Rework Azure Key Vault

docs/severity.md

@@ -566,8 +566,8 @@
 
 |Detector|Critical|Major|Minor|Warning|Info|
 |---|---|---|---|---|---|
-|Azure Key Vault API result rate|X|X|-|-|-|
-|Azure Key Vault API latency|-|X|X|-|-|
+|Azure Key Vault api result rate|X|X|-|-|-|
+|Azure Key Vault api latency|-|X|X|-|-|
 
 
 ## integration_azure-load-balancer

modules/integration_azure-key-vault/README.md

@@ -57,7 +57,7 @@ Note the following parameters:
 
 These 3 parameters alongs with all variables defined in [common-variables.tf](common-variables.tf) are common to all
 [modules](../) in this repository. Other variables, specific to this module, are available in
-[variables.tf](variables.tf).
+[variables-gen.tf](variables-gen.tf).
 In general, the default configuration "works" but all of these Terraform
 [variables](https://www.terraform.io/language/values/variables) make it possible to
 customize the detectors behavior to better fit your needs.
@@ -75,8 +75,8 @@ This module creates the following SignalFx detectors which could contain one or
 
 |Detector|Critical|Major|Minor|Warning|Info|
 |---|---|---|---|---|---|
-|Azure Key Vault API result rate|X|X|-|-|-|
-|Azure Key Vault API latency|-|X|X|-|-|
+|Azure Key Vault api result rate|X|X|-|-|-|
+|Azure Key Vault api latency|-|X|X|-|-|
 
 ## How to collect required metrics?
 
@@ -105,4 +105,4 @@ Here is the list of required metrics for detectors in this module.
 * [Terraform SignalFx provider](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs)
 * [Terraform SignalFx detector](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/detector)
 * [Splunk Observability integrations](https://docs.splunk.com/Observability/gdi/get-data-in/integrations.html)
-* [Azure Monitor metrics](https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported#microsoftkeyvaultvaults)
+* [Azure Monitor metrics](https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-keyvault-vaults-metrics)

modules/integration_azure-key-vault/conf/01-api-result.yaml

@@ -0,0 +1,28 @@
+---
+module: "Azure Key Vault"
+name: "API result rate"
+filtering: "filter('resource_type', 'Microsoft.KeyVault/vaults') and filter('primary_aggregation_type', 'true')"
+aggregation: ".sum(by=['azure_resource_name', 'azure_resource_group_name', 'azure_region'])"
+transformation: true
+value_unit: "%"
+signals:
+ api_success:
+ metric: ServiceApiResult
+ extrapolation: zero
+ filter: filter('statuscode', '200')
+ api_all:
+ metric: ServiceApiResult
+ extrapolation: zero
+ signal:
+ formula: (api_success/api_all).scale(100).fill(100)
+rules:
+ critical:
+ threshold: 10
+ comparator: "<"
+ lasting_duration: '5m'
+ major:
+ threshold: 30
+ comparator: "<"
+ lasting_duration: '5m'
+ dependency: critical
+...

modules/integration_azure-key-vault/conf/02-api-latency.yaml

@@ -0,0 +1,23 @@
+---
+module: "Azure Key Vault"
+name: "API latency"
+filtering: "filter('resource_type', 'Microsoft.KeyVault/vaults') and filter('primary_aggregation_type', 'true')"
+aggregation: ".mean(by=['azure_resource_name', 'azure_resource_group_name', 'azure_region'])"
+transformation: true
+value_unit: "ms"
+signals:
+ signal:
+ metric: ServiceApiLatency
+ extrapolation: zero
+ filter: not filter('activityname', 'secretlist')
+rules:
+ major:
+ threshold: 500
+ comparator: ">"
+ lasting_duration: '1h'
+ minor:
+ threshold: 500
+ comparator: ">"
+ lasting_duration: '30m'
+ dependency: major
+...

modules/integration_azure-key-vault/conf/readme.yaml

@@ -1,3 +1,3 @@
 documentations:
  - name: Azure Monitor metrics
- url: 'https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported#microsoftkeyvaultvaults'
+ url: 'https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-keyvault-vaults-metrics'

modules/integration_azure-key-vault/detectors-gen.tf

@@ -0,0 +1,94 @@
+resource "signalfx_detector" "api_result_rate" {
+ name = format("%s %s", local.detector_name_prefix, "Azure Key Vault api result rate")
+
+ authorized_writer_teams = var.authorized_writer_teams
+ teams = try(coalescelist(var.teams, var.authorized_writer_teams), null)
+ tags = compact(concat(local.common_tags, local.tags, var.extra_tags))
+
+ viz_options {
+ label = "signal"
+ value_suffix = "%"
+ }
+
+ program_text = <<-EOF
+ base_filtering = filter('resource_type', 'Microsoft.KeyVault/vaults') and filter('primary_aggregation_type', 'true')
+ api_success = data('ServiceApiResult', filter=base_filtering and filter('statuscode', '200') and ${module.filtering.signalflow}, extrapolation='zero')${var.api_result_rate_aggregation_function}${var.api_result_rate_transformation_function}
+ api_all = data('ServiceApiResult', filter=base_filtering and ${module.filtering.signalflow}, extrapolation='zero')${var.api_result_rate_aggregation_function}${var.api_result_rate_transformation_function}
+ signal = (api_success/api_all).scale(100).fill(100).publish('signal')
+ detect(when(signal < ${var.api_result_rate_threshold_critical}, lasting=%{if var.api_result_rate_lasting_duration_critical == null}None%{else}'${var.api_result_rate_lasting_duration_critical}'%{endif}, at_least=${var.api_result_rate_at_least_percentage_critical})).publish('CRIT')
+ detect(when(signal < ${var.api_result_rate_threshold_major}, lasting=%{if var.api_result_rate_lasting_duration_major == null}None%{else}'${var.api_result_rate_lasting_duration_major}'%{endif}, at_least=${var.api_result_rate_at_least_percentage_major}) and (not when(signal < ${var.api_result_rate_threshold_critical}, lasting=%{if var.api_result_rate_lasting_duration_critical == null}None%{else}'${var.api_result_rate_lasting_duration_critical}'%{endif}, at_least=${var.api_result_rate_at_least_percentage_critical}))).publish('MAJOR')
+EOF
+
+ rule {
+ description = "is too low < ${var.api_result_rate_threshold_critical}%"
+ severity = "Critical"
+ detect_label = "CRIT"
+ disabled = coalesce(var.api_result_rate_disabled_critical, var.api_result_rate_disabled, var.detectors_disabled)
+ notifications = try(coalescelist(lookup(var.api_result_rate_notifications, "critical", []), var.notifications.critical), null)
+ runbook_url = try(coalesce(var.api_result_rate_runbook_url, var.runbook_url), "")
+ tip = var.api_result_rate_tip
+ parameterized_subject = var.message_subject == "" ? local.rule_subject : var.message_subject
+ parameterized_body = var.message_body == "" ? local.rule_body : var.message_body
+ }
+
+ rule {
+ description = "is too low < ${var.api_result_rate_threshold_major}%"
+ severity = "Major"
+ detect_label = "MAJOR"
+ disabled = coalesce(var.api_result_rate_disabled_major, var.api_result_rate_disabled, var.detectors_disabled)
+ notifications = try(coalescelist(lookup(var.api_result_rate_notifications, "major", []), var.notifications.major), null)
+ runbook_url = try(coalesce(var.api_result_rate_runbook_url, var.runbook_url), "")
+ tip = var.api_result_rate_tip
+ parameterized_subject = var.message_subject == "" ? local.rule_subject : var.message_subject
+ parameterized_body = var.message_body == "" ? local.rule_body : var.message_body
+ }
+
+ max_delay = var.api_result_rate_max_delay
+}
+
+resource "signalfx_detector" "api_latency" {
+ name = format("%s %s", local.detector_name_prefix, "Azure Key Vault api latency")
+
+ authorized_writer_teams = var.authorized_writer_teams
+ teams = try(coalescelist(var.teams, var.authorized_writer_teams), null)
+ tags = compact(concat(local.common_tags, local.tags, var.extra_tags))
+
+ viz_options {
+ label = "signal"
+ value_suffix = "ms"
+ }
+
+ program_text = <<-EOF
+ base_filtering = filter('resource_type', 'Microsoft.KeyVault/vaults') and filter('primary_aggregation_type', 'true')
+ signal = data('ServiceApiLatency', filter=base_filtering and not filter('activityname', 'secretlist') and ${module.filtering.signalflow}, extrapolation='zero')${var.api_latency_aggregation_function}${var.api_latency_transformation_function}.publish('signal')
+ detect(when(signal > ${var.api_latency_threshold_major}, lasting=%{if var.api_latency_lasting_duration_major == null}None%{else}'${var.api_latency_lasting_duration_major}'%{endif}, at_least=${var.api_latency_at_least_percentage_major})).publish('MAJOR')
+ detect(when(signal > ${var.api_latency_threshold_minor}, lasting=%{if var.api_latency_lasting_duration_minor == null}None%{else}'${var.api_latency_lasting_duration_minor}'%{endif}, at_least=${var.api_latency_at_least_percentage_minor}) and (not when(signal > ${var.api_latency_threshold_major}, lasting=%{if var.api_latency_lasting_duration_major == null}None%{else}'${var.api_latency_lasting_duration_major}'%{endif}, at_least=${var.api_latency_at_least_percentage_major}))).publish('MINOR')
+EOF
+
+ rule {
+ description = "is too high > ${var.api_latency_threshold_major}ms"
+ severity = "Major"
+ detect_label = "MAJOR"
+ disabled = coalesce(var.api_latency_disabled_major, var.api_latency_disabled, var.detectors_disabled)
+ notifications = try(coalescelist(lookup(var.api_latency_notifications, "major", []), var.notifications.major), null)
+ runbook_url = try(coalesce(var.api_latency_runbook_url, var.runbook_url), "")
+ tip = var.api_latency_tip
+ parameterized_subject = var.message_subject == "" ? local.rule_subject : var.message_subject
+ parameterized_body = var.message_body == "" ? local.rule_body : var.message_body
+ }
+
+ rule {
+ description = "is too high > ${var.api_latency_threshold_minor}ms"
+ severity = "Minor"
+ detect_label = "MINOR"
+ disabled = coalesce(var.api_latency_disabled_minor, var.api_latency_disabled, var.detectors_disabled)
+ notifications = try(coalescelist(lookup(var.api_latency_notifications, "minor", []), var.notifications.minor), null)
+ runbook_url = try(coalesce(var.api_latency_runbook_url, var.runbook_url), "")
+ tip = var.api_latency_tip
+ parameterized_subject = var.message_subject == "" ? local.rule_subject : var.message_subject
+ parameterized_body = var.message_body == "" ? local.rule_body : var.message_body
+ }
+
+ max_delay = var.api_latency_max_delay
+}
+

modules/integration_azure-key-vault/moved.tf

@@ -0,0 +1,4 @@
+moved {
+ from = signalfx_detector.api_result
+ to = signalfx_detector.api_result_rate
+}

modules/integration_azure-key-vault/outputs.tf

@@ -3,8 +3,8 @@ output "api_latency" {
  value = signalfx_detector.api_latency
 }
 
-output "api_result" {
- description = "Detector resource for api_result"
- value = signalfx_detector.api_result
+output "api_result_rate" {
+ description = "Detector resource for api_result_rate"
+ value = signalfx_detector.api_result_rate
 }