From ac5b9e3262f04f51a3b4580243195fb0a9949316 Mon Sep 17 00:00:00 2001
From: Rafael Romero Carmona <rafael.romero.carmona@fr.clara.net>
Date: Fri, 30 Aug 2019 11:16:51 +0100
Subject: [PATCH] MON-499 HTTP monitors now in two modules: webcheck and ssl.
 Critical threshold for SSL and TLS monitors on metric are now 15 days.

---
 README.md                                     |  2 +
 network/http/{ => ssl}/README.md              | 19 +---
 network/http/{ => ssl}/inputs.tf              | 55 +----------
 network/http/{ => ssl}/modules.tf             |  0
 .../{monitors-http.tf => ssl/monitors-ssl.tf} | 36 --------
 network/http/{ => ssl}/outputs.tf             | 11 +--
 network/http/webcheck/README.md               | 49 ++++++++++
 network/http/webcheck/inputs.tf               | 91 +++++++++++++++++++
 network/http/webcheck/modules.tf              |  9 ++
 network/http/webcheck/monitors-webcheck.tf    | 35 +++++++
 network/http/webcheck/outputs.tf              |  5 +
 network/tls/README.md                         |  2 +-
 network/tls/inputs.tf                         |  2 +-
 network/tls/outputs.tf                        | 10 +-
 14 files changed, 207 insertions(+), 119 deletions(-)
 rename network/http/{ => ssl}/README.md (72%)
 rename network/http/{ => ssl}/inputs.tf (73%)
 rename network/http/{ => ssl}/modules.tf (100%)
 rename network/http/{monitors-http.tf => ssl/monitors-ssl.tf} (69%)
 rename network/http/{ => ssl}/outputs.tf (71%)
 create mode 100644 network/http/webcheck/README.md
 create mode 100644 network/http/webcheck/inputs.tf
 create mode 100644 network/http/webcheck/modules.tf
 create mode 100644 network/http/webcheck/monitors-webcheck.tf
 create mode 100644 network/http/webcheck/outputs.tf

diff --git a/README.md b/README.md
index 2c4f1f5..5eba7b8 100644
--- a/README.md
+++ b/README.md
@@ -203,6 +203,8 @@ The `//` is very important, it's a terraform specific syntax used to separate gi
 - [network](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/network/)
 	- [dns](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/network/dns/)
 	- [http](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/network/http/)
+		- [ssl](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/network/http/ssl/)
+		- [webcheck](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/network/http/webcheck/)
 	- [tls](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/network/tls/)
 - [saas](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/saas/)
 	- [new-relic](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/saas/new-relic/)
diff --git a/network/http/README.md b/network/http/ssl/README.md
similarity index 72%
rename from network/http/README.md
rename to network/http/ssl/README.md
index d894492..aaa2377 100644
--- a/network/http/README.md
+++ b/network/http/ssl/README.md
@@ -1,10 +1,10 @@
-# NETWORK HTTP DataDog monitors
+# NETWORK HTTP SSL DataDog monitors
 
 ## How to use this module
 
 ```
-module "datadog-monitors-network-http" {
-  source = "git::ssh://git@git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors.git//network/http?ref={revision}"
+module "datadog-monitors-network-http-ssl" {
+  source = "git::ssh://git@git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors.git//network/http/ssl?ref={revision}"
 
   environment = var.environment
   message     = module.datadog-message-alerting.alerting-message
@@ -16,7 +16,6 @@ module "datadog-monitors-network-http" {
 
 Creates DataDog monitors with the following checks:
 
-- HTTP cannot connect
 - SSL certificate expiration (disabled by default)
 - SSL invalid certificate
 
@@ -24,18 +23,10 @@ Creates DataDog monitors with the following checks:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| cannot\_connect\_enabled | Flag to enable HTTP cannot connect monitor | string | `"true"` | no |
-| cannot\_connect\_extra\_tags | Extra tags for HTTP cannot connect monitor | list(string) | `[]` | no |
-| cannot\_connect\_last | Parameter 'last' for the service check | string | `"6"` | no |
-| cannot\_connect\_message | Custom message for HTTP cannot connect monitor | string | `""` | no |
-| cannot\_connect\_no\_data\_timeframe | HTTP cannot connect monitor no data timeframe | string | `"10"` | no |
-| cannot\_connect\_threshold\_critical | HTTP cannot connect monitor (warning threshold) | string | `"3"` | no |
-| cannot\_connect\_threshold\_ok | HTTP cannot connect monitor (ok threshold) | string | `"3"` | no |
-| cannot\_connect\_threshold\_warning | HTTP cannot connect monitor (warning threshold) | string | `"2"` | no |
 | certificate\_expiration\_date\_enabled | Flag to enable Certificate Expiration Date monitor | string | `"false"` | no |
 | certificate\_expiration\_date\_extra\_tags | Extra tags for Certificate Expiration Date monitor | list(string) | `[]` | no |
 | certificate\_expiration\_date\_message | Custom message for the Certificate Expiration Date monitor | string | `""` | no |
-| certificate\_expiration\_date\_threshold\_critical | Certificate Expiration Date critical threshold | string | `"8"` | no |
+| certificate\_expiration\_date\_threshold\_critical | Certificate Expiration Date critical threshold | string | `"15"` | no |
 | certificate\_expiration\_date\_threshold\_warning | Certificate Expiration Date warning threshold | string | `"30"` | no |
 | certificate\_expiration\_date\_time\_aggregator | Time aggregator for the Certificate Expiration Date monitor | string | `"max"` | no |
 | certificate\_expiration\_date\_timeframe | Timeframe for the Certificate Expiration Date monitor | string | `"last_5m"` | no |
@@ -59,10 +50,8 @@ Creates DataDog monitors with the following checks:
 
 | Name | Description |
 |------|-------------|
-| cannot\_connect\_id | id for monitor cannot_connect |
 | certificate\_expiration\_date\_id | id for monitor certificate_expiration_date |
 | invalid\_ssl\_certificate\_id | id for monitor invalid_ssl_certificate |
 
 ## Related documentation
 
-- [Datadog HTTP integration](https://docs.datadoghq.com/integrations/http_check/)
diff --git a/network/http/inputs.tf b/network/http/ssl/inputs.tf
similarity index 73%
rename from network/http/inputs.tf
rename to network/http/ssl/inputs.tf
index a90387a..5bbbfcf 100644
--- a/network/http/inputs.tf
+++ b/network/http/ssl/inputs.tf
@@ -39,57 +39,6 @@ variable "filter_tags_custom_excluded" {
   default     = ""
 }
 
-#
-# HTTP Cannot Connect
-#
-variable "cannot_connect_enabled" {
-  description = "Flag to enable HTTP cannot connect monitor"
-  type        = string
-  default     = "true"
-}
-
-variable "cannot_connect_message" {
-  description = "Custom message for HTTP cannot connect monitor"
-  type        = string
-  default     = ""
-}
-
-variable "cannot_connect_last" {
-  description = "Parameter 'last' for the service check"
-  type        = string
-  default     = 6
-}
-
-variable "cannot_connect_threshold_warning" {
-  description = "HTTP cannot connect monitor (warning threshold)"
-  type        = string
-  default     = 2
-}
-
-variable "cannot_connect_threshold_critical" {
-  description = "HTTP cannot connect monitor (warning threshold)"
-  type        = string
-  default     = 3
-}
-
-variable "cannot_connect_threshold_ok" {
-  description = "HTTP cannot connect monitor (ok threshold)"
-  type        = string
-  default     = 3
-}
-
-variable "cannot_connect_no_data_timeframe" {
-  description = "HTTP cannot connect monitor no data timeframe"
-  type        = string
-  default     = 10
-}
-
-variable "cannot_connect_extra_tags" {
-  description = "Extra tags for HTTP cannot connect monitor"
-  type        = list(string)
-  default     = []
-}
-
 #
 # SSL invalid certificate
 #
@@ -171,11 +120,11 @@ variable "certificate_expiration_date_threshold_warning" {
 variable "certificate_expiration_date_threshold_critical" {
   description = "Certificate Expiration Date critical threshold"
   type        = string
-  default     = 8
+  default     = 15
 }
 
 variable "certificate_expiration_date_extra_tags" {
   description = "Extra tags for Certificate Expiration Date monitor"
   type        = list(string)
   default     = []
-}
+}
\ No newline at end of file
diff --git a/network/http/modules.tf b/network/http/ssl/modules.tf
similarity index 100%
rename from network/http/modules.tf
rename to network/http/ssl/modules.tf
diff --git a/network/http/monitors-http.tf b/network/http/ssl/monitors-ssl.tf
similarity index 69%
rename from network/http/monitors-http.tf
rename to network/http/ssl/monitors-ssl.tf
index c431332..0a4034d 100644
--- a/network/http/monitors-http.tf
+++ b/network/http/ssl/monitors-ssl.tf
@@ -1,39 +1,3 @@
-#
-# HTTP Cannot Connect
-#
-resource "datadog_monitor" "cannot_connect" {
-  count   = var.cannot_connect_enabled == "true" ? 1 : 0
-  name    = "${var.prefix_slug == "" ? "" : "[${var.prefix_slug}]"}[${var.environment}] HTTP cannot connect"
-  message = coalesce(var.cannot_connect_message, var.message)
-  type    = "service check"
-
-  query = <<EOQ
-    "http.can_connect"${module.filter-tags.service_check}.by("instance","url").last(${var.cannot_connect_last}).count_by_status()
-EOQ
-
-  thresholds = {
-    warning  = var.cannot_connect_threshold_warning
-    critical = var.cannot_connect_threshold_critical
-    ok       = var.cannot_connect_threshold_ok
-  }
-
-  new_host_delay      = var.new_host_delay
-  no_data_timeframe   = var.cannot_connect_no_data_timeframe
-  notify_no_data      = true
-  notify_audit        = false
-  locked              = false
-  timeout_h           = 0
-  include_tags        = true
-  require_full_window = true
-  renotify_interval   = 0
-
-  tags = concat(["env:${var.environment}", "type:network", "provider:http_check", "resource:webcheck", "team:claranet", "created-by:terraform"], var.cannot_connect_extra_tags)
-
-  lifecycle {
-    ignore_changes = ["silenced"]
-  }
-}
-
 #
 # Invalid SSL Certificate
 #
diff --git a/network/http/outputs.tf b/network/http/ssl/outputs.tf
similarity index 71%
rename from network/http/outputs.tf
rename to network/http/ssl/outputs.tf
index f028c03..9cc4b61 100644
--- a/network/http/outputs.tf
+++ b/network/http/ssl/outputs.tf
@@ -1,6 +1,6 @@
-output "cannot_connect_id" {
-  description = "id for monitor cannot_connect"
-  value       = datadog_monitor.cannot_connect.*.id
+output "certificate_expiration_date_id" {
+  description = "id for monitor certificate_expiration_date"
+  value       = datadog_monitor.certificate_expiration_date.*.id
 }
 
 output "invalid_ssl_certificate_id" {
@@ -8,8 +8,3 @@ output "invalid_ssl_certificate_id" {
   value       = datadog_monitor.invalid_ssl_certificate.*.id
 }
 
-output "certificate_expiration_date_id" {
-  description = "id for monitor certificate_expiration_date"
-  value       = datadog_monitor.certificate_expiration_date.*.id
-}
-
diff --git a/network/http/webcheck/README.md b/network/http/webcheck/README.md
new file mode 100644
index 0000000..99e4f8c
--- /dev/null
+++ b/network/http/webcheck/README.md
@@ -0,0 +1,49 @@
+# NETWORK HTTP WEBCHECK DataDog monitors
+
+## How to use this module
+
+```
+module "datadog-monitors-network-http-webcheck" {
+  source = "git::ssh://git@git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors.git//network/http/webcheck?ref={revision}"
+
+  environment = var.environment
+  message     = module.datadog-message-alerting.alerting-message
+}
+
+```
+
+## Purpose
+
+Creates DataDog monitors with the following checks:
+
+- HTTP cannot connect
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| cannot\_connect\_enabled | Flag to enable HTTP cannot connect monitor | string | `"true"` | no |
+| cannot\_connect\_extra\_tags | Extra tags for HTTP cannot connect monitor | list(string) | `[]` | no |
+| cannot\_connect\_last | Parameter 'last' for the service check | string | `"6"` | no |
+| cannot\_connect\_message | Custom message for HTTP cannot connect monitor | string | `""` | no |
+| cannot\_connect\_no\_data\_timeframe | HTTP cannot connect monitor no data timeframe | string | `"10"` | no |
+| cannot\_connect\_threshold\_critical | HTTP cannot connect monitor (warning threshold) | string | `"3"` | no |
+| cannot\_connect\_threshold\_ok | HTTP cannot connect monitor (ok threshold) | string | `"3"` | no |
+| cannot\_connect\_threshold\_warning | HTTP cannot connect monitor (warning threshold) | string | `"2"` | no |
+| environment | Architecture Environment | string | n/a | yes |
+| evaluation\_delay | Delay in seconds for the metric evaluation | string | `"15"` | no |
+| filter\_tags\_custom | Tags used for custom filtering when filter_tags_use_defaults is false | string | `"*"` | no |
+| filter\_tags\_custom\_excluded | Tags excluded for custom filtering when filter_tags_use_defaults is false | string | `""` | no |
+| filter\_tags\_use\_defaults | Use default filter tags convention | string | `"true"` | no |
+| message | Message sent when an alert is triggered | string | n/a | yes |
+| new\_host\_delay | Delay in seconds before monitor new resource | string | `"300"` | no |
+| prefix\_slug | Prefix string to prepend between brackets on every monitors names | string | `""` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| cannot\_connect\_id | id for monitor cannot_connect |
+
+## Related documentation
+
diff --git a/network/http/webcheck/inputs.tf b/network/http/webcheck/inputs.tf
new file mode 100644
index 0000000..bbeb6f0
--- /dev/null
+++ b/network/http/webcheck/inputs.tf
@@ -0,0 +1,91 @@
+# Global Terraform
+variable "environment" {
+  description = "Architecture Environment"
+  type        = string
+}
+
+# Global DataDog
+variable "evaluation_delay" {
+  description = "Delay in seconds for the metric evaluation"
+  default     = 15
+}
+
+variable "new_host_delay" {
+  description = "Delay in seconds before monitor new resource"
+  default     = 300
+}
+
+variable "prefix_slug" {
+  description = "Prefix string to prepend between brackets on every monitors names"
+  default     = ""
+}
+
+variable "message" {
+  description = "Message sent when an alert is triggered"
+}
+
+variable "filter_tags_use_defaults" {
+  description = "Use default filter tags convention"
+  default     = "true"
+}
+
+variable "filter_tags_custom" {
+  description = "Tags used for custom filtering when filter_tags_use_defaults is false"
+  default     = "*"
+}
+
+variable "filter_tags_custom_excluded" {
+  description = "Tags excluded for custom filtering when filter_tags_use_defaults is false"
+  default     = ""
+}
+
+#
+# HTTP Cannot Connect
+#
+variable "cannot_connect_enabled" {
+  description = "Flag to enable HTTP cannot connect monitor"
+  type        = string
+  default     = "true"
+}
+
+variable "cannot_connect_message" {
+  description = "Custom message for HTTP cannot connect monitor"
+  type        = string
+  default     = ""
+}
+
+variable "cannot_connect_last" {
+  description = "Parameter 'last' for the service check"
+  type        = string
+  default     = 6
+}
+
+variable "cannot_connect_threshold_warning" {
+  description = "HTTP cannot connect monitor (warning threshold)"
+  type        = string
+  default     = 2
+}
+
+variable "cannot_connect_threshold_critical" {
+  description = "HTTP cannot connect monitor (warning threshold)"
+  type        = string
+  default     = 3
+}
+
+variable "cannot_connect_threshold_ok" {
+  description = "HTTP cannot connect monitor (ok threshold)"
+  type        = string
+  default     = 3
+}
+
+variable "cannot_connect_no_data_timeframe" {
+  description = "HTTP cannot connect monitor no data timeframe"
+  type        = string
+  default     = 10
+}
+
+variable "cannot_connect_extra_tags" {
+  description = "Extra tags for HTTP cannot connect monitor"
+  type        = list(string)
+  default     = []
+}
\ No newline at end of file
diff --git a/network/http/webcheck/modules.tf b/network/http/webcheck/modules.tf
new file mode 100644
index 0000000..e96052c
--- /dev/null
+++ b/network/http/webcheck/modules.tf
@@ -0,0 +1,9 @@
+module "filter-tags" {
+  source = "../../common/filter-tags"
+
+  environment                 = var.environment
+  resource                    = "http"
+  filter_tags_use_defaults    = var.filter_tags_use_defaults
+  filter_tags_custom          = var.filter_tags_custom
+  filter_tags_custom_excluded = var.filter_tags_custom_excluded
+}
diff --git a/network/http/webcheck/monitors-webcheck.tf b/network/http/webcheck/monitors-webcheck.tf
new file mode 100644
index 0000000..c9f2a4e
--- /dev/null
+++ b/network/http/webcheck/monitors-webcheck.tf
@@ -0,0 +1,35 @@
+#
+# HTTP Cannot Connect
+#
+resource "datadog_monitor" "cannot_connect" {
+  count   = var.cannot_connect_enabled == "true" ? 1 : 0
+  name    = "${var.prefix_slug == "" ? "" : "[${var.prefix_slug}]"}[${var.environment}] HTTP cannot connect"
+  message = coalesce(var.cannot_connect_message, var.message)
+  type    = "service check"
+
+  query = <<EOQ
+    "http.can_connect"${module.filter-tags.service_check}.by("instance","url").last(${var.cannot_connect_last}).count_by_status()
+EOQ
+
+  thresholds = {
+    warning  = var.cannot_connect_threshold_warning
+    critical = var.cannot_connect_threshold_critical
+    ok       = var.cannot_connect_threshold_ok
+  }
+
+  new_host_delay      = var.new_host_delay
+  no_data_timeframe   = var.cannot_connect_no_data_timeframe
+  notify_no_data      = true
+  notify_audit        = false
+  locked              = false
+  timeout_h           = 0
+  include_tags        = true
+  require_full_window = true
+  renotify_interval   = 0
+
+  tags = concat(["env:${var.environment}", "type:network", "provider:http_check", "resource:webcheck", "team:claranet", "created-by:terraform"], var.cannot_connect_extra_tags)
+
+  lifecycle {
+    ignore_changes = ["silenced"]
+  }
+}
diff --git a/network/http/webcheck/outputs.tf b/network/http/webcheck/outputs.tf
new file mode 100644
index 0000000..50ab0f6
--- /dev/null
+++ b/network/http/webcheck/outputs.tf
@@ -0,0 +1,5 @@
+output "cannot_connect_id" {
+  description = "id for monitor cannot_connect"
+  value       = datadog_monitor.cannot_connect.*.id
+}
+
diff --git a/network/tls/README.md b/network/tls/README.md
index 2a7f472..e5b6422 100644
--- a/network/tls/README.md
+++ b/network/tls/README.md
@@ -36,7 +36,7 @@ Creates DataDog monitors with the following checks:
 | certificate\_expiration\_date\_enabled | Flag to enable Certificate Expiration Date monitor | string | `"false"` | no |
 | certificate\_expiration\_date\_extra\_tags | Extra tags for Certificate Expiration Date monitor | list(string) | `[]` | no |
 | certificate\_expiration\_date\_message | Custom message for the Certificate Expiration Date monitor | string | `""` | no |
-| certificate\_expiration\_date\_threshold\_critical | Container Memory Usage critical threshold | string | `"8"` | no |
+| certificate\_expiration\_date\_threshold\_critical | Container Memory Usage critical threshold | string | `"15"` | no |
 | certificate\_expiration\_date\_threshold\_warning | Container Memory Usage warning threshold | string | `"30"` | no |
 | certificate\_expiration\_date\_time\_aggregator | Time aggregator for the Certificate Expiration Date monitor | string | `"max"` | no |
 | certificate\_expiration\_date\_timeframe | Timeframe for the Certificate Expiration Date monitor | string | `"last_5m"` | no |
diff --git a/network/tls/inputs.tf b/network/tls/inputs.tf
index c2ba5e5..31a051a 100644
--- a/network/tls/inputs.tf
+++ b/network/tls/inputs.tf
@@ -216,7 +216,7 @@ variable "certificate_expiration_date_threshold_warning" {
 variable "certificate_expiration_date_threshold_critical" {
   description = "Container Memory Usage critical threshold"
   type        = string
-  default     = 8
+  default     = 15
 }
 
 variable "certificate_expiration_date_extra_tags" {
diff --git a/network/tls/outputs.tf b/network/tls/outputs.tf
index e40331d..f491451 100644
--- a/network/tls/outputs.tf
+++ b/network/tls/outputs.tf
@@ -3,6 +3,11 @@ output "cannot_connect_id" {
   value       = datadog_monitor.cannot_connect.*.id
 }
 
+output "certificate_expiration_date_id" {
+  description = "id for monitor certificate_expiration_date"
+  value       = datadog_monitor.certificate_expiration_date.*.id
+}
+
 output "invalid_tls_certificate_id" {
   description = "id for monitor invalid_tls_certificate"
   value       = datadog_monitor.invalid_tls_certificate.*.id
@@ -13,8 +18,3 @@ output "tls_certificate_expiration_id" {
   value       = datadog_monitor.tls_certificate_expiration.*.id
 }
 
-output "certificate_expiration_date_id" {
-  description = "id for monitor certificate_expiration_date"
-  value       = datadog_monitor.certificate_expiration_date.*.id
-}
-