do not allow empty ids or querys

Author: baileycash-elastic

x-pack/platform/plugins/shared/rule_registry/server/alert_data_client/alerts_client.test.ts

@@ -942,6 +942,32 @@ describe('AlertsClient', () => {
       expect(esClientMock.mget).not.toHaveBeenCalled();
       expect(esClientMock.bulk).not.toHaveBeenCalled();
     });
+
+    it('should throw error when ids is empty', async () => {
+      await expect(
+        alertsClient.bulkUpdate({
+          ids: [],
+          index: '.alerts-security.alerts-default',
+          addTags: ['urgent', 'production'],
+        })
+      ).rejects.toMatchInlineSnapshot(`[Error: no ids or query were provided for updating]`);
+
+      expect(esClientMock.mget).not.toHaveBeenCalled();
+      expect(esClientMock.bulk).not.toHaveBeenCalled();
+    });
+
+    it('should throw error when query is empty', async () => {
+      await expect(
+        alertsClient.bulkUpdate({
+          query: '',
+          index: '.alerts-security.alerts-default',
+          addTags: ['urgent', 'production'],
+        })
+      ).rejects.toMatchInlineSnapshot(`[Error: no ids or query were provided for updating]`);
+
+      expect(esClientMock.mget).not.toHaveBeenCalled();
+      expect(esClientMock.bulk).not.toHaveBeenCalled();
+    });
   });
 
   describe('bulkUpdate edge cases', () => {

x-pack/platform/plugins/shared/rule_registry/server/alert_data_client/alerts_client.ts

@@ -830,7 +830,7 @@ export class AlertsClient {
     };
 
     // rejects at the route level if more than 1000 id's are passed in
-    if (ids != null) {
+    if (ids && ids.length > 0) {
       const alerts = ids.map((id) => ({ id, index }));
       const mgetRes = await this.ensureAllAlertsAuthorized({
         alerts,
@@ -863,7 +863,7 @@ export class AlertsClient {
         body: bulkUpdateRequest,
       });
       return bulkUpdateResponse;
-    } else if (query != null) {
+    } else if (query) {
       try {
         // execute search after with query + authorization filter
         // audit results of that query