ambiguous matching - Githubissues

m-lab / alertmanager-github-receiver

Prometheus Alertmanager webhook receiver that creates GitHub issues from alerts

Apache License 2.0

48 stars 23 forks source link

ambiguous matching #32

Closed cjyar closed 4 years ago

cjyar commented 4 years ago

This is a great tool.

I have an alert that gets generated when there are known vulnerabilities. Right now we have multiple copies of this alert firing for different instances. As a result, alertmanager-github-receiver creates multiple alerts. But if I resolve one of these alerts, it's going to pick a random GitHub issue to close. That's because it matches existing issues based on the issue title, and the issue title isn't customizable.

In a perfect world, it could store the alert ID on the GitHub issue somehow, and unambiguously match on that.

If that's not possible, maybe it could look for a title annotation and use that as the issue title. Then I could use templating in the Prometheus config to assign an unambiguous title.

cjyar commented 4 years ago

If you can give me some feedback on how you'd like this implemented, I can submit a PR.

cjyar commented 4 years ago

Here's my proposal:

Grab the groupKey as provided by alertmanager, such as {}:{alertname="Test", job="prometheus24"}.
Hash that using sha256: a5fe28054b7a950fa6ecf2a932a263bf219836f700d4794986438620d8a6866f
Take the last 6 bytes (binary, here represented as a hex string): 8620d8a6866f
Apply base64 encoding to get an 8 character, alphanumeric identifier: hiDYpoZv

Append that string to the subject of the created GitHub issue.

When searching for existing issues, do a substring search instead of whole string matching.

stephen-soltesz commented 4 years ago

@cjyar Thank you for writing -- I'm glad to hear this is a helpful tool for you.

I agree that providing flexibility for how to format the title is a good idea.

You've proposed a few ideas:

use title annotations, and fallback to current behavior (this could work)
groupKey hash (I don't prefer this idea).

These made me wonder about:

allow users to specify a title Go template as a command flag, then execute the template at runtime using the the alert msg.Data.

What do you think about using Go templates with msg.Data as the template data?

Thank you for being willing to implement the change.

cjyar commented 4 years ago

Templates, in general, would be great. I'm imagining something similar to how alertmanager handles email and slack templates. Provide configurable title and body templates. Maybe a command line argument for each, to specify the path to a template file?

Just need to document it so the user knows the title template will be used for matching, so it needs to be both unique and stable.

stephen-soltesz commented 4 years ago

Yeah, I suggest starting with just the title for now and if that looks right considering whether we should extend it to the body also. (The body is already a template so might not be bad). Good point about the importance of documentation for behavior of the title.

cjyar commented 4 years ago

Any reason I shouldn't run go mod init as part of my PR?

stephen-soltesz commented 4 years ago

@cjyar there's an ongoing debate within our team about whether it's preferable to use go.mod or not. Right now we're trying to build from HEAD without using go.mod unless there is an upstream break that requires using go.mod temporarily. Are you encountering a build failure? I merged a change earlier today that addresses one.

cjyar commented 4 years ago

No problem. I prefer working with go.mod, but I can leave it out of the PR.

cjyar commented 4 years ago

Closing due to accepted PR.