github.com/tigera/api@v0.0.0-20240320170621-278e89a8c5fb/pkg/apis/projectcalico/v3/globalalert.go

github.com/tigera/api@v0.0.0-20240320170621-278e89a8c5fb/pkg/apis/projectcalico/v3/globalalert.go (about)

     1  // Copyright (c) 2019,2021 Tigera, Inc. All rights reserved.
     2  
     3  package v3
     4  
     5  import (
     6  	"encoding/json"
     7  	"time"
     8  
     9  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    10  )
    11  
    12  const (
    13  	KindGlobalAlert     = "GlobalAlert"
    14  	KindGlobalAlertList = "GlobalAlertList"
    15  
    16  	GlobalAlertDataSetAudit         = "audit"
    17  	GlobalAlertDataSetDNS           = "dns"
    18  	GlobalAlertDataSetFlows         = "flows"
    19  	GlobalAlertDataSetL7            = "l7"
    20  	GlobalAlertDataSetWAF           = "waf"
    21  	GlobalAlertDataSetVulnerability = "vulnerability"
    22  
    23  	GlobalAlertMetricAvg   = "avg"
    24  	GlobalAlertMetricMax   = "max"
    25  	GlobalAlertMetrixMin   = "min"
    26  	GlobalAlertMetricSum   = "sum"
    27  	GlobalAlertMetricCount = "count"
    28  
    29  	GlobalAlertMinPeriod   = time.Minute
    30  	GlobalAlertMinLookback = GlobalAlertMinPeriod
    31  )
    32  
    33  // +genclient
    34  // +genclient:nonNamespaced
    35  // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
    36  
    37  type GlobalAlert struct {
    38  	metav1.TypeMeta `json:",inline"`
    39  	// Standard object's metadata.
    40  	metav1.ObjectMeta `json:"metadata,omitempty"`
    41  	// Specification of the GlobalAlert.
    42  	Spec   GlobalAlertSpec   `json:"spec,omitempty"`
    43  	Status GlobalAlertStatus `json:"status,omitempty"`
    44  }
    45  
    46  type GlobalAlertSpec struct {
    47  	// Type will dictate how the fields of the GlobalAlert will be utilized.
    48  	// Each Type will have different usages and defaults for the fields. [Default: RuleBased]
    49  	Type GlobalAlertType `json:"type,omitempty" validate:"omitempty,globalAlertType"`
    50  	// Template for the description field in generated events, description is used if this is omitted.
    51  	Summary string `json:"summary,omitempty" validate:"omitempty"`
    52  	// Human-readable description of the template.
    53  	Description string `json:"description" validate:"required"`
    54  	// Severity of the alert for display in Manager.
    55  	Severity int `json:"severity" validate:"required,min=1,max=100"`
    56  	// If Type is RuleBased, it is how often the query defined will run.
    57  	// If Type is AnomalyDetection it is how often the detector will be run.
    58  	Period *metav1.Duration `json:"period,omitempty" validate:"omitempty"`
    59  	// How much data to gather at once.
    60  	// If Type is RuleBased, it must exceed audit log flush interval, dnsLogsFlushInterval, or flowLogsFlushInterval as appropriate.
    61  	Lookback *metav1.Duration `json:"lookback,omitempty" validate:"omitempty"`
    62  	// DataSet determines which dataset type the Query will use.
    63  	// Required and used only if Type is RuleBased.
    64  	DataSet string `json:"dataSet,omitempty" validate:"omitempty,oneof=flows dns audit l7 waf vulnerability"`
    65  	// Which data to include from the source data set. Written in a domain-specific query language. Only used if Type is RuleBased.
    66  	Query string `json:"query,omitempty" validate:"omitempty"`
    67  	// An optional list of fields to aggregate results.
    68  	// Only used if Type is RuleBased.
    69  	AggregateBy []string `json:"aggregateBy,omitempty" validate:"omitempty"`
    70  	// Which field to aggregate results by if using a metric other than count.
    71  	// Only used if Type is RuleBased.
    72  	Field string `json:"field,omitempty" validate:"omitempty"`
    73  	// A metric to apply to aggregated results. count is the number of log entries matching the aggregation pattern.
    74  	// Others are applied only to numeric fields in the logs.
    75  	// Only used if Type is RuleBased.
    76  	Metric string `json:"metric,omitempty" validate:"omitempty,oneof=avg max min sum count"`
    77  	// Compare the value of the metric to the threshold using this condition.
    78  	// Only used if Type is RuleBased.
    79  	Condition string `json:"condition,omitempty" validate:"omitempty,oneof=eq not_eq gt gte lt lte"`
    80  	// A numeric value to compare the value of the metric against.
    81  	// Only used if Type is RuleBased.
    82  	Threshold float64 `json:"threshold,omitempty" validate:"omitempty"`
    83  	// An optional list of values to replace variable names in query.
    84  	// Only used if Type is RuleBased.
    85  	Substitutions []GlobalAlertSubstitution `json:"substitutions,omitempty" validate:"omitempty"`
    86  	// Parameters for configuring an AnomalyDetection run.
    87  	// Only used if Type is AnomalyDetection.
    88  	Detector *DetectorParams `json:"detector,omitempty" validate:"omitempty"`
    89  }
    90  
    91  type GlobalAlertType string
    92  
    93  const (
    94  	GlobalAlertTypeRuleBased        GlobalAlertType = "RuleBased"
    95  	GlobalAlertTypeAnomalyDetection GlobalAlertType = "AnomalyDetection"
    96  )
    97  
    98  func (t *GlobalAlertType) UnmarshalJSON(b []byte) error {
    99  	var s string
   100  	if err := json.Unmarshal(b, &s); err != nil {
   101  		return err
   102  	}
   103  	if s == "" {
   104  		*t = GlobalAlertTypeRuleBased
   105  	} else {
   106  		*t = GlobalAlertType(s)
   107  	}
   108  	return nil
   109  }
   110  
   111  type GlobalAlertStatus struct {
   112  	LastUpdate      *metav1.Time     `json:"lastUpdate,omitempty"`
   113  	Active          bool             `json:"active"`
   114  	Healthy         bool             `json:"healthy"`
   115  	LastExecuted    *metav1.Time     `json:"lastExecuted,omitempty"`
   116  	LastEvent       *metav1.Time     `json:"lastEvent,omitempty"`
   117  	ErrorConditions []ErrorCondition `json:"errorConditions,omitempty"`
   118  }
   119  
   120  type DetectorParams struct {
   121  	// Name specifies the AnomalyDetection Detector to run.
   122  	Name string `json:"name"`
   123  }
   124  
   125  // +genclient:nonNamespaced
   126  // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
   127  
   128  // GlobalAlertList contains a list of GlobalAlert resources.
   129  type GlobalAlertList struct {
   130  	metav1.TypeMeta `json:",inline"`
   131  	metav1.ListMeta `json:"metadata"`
   132  	Items           []GlobalAlert `json:"items"`
   133  }
   134  
   135  // GlobalAlertSubstitution substitutes for the variables in the set operators of a Query.
   136  type GlobalAlertSubstitution struct {
   137  	Name   string   `json:"name" validate:"required"`
   138  	Values []string `json:"values,omitempty"`
   139  }
   140  
   141  // NewGlobalAlert creates a new (zeroed) GlobalAlert struct with the TypeMetadata
   142  // initialized to the current version.
   143  func NewGlobalAlert() *GlobalAlert {
   144  	return &GlobalAlert{
   145  		TypeMeta: metav1.TypeMeta{
   146  			Kind:       KindGlobalAlert,
   147  			APIVersion: GroupVersionCurrent,
   148  		},
   149  	}
   150  }
   151  
   152  // NewGlobalAlertList creates a new (zeroed) GlobalAlertList struct with the TypeMetadata
   153  // initialized to the current version.
   154  func NewGlobalAlertList() *GlobalAlertList {
   155  	return &GlobalAlertList{
   156  		TypeMeta: metav1.TypeMeta{
   157  			Kind:       KindGlobalAlertList,
   158  			APIVersion: GroupVersionCurrent,
   159  		},
   160  	}
   161  }