Add Prometheus rules unit tests (#3868)

This PR add unit tests for existing alerts.

Signed-off-by: Shirly Radco <[email protected]>

Author: sradco

Makefile

@@ -106,7 +106,7 @@ build-functest: ## Build the functional tests (content of tests/ subdirectory)
 test: test-unit test-functional test-lint ## execute all tests (_NOTE:_ 'WHAT' is expected to match the go cli pattern for paths e.g. './pkg/...'.  This differs slightly from rest of the 'make' targets)
 
 test-unit: WHAT = ./pkg/... ./cmd/...
-test-unit: ## Run unit tests.
+test-unit: prom-rules-verify ## Run unit tests.
 	${DO} "ACK_GINKGO_DEPRECATIONS=${ACK_GINKGO_DEPRECATIONS} ./hack/build/run-unit-tests.sh ${WHAT}"
 
 test-functional: WHAT = ./tests/...
@@ -137,6 +137,20 @@ builder-push: ## Build and push the builder container image, declared in docker/
 openshift-ci-image-push: ## Build and push the OpenShift CI build+test container image, declared in hack/ci/Dockerfile.ci
 	./hack/build/osci-image-builder.sh
 
+rule-spec-dumper-executable := "rule-spec-dumper"
+
+build-prom-spec-dumper:
+	${DO} "go build -o ./hack/${rule-spec-dumper-executable} ./hack/prom-rule-ci/rule-spec-dumper.go"
+
+clean-prom-spec-dumper:
+	rm -f ./hack/${rule-spec-dumper-executable}
+
+prom-rules-verify: build-prom-spec-dumper
+	./hack/prom-rule-ci/verify-rules.sh \
+		"./hack/${rule-spec-dumper-executable}" \
+		"./hack/prom-rule-ci/prom-rules-tests.yaml"
+	rm ./hack/${rule-spec-dumper-executable}
+
 ##@ Local cluster management
 cluster-up: ## Start a default Kubernetes or Open Shift cluster. set KUBEVIRT_PROVIDER environment variable to either 'k8s-1.18' or 'os-3.11.0' to select the type of cluster. set KUBEVIRT_NUM_NODES to something higher than 1 to have more than one node.
 	./cluster-up/up.sh

hack/prom-rule-ci/BUILD.bazel

@@ -0,0 +1,15 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["rule-spec-dumper.go"],
+    importpath = "kubevirt.io/kubevirt/hack/prom-rule-ci",
+    visibility = ["//visibility:private"],
+    deps = ["//pkg/monitoring/rules:go_default_library"],
+)
+
+go_binary(
+    name = "prom-rule-ci",
+    embed = [":go_default_library"],
+    visibility = ["//visibility:public"],
+)

hack/prom-rule-ci/prom-rules-tests.yaml

@@ -0,0 +1,184 @@
+---
+rule_files:
+  - /tmp/rules.verify
+
+group_eval_order:
+  - recordingRules.rules
+  - alerts.rules
+#information about this format can be found in: https://prometheus.io/docs/prometheus/latest/configuration/unit_testing_rules/
+tests:
+  # CDINotReady should fire when kubevirt_cdi_cr_ready == 0 for 5m
+  - interval: 1m
+    input_series:
+      - series: 'kubevirt_cdi_cr_ready'
+        values: "0 0 0 0 0 0 0 1 1"
+    alert_rule_test:
+      # must not trigger before the 5m for-window
+      - eval_time: 4m
+        alertname: CDINotReady
+        exp_alerts: []
+      # must trigger after the for-window elapses with continuous zeros
+      - eval_time: 6m
+        alertname: CDINotReady
+        exp_alerts:
+          - exp_labels:
+              severity: warning
+              operator_health_impact: critical
+              kubernetes_operator_part_of: kubevirt
+              kubernetes_operator_component: containerized-data-importer
+            exp_annotations:
+              summary: CDI is not available to use
+              runbook_url: https://kubevirt.io/monitoring/runbooks/CDINotReady
+      # must not trigger when healthy (value 1)
+      - eval_time: 8m
+        alertname: CDINotReady
+        exp_alerts: []
+
+
+
+  # CDIDataImportCronOutdated should fire when any cron is outdated (pending="false") for 15 minutes
+  - interval: 1m
+    input_series:
+      - series: 'kubevirt_cdi_dataimportcron_outdated{pending="false", ns="user-ns", cron_name="cron-a"}'
+        values:  "1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1"
+    alert_rule_test:
+      # Must not trigger before the 15m for-window elapses
+      - eval_time: 14m
+        alertname: CDIDataImportCronOutdated
+        exp_alerts: []
+      # Must trigger after the for-window elapses
+      - eval_time: 16m
+        alertname: CDIDataImportCronOutdated
+        exp_alerts:
+          - exp_labels:
+              severity: info
+              operator_health_impact: warning
+              kubernetes_operator_part_of: kubevirt
+              kubernetes_operator_component: containerized-data-importer
+              ns: user-ns
+              cron_name: cron-a
+            exp_annotations:
+              summary: DataImportCron (recurring polling of VM templates disk image sources, also known as golden images) PVCs are not being updated on the defined schedule
+              runbook_url: https://kubevirt.io/monitoring/runbooks/CDIDataImportCronOutdated
+
+  # CDIDataImportCronOutdated must NOT fire for pending="true"
+  - interval: 1m
+    input_series:
+      - series: 'kubevirt_cdi_dataimportcron_outdated{pending="true", ns="user-ns", cron_name="cron-b"}'
+        values:  "1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1"
+    alert_rule_test:
+      - eval_time: 20m
+        alertname: CDIDataImportCronOutdated
+        exp_alerts: []
+
+  # CDIOperatorDown should fire when kubevirt_cdi_operator_up == 0 for 5m
+  - interval: 1m
+    input_series:
+      - series: 'kubevirt_cdi_operator_up'
+        values: "0 0 0 0 0 0 0"
+    alert_rule_test:
+      - eval_time: 6m
+        alertname: CDIOperatorDown
+        exp_alerts:
+          - exp_labels:
+              severity: warning
+              operator_health_impact: critical
+              kubernetes_operator_part_of: kubevirt
+              kubernetes_operator_component: containerized-data-importer
+            exp_annotations:
+              summary: CDI operator is down
+              runbook_url: https://kubevirt.io/monitoring/runbooks/CDIOperatorDown
+
+  # CDIDataVolumeUnusualRestartCount should fire when any population restart metric > 0 for 5m
+  - interval: 1m
+    input_series:
+      - series: 'kube_pod_container_status_restarts_total{pod="importer-1",container="importer"}'
+        values: "4 4 4 4 4 4"
+    alert_rule_test:
+      - eval_time: 6m
+        alertname: CDIDataVolumeUnusualRestartCount
+        exp_alerts:
+          - exp_labels:
+              severity: warning
+              operator_health_impact: none
+              kubernetes_operator_part_of: kubevirt
+              kubernetes_operator_component: containerized-data-importer
+            exp_annotations:
+              summary: Some CDI population workloads have an unusual restart count, meaning they are probably failing and need to be investigated
+              runbook_url: https://kubevirt.io/monitoring/runbooks/CDIDataVolumeUnusualRestartCount
+
+  # CDIStorageProfilesIncomplete should fire when any storageprofile is incomplete for 5m
+  - interval: 1m
+    input_series:
+      - series: 'kubevirt_cdi_storageprofile_info{complete="false",storageclass="sc1",provisioner="prov"}'
+        values: "1 1 1 1 1 1"
+    alert_rule_test:
+      - eval_time: 6m
+        alertname: CDIStorageProfilesIncomplete
+        exp_alerts:
+          - exp_labels:
+              severity: info
+              operator_health_impact: none
+              kubernetes_operator_part_of: kubevirt
+              kubernetes_operator_component: containerized-data-importer
+              storageclass: sc1
+              provisioner: prov
+            exp_annotations:
+              summary: Incomplete StorageProfile sc1, accessMode/volumeMode cannot be inferred by CDI for PVC population request
+              runbook_url: https://kubevirt.io/monitoring/runbooks/CDIStorageProfilesIncomplete
+
+  # CDINoDefaultStorageClass should fire when there is no default or virtdefault and a DV pending for one (simulated with no series)
+  - interval: 1m
+    input_series:
+      - series: 'kubevirt_cdi_datavolume_pending'
+        values: "1 1 1 1 1 1"
+    alert_rule_test:
+      - eval_time: 6m
+        alertname: CDINoDefaultStorageClass
+        exp_alerts:
+          - exp_labels:
+              severity: warning
+              operator_health_impact: none
+              kubernetes_operator_part_of: kubevirt
+              kubernetes_operator_component: containerized-data-importer
+            exp_annotations:
+              summary: No default StorageClass or virtualization StorageClass, and a DataVolume is pending for one
+              runbook_url: https://kubevirt.io/monitoring/runbooks/CDINoDefaultStorageClass
+
+  # CDIMultipleDefaultVirtStorageClasses should fire when more than one virtdefault=true exists for 5m
+  - interval: 1m
+    input_series:
+      - series: 'kubevirt_cdi_storageprofile_info{virtdefault="true",storageclass="sc-a"}'
+        values: "1 1 1 1 1 1"
+      - series: 'kubevirt_cdi_storageprofile_info{virtdefault="true",storageclass="sc-b"}'
+        values: "1 1 1 1 1 1"
+    alert_rule_test:
+      - eval_time: 6m
+        alertname: CDIMultipleDefaultVirtStorageClasses
+        exp_alerts:
+          - exp_labels:
+              severity: warning
+              operator_health_impact: none
+              kubernetes_operator_part_of: kubevirt
+              kubernetes_operator_component: containerized-data-importer
+            exp_annotations:
+              summary: More than one default virtualization StorageClass detected
+              runbook_url: https://kubevirt.io/monitoring/runbooks/CDIMultipleDefaultVirtStorageClasses
+
+  # CDIDefaultStorageClassDegraded should fire when default/virtdefault degraded or missing (simulated with no series)
+  - interval: 1m
+    input_series:
+      - series: 'kubevirt_cdi_storageprofile_info{default="true"}'
+        values: "1 1 1 1 1 1"
+    alert_rule_test:
+      - eval_time: 6m
+        alertname: CDIDefaultStorageClassDegraded
+        exp_alerts:
+          - exp_labels:
+              severity: warning
+              operator_health_impact: none
+              kubernetes_operator_part_of: kubevirt
+              kubernetes_operator_component: containerized-data-importer
+            exp_annotations:
+              summary: Default storage class has no smart clone or ReadWriteMany
+              runbook_url: https://kubevirt.io/monitoring/runbooks/CDIDefaultStorageClassDegraded

hack/prom-rule-ci/rule-spec-dumper.go

@@ -0,0 +1,50 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+
+	rules "kubevirt.io/containerized-data-importer/pkg/monitoring/rules"
+)
+
+func verifyArgs(args []string) error {
+	numOfArgs := len(os.Args[1:])
+	if numOfArgs != 1 {
+		return fmt.Errorf("expected exactly 1 argument, got: %d", numOfArgs)
+	}
+	return nil
+}
+
+func main() {
+	if err := verifyArgs(os.Args); err != nil {
+		fmt.Printf("ERROR: %v\n", err)
+		os.Exit(1)
+	}
+
+	targetFile := os.Args[1]
+
+	if err := rules.SetupRules("ci"); err != nil {
+		panic(err)
+	}
+
+	promRule, err := rules.BuildPrometheusRule("ci")
+	if err != nil {
+		panic(err)
+	}
+	b, err := json.Marshal(promRule.Spec)
+	if err != nil {
+		panic(err)
+	}
+
+	err = os.WriteFile(targetFile, b, 0600)
+	if err != nil {
+		panic(err)
+	}
+
+	// Make the file world-readable so the promtool container (running as a different UID)
+	// can read it when mounted read-only.
+	if err := os.Chmod(targetFile, 0644); err != nil {
+		panic(err)
+	}
+}

hack/prom-rule-ci/verify-rules.sh

@@ -0,0 +1,72 @@
+#!/bin/bash -e
+#
+# This file is part of the KubeVirt project
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Copyright 2020 Red Hat, Inc.
+#
+
+KUBEVIRT_CRI=${KUBEVIRT_CRI:-$(command -v podman || command -v docker)}
+if [ -z "$KUBEVIRT_CRI" ]; then
+    echo "ERROR: neither podman nor docker found in PATH" >&2
+    exit 1
+fi
+
+readonly PROM_IMAGE="quay.io/prometheus/prometheus:v2.44.0"
+
+function cleanup() {
+    local cleanup_files=("${@:?}")
+
+    for file in "${cleanup_files[@]}"; do
+        rm -f "$file"
+    done
+}
+
+function lint() {
+    local target_file="${1:?}"
+
+    ${KUBEVIRT_CRI} run --rm --entrypoint=/bin/promtool \
+        -v "$target_file":/tmp/rules.verify:ro,Z "$PROM_IMAGE" \
+        check rules /tmp/rules.verify
+}
+
+function unit_test() {
+    local target_file="${1:?}"
+    local tests_file="${2:?}"
+
+    ${KUBEVIRT_CRI} run --rm --entrypoint=/bin/promtool \
+        -v "$tests_file":/tmp/rules.test:ro,Z \
+        -v "$target_file":/tmp/rules.verify:ro,Z \
+        "$PROM_IMAGE" \
+        test rules /tmp/rules.test
+}
+
+function main() {
+    local prom_spec_dumper="${1:?}"
+    local tests_file="${2:?}"
+    local target_file
+
+    target_file="$(mktemp --tmpdir -u tmp.prom_rules.XXXXX)"
+    trap "cleanup $target_file" RETURN EXIT INT
+
+    "$prom_spec_dumper" "$target_file"
+
+    echo "INFO: Rules file content:"
+    cat "$target_file"
+    echo
+
+    lint "$target_file"
+    unit_test "$target_file" "$tests_file"
+}
+
+main "$@"