ROB-0000 add labels to robusta alerts using subject information#2065
Open
ROB-0000 add labels to robusta alerts using subject information#2065
Conversation
Signed-off-by: Roi Glinik <groi.tech@gmail.com>
Signed-off-by: Roi Glinik <groi.tech@gmail.com>
|
✅ Docker image ready for
Use this tag to pull the image for testing. 📋 Copy commandsgcloud auth configure-docker us-central1-docker.pkg.dev
docker pull us-central1-docker.pkg.dev/robusta-development/temporary-builds/robusta-runner:37c01bc
docker tag us-central1-docker.pkg.dev/robusta-development/temporary-builds/robusta-runner:37c01bc me-west1-docker.pkg.dev/robusta-development/development/robusta-runner-dev:37c01bc
docker push me-west1-docker.pkg.dev/robusta-development/development/robusta-runner-dev:37c01bcPatch Helm values in one line: helm upgrade --install robusta robusta/robusta \
--reuse-values \
--set runner.image=me-west1-docker.pkg.dev/robusta-development/development/robusta-runner-dev:37c01bc |
WalkthroughAdds configurable regex-based relabeling for finding subjects: new FindingLabelRule model, FindingOverrides accepts rules, customise_finding evaluates rules and injects labels via ExecutionBaseEvent.inject_finding_labels(), and guards Finding.subject when None. ChangesFinding Label Relabeling Feature
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes 🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (1)
tests/test_customise_finding_relabel.py (1)
179-208: ⚡ Quick winAdd a malformed-regex regression test.
Coverage is solid; one high-value gap is a rule with invalid
regexto ensurecustomise_findingskips the bad rule without crashing.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@tests/test_customise_finding_relabel.py` around lines 179 - 208, Add a test that verifies customise_finding/FindingOverrides tolerate an invalid regex by creating a FindingSubject (use _run or _make_event) and a rule where "regex" is malformed (e.g. unmatched bracket), then call customise_finding or _run with that rule and assert the function does not raise and the finding's labels remain unchanged (e.g. existing "team" label stays the same or target_label is not added); reference customise_finding, FindingOverrides, _run, _make_event and FindingSubject to locate where to add the test and ensure the bad rule is skipped rather than crashing.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@playbooks/robusta_playbooks/common_actions.py`:
- Around line 110-111: The current logging in customise_finding logs full
labels_to_inject which can leak sensitive metadata; change the call in the
customise_finding block so you do not log full label values—either downgrade to
logging.debug or log only the label keys (e.g., list(labels_to_inject.keys()))
before calling event.inject_finding_labels(labels_to_inject); keep the injection
via event.inject_finding_labels unchanged but ensure only non-sensitive key
names or a debug-level message is emitted.
- Around line 102-103: customise_finding currently calls
re.fullmatch(rule.regex, source_value) which will raise re.error for malformed
user regexes; wrap the re.fullmatch call in a try/except catching re.error, log
the invalid pattern and exception (including rule.regex and any identifying rule
id) using the existing logger, then continue to the next rule so the bad pattern
is skipped instead of crashing customise_finding.
In `@src/robusta/core/model/events.py`:
- Around line 158-161: The issue is that Finding uses a shared mutable default
FindingSubject which causes inject_finding_labels to mutate a shared labels
dict; fix by changing the Finding constructor signature (class Finding) to use
subject: Optional[FindingSubject] = None instead of a default instance, and
inside the constructor create a fresh FindingSubject() when subject is None
(assign self.subject = subject or FindingSubject()); keep inject_finding_labels
as-is but this ensures each Finding has its own subject.labels so .update()
won't bleed labels across Findings.
---
Nitpick comments:
In `@tests/test_customise_finding_relabel.py`:
- Around line 179-208: Add a test that verifies
customise_finding/FindingOverrides tolerate an invalid regex by creating a
FindingSubject (use _run or _make_event) and a rule where "regex" is malformed
(e.g. unmatched bracket), then call customise_finding or _run with that rule and
assert the function does not raise and the finding's labels remain unchanged
(e.g. existing "team" label stays the same or target_label is not added);
reference customise_finding, FindingOverrides, _run, _make_event and
FindingSubject to locate where to add the test and ensure the bad rule is
skipped rather than crashing.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: e57f4745-7ead-4c6f-b04e-e9ac2d6aa0d8
📒 Files selected for processing (3)
playbooks/robusta_playbooks/common_actions.pysrc/robusta/core/model/events.pytests/test_customise_finding_relabel.py
Signed-off-by: Roi Glinik <groi.tech@gmail.com>
There was a problem hiding this comment.
🧹 Nitpick comments (1)
src/robusta/core/reporting/base.py (1)
261-272: ⚡ Quick winType annotation doesn't reflect the accepted
NonevalueThe parameter is declared as
subject: FindingSubject = FindingSubject(), but the new guard at lines 271-272 explicitly handlessubject=None. This creates an invisible contract break: static type-checkers (mypy/pyright) will flag any call-site that passessubject=Noneas a type error, even though the runtime now handles it safely.Combining the guard with an annotation update also resolves the mutable-default-argument TODO in one shot:
🛠️ Proposed fix
- # TODO: this is bug-prone - see https://towardsdatascience.com/python-pitfall-mutable-default-arguments-9385e8265422 - subject: FindingSubject = FindingSubject(), + subject: Optional[FindingSubject] = None,The
if subject is None: subject = FindingSubject()guard already in place is then the canonical place where the default is applied, fixing both the type mismatch and the mutable-default pitfall.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/robusta/core/reporting/base.py` around lines 261 - 272, Update the subject parameter to accept None by changing its type to Optional[FindingSubject] and make its default value None (i.e., subject: Optional[FindingSubject] = None) so the existing guard "if subject is None: subject = FindingSubject()" is authoritative; this also removes the mutable-default issue—adjust any import/type hints as needed to reference Optional and keep the runtime logic in the constructor (the parameter and the guard in the function/method that declares subject and uses FindingSubject).
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@src/robusta/core/reporting/base.py`:
- Around line 261-272: Update the subject parameter to accept None by changing
its type to Optional[FindingSubject] and make its default value None (i.e.,
subject: Optional[FindingSubject] = None) so the existing guard "if subject is
None: subject = FindingSubject()" is authoritative; this also removes the
mutable-default issue—adjust any import/type hints as needed to reference
Optional and keep the runtime logic in the constructor (the parameter and the
guard in the function/method that declares subject and uses FindingSubject).
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: d75e73ba-4dc6-4a3a-b971-679b4f7dfb23
⛔ Files ignored due to path filters (1)
.claude/scheduled_tasks.lockis excluded by!**/*.lock
📒 Files selected for processing (3)
playbooks/robusta_playbooks/common_actions.pysrc/robusta/core/reporting/base.pytests/test_customise_finding_relabel.py
🚧 Files skipped from review as they are similar to previous changes (2)
- playbooks/robusta_playbooks/common_actions.py
- tests/test_customise_finding_relabel.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.