-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathrulesets.tf
189 lines (176 loc) · 4.61 KB
/
rulesets.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
/*
PagerDuty Rulesets Definition
- https://support.pagerduty.com/docs/rulesets
- https://www.terraform.io/docs/providers/pagerduty/r/ruleset.html
- https://www.terraform.io/docs/providers/pagerduty/r/ruleset_rule.html
*/
/*
Rulesets:
These are usually managed per team basis but can be done globally.
It should be noted that the rules within the rulesets obey a top down approach
i.e. the first rule is executed and will stop processing if there is a match, else
the remaining rules are processed in descending order (see position index 1, 2, ... , N)
*/
resource "pagerduty_ruleset" "support_ruleset" {
name = "Support: Ingest All Events"
team {
id = pagerduty_team.support.id
}
}
resource "pagerduty_ruleset" "global_ruleset" {
name = "Global: Ingest All Events"
}
/*
Support Ruleset Rule Example 1:
IF there is an incoming event with the support_ruleset routing key
AND the current time is between 09:00 - 17:00 London, Monday to Friday
AND payload.component = website
AND payload.severity = warning
THEN route alert to website service
AND create incident
AND update incident severity to "warning"
AND update incident priority to "P3"
AND update incident note
*/
resource "pagerduty_ruleset_rule" "example_application_website_warning_0" {
ruleset = pagerduty_ruleset.support_ruleset.id
position = 0
time_frame {
scheduled_weekly {
weekdays = [1, 2, 3, 4, 5]
timezone = "Europe/London"
start_time = "32400000"
duration = "28800000"
}
}
conditions {
subconditions {
operator = "contains"
parameter {
path = "payload.component"
value = "website"
}
}
operator = "and"
subconditions {
operator = "contains"
parameter {
path = "payload.severity"
value = "warning"
}
}
}
actions {
route {
value = pagerduty_service.example_application_website.id
}
severity {
value = "warning"
}
priority {
value = data.pagerduty_priority.p3.id
}
annotate {
value = "Routed via global rule: example_application_website_warning_0"
}
}
}
/*
Support Ruleset Rule Example 2:
IF there is an incoming event with the support_ruleset routing key
AND payload.component = website
AND payload.severity = warning
AND the event has not matched the previous ruleset rule (out of hours)
THEN suppress alert (i.e. do not create incident)
*/
resource "pagerduty_ruleset_rule" "example_application_website_warning_1" {
ruleset = pagerduty_ruleset.support_ruleset.id
position = 1
conditions {
subconditions {
operator = "contains"
parameter {
path = "payload.component"
value = "website"
}
}
operator = "and"
subconditions {
operator = "contains"
parameter {
path = "payload.severity"
value = "warning"
}
}
}
actions {
suppress {
value = true
}
}
}
/*
Global Ruleset Rule Example 3:
IF there is an incoming event with the global_ruleset routing key
AND payload.component matches Google RE2 Regex `(?i)database`
AND payload.severity=critical
THEN route alert to database service
AND create incident
AND create template variable "Src" from payload.source
AND extract (.*) from payload.component to dedup_key
AND update incident summary to "Critical: Failure on Database {{Src}}" (containing temmplate variable)
AND update incident severity to "critical"
AND update incident priority to "P1"
AND update incident note
*/
resource "pagerduty_ruleset_rule" "example_application_database_critical" {
ruleset = pagerduty_ruleset.global_ruleset.id
conditions {
subconditions {
operator = "matches"
parameter {
value = "(?i)database"
path = "payload.component"
}
}
operator = "and"
subconditions {
operator = "contains"
parameter {
path = "payload.severity"
value = "critical"
}
}
}
variable {
type = "regex"
name = "Src"
parameters {
value = "(.*)"
path = "payload.source"
}
}
actions {
route {
value = pagerduty_service.example_application_database.id
}
severity {
value = "critical"
}
priority {
value = data.pagerduty_priority.p1.id
}
annotate {
value = "Routed via global rule: example_application_database_critical"
}
extractions {
source = "payload.component"
regex = "(.*)"
target = "dedup_key"
}
extractions {
target = "summary"
template = "Critical: Failure on Database {{Src}}"
}
}
}