config: Implement Hasura Actions for alertmanager get/set and creds/e…

…xporters (#373) (#461)

* config: Implement Hasura Actions for alertmanager get/set and creds/exporters (#373)

This should allow the UI to communicate with other things in the cluster, with Hasura/GraphQL acting as the common portal.

- Adds plumbing to Hasura for querying the config-api service, using a shared secret to authenticate Hasura to the service
- Implements calls for getting/setting the per-tenant alertmanager configuration in cortex
- Implements calls for validating credential/exporter configs

Signed-off-by: Nick Parker <nick@opstrace.com>

* controller: Sync graphql schema, update graphql/app to reflect added Hasura Actions

Signed-off-by: Nick Parker <nick@opstrace.com>

* config: Pass-through HTTP body (containing original errors) on error response

Signed-off-by: Nick Parker <nick@opstrace.com>

go/cmd/config/README.md

@@ -25,7 +25,8 @@ GRAPHQL_ENDPOINT=http://127.0.0.1:8080/v1/graphql \
 HASURA_GRAPHQL_ADMIN_SECRET=myadminsecret \
 ./config \
   --loglevel debug \
-  --listen "127.0.0.1:8989" \
+  --config "127.0.0.1:8989" \
+  --action "127.0.0.1:8990" \
   --disable-api-authn
 ```
 

go/cmd/config/actions/types.go

@@ -0,0 +1,90 @@
+// Copyright 2021 Opstrace, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package actions
+
+type GraphQLError struct {
+	Message string `json:"message"`
+}
+
+type ErrorType string
+
+const (
+	ServiceOfflineType   ErrorType = "SERVICE_OFFLINE"
+	ServiceErrorType     ErrorType = "SERVICE_ERROR"
+	ValidationFailedType ErrorType = "VALIDATION_FAILED"
+)
+
+type Alertmanager struct {
+	TenantID string  `json:"tenant_id"`
+	Config   *string `json:"config"`
+	Online   bool    `json:"online"`
+}
+
+type AlertmanagerUpdateResponse struct {
+	Success          bool       `json:"success"`
+	ErrorType        *ErrorType `json:"error_type"`
+	ErrorMessage     *string    `json:"error_message"`
+	ErrorRawResponse *string    `json:"error_raw_response"`
+}
+
+type ValidateOutput struct {
+	Success          bool       `json:"success"`
+	ErrorType        *ErrorType `json:"error_type"`
+	ErrorMessage     *string    `json:"error_message"`
+	ErrorRawResponse *string    `json:"error_raw_response"`
+}
+
+type AlertmanagerInput struct {
+	Config string `json:"config"`
+}
+
+type GetAlertmanagerArgs struct {
+	TenantID string `json:"tenant_id"`
+}
+
+type UpdateAlertmanagerArgs struct {
+	TenantID string             `json:"tenant_id"`
+	Input    *AlertmanagerInput `json:"input"`
+}
+
+type ValidateCredentialArgs struct {
+	TenantID string `json:"tenant_id"`
+	Content  string `json:"content"`
+}
+
+type ValidateExporterArgs struct {
+	TenantID string `json:"tenant_id"`
+	Content  string `json:"content"`
+}
+
+type GetAlertmanagerPayload struct {
+	SessionVariables map[string]interface{} `json:"session_variables"`
+	Input            GetAlertmanagerArgs    `json:"input"`
+}
+
+type UpdateAlertmanagerPayload struct {
+	SessionVariables map[string]interface{} `json:"session_variables"`
+	Input            UpdateAlertmanagerArgs `json:"input"`
+}
+
+type ValidateCredentialPayload struct {
+	SessionVariables map[string]interface{} `json:"session_variables"`
+	Input            ValidateCredentialArgs `json:"input"`
+}
+
+type ValidateExporterPayload struct {
+	SessionVariables map[string]interface{} `json:"session_variables"`
+	Input            ValidateExporterArgs   `json:"input"`
+}

go/cmd/config/actions/util.go

@@ -0,0 +1,54 @@
+// Copyright 2021 Opstrace, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package actions
+
+import (
+	"encoding/json"
+)
+
+type hasuraActionInfo struct {
+	Action hasuraActionName `json:"action"`
+}
+
+type hasuraActionName struct {
+	Name string `json:"name"`
+}
+
+// Extracts and returns the name of the action specified in the payload.
+func GetActionName(body []byte) (string, error) {
+	var actionInfo hasuraActionInfo
+	err := json.Unmarshal(body, &actionInfo)
+	if err != nil {
+		return "", err
+	}
+	return actionInfo.Action.Name, nil
+}
+
+func ValidateError(t ErrorType, message string, rawResponse string) ValidateOutput {
+	var messagePtr *string
+	if message != "" {
+		messagePtr = &message
+	}
+	var rawResponsePtr *string
+	if rawResponse != "" {
+		rawResponsePtr = &rawResponse
+	}
+	return ValidateOutput{
+		Success:          false,
+		ErrorType:        &t,
+		ErrorMessage:     messagePtr,
+		ErrorRawResponse: rawResponsePtr,
+	}
+}

go/cmd/config/types.go → go/cmd/config/config_types.go

@@ -34,6 +34,11 @@ var (
 	}
 )
 
+type AWSCredentialValue struct {
+	AwsAccessKeyID     string `json:"AWS_ACCESS_KEY_ID"`
+	AwsSecretAccessKey string `json:"AWS_SECRET_ACCESS_KEY"`
+}
+
 // Accepts and validates a credential YAML value for writing to graphql as JSON.
 func convertCredValue(credName string, credType string, credValue interface{}) (*graphql.Json, error) {
 	switch credType {