[alerting] customer-managed action parameter templates

[pmuellr]

A customer noted in our Elastic Stack Community Slack that they are using customized message templates with their rules, and have 100's of rules, so would like to have a way of:

• saving the templates they are creating, so they can enter them just once
• reference them in action parameters in alerts

Initial thoughts:

• we'll need a new saved object for these, and a management interface
• somehow we'll need to provide a way to reference these templates in an action variable
• the UI should provide a way to use these templates
• we allow these templates to become the default value for an alert type parameter

That second point seems kinda hard, since generally we treat these parameters as strings anyway. We could add an additional field for every existing parameter which could hold the template. Which seems nasty. Ideally we could have some "special form" for the action variable that would indicate a template should be used. You could imagine something like @template:foo-bar, as the action parameter value, which would indicate that the template should be used. But that means you can't have an action variable @template:<any chars here> since we treat that specially.

[elasticmachine]

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

[mikecote]

Potentially relates to: https://github.com/elastic/kibana/issues/66156.

[pmuellr]

From a call with a customer, it was noted they believe they will want to maintain "distribution lists" of emails addresses for the to parameter of an email connector action. They currently make use of multiple email systems, and don't have any other central place to maintain a list, so would like to maintain them in the stack.

I'm wondering if we could fit that thought into templates. The idea would be to make the templates composable, so you could specify multiple, and they'd supply the union of their values.

[pmuellr]

From the same customer call ^^^, customer assumed these templates would be "live", so if you change a template, the changes will be reflected in all the actions referencing the template. I hadn't thought about that, but it seems very obvious to me now that this is how it should work. My initial thought was the templates would just provide the literal values to put in the action parameters, after which, the template would not be needed.

I suspect this makes things a lot more complex, but also that we need to do this, or the templates won't be that useful.

[mikecote]

@XavierM do you have a similar issue in R&AM to track your thinking or did you want to take this one?

[pmuellr]

@shanisagiv1