Parent: #208
Summary
Make the Grafana Alloy Pulumi resource conditionally include the control room remote_write block based on whether control_room_domain is configured. Today it's hardcoded and produces invalid config when the domain is empty.
Context
grafana_alloy.py has three coupling points to the control room:
- Line 522: constructs
control_room_url from control_room_domain — produces invalid https://mimir./api/v1/push if empty
- Lines 693-707: always generates the
prometheus.remote_write "control_room" block
- Lines 681-684:
forward_to always includes control_room.receiver
The Python WorkloadConfig in __init__.py and workload.py already defaults control_room_* fields to empty string, but no downstream code checks for empty before using them.
The Alloy config is cloud-agnostic — the same prometheus.remote_write "control_room" block is generated for both AWS and Azure workloads. The only cloud-specific difference is the account_id metadata label (AWS account ID vs Azure tenant ID, line 526-531).
Requirements
grafana_alloy.py: Guard control_room_url construction — only if control_room_domain is non-emptygrafana_alloy.py: Conditionally include the prometheus.remote_write "control_room" blockgrafana_alloy.py: Conditionally include control_room.receiver in forward_to listworkload.py / __init__.py: Validate that empty control_room_* fields propagate cleanly through WorkloadConfig — no downstream code should assume these are populatedazure_workload.py: Same validation for AzureWorkloadConfig — empty control room fields must propagate cleanly- Tests: Alloy config generation with empty
control_room_domain produces valid config without control room blocks, for both AWSWorkload and AzureWorkload types
Acceptance Criteria
ptd ensure <target> --only-steps helm produces a valid Alloy config that only writes to the workload's local Mimir when control_room_domain is empty, for both AWS and Azure workloads- No references to
mimir.<empty>/api/v1/push or similar invalid URLs in generated config
Parent: #208
Summary
Make the Grafana Alloy Pulumi resource conditionally include the control room
remote_writeblock based on whethercontrol_room_domainis configured. Today it's hardcoded and produces invalid config when the domain is empty.Context
grafana_alloy.pyhas three coupling points to the control room:control_room_urlfromcontrol_room_domain— produces invalidhttps://mimir./api/v1/pushif emptyprometheus.remote_write "control_room"blockforward_toalways includescontrol_room.receiverThe Python
WorkloadConfigin__init__.pyandworkload.pyalready defaultscontrol_room_*fields to empty string, but no downstream code checks for empty before using them.The Alloy config is cloud-agnostic — the same
prometheus.remote_write "control_room"block is generated for both AWS and Azure workloads. The only cloud-specific difference is theaccount_idmetadata label (AWS account ID vs Azure tenant ID, line 526-531).Requirements
grafana_alloy.py: Guardcontrol_room_urlconstruction — only ifcontrol_room_domainis non-emptygrafana_alloy.py: Conditionally include theprometheus.remote_write "control_room"blockgrafana_alloy.py: Conditionally includecontrol_room.receiverinforward_tolistworkload.py/__init__.py: Validate that emptycontrol_room_*fields propagate cleanly throughWorkloadConfig— no downstream code should assume these are populatedazure_workload.py: Same validation forAzureWorkloadConfig— empty control room fields must propagate cleanlycontrol_room_domainproduces valid config without control room blocks, for bothAWSWorkloadandAzureWorkloadtypesAcceptance Criteria
ptd ensure <target> --only-steps helmproduces a valid Alloy config that only writes to the workload's local Mimir whencontrol_room_domainis empty, for both AWS and Azure workloadsmimir.<empty>/api/v1/pushor similar invalid URLs in generated config