Skip to content

Latest commit

 

History

History
155 lines (116 loc) · 3.08 KB

reject.md

File metadata and controls

155 lines (116 loc) · 3.08 KB
Raw
layout parent grand_parent
default
Checks
Documentation

rule/reject

This check allows rejecting label or annotations keys and values using regexp rules.

Configuration

Syntax:

reject "$pattern" {
  comment           = "..."
  severity          = "bug|warning|info"
  label_keys        = true|false
  label_values      = true|false
  annotation_keys   = true|false
  annotation_values = true|false
}
  • $pattern - regexp pattern to reject, this can be templated to reference checked rule fields, see Configuration for details.
  • comment - set a custom comment that will be added to reported problems.
  • severity - set custom severity for reported issues, defaults to a bug.
  • label_keys - if true label keys for recording and alerting rules will be checked.
  • label_values - if true label values for recording and alerting rules will be checked.
  • annotation_keys - if true annotation keys for alerting rules will be checked.
  • annotation_values - if true label values for alerting rules will be checked.

How to enable it

This check is not enabled by default as it requires explicit configuration to work. To enable it add one or more rule {...} blocks and specify all rejected patterns there.

Examples:

Disallow using URLs as label keys or values:

rule {
  match {
    kind = "alerting"
  }

  reject "https?://.+" {
    comment      = "Don't use URIs as alert labels, pass them as annotations instead"
    label_keys   = true
    label_values = true
  }
}

Disallow spaces in label and annotation keys:

rule {
  reject ".* +.*" {
    annotation_keys = true
    label_keys = true
  }
}

Disallow label and annotation values equal to alert name:

{% raw %}

rule {
  match {
    kind = "alerting"
  }

  reject "{{ $alert }}" {
    annotation_values = true
    label_values = true
  }
}

{% endraw %}

How to disable it

You can disable this check globally by adding this config block:

checks {
  disabled = ["rule/reject"]
}

You can also disable it for all rules inside given file by adding a comment anywhere in that file. Example:

# pint file/disable rule/reject

Or you can disable it per rule by adding a comment to it. Example:

# pint disable rule/reject

If you want to disable only individual instances of this check you can add a more specific comment.

If label_keys or annotation_keys is set

# pint disable rule/reject(key=~'$pattern`)

Example:

# pint disable rule/reject(key=~'^https?://.+$')

If label_values or annotation_values is set

# pint disable promql/reject(val=~'$pattern')

Example:

# pint disable rule/reject(val=~'^https?://.+$')

How to snooze it

You can disable this check until given time by adding a comment to it. Example:

# pint snooze $TIMESTAMP rule/reject

Where $TIMESTAMP is either use RFC3339 formatted or YYYY-MM-DD. Adding this comment will disable rule/reject until $TIMESTAMP, after that check will be re-enabled.