]`
[DaC] Beta Release (#3889 ) 2024-08-06 18:07:12 -04:00

			`@dataclass(frozen=True)`
			`class TOMLAction:`
			`"""Object for action from TOML file."""`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00
[DaC] Beta Release (#3889 ) 2024-08-06 18:07:12 -04:00			`contents: TOMLActionContents`
			`path: Path`

			`@property`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`def name(self) -> str:`
[DaC] Beta Release (#3889 ) 2024-08-06 18:07:12 -04:00			`return self.contents.metadata.rule_name`

			`@property`
fix: type hinting fixes and additional code checks (#4790 ) 2025-07-01 15:20:55 +02:00			`def id(self) -> list[definitions.UUIDString]:`
[DaC] Beta Release (#3889 ) 2024-08-06 18:07:12 -04:00			`return self.contents.metadata.rule_id`