annotate mod_pubsub_alertmanager/mod_pubsub_alertmanager.lua @ 5298:12f7d8b901e0

mod_audit: Support for adding location (GeoIP) to audit events This can be more privacy-friendly than logging full IP addresses, and also more informative to a user - IP addresses don't mean much to the average person, however if they see activity from outside their expected country, they can immediately identify suspicious activity. As with IPs, this field is configurable for deployments that would like to disable it. Location is also not logged when the geoip library is not available.
author Matthew Wild <mwild1@gmail.com>
date Sat, 01 Apr 2023 13:11:53 +0100
parents adda872fa9e1
children 67190744b1eb
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1619
43c54a27bab2 mod_pubsub_post: Module to publish to pubsub nodes from a simple HTTP POST
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 local st = require "util.stanza";
43c54a27bab2 mod_pubsub_post: Module to publish to pubsub nodes from a simple HTTP POST
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 local json = require "util.json";
4625
f7e26c43a9bc mod_pubsub_alertmanager: Add TODOs
Kim Alvefur <zash@zash.se>
parents: 4621
diff changeset
3 local filters = { --[[ TODO what's useful? ]] };
4619
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
4 local render = require "util.interpolation".new("%b{}", tostring, filters);
1619
43c54a27bab2 mod_pubsub_post: Module to publish to pubsub nodes from a simple HTTP POST
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 local uuid_generate = require "util.uuid".generate;
4618
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
6
4625
f7e26c43a9bc mod_pubsub_alertmanager: Add TODOs
Kim Alvefur <zash@zash.se>
parents: 4621
diff changeset
7 -- TODO alertmanager supports inclusion of HTTP auth and OAuth, worth looking
f7e26c43a9bc mod_pubsub_alertmanager: Add TODOs
Kim Alvefur <zash@zash.se>
parents: 4621
diff changeset
8 -- into for using instead of request IP
f7e26c43a9bc mod_pubsub_alertmanager: Add TODOs
Kim Alvefur <zash@zash.se>
parents: 4621
diff changeset
9
4618
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
10 module:depends("http");
1619
43c54a27bab2 mod_pubsub_post: Module to publish to pubsub nodes from a simple HTTP POST
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11
43c54a27bab2 mod_pubsub_post: Module to publish to pubsub nodes from a simple HTTP POST
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 local pubsub_service = module:depends("pubsub").service;
43c54a27bab2 mod_pubsub_post: Module to publish to pubsub nodes from a simple HTTP POST
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13
3014
72dbc9b66de8 mod_pubsub_post: Change to support arbitrary XML payloads
Kim Alvefur <zash@zash.se>
parents: 3013
diff changeset
14 local error_mapping = {
72dbc9b66de8 mod_pubsub_post: Change to support arbitrary XML payloads
Kim Alvefur <zash@zash.se>
parents: 3013
diff changeset
15 ["forbidden"] = 403;
72dbc9b66de8 mod_pubsub_post: Change to support arbitrary XML payloads
Kim Alvefur <zash@zash.se>
parents: 3013
diff changeset
16 ["item-not-found"] = 404;
72dbc9b66de8 mod_pubsub_post: Change to support arbitrary XML payloads
Kim Alvefur <zash@zash.se>
parents: 3013
diff changeset
17 ["internal-server-error"] = 500;
72dbc9b66de8 mod_pubsub_post: Change to support arbitrary XML payloads
Kim Alvefur <zash@zash.se>
parents: 3013
diff changeset
18 ["conflict"] = 409;
72dbc9b66de8 mod_pubsub_post: Change to support arbitrary XML payloads
Kim Alvefur <zash@zash.se>
parents: 3013
diff changeset
19 };
72dbc9b66de8 mod_pubsub_post: Change to support arbitrary XML payloads
Kim Alvefur <zash@zash.se>
parents: 3013
diff changeset
20
3017
8e48c0b233e0 mod_pubsub_post: Factor out the 'actor' into an argument
Kim Alvefur <zash@zash.se>
parents: 3016
diff changeset
21 local function publish_payload(node, actor, item_id, payload)
3014
72dbc9b66de8 mod_pubsub_post: Change to support arbitrary XML payloads
Kim Alvefur <zash@zash.se>
parents: 3013
diff changeset
22 local post_item = st.stanza("item", { xmlns = "http://jabber.org/protocol/pubsub", id = item_id, })
72dbc9b66de8 mod_pubsub_post: Change to support arbitrary XML payloads
Kim Alvefur <zash@zash.se>
parents: 3013
diff changeset
23 :add_child(payload);
3017
8e48c0b233e0 mod_pubsub_post: Factor out the 'actor' into an argument
Kim Alvefur <zash@zash.se>
parents: 3016
diff changeset
24 local ok, err = pubsub_service:publish(node, actor, item_id, post_item);
3014
72dbc9b66de8 mod_pubsub_post: Change to support arbitrary XML payloads
Kim Alvefur <zash@zash.se>
parents: 3013
diff changeset
25 module:log("debug", ":publish(%q, true, %q, %s) -> %q", node, item_id, payload:top_tag(), err or "");
72dbc9b66de8 mod_pubsub_post: Change to support arbitrary XML payloads
Kim Alvefur <zash@zash.se>
parents: 3013
diff changeset
26 if not ok then
72dbc9b66de8 mod_pubsub_post: Change to support arbitrary XML payloads
Kim Alvefur <zash@zash.se>
parents: 3013
diff changeset
27 return error_mapping[err] or 500;
72dbc9b66de8 mod_pubsub_post: Change to support arbitrary XML payloads
Kim Alvefur <zash@zash.se>
parents: 3013
diff changeset
28 end
72dbc9b66de8 mod_pubsub_post: Change to support arbitrary XML payloads
Kim Alvefur <zash@zash.se>
parents: 3013
diff changeset
29 return 202;
72dbc9b66de8 mod_pubsub_post: Change to support arbitrary XML payloads
Kim Alvefur <zash@zash.se>
parents: 3013
diff changeset
30 end
1619
43c54a27bab2 mod_pubsub_post: Module to publish to pubsub nodes from a simple HTTP POST
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31
4621
ebc2c099a11b mod_pubsub_alertmanager: Allow templating the pubsub node to publish to
Kim Alvefur <zash@zash.se>
parents: 4620
diff changeset
32 local node_template = module:get_option_string("alertmanager_node_template", "{path?alerts}");
ebc2c099a11b mod_pubsub_alertmanager: Allow templating the pubsub node to publish to
Kim Alvefur <zash@zash.se>
parents: 4620
diff changeset
33
3014
72dbc9b66de8 mod_pubsub_post: Change to support arbitrary XML payloads
Kim Alvefur <zash@zash.se>
parents: 3013
diff changeset
34 function handle_POST(event, path)
72dbc9b66de8 mod_pubsub_post: Change to support arbitrary XML payloads
Kim Alvefur <zash@zash.se>
parents: 3013
diff changeset
35 local request = event.request;
72dbc9b66de8 mod_pubsub_post: Change to support arbitrary XML payloads
Kim Alvefur <zash@zash.se>
parents: 3013
diff changeset
36
4618
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
37 local payload = json.decode(event.request.body);
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
38 if type(payload) ~= "table" then return 400; end
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
39 if payload.version ~= "4" then return 501; end
3501
1df139b157fb mod_pubsub_post: Add support for WebSub authentication
Kim Alvefur <zash@zash.se>
parents: 3255
diff changeset
40
4618
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
41 for _, alert in ipairs(payload.alerts) do
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
42 local item = st.stanza("alerts", {xmlns = "urn:uuid:e3bec775-c607-4e9b-9a3f-94de1316d861:v4", status=alert.status});
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
43 for k, v in pairs(alert.annotations) do
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
44 item:text_tag("annotation", v, { name=k });
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
45 end
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
46 for k, v in pairs(alert.labels) do
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
47 item:text_tag("label", v, { name=k });
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
48 end
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
49 item:tag("starts", { at = alert.startsAt}):up();
4626
285efde5e8a5 mod_pubsub_alertmanager: Exclude "ends at" timestamp for unresolved alerts
Kim Alvefur <zash@zash.se>
parents: 4625
diff changeset
50 if alert.endsAt and alert.status == "resolved" then
4618
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
51 item:tag("ends", { at = alert.endsAt }):up();
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
52 end
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
53 if alert.generatorURL then
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
54 item:tag("link", { href=alert.generatorURL }):up();
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
55 end
3255
64d1dfbd1740 mod_pubsub_post: Ensure actor is non-nil (catch inability to determine IP or simliar)
Kim Alvefur <zash@zash.se>
parents: 3254
diff changeset
56
4621
ebc2c099a11b mod_pubsub_alertmanager: Allow templating the pubsub node to publish to
Kim Alvefur <zash@zash.se>
parents: 4620
diff changeset
57 local node = render(node_template, {alert = alert, path = path, payload = payload, request = request});
ebc2c099a11b mod_pubsub_alertmanager: Allow templating the pubsub node to publish to
Kim Alvefur <zash@zash.se>
parents: 4620
diff changeset
58 local ret = publish_payload(node, request.ip, uuid_generate(), item);
4618
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
59 if ret ~= 202 then
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
60 return ret
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
61 end
3014
72dbc9b66de8 mod_pubsub_post: Change to support arbitrary XML payloads
Kim Alvefur <zash@zash.se>
parents: 3013
diff changeset
62 end
4618
48132b6e1b16 mod_pubsub_alertmanager: Publish Alertmanager alerts into pubsub
Kim Alvefur <zash@zash.se>
parents: 4552
diff changeset
63 return 202;
1619
43c54a27bab2 mod_pubsub_post: Module to publish to pubsub nodes from a simple HTTP POST
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64 end
43c54a27bab2 mod_pubsub_post: Module to publish to pubsub nodes from a simple HTTP POST
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65
4620
9b253cce7d88 mod_pubsub_alertmanager: Allow configuring template for <body> rendering
Kim Alvefur <zash@zash.se>
parents: 4619
diff changeset
66 local template = module:get_option_string("alertmanager_body_template", [[
4619
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
67 *ALARM!*
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
68 Status: {status}
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
69 Starts at: {startsAt}{endsAt&
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
70 Ends at: {endsAt}}
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
71 Labels: {labels%
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
72 {idx}: {item}}
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
73 Annotations: {annotations%
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
74 {idx}: {item}}
4620
9b253cce7d88 mod_pubsub_alertmanager: Allow configuring template for <body> rendering
Kim Alvefur <zash@zash.se>
parents: 4619
diff changeset
75 ]]);
4619
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
76
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
77 module:hook("pubsub-summary/urn:uuid:e3bec775-c607-4e9b-9a3f-94de1316d861:v4", function(event)
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
78 local payload = event.payload;
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
79
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
80 local data = {
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
81 status = payload.attr.status,
4627
adda872fa9e1 mod_pubsub_alertmanager: Include status booleans in template input
Kim Alvefur <zash@zash.se>
parents: 4626
diff changeset
82 firing = "firing" == payload.attr.status,
adda872fa9e1 mod_pubsub_alertmanager: Include status booleans in template input
Kim Alvefur <zash@zash.se>
parents: 4626
diff changeset
83 resolved = "resolved" == payload.attr.status,
4619
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
84 annotations = {},
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
85 labels = {},
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
86 endsAt = payload:find("ends/@at"),
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
87 startsAt = payload:find("starts/@at"),
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
88 };
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
89 for label in payload:childtags("label") do
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
90 data.labels[tostring(label.attr.name)] = label:get_text();
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
91 end
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
92 for annotation in payload:childtags("annotation") do
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
93 data.annotations[tostring(annotation.attr.name)] = annotation:get_text();
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
94 end
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
95
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
96 return render(template, data);
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
97 end);
b11001bd915d mod_pubsub_alertmanager: Add a plain text summary
Kim Alvefur <zash@zash.se>
parents: 4618
diff changeset
98
1619
43c54a27bab2 mod_pubsub_post: Module to publish to pubsub nodes from a simple HTTP POST
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
99 module:provides("http", {
43c54a27bab2 mod_pubsub_post: Module to publish to pubsub nodes from a simple HTTP POST
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
100 route = {
43c54a27bab2 mod_pubsub_post: Module to publish to pubsub nodes from a simple HTTP POST
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
101 ["POST /*"] = handle_POST;
4621
ebc2c099a11b mod_pubsub_alertmanager: Allow templating the pubsub node to publish to
Kim Alvefur <zash@zash.se>
parents: 4620
diff changeset
102 ["POST"] = handle_POST;
1619
43c54a27bab2 mod_pubsub_post: Module to publish to pubsub nodes from a simple HTTP POST
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
103 };
43c54a27bab2 mod_pubsub_post: Module to publish to pubsub nodes from a simple HTTP POST
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
104 });