forked from giranm/pagerduty-terraform-quickstart
-
Notifications
You must be signed in to change notification settings - Fork 1
/
event_orchestrations.tf
167 lines (152 loc) · 5.18 KB
/
event_orchestrations.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
/*
PagerDuty Event Orchestrations Definition
- https://support.pagerduty.com/docs/event-orchestration
- https://registry.terraform.io/providers/PagerDuty/pagerduty/latest/docs/resources/event_orchestration
- https://registry.terraform.io/providers/PagerDuty/pagerduty/latest/docs/resources/event_orchestration_router
- https://registry.terraform.io/providers/PagerDuty/pagerduty/latest/docs/resources/event_orchestration_service
*/
/*
Event Orchestrations:
These are usually managed per team basis but can be done globally.
It should be noted that the rules within the Event Orchestrations obey a top down approach
i.e. the first rule is executed and will stop processing if there is a match, else
the remaining rules are processed in descending order.
The following user roles can create/edit/delete Event Orchestrations:
* User
* Admin
* Manager base roles and team roles. Manager team roles can create/edit/delete Event Orchestrations associated with their team.
* Global Admin
* Account Owner
*/
resource "pagerduty_event_orchestration" "support_eo" {
name = "Support: Ingest All Events"
team = pagerduty_team.support.id
}
resource "pagerduty_event_orchestration_router" "support_eo_router" {
event_orchestration = pagerduty_event_orchestration.support_eo.id
set {
id = "start"
/*
Support Event Orchestration Routing Example 1 and 2:
IF there is an incoming event with the support_eo routing key
AND payload.component = website
AND payload.severity = warning
THEN route alert to website service
*/
rule {
condition {
expression = "event.component matches 'website' and event.severity matches 'warning'"
}
actions {
route_to = pagerduty_service.example_application_website.id
}
}
/*
Support Event Orchestration Routing Example 3:
IF there is an incoming event with the global_eo routing key
AND payload.component matches Google RE2 Regex `(?-i)database`
AND payload.severity=critical
THEN route alert to database service
*/
rule {
condition {
expression = "event.component matches regex '(?-i)database' and event.severity matches 'critical'"
}
actions {
route_to = pagerduty_service.example_application_database.id
}
}
}
catch_all {
actions {
route_to = "unrouted"
}
}
}
resource "pagerduty_event_orchestration_service" "example_application_website_warning" {
service = pagerduty_service.example_application_website.id
enable_event_orchestration_for_service = true
set {
id = "start"
/*
Website Service Orchestration Rule Example 1:
IF there is an incoming event with the support_eo routing key
AND the current time is between 09:00 - 17:00 London, Monday to Friday
THEN create incident
AND update incident severity to "warning"
AND update incident priority to "P3"
AND update incident note
*/
rule {
condition {
expression = "(now in Mon,Tue,Wed,Thu,Fri 09:00:00 to 17:00:00 Europe/London)"
}
actions {
severity = "warning"
priority = data.pagerduty_priority.p3.id
annotate = "Routed via global rule: example_application_website_warning_0"
}
}
/*
Website Service Orchestration Rule Example 2:
IF there is an incoming event with the support_eo routing key
AND the event has not matched the previous Service Orchestration rule (out of hours)
THEN suppress alert (i.e. do not create incident)
*/
rule {
actions {
suppress = true
}
}
}
catch_all {
actions {}
}
}
resource "pagerduty_event_orchestration_service" "example_application_database_critical" {
service = pagerduty_service.example_application_database.id
enable_event_orchestration_for_service = true
set {
id = "start"
/*
Database Service Orchestration Rule Example 3:
IF there is an incoming event with the support_eo routing key
AND payload.severity=critical
THEN create incident
AND create template variable "Src" from payload.source
AND extract (.*) from payload.component to dedup_key
AND update incident summary to "Critical: Failure on Database {{Src}}" (containing temmplate variable)
AND update incident severity to "critical"
AND update incident priority to "P1"
AND update incident note
*/
rule {
condition {
expression = "event.severity matches 'critical'"
}
actions {
variable {
name = "Src"
path = "event.source"
value = "(.*)"
type = "regex"
}
extraction {
source = "event.component"
regex = "(.*)"
target = "event.custom_details.dedup_key"
}
extraction {
template = "Critical: Failure on Database {{variables.Src}}"
target = "event.summary"
}
severity = "critical"
priority = data.pagerduty_priority.p1.id
annotate = "Routed via global rule: example_application_database_critical"
}
}
}
catch_all {
actions {}
}
}