From a8ab2368d9b7d7f3cdaacbd34c52456e3d01a15d Mon Sep 17 00:00:00 2001
From: Alexandre Gaillet <alexandre.gaillet@fr.clara.net>
Date: Fri, 6 Jul 2018 14:37:40 +0200
Subject: [PATCH] MON-237 - KeyVault monitors added

---
 cloud/azure/README.md                     |  9 +++
 cloud/azure/inputs.tf                     | 50 +++++++++++++++
 cloud/azure/keyvault/README.md            | 49 +++++++++++++++
 cloud/azure/keyvault/inputs.tf            | 74 +++++++++++++++++++++++
 cloud/azure/keyvault/monitors-keyvault.tf | 67 ++++++++++++++++++++
 cloud/azure/monitors.tf                   | 22 +++++++
 6 files changed, 271 insertions(+)
 create mode 100644 cloud/azure/keyvault/README.md
 create mode 100644 cloud/azure/keyvault/inputs.tf
 create mode 100644 cloud/azure/keyvault/monitors-keyvault.tf

diff --git a/cloud/azure/README.md b/cloud/azure/README.md
index bbdafc7..65aa7a4 100644
--- a/cloud/azure/README.md
+++ b/cloud/azure/README.md
@@ -186,6 +186,15 @@ Inputs
 | iothub_total_devices_silenced | Groups to mute for IoT Hub total devices monitor | map | `<map>` | no |
 | iothub_total_devices_time_aggregator | Monitor aggregator for IoT Hub total devices [available values: min, max or avg] | string | `min` | no |
 | iothub_total_devices_timeframe | Monitor timeframe for IoT Hub total devices [available values: `last_#m` (1, 5, 10, 15, or 30), `last_#h` (1, 2, or 4), or `last_1d`] | string | `last_5m` | no |
+| keyvault_api_result_message | Custom message for Key Vault API result monitor | string | `` | no |
+| keyvault_api_result_silenced | Groups to mute for Key Vault API result monitor | map | `<map>` | no |
+| keyvault_api_result_threshold_critical | Critical threshold for Key Vault API result rate | string | `10` | no |
+| keyvault_api_result_threshold_warning | Warning threshold for Key Vault API result rate | string | `30` | no |
+| keyvault_api_result_timeframe | Monitor timeframe for Key Vault API result [available values: `last_#m` (1, 5, 10, 15, or 30), `last_#h` (1, 2, or 4), or `last_1d`] | string | `last_30m` | no |
+| keyvault_status_message | Custom message for Key Vault status monitor | string | `` | no |
+| keyvault_status_silenced | Groups to mute for Key Vault status monitor | map | `<map>` | no |
+| keyvault_status_time_aggregator | Monitor aggregator for Key Vault status [available values: min, max or avg] | string | `max` | no |
+| keyvault_status_timeframe | Monitor timeframe for Key Vault status [available values: `last_#m` (1, 5, 10, 15, or 30), `last_#h` (1, 2, or 4), or `last_1d`] | string | `last_15m` | no |
 | message | Message sent when a monitor is triggered | string | - | yes |
 | non_taggable_filter_tags | Tags used for filtering for components without tag support | string | `*` | no |
 | redis_evictedkeys_limit_message | Custom message for Redis evicted keys monitor | string | `` | no |
diff --git a/cloud/azure/inputs.tf b/cloud/azure/inputs.tf
index fc6a5eb..c0381bb 100644
--- a/cloud/azure/inputs.tf
+++ b/cloud/azure/inputs.tf
@@ -1705,3 +1705,53 @@ variable "datalakestore_status_timeframe" {
   description = "Monitor timeframe for Datalake Store status [available values: `last_#m` (1, 5, 10, 15, or 30), `last_#h` (1, 2, or 4), or `last_1d`]"
   default     = "last_15m"
 }
+
+variable "keyvault_status_silenced" {
+  description = "Groups to mute for Key Vault status monitor"
+  type        = "map"
+  default     = {}
+}
+
+variable "keyvault_status_message" {
+  description = "Custom message for Key Vault status monitor"
+  type        = "string"
+  default     = ""
+}
+
+variable "keyvault_status_time_aggregator" {
+  description = "Monitor aggregator for Key Vault status [available values: min, max or avg]"
+  type        = "string"
+  default     = "max"
+}
+
+variable "keyvault_status_timeframe" {
+  description = "Monitor timeframe for Key Vault status [available values: `last_#m` (1, 5, 10, 15, or 30), `last_#h` (1, 2, or 4), or `last_1d`]"
+  default     = "last_15m"
+}
+
+variable "keyvault_api_result_silenced" {
+  description = "Groups to mute for Key Vault API result monitor"
+  type        = "map"
+  default     = {}
+}
+
+variable "keyvault_api_result_message" {
+  description = "Custom message for Key Vault API result monitor"
+  type        = "string"
+  default     = ""
+}
+
+variable "keyvault_api_result_timeframe" {
+  description = "Monitor timeframe for Key Vault API result [available values: `last_#m` (1, 5, 10, 15, or 30), `last_#h` (1, 2, or 4), or `last_1d`]"
+  default     = "last_30m"
+}
+
+variable "keyvault_api_result_threshold_critical" {
+  description = "Critical threshold for Key Vault API result rate"
+  default     = 10
+}
+
+variable "keyvault_api_result_threshold_warning" {
+  description = "Warning threshold for Key Vault API result rate"
+  default     = 30
+}
diff --git a/cloud/azure/keyvault/README.md b/cloud/azure/keyvault/README.md
new file mode 100644
index 0000000..20d1a6a
--- /dev/null
+++ b/cloud/azure/keyvault/README.md
@@ -0,0 +1,49 @@
+Key Vault Datadog monitor
+=========================
+
+How to use this module
+----------------------
+
+```
+module "datadog-monitors-azure-keyvault" {
+  source = "git::ssh://git@bitbucket.org/morea/terraform.feature.datadog.git//cloud/azure/keyvault?ref={revision}"
+
+  message = "${module.datadog-message-alerting.alerting-message}"
+  environment = "${var.environment}"
+}
+```
+
+Purpose
+-------
+Creates a Datadog monitor with the following checks :
+
+* Service status check
+* API result rate
+
+Inputs
+------
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| api_result_message | Custom message for Key Vault API result monitor | string | `` | no |
+| api_result_silenced | Groups to mute for Key Vault API result monitor | map | `<map>` | no |
+| api_result_threshold_critical | Critical threshold for Key Vault API result rate | string | `10` | no |
+| api_result_threshold_warning | Warning threshold for Key Vault API result rate | string | `30` | no |
+| api_result_timeframe | Monitor timeframe for Key Vault API result [available values: `last_#m` (1, 5, 10, 15, or 30), `last_#h` (1, 2, or 4), or `last_1d`] | string | `last_30m` | no |
+| delay | Delay in seconds for the metric evaluation | string | `900` | no |
+| environment | Architecture environment | string | - | yes |
+| filter_tags_custom | Tags used for custom filtering when filter_tags_use_defaults is false | string | `*` | no |
+| filter_tags_use_defaults | Use default filter tags convention | string | `true` | no |
+| message | Message sent when a monitor is triggered | string | - | yes |
+| status_message | Custom message for Key Vault status monitor | string | `` | no |
+| status_silenced | Groups to mute for Key Vault status monitor | map | `<map>` | no |
+| status_time_aggregator | Monitor aggregator for Key Vault status [available values: min, max or avg] | string | `max` | no |
+| status_timeframe | Monitor timeframe for Key Vault status [available values: `last_#m` (1, 5, 10, 15, or 30), `last_#h` (1, 2, or 4), or `last_1d`] | string | `last_15m` | no |
+
+Related documentation
+---------------------
+
+DataDog documentation : [https://docs.datadoghq.com/integrations/azure/](https://docs.datadoghq.com/integrations/azure/)  
+You must search `keyvault`, there is no integration for now.
+
+Azure metrics documentation : [https://docs.microsoft.com/fr-fr/azure/monitoring-and-diagnostics/monitoring-supported-metrics#microsoftkeyvaultvaults](https://docs.microsoft.com/fr-fr/azure/monitoring-and-diagnostics/monitoring-supported-metrics#microsoftkeyvaultvaults)
diff --git a/cloud/azure/keyvault/inputs.tf b/cloud/azure/keyvault/inputs.tf
new file mode 100644
index 0000000..6fac667
--- /dev/null
+++ b/cloud/azure/keyvault/inputs.tf
@@ -0,0 +1,74 @@
+variable "environment" {
+  description = "Architecture environment"
+  type        = "string"
+}
+
+variable "filter_tags_use_defaults" {
+  description = "Use default filter tags convention"
+  default     = "true"
+}
+
+variable "filter_tags_custom" {
+  description = "Tags used for custom filtering when filter_tags_use_defaults is false"
+  default     = "*"
+}
+
+variable "message" {
+  description = "Message sent when a monitor is triggered"
+}
+
+variable "delay" {
+  description = "Delay in seconds for the metric evaluation"
+  default     = 900
+}
+
+# Azure Key Vault specific variables
+variable "status_silenced" {
+  description = "Groups to mute for Key Vault status monitor"
+  type        = "map"
+  default     = {}
+}
+
+variable "status_message" {
+  description = "Custom message for Key Vault status monitor"
+  type        = "string"
+  default     = ""
+}
+
+variable "status_time_aggregator" {
+  description = "Monitor aggregator for Key Vault status [available values: min, max or avg]"
+  type        = "string"
+  default     = "max"
+}
+
+variable "status_timeframe" {
+  description = "Monitor timeframe for Key Vault status [available values: `last_#m` (1, 5, 10, 15, or 30), `last_#h` (1, 2, or 4), or `last_1d`]"
+  default     = "last_15m"
+}
+
+variable "api_result_silenced" {
+  description = "Groups to mute for Key Vault API result monitor"
+  type        = "map"
+  default     = {}
+}
+
+variable "api_result_message" {
+  description = "Custom message for Key Vault API result monitor"
+  type        = "string"
+  default     = ""
+}
+
+variable "api_result_timeframe" {
+  description = "Monitor timeframe for Key Vault API result [available values: `last_#m` (1, 5, 10, 15, or 30), `last_#h` (1, 2, or 4), or `last_1d`]"
+  default     = "last_30m"
+}
+
+variable "api_result_threshold_critical" {
+  description = "Critical threshold for Key Vault API result rate"
+  default     = 10
+}
+
+variable "api_result_threshold_warning" {
+  description = "Warning threshold for Key Vault API result rate"
+  default     = 30
+}
diff --git a/cloud/azure/keyvault/monitors-keyvault.tf b/cloud/azure/keyvault/monitors-keyvault.tf
new file mode 100644
index 0000000..f35c67d
--- /dev/null
+++ b/cloud/azure/keyvault/monitors-keyvault.tf
@@ -0,0 +1,67 @@
+data "template_file" "filter" {
+  template = "$${filter}"
+
+  vars {
+    filter = "${var.filter_tags_use_defaults == "true" ? format("dd_monitoring:enabled,dd_azure_servicebus:enabled,env:%s", var.environment) : "${var.filter_tags_custom}"}"
+  }
+}
+
+resource "datadog_monitor" "keyvault_status" {
+  name    = "[${var.environment}] Key Vault is down"
+  message = "${coalesce(var.status_message, var.message)}"
+
+  query = <<EOF
+      ${var.status_time_aggregator}(${var.status_timeframe}): (
+        avg:azure.keyvault_vaults.status{${data.template_file.filter.rendered}} by {resource_group,region,name}
+      ) != 1
+EOF
+
+  type = "metric alert"
+
+  silenced = "${var.status_silenced}"
+
+  notify_no_data      = true
+  evaluation_delay    = "${var.delay}"
+  renotify_interval   = 0
+  notify_audit        = false
+  timeout_h           = 0
+  include_tags        = true
+  locked              = false
+  require_full_window = false
+  new_host_delay      = "${var.delay}"
+
+  tags = ["env:${var.environment}", "resource:keyvault", "team:azure", "provider:azure"]
+}
+
+resource "datadog_monitor" "keyvault_api_result" {
+  name    = "[${var.environment}] Key Vault API result rate is low {{#is_alert}}{{{comparator}}} {{threshold}}% ({{value}}%){{/is_alert}}{{#is_warning}}{{{comparator}}} {{warn_threshold}}% ({{value}}%){{/is_warning}}"
+  message = "${coalesce(var.status_message, var.message)}"
+
+  query = <<EOF
+      sum(${var.api_result_timeframe}): (
+        avg:azure.keyvault_vaults.service_api_result{${data.template_file.filter.rendered}} by {name,resource_group,region}.as_count() /
+        avg:azure.keyvault_vaults.service_api_hit{${data.template_file.filter.rendered}} by {name,resource_group,region}.as_count()
+      ) * 100 < ${var.api_result_threshold_critical}
+  EOF
+
+  thresholds {
+    critical = "${var.api_result_threshold_critical}"
+    warning  = "${var.api_result_threshold_warning}"
+  }
+
+  type = "metric alert"
+
+  silenced = "${var.api_result_silenced}"
+
+  notify_no_data      = true
+  evaluation_delay    = "${var.delay}"
+  renotify_interval   = 0
+  notify_audit        = false
+  timeout_h           = 0
+  include_tags        = true
+  locked              = false
+  require_full_window = false
+  new_host_delay      = "${var.delay}"
+
+  tags = ["env:${var.environment}", "resource:keyvault", "team:azure", "provider:azure"]
+}
diff --git a/cloud/azure/monitors.tf b/cloud/azure/monitors.tf
index 66fc81c..025f649 100644
--- a/cloud/azure/monitors.tf
+++ b/cloud/azure/monitors.tf
@@ -429,3 +429,25 @@ module "datalakestore" {
   status_timeframe       = "${var.datalakestore_status_timeframe}"
   status_time_aggregator = "${var.datalakestore_status_time_aggregator}"
 }
+
+module "keyvault" {
+  source = "./keyvault"
+
+  environment = "${var.environment}"
+  message     = "${var.message}"
+  delay       = "${var.delay}"
+
+  filter_tags_use_defaults = "${var.filter_tags_use_defaults}"
+  filter_tags_custom       = "${var.filter_tags_custom}"
+
+  status_silenced        = "${var.keyvault_status_silenced}"
+  status_message         = "${var.keyvault_status_message}"
+  status_timeframe       = "${var.keyvault_status_timeframe}"
+  status_time_aggregator = "${var.keyvault_status_time_aggregator}"
+
+  api_result_silenced           = "${var.keyvault_api_result_silenced}"
+  api_result_message            = "${var.keyvault_api_result_message}"
+  api_result_timeframe          = "${var.keyvault_api_result_timeframe}"
+  api_result_threshold_critical = "${var.keyvault_api_result_threshold_critical}"
+  api_result_threshold_warning  = "${var.keyvault_api_result_threshold_warning}"
+}