refs platform/board#4071: add SSL certificate expiration alert configuration

[FabrizioCafolla]

PR Type

Enhancement

---

Description

• Add SSL certificate expiration monitoring with configurable alert thresholds

• Support multiple threshold days (default 15 and 7 days) for early warnings

• Enable customizable notification channels and project-level configuration

• Integrate with Google Cloud Monitoring uptime check SSL metrics

---

Diagram Walkthrough

flowchart LR
  config["ssl_alert variable"] --> locals["Local variables processing"]
  locals --> alert["google_monitoring_alert_policy"]
  alert --> notify["Notification channels"]
  alert --> metric["SSL cert expiration metric"]

Loading

File Walkthrough

	Relevant files
Enhancement	ssl_alert.tf Add SSL certificate expiration alert resource                        ssl_alert.tf Create new Terraform resource for SSL certificate expiration alerts Configure alert policy with customizable threshold days using for_each Set up metric filter for uptime check SSL certificate expiration Define aggregation rules with 1200s alignment period and REDUCE_MEAN +37/-0
Configuration changes	variables.tf Define SSL alert configuration variable                                    variables.tf Add ssl_alert variable with configuration options for SSL monitoring Define optional parameters: enabled, project_id, notification settings, threshold_days Set default threshold days to [15, 7] for multi-level warnings Remove trailing whitespace from typesense variable block +13/-1
Documentation	CHANGELOG.md Update changelog for version 0.7.0 release                              CHANGELOG.md Add version 0.7.0 release entry with SSL alert feature Update version 0.6.0 date and comparison link Document new SSL certificate expiration alert configuration +8/-3      README.md Document SSL alert configuration in README                              README.md Add ssl_alert input variable documentation to inputs table Add google_monitoring_alert_policy.ssl_expiring_days to resources table Document configuration options and default values for SSL alerts +2/-0

---

[sparkfabrik-ai-bot]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Typo in variable The variable name is defined as user_label (singular) on line 164, but based on the pattern from other variables and the description mentioning 'user labels' (plural), it should likely be user_labels (plural). This is also how it's referenced in ssl_alert.tf line 33. user_label = optional(map(string), {}) Trailing whitespace Line 36 contains trailing whitespace after local.ssl_alert_project_id. This should be removed for code cleanliness. project = local.ssl_alert_project_id

[sparkfabrik-ai-bot]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Fix variable name inconsistency The variable name user_label is inconsistent with the plural form used in the code (user_labels in ssl_alert.tf line 33). This mismatch will cause the Terraform configuration to fail when trying to reference var.ssl_alert.user_labels. variables.tf [164] -user_label = optional(map(string), {}) +user_labels = optional(map(string), {}) Suggestion importance[1-10]: 10 __ Why: Critical bug: user_label in the variable definition (line 164) doesn't match user_labels used in ssl_alert.tf (line 33). This will cause Terraform to fail when referencing var.ssl_alert.user_labels.	High

[Copilot]

Pull request overview

This pull request adds SSL certificate expiration alert configuration to the Terraform Google Services Monitoring module. It enables monitoring of SSL certificates through Google Cloud Monitoring's uptime check metrics and provides customizable alert thresholds.

• Adds a new ssl_alert variable for configuring SSL certificate expiration alerts
• Implements alert policies that trigger when certificates are close to expiration
• Updates documentation to reflect the new monitoring capability

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.

File	Description
variables.tf	Adds ssl_alert variable definition with configuration options for SSL monitoring (enabled flag, project ID, notification settings, threshold days, and user labels)
ssl_alert.tf	Implements Google Monitoring alert policy resource that creates alerts based on configurable expiration thresholds using uptime check metrics
README.md	Documents the new ssl_alert input variable in the module's input reference table
CHANGELOG.md	Adds changelog entry for version 0.7.0 documenting the SSL certificate expiration alert feature

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[nbucci]

LGTM