feat: Add resources for Monitor alerts

Signed-off-by: Federico Barcelona <[email protected]>

Author: tembleking

examples/alert.tf

@@ -0,0 +1,74 @@
+
+resource "sysdig_monitor_alert_anomaly" "sample" {
+  name = "[Kubernetes] Anomaly Detection Alert"
+  description = "Detects an anomaly in the cluster"
+  severity = 6
+
+  monitor = ["cpu.used.percent", "memory.bytes.used"]
+
+  multiple_alerts_by = ["kubernetes.cluster.name",
+    "kubernetes.namespace.name",
+    "kubernetes.deployment.name",
+    "kubernetes.pod.name"]
+}
+
+resource "sysdig_monitor_alert_downtime" "sample" {
+  name = "[Kubernetes] Downtime Alert"
+  description = "Detects a downtime in the Kubernetes cluster"
+  severity = 2
+
+  entities_to_monitor = ["kubernetes.namespace.name"]
+
+  trigger_after_minutes = 10
+  trigger_after_pct = 100
+}
+
+resource "sysdig_monitor_alert_event" "sample" {
+  name = "[Kubernetes] Failed to pull image"
+  description = "A Kubernetes pod failed to pull an image from the registry"
+  severity = 4
+
+  event_name = "Failed to pull image"
+  source = "kubernetes"
+  event_rel = ">"
+  event_count = 0
+
+  multiple_alerts_by = ["kubernetes.pod.name"]
+
+  trigger_after_minutes = 1
+}
+
+resource "sysdig_monitor_alert_group_outlier" "sample" {
+  name = "[Kubernetes] A node is using more CPU than the rest"
+  description = "Monitors the cluster and checks when a node has more CPU usage than the others"
+  severity = 6
+
+  monitor = ["cpu.used.percent"]
+
+  trigger_after_minutes = 10
+
+  capture {
+    filename = "TERRAFORM_TEST"
+    duration = 15
+  }
+}
+
+resource "sysdig_monitor_alert_metric" "sample" {
+  name = "[Kubernetes] CrashLoopBackOff"
+  description = "A Kubernetes pod failed to restart"
+  severity = 6
+
+  metric = "sum(timeAvg(kubernetes.pod.restart.count)) > 2"
+  trigger_after_minutes = 1
+
+  multiple_alerts_by = ["kubernetes.cluster.name",
+    "kubernetes.namespace.name",
+    "kubernetes.deployment.name",
+    "kubernetes.pod.name"]
+
+  capture {
+    filename = "CrashLoopBackOff"
+    duration = 15
+  }
+}
+

sysdig/monitor/alerts.go

@@ -0,0 +1,93 @@
+package monitor
+
+import (
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+)
+
+func (c *sysdigMonitorClient) CreateAlert(alert Alert) (createdAlert Alert, err error) {
+	//data, err := ioutil.ReadAll(alert.ToJSON())
+	//if err != nil {
+	//	return
+	//}
+	//err = errors.New(string(data))
+	//return
+
+	response, err := c.doSysdigMonitorRequest(http.MethodPost, c.alertsURL(), alert.ToJSON())
+	if err != nil {
+		return
+	}
+	body, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		return
+	}
+
+	if response.StatusCode != 200 {
+		err = errors.New(string(body))
+		return
+	}
+
+	defer response.Body.Close()
+
+	return AlertFromJSON(body), nil
+}
+
+func (c *sysdigMonitorClient) DeleteAlert(alertID int) error {
+	response, err := c.doSysdigMonitorRequest(http.MethodDelete, c.alertURL(alertID), nil)
+
+	defer response.Body.Close()
+
+	return err
+}
+
+func (c *sysdigMonitorClient) UpdateAlert(alert Alert) (updatedAlert Alert, err error) {
+	response, err := c.doSysdigMonitorRequest(http.MethodPut, c.alertURL(alert.ID), alert.ToJSON())
+	if err != nil {
+		return
+	}
+
+	body, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		return
+	}
+
+	if response.StatusCode != 200 {
+		err = errors.New(string(body))
+		return
+	}
+
+	defer response.Body.Close()
+
+	return AlertFromJSON(body), nil
+}
+
+func (c *sysdigMonitorClient) GetAlertById(alertID int) (alert Alert, err error) {
+	response, err := c.doSysdigMonitorRequest(http.MethodGet, c.alertURL(alertID), nil)
+	if err != nil {
+		return
+	}
+	body, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		return
+	}
+
+	if response.StatusCode != 200 {
+		err = errors.New(string(body))
+		return
+	}
+
+	defer response.Body.Close()
+
+	return AlertFromJSON(body), nil
+}
+
+func (c *sysdigMonitorClient) alertsURL() string {
+	return fmt.Sprintf("%s/api/alerts", c.URL)
+}
+
+func (c *sysdigMonitorClient) alertURL(alertID int) string {
+	return fmt.Sprintf("%s/api/alerts/%d", c.URL, alertID)
+
+}

sysdig/monitor/client.go

@@ -0,0 +1,35 @@
+package monitor
+
+import (
+	"io"
+	"net/http"
+)
+
+type SysdigMonitorClient interface {
+	CreateAlert(Alert) (Alert, error)
+	DeleteAlert(int) error
+	UpdateAlert(Alert) (Alert, error)
+	GetAlertById(int) (Alert, error)
+}
+
+func NewSysdigMonitorClient(apiToken string, url string) SysdigMonitorClient {
+	return &sysdigMonitorClient{
+		SysdigMonitorAPIToken: apiToken,
+		URL:                   url,
+		httpClient:            http.DefaultClient,
+	}
+}
+
+type sysdigMonitorClient struct {
+	SysdigMonitorAPIToken string
+	URL                   string
+	httpClient            *http.Client
+}
+
+func (c *sysdigMonitorClient) doSysdigMonitorRequest(method string, url string, payload io.Reader) (*http.Response, error) {
+	request, _ := http.NewRequest(method, url, payload)
+	request.Header.Set("Authorization", "Bearer "+c.SysdigMonitorAPIToken)
+	request.Header.Set("Content-Type", "application/json")
+
+	return c.httpClient.Do(request)
+}

sysdig/monitor/models.go

@@ -0,0 +1,80 @@
+package monitor
+
+import (
+	"bytes"
+	"encoding/json"
+	"io"
+)
+
+type CustomNotification struct {
+	TitleTemplate  string `json:"titleTemplate"`
+	UseNewTemplate bool   `json:"useNewTemplate"`
+}
+
+type SysdigCapture struct {
+	Name       string      `json:"name"`
+	Filters    string      `json:"filters,omitempty"`
+	Duration   int         `json:"duration"`
+	Type       string      `json:"type,omitempty"`
+	BucketName string      `json:"bucketName"`
+	Folder     string      `json:"folder,omitempty"`
+	Enabled    bool        `json:"enabled"`
+	StorageID  interface{} `json:"storageId,omitempty"`
+}
+type SegmentCondition struct {
+	Type string `json:"type"`
+}
+
+type Criteria struct {
+	Text   string `json:"text"`
+	Source string `json:"source"`
+}
+
+type Monitor struct {
+	Metric       string  `json:"metric"`
+	StdDevFactor float64 `json:"stdDevFactor"`
+}
+
+type alertWrapper struct {
+	Alert Alert `json:"alert"`
+}
+
+type Alert struct {
+	ID                     int                 `json:"id,omitempty"`
+	Version                int                 `json:"version,omitempty"`
+	Type                   string              `json:"type"` // computed MANUAL
+	Name                   string              `json:"name"`
+	Description            string              `json:"description"`
+	Enabled                bool                `json:"enabled"`
+	NotificationChannelIds []int               `json:"notificationChannelIds"`
+	Filter                 string              `json:"filter"`
+	Severity               int                 `json:"severity"` // 6 == INFO, 4 == LOW, 2 == MEDIUM, 0 == HIGH // NOT USED
+	Timespan               int                 `json:"timespan"` // computed 600000000
+	CustomNotification     *CustomNotification `json:"customNotification"`
+	TeamID                 int                 `json:"teamId,omitempty"` // computed
+	AutoCreated            bool                `json:"autoCreated"`
+	SysdigCapture          *SysdigCapture      `json:"sysdigCapture"`
+	RateOfChange           bool                `json:"rateOfChange,omitempty"`
+	ReNotifyMinutes        int                 `json:"reNotifyMinutes"`
+	ReNotify               bool                `json:"reNotify"`
+	Valid                  bool                `json:"valid"`
+	SeverityLabel          string              `json:"severityLabel,omitempty"` // MEDIUM == MEDIUM, LOW == LOW, NONE == INFO, HIGH == HIGH
+	SegmentBy              []string            `json:"segmentBy"`
+	SegmentCondition       *SegmentCondition   `json:"segmentCondition"`
+	Criteria               *Criteria           `json:"criteria,omitempty"`
+	Monitor                []*Monitor          `json:"monitor,omitempty"`
+	Condition              string              `json:"condition"`
+	SeverityLevel          int                 `json:"severityLevel,omitempty"` // 0 == MEDIUM, 2 == LOW, 4 == INFO, 6 == HIGH
+}
+
+func (a *Alert) ToJSON() io.Reader {
+	payload, _ := json.Marshal(alertWrapper{Alert: *a})
+	return bytes.NewBuffer(payload)
+}
+
+func AlertFromJSON(body []byte) Alert {
+	var result alertWrapper
+	json.Unmarshal(body, &result)
+
+	return result.Alert
+}

sysdig/provider.go

@@ -4,6 +4,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/terraform"
 
+	"github.com/draios/terraform-provider-sysdig/sysdig/monitor"
 	"github.com/draios/terraform-provider-sysdig/sysdig/secure"
 )
 
@@ -21,6 +22,17 @@ func Provider() terraform.ResourceProvider {
 				Required:    true,
 				DefaultFunc: schema.EnvDefaultFunc("SYSDIG_SECURE_URL", "https://secure.sysdig.com"),
 			},
+			"sysdig_monitor_api_token": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Sensitive:   true,
+				DefaultFunc: schema.EnvDefaultFunc("SYSDIG_MONITOR_API_TOKEN", nil),
+			},
+			"sysdig_monitor_url": {
+				Type:        schema.TypeString,
+				Required:    true,
+				DefaultFunc: schema.EnvDefaultFunc("SYSDIG_MONITOR_URL", "https://app.sysdigcloud.com"),
+			},
 		},
 		ResourcesMap: map[string]*schema.Resource{
 			"sysdig_secure_policy":               resourceSysdigSecurePolicy(),
@@ -31,15 +43,32 @@ func Provider() terraform.ResourceProvider {
 			"sysdig_secure_rule_process":         resourceSysdigSecureRuleProcess(),
 			"sysdig_secure_rule_syscall":         resourceSysdigSecureRuleSyscall(),
 			"sysdig_secure_rule_falco":           resourceSysdigSecureRuleFalco(),
+
+			"sysdig_monitor_alert_downtime":      resourceSysdigMonitorAlertDowntime(),
+			"sysdig_monitor_alert_metric":        resourceSysdigMonitorAlertMetric(),
+			"sysdig_monitor_alert_event":         resourceSysdigMonitorAlertEvent(),
+			"sysdig_monitor_alert_anomaly":       resourceSysdigMonitorAlertAnomaly(),
+			"sysdig_monitor_alert_group_outlier": resourceSysdigMonitorAlertGroupOutlier(),
 		},
 		ConfigureFunc: providerConfigure,
 	}
 }
 
+type SysdigClients struct {
+	sysdigMonitorClient monitor.SysdigMonitorClient
+	sysdigSecureClient  secure.SysdigSecureClient
+}
+
 func providerConfigure(d *schema.ResourceData) (interface{}, error) {
-	sysdigSecureClient := secure.NewSysdigSecureClient(
-		d.Get("sysdig_secure_api_token").(string),
-		d.Get("sysdig_secure_url").(string),
-	)
-	return sysdigSecureClient, nil
+	sysdigClient := &SysdigClients{
+		sysdigMonitorClient: monitor.NewSysdigMonitorClient(
+			d.Get("sysdig_monitor_api_token").(string),
+			d.Get("sysdig_monitor_url").(string),
+		),
+		sysdigSecureClient: secure.NewSysdigSecureClient(
+			d.Get("sysdig_secure_api_token").(string),
+			d.Get("sysdig_secure_url").(string),
+		),
+	}
+	return sysdigClient, nil
 }