[ResponseOps][discuss] convert "JSON bags" in alerting Saved Objects to plain objects

[pmuellr]

In PR [RAM] ResponseOps saved object updates #152857, we've stopped indexing our "JSON bag" fields:

• action.config, action.secrets for Connectors
• alert.params for Rules
• task.params for Tasks

What's a "JSON bag"? The fields above are currently indexed as text fields, in which we store JSON objects, serialized as a string. So when we "read" these fields, we need to JSON.parse() them, and when we "write" these fields, we need to JSON.stringify() them. Which is clumsy, and the resulting source documents are hard to read.

In theory, we could change to store these as plain old object instead:

• no need to JSON.parse() on read, JSON.stringify() on write
• SO's more readable
• no changes to mappings!
• easier to build runtime fields; with JSON bags, the runtime field function would need to parse the JSON bag from source; as plain objects, just access the source

The one downside I know if is dealing with partial updates. Currently our JSON bag approach means we never do partial updates of these JSON bags - the entire object is replaced. With the new approach, partial updates are possible, and will be problematic - we'd really need to convert any fields not set (or set to undefined) to null. Or ensure our ES updates are not doing partial updates.

[elasticmachine]

Pinging @elastic/response-ops (Team:ResponseOps)