From 229a0c830406ee3de8c5f11843aefd44b6e73396 Mon Sep 17 00:00:00 2001
From: ssube <seansube@gmail.com>
Date: Sun, 30 Jun 2019 20:31:02 -0500
Subject: [PATCH] feat(rules/grafana): add rule to ensure single env, add
 staging alert rule

---
 rules/grafana.yml | 69 ++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 66 insertions(+), 3 deletions(-)

diff --git a/rules/grafana.yml b/rules/grafana.yml
index 20a7e1c..d9fd3d0 100644
--- a/rules/grafana.yml
+++ b/rules/grafana.yml
@@ -1,6 +1,26 @@
 name: grafana
 rules:
-  - name: production dashboards should have production alerts
+  - name: single-env
+    desc: dashboards must have a single environment tag
+    level: info
+    tags:
+      - grafana
+      - dashboard
+      - env
+
+    select: '$.dashboard'
+    check:
+      type: object
+      properties:
+        tags:
+          type: array
+          oneOf:
+            - contains:
+                const: production
+            - contains:
+                const: staging
+
+  - name: production-alerts
     desc: dashboards with the production tag must use notification channels with production in the name
     level: info
     tags:
@@ -19,7 +39,7 @@ rules:
           items:
             type: string
           contains:
-            pattern: production
+            const: production
 
     check:
       type: object
@@ -40,4 +60,47 @@ rules:
                       properties:
                         uid:
                           type: string
-                          pattern: production
\ No newline at end of file
+                          pattern: production
+
+  - name: staging-alerts
+    desc: dashboards with the staging tag must not use notification channels with production in the name
+    level: info
+    tags:
+      - grafana
+      - dashboard
+
+    # this is not the ideal selector for this rule, but tags are located at $.dashboard.tags, while notification
+    # channels are nested under $.dashboard.panels[*].alert.notifications[*].uid
+    select: '$.dashboard'
+
+    filter:
+      type: object
+      properties:
+        tags:
+          type: array
+          items:
+            type: string
+          contains:
+            const: staging
+
+    check:
+      type: object
+      properties:
+        panels:
+          type: array
+          items:
+            type: object
+            properties:
+              alert:
+                type: object
+                properties:
+                  notifications:
+                    type: array
+                    items:
+                      type: object
+                      required: [uid]
+                      properties:
+                        uid:
+                          type: string
+                          not:
+                            pattern: production
\ No newline at end of file