From 0351e9875ae46c2e0f098eab5b349d7847d15f26 Mon Sep 17 00:00:00 2001
From: Pat Heard <patrick.heard@cds-snc.ca>
Date: Fri, 15 Mar 2024 11:50:44 -0400
Subject: [PATCH] chore: suppress missing patch CloudWatch alarms (#902)

Update the API's CloudWatch error and warning alarms to no longer trigger
if there is a missing update patch.

This is caused by the target ClamAV update server not having a patch
available yet and will resolve on its own.
---
 terragrunt/aws/alarms/alarms.tf | 23 ++------------------
 terragrunt/aws/alarms/locals.tf | 38 +++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 21 deletions(-)
 create mode 100644 terragrunt/aws/alarms/locals.tf

diff --git a/terragrunt/aws/alarms/alarms.tf b/terragrunt/aws/alarms/alarms.tf
index d5c47350..d96b0001 100644
--- a/terragrunt/aws/alarms/alarms.tf
+++ b/terragrunt/aws/alarms/alarms.tf
@@ -1,22 +1,3 @@
-locals {
-  api_functions = [
-    {
-      name           = "api",
-      log_group_name = var.scan_files_api_log_group_name,
-    },
-    {
-      name           = "api-provisioned",
-      log_group_name = var.scan_files_api_sync_log_group_name,
-    },
-  ]
-  error_logged_api            = "ErrorLogged"
-  error_logged_s3_scan_object = "ErrorLoggedS3ScanObject"
-  error_namespace             = "ScanFiles"
-  scan_verdict_suspicious     = "ScanVerdictSuspicious"
-  scan_verdict_unknown        = "ScanVerdictUnknown"
-  warning_logged_api          = "WarningLogged"
-}
-
 resource "aws_cloudwatch_metric_alarm" "route53_health_check_api" {
   provider = aws.us-east-1
 
@@ -44,7 +25,7 @@ resource "aws_cloudwatch_log_metric_filter" "scan_files_error" {
   for_each = { for function in local.api_functions : function.name => function }
 
   name           = local.error_logged_api
-  pattern        = "?ERROR ?Error ?error ?failed"
+  pattern        = local.api_error_metric_pattern
   log_group_name = each.value.log_group_name
 
   metric_transformation {
@@ -58,7 +39,7 @@ resource "aws_cloudwatch_log_metric_filter" "scan_files_warning" {
   for_each = { for function in local.api_functions : function.name => function }
 
   name           = local.warning_logged_api
-  pattern        = "WARNING"
+  pattern        = local.api_warning_metric_pattern
   log_group_name = each.value.log_group_name
 
   metric_transformation {
diff --git a/terragrunt/aws/alarms/locals.tf b/terragrunt/aws/alarms/locals.tf
new file mode 100644
index 00000000..3555a8b4
--- /dev/null
+++ b/terragrunt/aws/alarms/locals.tf
@@ -0,0 +1,38 @@
+locals {
+  api_functions = [
+    {
+      name           = "api",
+      log_group_name = var.scan_files_api_log_group_name,
+    },
+    {
+      name           = "api-provisioned",
+      log_group_name = var.scan_files_api_sync_log_group_name,
+    },
+  ]
+  error_logged_api            = "ErrorLogged"
+  error_logged_s3_scan_object = "ErrorLoggedS3ScanObject"
+  error_namespace             = "ScanFiles"
+  scan_verdict_suspicious     = "ScanVerdictSuspicious"
+  scan_verdict_unknown        = "ScanVerdictUnknown"
+  warning_logged_api          = "WarningLogged"
+
+  # Metric filter patterns
+  api_errors = [
+    "ERROR",
+    "Error",
+    "error",
+    "failed",
+  ]
+  api_errors_skip = [
+    "database server doesn't have the latest patch",
+  ]
+  api_warnings = [
+    "Warning",
+    "warning",
+  ]
+  api_warnings_skip = [
+    "database server doesn't have the latest patch",
+  ]
+  api_error_metric_pattern   = "[(w1=\"*${join("*\" || w1=\"*", local.api_errors)}*\") && w1!=\"*${join("*\" && w1!=\"*", local.api_errors_skip)}*\"]"
+  api_warning_metric_pattern = "[(w1=\"*${join("*\" || w1=\"*", local.api_warnings)}*\") && w1!=\"*${join("*\" && w1!=\"*", local.api_warnings_skip)}*\"]"
+}
\ No newline at end of file