GH-114: Add uptime check monitoring

acteng · Jun 24, 2024 · 4dc2f15 · 4dc2f15
1 parent 5cd205e
commit 4dc2f15
Show file tree

Hide file tree

Showing 3 changed files with 87 additions and 1 deletion.
diff --git a/cloud/schemes/cloud-run/main.tf b/cloud/schemes/cloud-run/main.tf
@@ -289,3 +289,77 @@ resource "google_secret_manager_secret_iam_member" "cloud_run_schemes_govuk_clie
   role      = "roles/secretmanager.secretAccessor"
   secret_id = data.google_secret_manager_secret.govuk_client_secret.id
 }
+
+# monitoring
+
+data "google_secret_manager_secret_version" "basic_auth_username" {
+  count = var.basic_auth ? 1 : 0
+
+  secret = data.google_secret_manager_secret.basic_auth_username[0].id
+}
+
+data "google_secret_manager_secret_version" "basic_auth_password" {
+  count = var.basic_auth ? 1 : 0
+
+  secret = data.google_secret_manager_secret.basic_auth_password[0].id
+}
+
+resource "google_monitoring_uptime_check_config" "schemes" {
+  display_name = "Schemes uptime check"
+  timeout      = "60s"
+  period       = "300s"
+
+  http_check {
+    use_ssl = true
+
+    dynamic "auth_info" {
+      for_each = var.basic_auth ? [1] : []
+      content {
+        username = data.google_secret_manager_secret_version.basic_auth_username[0].secret_data
+        password = data.google_secret_manager_secret_version.basic_auth_password[0].secret_data
+      }
+    }
+  }
+
+  monitored_resource {
+    type = "uptime_url"
+    labels = {
+      project_id = var.project
+      host       = var.domain
+    }
+  }
+}
+
+resource "google_monitoring_notification_channel" "schemes" {
+  display_name = "Schemes support email"
+  type         = "email"
+  labels = {
+    email_address = "update-your-capital-schemes@activetravelengland.gov.uk"
+  }
+}
+
+resource "google_monitoring_alert_policy" "schemes_uptime" {
+  display_name = "Schemes uptime alert"
+  combiner     = "OR"
+
+  conditions {
+    display_name = "Uptime check failed"
+
+    condition_threshold {
+      filter = join("", [
+        "metric.type=\"monitoring.googleapis.com/uptime_check/check_passed\" ",
+        "AND metric.label.check_id=\"${google_monitoring_uptime_check_config.schemes.uptime_check_id}\" ",
+        "AND resource.type=\"uptime_url\""
+      ])
+      duration        = "300s"
+      comparison      = "COMPARISON_LT"
+      threshold_value = "1"
+
+      trigger {
+        count = 1
+      }
+    }
+  }
+
+  notification_channels = [google_monitoring_notification_channel.schemes.id]
+}
diff --git a/cloud/schemes/cloud-run/variables.tf b/cloud/schemes/cloud-run/variables.tf
@@ -67,3 +67,8 @@ variable "basic_auth" {
   description = "Whether to enable basic auth"
   type        = bool
 }
+
+variable "domain" {
+  description = "Domain name to monitor"
+  type        = string
+}
diff --git a/cloud/schemes/main.tf b/cloud/schemes/main.tf
@@ -54,6 +54,11 @@ resource "google_project_service" "secret_manager" {
   service = "secretmanager.googleapis.com"
 }
 
+resource "google_project_service" "monitoring" {
+  project = local.project
+  service = "monitoring.googleapis.com"
+}
+
 module "cloud_sql" {
   source           = "./cloud-sql"
   project          = local.project
@@ -81,9 +86,11 @@ module "cloud_run" {
   capital_schemes_database_password        = data.terraform_remote_state.schemes_database.outputs.password
   keep_idle                                = local.config[local.env].keep_idle
   basic_auth                               = local.config[local.env].basic_auth
+  domain                                   = local.config[local.env].domain
 
   depends_on = [
-    google_project_service.secret_manager
+    google_project_service.secret_manager,
+    google_project_service.monitoring
   ]
 }