Bulk operations support gap_range (elastic#221078)

## Bulk operations support `gap_range`

[issue](elastic#220772)
### Bug   
If a user has 100 rules in total and 20 of them have gaps:
- They click "Show only with gaps" — the UI shows just those 20.
- They hit "Select all" — it says 20 rules are selected.
- But when they perform a bulk action, it ends up applying to **all 100
rules**, not just the 20 with gaps.

This happens because the bulk action uses a query that doesn't include
gap info, so it ends up targeting everything.

### Fix  
We now support passing `gaps_range_start` and `gaps_range_end` along
with the bulk action.

On the API side:
- If a query is sent, we use the gap range to find the actual list of
rule IDs with gaps.
- Then we apply the bulk action only to those rules.

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: Elastic Machine <[email protected]>

Author: 3 people

oas_docs/output/kibana.serverless.yaml

@@ -61483,6 +61483,12 @@ components:
           enum:
             - delete
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.
           items:
@@ -61501,6 +61507,12 @@ components:
           enum:
             - disable
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.
           items:
@@ -61532,6 +61544,12 @@ components:
           required:
             - include_exceptions
             - include_expired_exceptions
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.
           items:
@@ -61624,6 +61642,12 @@ components:
             $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayload'
           minItems: 1
           type: array
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.
           items:
@@ -61647,6 +61671,12 @@ components:
           enum:
             - enable
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.
           items:
@@ -61667,6 +61697,12 @@ components:
           enum:
             - export
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.
           items:
@@ -61685,6 +61721,12 @@ components:
           enum:
             - run
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.
           items:

oas_docs/output/kibana.yaml

@@ -70856,6 +70856,12 @@ components:
           enum:
             - delete
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.
           items:
@@ -70874,6 +70880,12 @@ components:
           enum:
             - disable
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.
           items:
@@ -70905,6 +70917,12 @@ components:
           required:
             - include_exceptions
             - include_expired_exceptions
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.
           items:
@@ -70997,6 +71015,12 @@ components:
             $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayload'
           minItems: 1
           type: array
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.
           items:
@@ -71020,6 +71044,12 @@ components:
           enum:
             - enable
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.
           items:
@@ -71040,6 +71070,12 @@ components:
           enum:
             - export
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.
           items:
@@ -71058,6 +71094,12 @@ components:
           enum:
             - run
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.
           items:

x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen.ts

@@ -113,6 +113,14 @@ export const BulkActionBase = z.object({
    * Array of rule IDs. Array of rule IDs to which a bulk action will be applied. Only valid when query property is undefined.
    */
   ids: z.array(z.string()).min(1).optional(),
+  /**
+   * Gaps range start, valid only when query is provided
+   */
+  gaps_range_start: z.string().optional(),
+  /**
+   * Gaps range end, valid only when query is provided
+   */
+  gaps_range_end: z.string().optional(),
 });
 
 export type BulkDeleteRules = z.infer<typeof BulkDeleteRules>;

x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.schema.yaml

@@ -1146,6 +1146,12 @@ components:
           minItems: 1
           items:
             type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
 
     BulkDeleteRules:
       allOf:

x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml

@@ -4696,6 +4696,12 @@ components:
           enum:
             - delete
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: >-
             Array of rule IDs. Array of rule IDs to which a bulk action will be
@@ -4716,6 +4722,12 @@ components:
           enum:
             - disable
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: >-
             Array of rule IDs. Array of rule IDs to which a bulk action will be
@@ -4749,6 +4761,12 @@ components:
           required:
             - include_exceptions
             - include_expired_exceptions
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: >-
             Array of rule IDs. Array of rule IDs to which a bulk action will be
@@ -4849,6 +4867,12 @@ components:
             $ref: '#/components/schemas/BulkActionEditPayload'
           minItems: 1
           type: array
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: >-
             Array of rule IDs. Array of rule IDs to which a bulk action will be
@@ -4874,6 +4898,12 @@ components:
           enum:
             - enable
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: >-
             Array of rule IDs. Array of rule IDs to which a bulk action will be
@@ -4896,6 +4926,12 @@ components:
           enum:
             - export
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: >-
             Array of rule IDs. Array of rule IDs to which a bulk action will be
@@ -4916,6 +4952,12 @@ components:
           enum:
             - run
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: >-
             Array of rule IDs. Array of rule IDs to which a bulk action will be

x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml

@@ -4026,6 +4026,12 @@ components:
           enum:
             - delete
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: >-
             Array of rule IDs. Array of rule IDs to which a bulk action will be
@@ -4046,6 +4052,12 @@ components:
           enum:
             - disable
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: >-
             Array of rule IDs. Array of rule IDs to which a bulk action will be
@@ -4079,6 +4091,12 @@ components:
           required:
             - include_exceptions
             - include_expired_exceptions
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: >-
             Array of rule IDs. Array of rule IDs to which a bulk action will be
@@ -4179,6 +4197,12 @@ components:
             $ref: '#/components/schemas/BulkActionEditPayload'
           minItems: 1
           type: array
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: >-
             Array of rule IDs. Array of rule IDs to which a bulk action will be
@@ -4204,6 +4228,12 @@ components:
           enum:
             - enable
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: >-
             Array of rule IDs. Array of rule IDs to which a bulk action will be
@@ -4226,6 +4256,12 @@ components:
           enum:
             - export
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: >-
             Array of rule IDs. Array of rule IDs to which a bulk action will be
@@ -4246,6 +4282,12 @@ components:
           enum:
             - run
           type: string
+        gaps_range_end:
+          description: Gaps range end, valid only when query is provided
+          type: string
+        gaps_range_start:
+          description: Gaps range start, valid only when query is provided
+          type: string
         ids:
           description: >-
             Array of rule IDs. Array of rule IDs to which a bulk action will be