Ability to manage notification groups through Terraform.

[badcure]

Description

There are many alerts that come out of the box. In our specific case for now, it would be the Okta alerts.

It would be nice to be able to through Terraform to programmatically attach notifications without the need to manage the alerts themselves, or create duplicate alerts.

New or Affected Resource(s)

• resource - coralogix_alert_notification_group - The ability to manage a particular notification group only
• data - coralogix_alerts - The ability to get back a list of alerts based on some search criteria.

Potential Terraform Configuration

data "coralogix_alerts" "okta_alerts" {
  name_search = "Okta -"
  labels = ["label1:value1", "lable2:value2"]
  status = "active/disabled"
  severity = "info"
}

resource "coralogix_alert_notification_group" "okta_notifications" {
  count = len(data.coralogix_alerts.okta_alerts.ids) 
  alert_id = data.coralogix_alerts.okta_alerts.ids[count.index]
  group_by_fields = []
  notification {
    integration_id              = coralogix_webhook.slack_staging.id
    retriggering_period_minutes = 10
  } 
}

References

None

• 0000

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[OrNovo]

Hi @badcure, thanks for reaching out. We first need backend support to add this feature. We will prioritize it and update.

[OrNovo]

@badcure I have a question regarding the api you suggested though. Why do you want the linkage between the alert and the notification-group to be on the notification-group side? Wouldn't it be better to have something like that? -

resource "coralogix_alert_notification_group" "example_notifications" {
  group_by_fields = []
  notification {
    integration_id              = coralogix_webhook.slack_staging.id
    retriggering_period_minutes = 10
  } 
}

resource "coralogix_alert" "exaple_alert" {
  ...
  notifications_group = coralogix_alert_notification_group.example_notifications.id
 }

[badcure]

@OrNovo The issue with that direction is that it would work if we are creating the alert to begin with. The way I see it is there are many alerts that come from the extension packs. Let's say that I wanted to programmatically add additional notifications to them:

Currently: The way to do this is to duplicate those alerts into Terraform but with the new notification settings. Ideal state: We could retrieve the alerts and attach the notification policy that makes sense.

[badcure]

I updated the description with some additional ideas for the "data" resource. These are just ideas of course.

The reasoning is if I could say for a particular package:

• Give me all warnings for this extension, so I can send it to slack
• Give me all criticals for this extension so I can send it to pagerduty.

Things like that.

[OrNovo]

@badcure I see. The downgrade is that you wouldn't be able to link a single notification-group for few alerts. Anyway, I'll forward your suggestion.

[badcure]

@OrNovo Ohh I see what you are saying, makes complete sense.

Maybe something similar to what AWS does with IAM roles and policy? Something like:

resource "coralogix_alert_notification_group_attachment" "okta_notifications" {
  alert_id = coralogix_alert.example.id
  notification_group_id = coralogix_alert_notification_group.example.id
}

That way it can satisfy both directions.