rule/label
This check works the same way as alerts/annotation check, but it operates on labels instead. It uses static labels set on alerting or recording rule. It doesn’t use labels on time series used in those rules.
Configuration
Syntax:
label "$pattern" {
comment = "..."
severity = "bug|warning|info"
token = "(.*)"
value = "(.*)"
values = ["...", ...]
required = true|false
}
$pattern- regexp pattern to match label name on, this can be templated to reference checked rule fields, see Configuration for details.comment- set a custom comment that will be added to reported problems.severity- set custom severity for reported issues, defaults to a warning.token- optional regexp to tokenize label value before validating it. By default the whole label value is validated againstvalueregexp or thevalueslist. If you want to break the value into sub-strings and validate each of them independently you can do this by settingtokento a regexp that captures a single sub-string.value- optional value regexp to enforce, if not set only pint will only check if the label exists.values- optional list of allowed values - this is alternative to usingvalueregexp. Set this to the list of all possible valid label values.required- iftruepint will require every rule to have this label set, iffalseit will only check values where label is set.
How to enable it
This check is not enabled by default as it requires explicit configuration to work. To enable it add one or more rule {...} blocks and specify all required labels there.
Example that will require severity label to be set on alert rules with two all possible values:
rule {
match {
kind = "alerting"
}
label "severity" {
comment = "You must set a `severity` label on all alert rules"
value = "(warning|critical)"
required = true
}
}
Example that enforces all alerting rules with for value present and greater than 5 minutes field to have a label called alert_for and value equal to for field.
rule {
match {
for = "> 5m"
}
label "alert_for" {
required = true
value = "{{ $for }}"
}
}
If you have a label that can contain multiple different values as a single string, for example components: "db api memcached", and you want to ensure only valid values are included then use token and values. By setting token to a regexp that matches only a sequence of letters ([a-zA-Z]+) you tell pint to split "db api memcached" into ["db", "api", "memcached"]. Then it iterates this list and checks each element independently. This allows you to have validation for multi-value strings.
rule {
label "components" {
required = true
token = "[a-zA-Z]+"
values = [
"prometheus",
"db",
"memcached",
"api",
"storage",
]
}
}
How to disable it
You can disable this check globally by adding this config block:
checks {
disabled = ["rule/label"]
}
You can also disable it for all rules inside given file by adding a comment anywhere in that file. Example:
# pint file/disable rule/label
Or you can disable it per rule by adding a comment to it. Example:
# pint disable rule/label
If you want to disable only individual instances of this check you can add a more specific comment.
If value is set:
# pint disable rule/label($label:$required:$value)
If value is NOT set:
# pint disable rule/label($label:$required)
Where:
$labelis the label name.$requiredis the configured value of therequiredoption.$valueis the anchored value of thevalueoption (if set).
Example pint rule:
label "severity" {
value = "(warning|critical)"
required = true
}
Example comment disabling that rule:
# pint disable rule/label(severity:true:^(warning|critical)$)
How to snooze it
You can disable this check until given time by adding a comment to it. Example:
# pint snooze $TIMESTAMP rule/label
Where $TIMESTAMP is either use RFC3339 formatted or YYYY-MM-DD. Adding this comment will disable rule/label until $TIMESTAMP, after that check will be re-enabled.