Parse notifier configs without creation of notifiers

[yuri-tceretian]

In Grafana Alertmanager configuration we have very complex API models that are usually a combination of upstream configurations and our custom fields. Those models are propagated everywhere in the code deep down to the notification-building logic where it is parsed and converted to Notifier. In order to validate the configuration in API handlers we have to access the notifiers factory and stub many fields because that factory requires many services.

For example,
https://github.com/grafana/grafana/blob/f066e8cdcd178b783d0c62959bea593d3c0c30b0/pkg/services/ngalert/api/tooling/definitions/provisioning_contactpoints.go#L105-L128

This PR creates an intermediate layer that parses, decrypts secrets and validates settings of all notifiers in a single receiver, and returns either a valid configuration or error. A new method ValidateAPIReceiver accepts only parameters that are required for performing this task.

A new struct GrafanaReceiverTyped resembles the receiver configuration from the upstream
https://github.com/prometheus/alertmanager/blob/fe1b045c00204dc47a0f63728b6162e9d5cf9b5e/config/config.go#L883-L899 However, due to additional information that Grafana notifier hold (uid, type, name) I had to add a generic wrapper NotifierConfig

This will help make validation code in API much clear and reduce the scope of raw settings.

Based on #61

The new config struct looks like the upstream Alertmanager's

// GrafanaReceiverTyped represents a parsed and validated APIReceiver
type GrafanaReceiverTyped struct {
	Name                string
	AlertmanagerConfigs []*NotifierConfig[alertmanager.Config]
	DingdingConfigs     []*NotifierConfig[dinding.Config]
	DiscordConfigs      []*NotifierConfig[discord.Config]
	EmailConfigs        []*NotifierConfig[email.Config]
	GooglechatConfigs   []*NotifierConfig[googlechat.Config]
	KafkaConfigs        []*NotifierConfig[kafka.Config]
	LineConfigs         []*NotifierConfig[line.Config]
	OpsgenieConfigs     []*NotifierConfig[opsgenie.Config]
	PagerdutyConfigs    []*NotifierConfig[pagerduty.Config]
	PushoverConfigs     []*NotifierConfig[pushover.Config]
	SensugoConfigs      []*NotifierConfig[sensugo.Config]
	SlackConfigs        []*NotifierConfig[slack.Config]
	TeamsConfigs        []*NotifierConfig[teams.Config]
	TelegramConfigs     []*NotifierConfig[telegram.Config]
	ThreemaConfigs      []*NotifierConfig[threema.Config]
	VictoropsConfigs    []*NotifierConfig[victorops.Config]
	WebhookConfigs      []*NotifierConfig[webhook.Config]
	WecomConfigs        []*NotifierConfig[wecom.Config]
	WebexConfigs        []*NotifierConfig[webex.Config]
}

[yuri-tceretian]

temporary, this will go away in #63

[yuri-tceretian]

This struct will replace NotificationChannelConfig in #63

[yuri-tceretian]

this is a utility func to propagate errors in the case of validation failure.

[yuri-tceretian]

I think it should be called GrafanaReceiver.. but that name is already taken. Probably it makes sense to rename that to GrafanaNotifierSettings and this to GrafanaReceiverConfiguration

[gotjosh]

Remind me again how is this going to be used that will benefit from generics?

[yuri-tceretian]

That is a way to have Metadata for all notifier configs

[yuri-tceretian]

this will actually help move forward with refactoring in Grafana because we have to do conversions back and forth for that field.

[gotjosh]

Overall LGTM and I find this is a net positive, but please see my comments.

[gotjosh]

nit:

I'd like to move away from these nested functions, they make this part of the code really hard to read.

Why not just make this a separate function, even better why not embrace the pointer to structs here all of this a function that's part of APIReceiver. I don't really understand the relationship between these struct at all.

The code as written appears to take a functional approach - which even though is well intended I personally find it highly un-idiomatic.

For example, in this function the main actor is:

	for _, receiver := range api.Receivers {
		err := parseConfig(receiver)
		if err != nil {
			return GrafanaReceiverTyped{}, &ReceiverValidationError{
				Cfg: receiver,
				Err: err,
			}
		}
	}

Yet, I'm presented with parseConfig first which forces to me read this wall before I even begin to understand what I'm doing as part of this function.

A good example of the use of inline functions is when you care about concurrency and sending that execution to a goroutine - this is not any of that.

[gotjosh]

nit: I'd re-structure this function.

Generally, functions tend to do four main things: Collecting input, handling failure, doing work and delivering results.

I'd stick to that order when possible.

In addition to that, the name of ValidateAPIReceiver is highly misleading - we're way past the name of validation. I suggest BuildReceiverIntegrations.

[gotjosh]

With the above, my suggestion is:

var ErrorAPIReceiverValidation = func(receiver *GrafanaReceiver, err error) error {
	return &ReceiverValidationError{
		Cfg: receiver,
		Err: fmt.Errorf("failed to parse notifier %s (UID: %s): %w", receiver.Name, receiver.UID, err),
	}
}

// ValidateAPIReceiver parses, decrypts and validates the APIReceiver. GrafanaReceiverTyped that contains configurations of all notifiers configurations for this receiver
func ValidateAPIReceiver(ctx context.Context, api *APIReceiver, decrypt receivers.GetDecryptedValueFn) (GrafanaReceiverTyped, error) {
	result := GrafanaReceiverTyped{
		Name: api.Name,
	}

	for _, receiver := range api.Receivers {
		// First, decode the secure receiver integrations settings.
		secureSettings, err := decodeSecretsFromBase64(receiver.SecureSettings)
		if err != nil {
			return GrafanaReceiverTyped{}, ErrorAPIReceiverValidation(receiver, err)
		}

		// Then, create the decryption function that's common for all integrations of this receiver.
		decryptFn := func(key, fallback string) string {
			return decrypt(ctx, secureSettings, key, fallback)
		}

		// Finally, parse the receiver configuration.
		err = parseReceiver(&result, receiver, decryptFn)
		if err != nil {
			return GrafanaReceiverTyped{}, ErrorAPIReceiverValidation(receiver, err)
		}
	}

	return result, nil
}

[gotjosh]

Suggested change

	// secure settings are already encrypted at this point
	// Secure settings are already encrypted at this point.

[gotjosh]

If secure settings are already encoded at this point - why do we need to have a decrypt function passed over? Should we call the function noopDecryptFn instead then?

[yuri-tceretian]

this is a copy from another place as is. I did not add anything here

https://github.com/grafana/grafana/blob/f066e8cdcd178b783d0c62959bea593d3c0c30b0/pkg/services/ngalert/notifier/alertmanager.go#L345-L346

[gotjosh]

Suggested change

	s := fmt.Sprintf("failed to validate receiver %sof type %q: %s", name, e.Cfg.Type, e.Err.Error())
	s := fmt.Sprintf("failed to validate notifier %sof type %q: %s", name, e.Cfg.Type, e.Err.Error())

[gotjosh]

Other errors seem to use notifier instead?

[yuri-tceretian]

I think that is expected because this error is returned by ValidateReceiver method... not a particular notifier.

[gotjosh]

Remind me again how is this going to be used that will benefit from generics?

[gotjosh]

LGTM

[gotjosh]

Suggested change

	// BuildReceiverConfiguration parses, decrypts and validates the APIReceiver. GrafanaReceiverConfig that contains configurations of all notifiers configurations for this receiver
	// BuildReceiverConfiguration parses, decrypts and validates the APIReceiver.

[gotjosh]

Suggested change

	// parseNotifier parses receivers and populates corresponding field in GrafanaReceiverConfig. Returns error if configuration cannot be parsed
	// parseNotifier parses receivers and populates the corresponding field in GrafanaReceiverConfig. Returns an error if the configuration cannot be parsed.

[gotjosh]

Suggested change

	// FullValidConfigForTesting a string representation of JSON object that contains all fields supported by the notifier Config. Can be used without secrets
	// FullValidConfigForTesting is a string representation of JSON object that contains all fields supported by the notifier Config. It can be used without secrets.

[gotjosh]

The same applies to every other instance of this comment.

[gotjosh]

Suggested change

	// FullValidSecretsForTesting is a string representation of JSON object that contains all fields that can be overridden from secrets
	// FullValidSecretsForTesting is a string representation of a JSON object that contains all fields that can be overridden from secrets.

[gotjosh]

The same applies to every other instance of this comment.