Merge pull request #1649 from pijiang3/master

Add Flashduty Alerter

Author: jertel

CHANGELOG.md

@@ -7,6 +7,7 @@
 - [MicrosoftPowerAutomate] Add support for 'ms_power_automate_webhook_url_from_field' option to dynamically select the webhook URL from the match. - [#1623](https://github.com/jertel/elastalert2/pull/1623) - @aizerin
 - Add Webex Incoming Webhook alerter - [#1635](https://github.com/jertel/elastalert2/pull/1635) - @dennis-trapp
 - Support jinja2 templates in `alertmanager_labels` and `alertmanager_annotations` - [#1642](https://github.com/jertel/elastalert2/pull/1642) - @tgxworld
+- Add Flashduty alerter - [#1649](https://github.com/jertel/elastalert2/pull/1649) - @pijiang3
 
 ## Other changes
 - Fix `schema.yaml` to support Kibana 8.17 - [#1631](https://github.com/jertel/elastalert2/pull/1631) - @vpiserchia

docs/source/alerts.rst

@@ -26,6 +26,7 @@ or
       - discord
       - email
       - exotel
+      - flashduty
       - gitter
       - googlechat
       - gelf
@@ -2618,3 +2619,39 @@ Example usage::
     - "yzj"
     yzj_token: "token"
 
+
+Flashduty
+~~~~~~~~~~~~~
+
+Flashduty alerter will send notification to a Flashduty application. The body of the notification formatted the same as with other alerters.
+
+Required:
+
+``flashduty_integration_key``:  Flashduty integration key.
+``flashduty_title``:  Alert title , no more than 512 characters, will be truncated if exceeded. Default to ``ElastAlert Alert``.
+``flashduty_event_status``:  Alert status. Can be ``Info``, ``Warning``, ``Critical``, ``Ok``. Defaults to ``Info``.
+
+
+Example usage::
+
+    alert_text: "**{0}** - ALERT on host {1}"
+    alert_text_args:
+      - name
+      - hostname
+    alert:
+      - flashduty
+    flashduty_integration_key: "xxx"
+    flashduty_title: "elastalert"
+    flashduty_event_status: "Warning"
+    flashduty_alert_key: "abc"
+    flashduty_description: "log error"
+    flashduty_check: "Too many occurrences of error logs"
+    flashduty_resource: "index_name"
+    flashduty_service: "service_name"
+    flashduty_metric: "The number of error logs is greater than 5"
+    flashduty_group: "sre"
+    flashduty_cluster: "k8s"
+    flashduty_app: "app"
+    flashduty_env: "dev"
+
+ Please refer to the parameter definition: https://docs.flashcat.cloud/en/flashduty/elastalert2-integration-guide

docs/source/elastalert.rst

@@ -39,6 +39,7 @@ Currently, we have support built in for these alert types:
 - Discord
 - Email
 - Exotel
+- Flashduty
 - Gitter
 - GoogleChat
 - Graylog GELF

elastalert/alerters/flashduty.py

@@ -0,0 +1,86 @@
+import json
+import warnings
+
+import requests
+from elastalert.alerts import Alerter, DateTimeEncoder
+from elastalert.util import EAException, elastalert_logger
+from requests import RequestException
+
+
+class FlashdutyAlerter(Alerter):
+    """Creates a Flashduty message for each alert"""
+
+    required_options = frozenset(["flashduty_integration_key"])
+
+    def __init__(self, rule):
+        super(FlashdutyAlerter, self).__init__(rule)
+        self.flashduty_integration_key = self.rule.get("flashduty_integration_key", None)
+        self.flashduty_title = self.rule.get("flashduty_title", "ElastAlert Alert")
+        self.flashduty_alert_key = self.rule.get("flashduty_alert_key", None)
+        self.flashduty_description = self.rule.get("flashduty_description", None)
+        self.flashduty_event_status = self.rule.get("flashduty_event_status", "Info")
+        self.flashduty_check = self.rule.get("flashduty_check", None)
+        self.flashduty_service = self.rule.get("flashduty_service", None)
+        self.flashduty_cluster = self.rule.get("flashduty_cluster", None)
+        self.flashduty_resource = self.rule.get("flashduty_resource", None)
+        self.flashduty_metric = self.rule.get("flashduty_metric", None)
+        self.flashduty_group = self.rule.get("flashduty_group", None)
+        self.flashduty_env = self.rule.get("flashduty_env", None)
+        self.flashduty_app = self.rule.get("flashduty_app", None)
+
+
+    def alert(self, matches):
+        body = self.create_alert_body(matches)
+
+        headers = {
+            "Content-Type": "application/json",
+        }
+
+        payload = {
+            "title": self.flashduty_title,
+            "description": self.flashduty_description,
+            "event_status": self.flashduty_event_status,
+            "alert_key": self.flashduty_alert_key,
+            "labels": {
+                "check": self.flashduty_check,
+                "service": self.flashduty_service,
+                "cluster": self.flashduty_cluster,
+                "resource": self.flashduty_resource,
+                "metric": self.flashduty_metric,
+                "group": self.flashduty_group,
+                "env": self.flashduty_env,
+                "app": self.flashduty_app,
+                "information": body,
+            }
+        }
+
+        try:
+            response = requests.post(
+                "https://api.flashcat.cloud/event/push/alert/standard?integration_key=" + self.flashduty_integration_key,
+                data=json.dumps(payload, cls=DateTimeEncoder),
+                headers=headers,
+            )
+            warnings.resetwarnings()
+            response.raise_for_status()
+        except RequestException as e:
+            raise EAException("Error posting to flashduty: %s" % e)
+
+        elastalert_logger.info("Trigger sent to flashduty")
+
+    def get_info(self):
+        return {
+            "type": "flashduty",
+            "flashduty_integration_key": self.flashduty_integration_key,
+            "flashduty_title": self.flashduty_title,
+            "flashduty_description": self.flashduty_description,
+            "flashduty_event_status": self.flashduty_event_status,
+            "flashduty_check": self.flashduty_check,
+            "flashduty_service": self.flashduty_service,
+            "flashduty_cluster": self.flashduty_cluster,
+            "flashduty_resource": self.flashduty_resource,
+            "flashduty_metric": self.flashduty_metric,
+            "flashduty_group": self.flashduty_group,
+            "flashduty_env": self.flashduty_env,
+            "flashduty_app": self.flashduty_app,
+            "flashduty_alert_key": self.flashduty_alert_key,
+        }

elastalert/loaders.py

@@ -8,6 +8,7 @@
 import jsonschema
 import yaml
 import yaml.scanner
+from elastalert.alerters.flashduty import FlashdutyAlerter
 from jinja2 import Environment
 from jinja2 import FileSystemLoader
 from jinja2 import Template
@@ -145,6 +146,7 @@ class RulesLoader(object):
         'indexer': IndexerAlerter,
         'matrixhookshot': MatrixHookshotAlerter,
         'yzj': YzjAlerter,
+        'flashduty': FlashdutyAlerter,
     }
 
     # A partial ordering of alert types. Relative order will be preserved in the resulting alerts list

elastalert/schema.yaml

@@ -917,3 +917,17 @@ properties:
   yzj_custom_loc: {type: string}
   yzj_proxy: {type: string}
 
+  ### Flashduty
+  flashduty_integration_key: {type: string}
+  flashduty_title: {type: string}
+  flashduty_description: {type: string}
+  flashduty_event_status: {type: string, enum: [Info, Warning, Critical, Ok]}
+  flashduty_alert_key: {type: string}
+  flashduty_check: {type: string}
+  flashduty_service: {type: string}
+  flashduty_cluster: {type: string}
+  flashduty_resource: {type: string}
+  flashduty_metric: {type: string}
+  flashduty_group: {type: string}
+  flashduty_env: {type: string}
+  flashduty_app: {type: string}

tests/alerters/flashduty_test.py

@@ -0,0 +1,148 @@
+import json
+import logging
+from unittest import mock
+
+import pytest
+from requests import RequestException
+
+from elastalert.alerters.flashduty import FlashdutyAlerter
+from elastalert.loaders import FileRulesLoader
+from elastalert.util import EAException
+
+
+def test_flashduty_alert(caplog):
+    caplog.set_level(logging.INFO)
+    rule = {
+        'name': 'Test Flashduty Rule',
+        'type': 'any',
+        'flashduty_integration_key': 'xxx',
+        'flashduty_title': 'Test Alert',
+        'flashduty_description': 'Test Description',
+        'flashduty_event_status': 'Info',
+        'flashduty_alert_key': 'test-alert',
+        'flashduty_check': 'test-check',
+        'flashduty_service': 'test-service',
+        'flashduty_cluster': 'test-cluster',
+        'flashduty_resource': 'test-resource',
+        'flashduty_metric': 'test-metric',
+        'flashduty_group': 'test-group',
+        'flashduty_env': 'test-env',
+        'flashduty_app': 'test-app',
+        'alert': [],
+    }
+    rules_loader = FileRulesLoader({})
+    rules_loader.load_modules(rule)
+    alert = FlashdutyAlerter(rule)
+    match = {
+        '@timestamp': '2025-03-20T00:00:00',
+        'somefield': 'foobar'
+    }
+
+    with mock.patch('requests.post') as mock_post_request:
+        alert.alert([match])
+
+    expected_data = {
+        'title': 'Test Alert',
+        'description': 'Test Description',
+        'event_status': 'Info',
+        'alert_key': 'test-alert',
+        'labels': {
+            'check': 'test-check',
+            'service': 'test-service',
+            'cluster': 'test-cluster',
+            'resource': 'test-resource',
+            'metric': 'test-metric',
+            'group': 'test-group',
+            'env': 'test-env',
+            'app': 'test-app',
+            'information': 'Test Flashduty Rule\n\n@timestamp: 2025-03-20T00:00:00\nsomefield: foobar\n'
+        }
+    }
+
+    mock_post_request.assert_called_once_with(
+        'https://api.flashcat.cloud/event/push/alert/standard?integration_key=' + rule['flashduty_integration_key'],
+        data=mock.ANY,
+        headers={'Content-Type': 'application/json'}
+    )
+
+    actual_data = json.loads(mock_post_request.call_args_list[0][1]['data'])
+    assert expected_data == actual_data
+    assert ('elastalert', logging.INFO, 'Trigger sent to flashduty') == caplog.record_tuples[0]
+
+
+def test_flashduty_ea_exception():
+    rule = {
+        'name': 'Test Flashduty Rule',
+        'type': 'any',
+        'flashduty_integration_key': 'xxx',
+        'alert': [],
+    }
+    rules_loader = FileRulesLoader({})
+    rules_loader.load_modules(rule)
+    alert = FlashdutyAlerter(rule)
+    match = {
+        '@timestamp': '2025-03-20T00:00:00',
+        'somefield': 'foobar'
+    }
+    mock_run = mock.MagicMock(side_effect=RequestException)
+    with mock.patch('requests.post', mock_run):
+        with pytest.raises(EAException) as ea:
+            alert.alert([match])
+    assert 'Error posting to flashduty: ' in str(ea)
+
+
+def test_flashduty_getinfo():
+    rule = {
+        'name': 'Test Flashduty Rule',
+        'type': 'any',
+        'flashduty_integration_key': 'xxx',
+        'flashduty_title': 'Test Alert',
+        'flashduty_description': 'Test Description',
+        'flashduty_event_status': 'Info',
+        'flashduty_alert_key': 'test-alert',
+        'flashduty_check': 'test-check',
+        'flashduty_service': 'test-service',
+        'flashduty_cluster': 'test-cluster',
+        'flashduty_resource': 'test-resource',
+        'flashduty_metric': 'test-metric',
+        'flashduty_group': 'test-group',
+        'flashduty_env': 'test-env',
+        'flashduty_app': 'test-app',
+        'alert': [],
+    }
+    rules_loader = FileRulesLoader({})
+    rules_loader.load_modules(rule)
+    alert = FlashdutyAlerter(rule)
+
+    expected_data = {
+        'type': 'flashduty',
+        'flashduty_integration_key': 'xxx',
+        'flashduty_title': 'Test Alert',
+        'flashduty_description': 'Test Description',
+        'flashduty_event_status': 'Info',
+        'flashduty_alert_key': 'test-alert',
+        'flashduty_check': 'test-check',
+        'flashduty_service': 'test-service',
+        'flashduty_cluster': 'test-cluster',
+        'flashduty_resource': 'test-resource',
+        'flashduty_metric': 'test-metric',
+        'flashduty_group': 'test-group',
+        'flashduty_env': 'test-env',
+        'flashduty_app': 'test-app'
+    }
+    actual_data = alert.get_info()
+    assert expected_data == actual_data
+
+
+def test_flashduty_required_error():
+    try:
+        rule = {
+            'name': 'Test Flashduty Rule',
+            'type': 'any',
+            'alert': [],
+        }
+        rules_loader = FileRulesLoader({})
+        rules_loader.load_modules(rule)
+        FlashdutyAlerter(rule)
+    except Exception as ea:
+        assert 'Missing required option(s): flashduty_integration_key' in str(ea)