cloudflare/pint

Public

mirrored from https://github.com/cloudflare/pintAvailable

CodeCommitsIssuesPull requestsActionsInsightsSecurity
v0.75.0

Branches

Tags

  • No tags available.
0Branches0Tags
Go to file
Add file
Code

Clone

HTTPS

Download ZIP

docs/checks/alerts/annotation.md

210lines · modecode

1---
2layout: default
3parent: Checks
4grand_parent: Documentation
5---
6
7# alerts/annotation
8
9This check can be used to enforce annotations on alerting rules.
10
11## Configuration
12
13Syntax:
14
15```js
16annotation "$pattern" {
17 comment = "..."
18 severity = "bug|warning|info"
19 token = "(.*)"
20 value = "(.*)"
21 values = ["...", ...]
22 required = true|false
23}
24```
25
26- `$pattern` - regexp pattern to match annotation name on, this can be templated
27 to reference checked rule fields, see [Configuration](../../configuration.md)
28 for details.
29- `comment` - set a custom comment that will be added to reported problems.
30- `severity` - set custom severity for reported issues, defaults to a warning.
31- `token` - optional regexp to tokenize annotation value before validating it.
32 By default the whole annotation value is validated against `value` regexp or
33 the `values` list. If you want to break the value into sub-strings and
34 validate each of them independently you can do this by setting `token`
35 to a regexp that captures a single sub-string.
36- `value` - optional value regexp to enforce, if not set only pint will only
37 check if the annotation exists.
38- `values` - optional list of allowed values - this is alternative to using.
39 `value` regexp. Set this to the list of all possible valid annotation values.
40- `required` - if `true` pint will require every rule to have this annotation set,
41 if `false` it will only check values where annotation is set.
42
43## How to enable it
44
45This check is not enabled by default as it requires explicit configuration
46to work.
47To enable it add one or more `rule {...}` blocks and specify all required
48annotations there.
49
50Example set of rules that will:
51
52- require `summary` annotation to be present, if missing it will be reported as a warning
53- if a `dashboard` annotation is provided it must match `https://grafana\.example\.com/.+`
54 pattern, if it doesn't match that pattern it will be reported as a bug
55
56```js
57rule {
58 match {
59 kind = "alerting"
60 }
61
62 annotation "summary" {
63 required = true
64 }
65
66 annotation "dashboard" {
67 severity = "bug"
68 comment = "You must add a link do a Grafana dashboard showing impact of this alert"
69 value = "https://grafana\.example\.com/.+"
70 }
71}
72```
73
74Example that enforces all alerting rules with non-zero `for` field to have an
75annotation called `alert_for` and value equal to `for` field.
76
77{% raw %}
78
79```js
80rule {
81 match {
82 for = "> 0"
83 }
84
85 annotation "alert_for" {
86 required = true
87 value = "{{ $for }}"
88 }
89}
90```
91
92{% endraw %}
93
94If you have an annotation that can contain multiple different values as a single string,
95for example `components: "db api memcached"`, and you want to ensure only valid values
96are included then use `token` and `values`.
97By setting `token` to a regexp that matches only a sequence of letters (`[a-zA-Z]+`)
98you tell pint to split `"db api memcached"` into `["db", "api", "memcached"]`.
99Then it iterates this list and checks each element independently.
100This allows you to have validation for multi-value strings.
101
102{% raw %}
103
104```js
105rule {
106 annotation "components" {
107 required = true
108 token = "[a-zA-Z]+"
109 values = [
110 "prometheus",
111 "db",
112 "memcached",
113 "api",
114 "storage",
115 ]
116 }
117}
118```
119
120{% endraw %}
121
122## How to disable it
123
124You can disable this check globally by adding this config block:
125
126```js
127checks {
128 disabled = ["alerts/annotations"]
129}
130```
131
132You can also disable it for all rules inside given file by adding
133a comment anywhere in that file. Example:
134
135```yaml
136# pint file/disable alerts/annotation
137```
138
139Or you can disable it per rule by adding a comment to it. Example:
140
141```yaml
142# pint disable alerts/annotation
143```
144
145If you want to disable only individual instances of this check
146you can add a more specific comment.
147
148### If `value` is NOT set
149
150```yaml
151groups:
152 - name: ...
153 rules:
154 # pint disable alerts/annotation($pattern:$required)
155 - record: ...
156 expr: ...
157```
158
159Example rule:
160
161```js
162annotation "summary" {
163 required = true
164}
165```
166
167Example comment disabling that rule:
168
169```yaml
170# pint disable alerts/annotation(summary:true)
171```
172
173### If `value` is set
174
175```yaml
176groups:
177 - name: ...
178 rules:
179 # pint disable alerts/annotation($pattern:$value:$required)
180 - record: ...
181 expr: ...
182```
183
184Example rule:
185
186```js
187annotation "dashboard" {
188 severity = "bug"
189 value = "https://grafana\.example\.com/.+"
190}
191```
192
193Example comment disabling that rule:
194
195```yaml
196# pint disable alerts/annotation(dashboard:https://grafana\.example\.com/.+:true)
197```
198
199## How to snooze it
200
201You can disable this check until given time by adding a comment to it. Example:
202
203```yaml
204# pint snooze $TIMESTAMP alerts/annotation
205```
206
207Where `$TIMESTAMP` is either use [RFC3339](https://www.rfc-editor.org/rfc/rfc3339)
208formatted or `YYYY-MM-DD`.
209Adding this comment will disable `alerts/annotation` *until* `$TIMESTAMP`, after that
210check will be re-enabled.
211