diff --git a/README.md b/README.md
index f36a8593a..60039ab21 100644
--- a/README.md
+++ b/README.md
@@ -66,6 +66,12 @@
 
 <table>
 <tr>
+    <td align="center" width="150">
+        <a href="https://docs.keephq.dev/providers/documentation/amazonsqs-provider" target="_blank">
+            <img width="40" src="keep-ui/public/icons/amazonsqs-icon.png" alt="AmazonSQS"/><br/>
+            Amazon SQS
+        </a>
+    </td>
     <td align="center" width="150">
         <a href="https://docs.keephq.dev/providers/documentation/appdynamics-provider" target="_blank">
             <img width="40" src="keep-ui/public/icons/appdynamics-icon.png" alt="AppDynamics"/><br/>
@@ -96,14 +102,14 @@
             Checkmk
         </a>
     </td>
+</tr>
+<tr>
     <td align="center" width="150">
         <a href="https://docs.keephq.dev/providers/documentation/cilium-provider" target="_blank">
             <img width="40" src="keep-ui/public/icons/cilium-icon.png" alt="Cilium"/><br/>
             Cilium
         </a>
     </td>
-</tr>
-<tr>
     <td align="center" width="150">
         <a href="https://docs.keephq.dev/providers/documentation/cloudwatch-provider" target="_blank">
             <img width="40" src="keep-ui/public/icons/cloudwatch-icon.png" alt="CloudWatch"/><br/>
@@ -134,14 +140,14 @@
             Elastic
         </a>
     </td>
+  </tr>
+  <tr>
     <td align="center">
         <a href="https://docs.keephq.dev/providers/documentation/gcpmonitoring-provider" target="_blank">
             <img width="40" src="keep-ui/public/icons/gcpmonitoring-icon.png" alt="GCP Monitoring"/><br/>
             GCP Monitoring
         </a>
     </td>
-  </tr>
-  <tr>
     <td align="center" width="150">
         <a href="https://docs.keephq.dev/providers/documentation/grafana-provider" target="_blank">
             <img width="40" src="keep-ui/public/icons/grafana-icon.png" alt="Grafana"/><br/>
@@ -172,12 +178,6 @@
             New Relic
         </a>
     </td>
-    <td align="center" width="150">
-        <a href="https://docs.keephq.dev/providers/documentation/openobserve-provider" target="_blank">
-            <img width="40" src="keep-ui/public/icons/openobserve-icon.png" alt="OpenObserve"/><br/>
-            OpenObserve
-        </a>
-    </td>
   </tr>
   <tr>
     <td align="center" width="150">
@@ -218,6 +218,12 @@
     </td>
 </tr>
 <tr>
+  <td align="center" width="150">
+        <a href="https://docs.keephq.dev/providers/documentation/openobserve-provider" target="_blank">
+            <img width="40" src="keep-ui/public/icons/openobserve-icon.png" alt="OpenObserve"/><br/>
+            OpenObserve
+        </a>
+    </td>
   <td align="center" width="150">
         <a href="https://docs.keephq.dev/providers/documentation/site24x7-provider" target="_blank">
             <img width="40" src="keep-ui/public/icons/site24x7-icon.png" alt="Site24x7"/><br/>
@@ -248,14 +254,14 @@
           UptimeKuma
         </a>
   </td>
+</tr>
+<tr>
   <td align="center" width="150">
         <a href="https://docs.keephq.dev/providers/documentation/victoriametrics-provider" target="_blank">
             <img width="40" src="keep-ui/public/icons/victoriametrics-icon.png" alt="VictoriaMetrics"/><br/>
           VictoriaMetrics
         </a>
   </td>
-</tr>
-<tr>
   <td align="center" width="150">
         <a href="https://docs.keephq.dev/providers/documentation/zabbix-provider" target="_blank">
             <img width="40" src="keep-ui/public/icons/zabbix-icon.png" alt="Zabbix"/><br/>
diff --git a/docs/mint.json b/docs/mint.json
index 373398997..1ee51f5c0 100644
--- a/docs/mint.json
+++ b/docs/mint.json
@@ -111,6 +111,7 @@
           "group": "Supported Providers",
           "pages": [
             "providers/documentation/aks-provider",
+            "providers/documentation/amazonsqs-provider",
             "providers/documentation/appdynamics-provider",
             "providers/documentation/argocd-provider",
             "providers/documentation/auth0-provider",
diff --git a/docs/providers/documentation/amazonsqs-provider.mdx b/docs/providers/documentation/amazonsqs-provider.mdx
new file mode 100644
index 000000000..c636cf766
--- /dev/null
+++ b/docs/providers/documentation/amazonsqs-provider.mdx
@@ -0,0 +1,64 @@
+---
+title: "AmazonSQS Provider"
+sidebarTitle: "AmazonSQS Provider"
+description: "The AmazonSQS provider enables you to pull & push alerts to the Amazon SQS Queue."
+---
+
+## Overview
+
+The **AmazonSQS Provider** facilitates
+Consuming SQS messages as alerts
+Notifying/Pushing messages to SQS Queue
+
+## Authentication Parameters
+
+- **Access Key Id** (required): Access Key ID generated from your IAM.
+- **Secret Access Key** (required): The secret corresponding to the above key-id.
+- **Region Name** (required): The region of your data center eg. us-east-1, ap-sout-1, etc.
+- **SQS Queue URL** (required): The url for the SQS Queue.
+
+
+## Scopes
+
+- **authenticated**: Mandatory for all operations, ensures the user is authenticated.
+- **sqs::read**: Mandatory for getting alerts, ensures user can read from the Queue.
+- **sqs::write**: Mandatory **only** for Notifying/Pushing messages to queue, ensures user can write to Queue.
+
+If you only want to give read scope to your key-secret pair the permission policy: AmazonSQSReadOnlyAccess
+If you only want to give read & write scope to your key-secret pair the permission policy: AmazonSQSFullAccess
+Both are the policies are prebuilt in AWS.
+
+## Inputs for AmazonSQS Action
+
+- `message`: str: Body/Message for the notification
+- `group_id`: str | None: Mandatory only if Queue is of type FIFO, ignored incase of a normal Queue.
+- `dedup_id`: str | None: Mandatory only if Queue is of type FIFO, ignored incase of a normal Queue.
+- **kwargs: dict | None: You can pass additional key-value pairs, that will be sent as MessageAttributes in the notification.
+
+## Output for AmazonSQS Action
+For more detail, visit [sqs-documentation](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sqs/client/send_message.html#).
+   ```json
+   {
+        'MD5OfMessageBody': 'string',
+        'MD5OfMessageAttributes': 'string',
+        'MD5OfMessageSystemAttributes': 'string',
+        'MessageId': 'string',
+        'SequenceNumber': 'string'
+   }
+   ```
+
+<Note>
+  - When using the AmazonSQS action, if your queue is fifo, then it is **mandatory** to pass a dedup_id & group_id.
+  - All the extra fields present in the MessageAttribute is stored in alert.label as a key-value pair dictionary.
+  - You can pass these attributes in the SQS Queue message and keep will extract and use these field for the alert
+    - name
+    - status: Possible values 'firing' | 'resolved' | 'acknowledged' | 'suppressed' | 'pending' defaults to 'firing'.
+    - severity: Possible values 'critical' | 'high' | 'warning' | 'info' | 'low' defaults to 'high'
+    - description
+
+</Note>
+
+## Useful Links
+
+- [AmazonSQS Boto3 Examples](https://docs.aws.amazon.com/code-library/latest/ug/python_3_sqs_code_examples.html)
+- [Boto3 SQS Documentation](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sqs.html)
diff --git a/docs/providers/overview.mdx b/docs/providers/overview.mdx
index 30c9b523e..8d8b0d7de 100644
--- a/docs/providers/overview.mdx
+++ b/docs/providers/overview.mdx
@@ -116,6 +116,14 @@ By leveraging Keep Providers, users are able to deeply integrate Keep with the t
   }
 />
 
+<Card
+  title="AmazonSQS"
+  href="/providers/documentation/amazonsqs-provider"
+  icon={
+    <img src="https://github.com/keephq/keep/blob/main/keep-ui/public/icons/amazonsqs-icon.png?raw=true" />
+  }
+></Card>
+
 <Card
   title="AppDynamics"
   href="/providers/documentation/appdynamics-provider"
diff --git a/keep-ui/public/icons/amazonsqs-icon.png b/keep-ui/public/icons/amazonsqs-icon.png
new file mode 100644
index 000000000..a63d6bf15
Binary files /dev/null and b/keep-ui/public/icons/amazonsqs-icon.png differ
diff --git a/keep/providers/amazonsqs_provider/__init__.py b/keep/providers/amazonsqs_provider/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/keep/providers/amazonsqs_provider/amazonsqs_provider.py b/keep/providers/amazonsqs_provider/amazonsqs_provider.py
new file mode 100644
index 000000000..2ca2942c8
--- /dev/null
+++ b/keep/providers/amazonsqs_provider/amazonsqs_provider.py
@@ -0,0 +1,359 @@
+"""
+Amazonsqs Provider is a class that allows to receive alerts and notify the Amazon SQS Queue
+"""
+
+import dataclasses
+import inspect
+import logging
+import time
+import uuid
+from datetime import datetime
+
+import boto3
+import botocore
+import pydantic
+
+from keep.api.models.alert import AlertSeverity, AlertStatus
+from keep.contextmanager.contextmanager import ContextManager
+from keep.providers.base.base_provider import BaseProvider
+from keep.providers.models.provider_config import ProviderConfig, ProviderScope
+
+
+@pydantic.dataclasses.dataclass
+class AmazonsqsProviderAuthConfig:
+    """
+    AmazonSQS authentication configuration.
+    """
+
+    access_key_id: str = dataclasses.field(
+        metadata={
+            "required": True,
+            "description": "Access Key Id",
+            "hint": "Access Key ID",
+        },
+    )
+    secret_access_key: str = dataclasses.field(
+        metadata={
+            "required": True,
+            "description": "Secret access key",
+            "hint": "Secret access key",
+            "sensitive": True,
+        },
+    )
+    region_name: str = dataclasses.field(
+        metadata={
+            "required": True,
+            "description": "Region name",
+            "hint": "Region name: eg. us-east-1 | ap-sout-1 | etc.",
+            "sensitive": False,
+        },
+    )
+    sqs_queue_url: pydantic.AnyHttpUrl = dataclasses.field(
+        metadata={
+            "required": True,
+            "description": "SQS Queue URL",
+            "hint": "Example: https://sqs.ap-south-1.amazonaws.com/614100018813/Q2",
+        },
+    )
+
+
+class ClientIdInjector(logging.Filter):
+    def filter(self, record):
+        # For this example, let's pretend we can obtain the client_id
+        # by inspecting the caller or some context. Replace the next line
+        # with the actual logic to get the client_id.
+        client_id, provider_id = self.get_client_id_from_caller()
+        if not hasattr(record, "extra"):
+            record.extra = {
+                "client_id": client_id,
+                "provider_id": provider_id,
+            }
+        return True
+
+    def get_client_id_from_caller(self):
+        # Here, you should implement the logic to extract client_id based on the caller.
+        # This can be tricky and might require you to traverse the call stack.
+        # Return a default or None if you can't find it.
+        import copy
+
+        frame = inspect.currentframe()
+        client_id = None
+        while frame:
+            local_vars = copy.copy(frame.f_locals)
+            for var_name, var_value in local_vars.items():
+                if isinstance(var_value, AmazonsqsProvider):
+                    client_id = var_value.context_manager.tenant_id
+                    provider_id = var_value.provider_id
+                    break
+            if client_id:
+                return client_id, provider_id
+            frame = frame.f_back
+        return None, None
+
+
+class AmazonsqsProvider(BaseProvider):
+    """Sends and receive alerts from AmazonSQS."""
+
+    PROVIDER_CATEGORY = ["Monitoring", "Queues"]
+    PROVIDER_TAGS = ["queue"]
+
+    alert_severity_dict = {
+        "critical": AlertSeverity.CRITICAL,
+        "high": AlertSeverity.HIGH,
+        "warning": AlertSeverity.WARNING,
+        "info": AlertSeverity.INFO,
+        "low": AlertSeverity.LOW,
+    }
+
+    PROVIDER_DISPLAY_NAME = "AmazonSQS"
+    PROVIDER_SCOPES = [
+        ProviderScope(
+            name="authenticated",
+            description="Key-Id pair is valid and working",
+            mandatory=True,
+            alias="Authenticated",
+        ),
+        ProviderScope(
+            name="sqs::read",
+            description="Required privileges to receive alert from SQS",
+            mandatory=True,
+            alias="Read Access",
+        ),
+        ProviderScope(
+            name="sqs::write",
+            description="Required privileges to push messages to SQS",
+            mandatory=False,
+            alias="Write Access",
+        ),
+    ]
+
+    def __init__(
+        self, context_manager: ContextManager, provider_id: str, config: ProviderConfig
+    ):
+        super().__init__(context_manager, provider_id, config)
+        self.consume = False
+        self.consumer = None
+        self.err = ""
+        # patch all AmazonSQS loggers to contain the tenant_id
+        for logger_name in logging.Logger.manager.loggerDict:
+            if logger_name.startswith("amazonsqs"):
+                logger = logging.getLogger(logger_name)
+                if not any(isinstance(f, ClientIdInjector) for f in logger.filters):
+                    self.logger.info(f"Patching amazonsqs logger {logger_name}")
+                    logger.addFilter(ClientIdInjector())
+
+    def dispose(self):
+        """
+        Dispose the provider.
+        """
+        pass
+
+    def validate_config(self):
+        """
+        Validates required configuration for Amazonsqs provider.
+        """
+        self.logger.debug("Validating configuration for Amazonsqs provider")
+        self.authentication_config = AmazonsqsProviderAuthConfig(
+            **self.config.authentication
+        )
+
+    @property
+    def __get_sqs_client(self):
+        if self.consumer is None:
+            self.consumer = boto3.client(
+                "sqs",
+                region_name=self.authentication_config.region_name,
+                aws_access_key_id=self.authentication_config.access_key_id,
+                aws_secret_access_key=self.authentication_config.secret_access_key,
+            )
+        return self.consumer
+
+    def validate_scopes(self) -> dict[str, bool | str]:
+        self.logger.info("Validating user scopes for AmazonSQS provider")
+        scopes = {
+            "authenticated": False,
+            "sqs::read": False,
+            "sqs::write": False,
+        }
+        sts = boto3.client(
+            "sts",
+            region_name=self.authentication_config.region_name,
+            aws_access_key_id=self.authentication_config.access_key_id,
+            aws_secret_access_key=self.authentication_config.secret_access_key,
+        )
+        try:
+            sts.get_caller_identity()
+            self.logger.info(
+                "User identity fetched successfully, user is authenticated."
+            )
+            scopes["authenticated"] = True
+        except botocore.exceptions.ClientError as e:
+            self.logger.error(
+                "Error while getting user identity, authentication failed",
+                extra={"exception": str(e)},
+            )
+            scopes["authenticated"] = str(e)
+            return scopes
+
+        try:
+            self.__write_to_queue(
+                message="KEEP_SCOPE_TEST_MSG_PLEASE_IGNORE",
+                dedup_id=str(uuid.uuid4()),
+                group_id="keep",
+            )
+            self.logger.info("All scopes verified successfully")
+            scopes["sqs::write"] = True
+            scopes["sqs::read"] = True
+        except botocore.exceptions.ClientError as e:
+            self.logger.error(
+                "User does not have permission to write to SQS queue",
+                extra={"exception": str(e)},
+            )
+            scopes["sqs::write"] = str(e)
+            try:
+                self.__read_from_queue()
+                self.logger.info("User has permission to read from SQS Queue")
+                scopes["sqs::read"] = True
+            except botocore.exceptions.ClientError as e:
+                self.logger.error(
+                    "User does not have permission to read from SQS queue",
+                    extra={"exception": str(e)},
+                )
+                scopes["sqs::read"] = str(e)
+        return scopes
+
+    def __read_from_queue(self):
+        self.logger.info("Getting messages from SQS Queue")
+        try:
+            return self.__get_sqs_client.receive_message(
+                QueueUrl=self.authentication_config.sqs_queue_url,
+                MessageAttributeNames=["All"],
+                MessageSystemAttributeNames=["All"],
+                MaxNumberOfMessages=10,
+                WaitTimeSeconds=10,
+            )
+        except Exception as e:
+            self.logger.error(
+                "Error while reading from SQS Queue", extra={"exception": str(e)}
+            )
+
+    def __write_to_queue(self, message, group_id, dedup_id, **kwargs):
+        try:
+            self.logger.info("Sending message to SQS Queue")
+            message = str(message)
+            group_id = str(group_id)
+            dedup_id = str(dedup_id)
+            is_fifo = self.authentication_config.sqs_queue_url.endswith(".fifo")
+            self.logger.info("Building MessageAttributes")
+            msg_attrs = {
+                key: {"StringValue": kwargs[key], "DataType": "String"}
+                for key in kwargs
+            }
+            if is_fifo:
+                if not dedup_id or not group_id:
+                    self.logger.error(
+                        "Mandatory to provide dedup_id (Message deduplication ID) & group_id (Message group ID) when pushing to fifo queue"
+                    )
+                    raise Exception(
+                        "Mandatory to provide dedup_id (Message deduplication ID) & group_id (Message group ID) when pushing to fifo queue"
+                    )
+                response = self.__get_sqs_client.send_message(
+                    QueueUrl=self.authentication_config.sqs_queue_url,
+                    MessageAttributes=msg_attrs,
+                    MessageBody=message,
+                    MessageDeduplicationId=dedup_id,
+                    MessageGroupId=group_id,
+                )
+            else:
+                response = self.__get_sqs_client.send_message(
+                    QueueUrl=self.authentication_config.sqs_queue_url,
+                    MessageAttributes=msg_attrs,
+                    MessageBody=message,
+                )
+
+            self.logger.info(
+                "Successfully pushed the message to SQS",
+                extra={"response": str(response)},
+            )
+            return response
+        except Exception as e:
+            self.logger.error(
+                "Error while writing to SQS queue", extra={"exception": str(e)}
+            )
+            raise e
+
+    def __delete_from_queue(self, receipt: str):
+        self.logger.info("Deleting message from SQS Queue")
+        try:
+            self.__get_sqs_client.delete_message(
+                QueueUrl=self.authentication_config.sqs_queue_url, ReceiptHandle=receipt
+            )
+            self.logger.info("Successfully deleted message from SQS Queue")
+        except Exception as e:
+            self.logger.error(
+                "Error while deleting message from SQS queue",
+                extra={"exception": str(e)},
+            )
+            raise e
+
+    @staticmethod
+    def get_status_or_default(status_value):
+        try:
+            # Check if status_value is a valid member of AlertStatus
+            return AlertStatus(status_value)
+        except ValueError:
+            # If not, return the default AlertStatus.FIRING
+            return AlertStatus.FIRING
+
+    def _notify(self, message, group_id, dedup_id, **kwargs):
+        return self.__write_to_queue(
+            message=message, group_id=group_id, dedup_id=dedup_id, **kwargs
+        )
+
+    def start_consume(self):
+        self.consume = True
+        while self.consume:
+            response = self.__read_from_queue()
+            messages = response.get("Messages", [])
+            if not messages:
+                self.logger.info("No messages found. Queue is empty!")
+
+            for message in messages:
+                try:
+                    labels = {}
+                    attrs = message.get("MessageAttributes", {})
+                    for msg_attr in attrs:
+                        labels[msg_attr.lower()] = attrs[msg_attr].get(
+                            "StringValue", attrs[msg_attr].get("BinaryValue", "")
+                        )
+
+                    alert_dict = {
+                        "id": message["MessageId"],
+                        "name": labels.get("name", message["Body"]),
+                        "description": labels.get("description", message["Body"]),
+                        "message": message["Body"],
+                        "status": AmazonsqsProvider.get_status_or_default(
+                            labels.get("status", "firing")
+                        ),
+                        "severity": self.alert_severity_dict.get(
+                            labels.get("severity", "high"), AlertSeverity.HIGH
+                        ),
+                        "lastReceived": datetime.fromtimestamp(
+                            float(message["Attributes"]["SentTimestamp"]) / 1000
+                        ).isoformat(),
+                        "firingStartTime": datetime.fromtimestamp(
+                            float(message["Attributes"]["SentTimestamp"]) / 1000
+                        ).isoformat(),
+                        "labels": labels,
+                        "source": ["amazonsqs"],
+                    }
+                    self._push_alert(alert_dict)
+                    self.__delete_from_queue(receipt=message["ReceiptHandle"])
+                except Exception as e:
+                    self.logger.error(f"Error processing message: {e}")
+
+            time.sleep(0.1)
+        self.logger.info("Consuming stopped")
+
+    def stop_consume(self):
+        self.consume = False
diff --git a/pyproject.toml b/pyproject.toml
index 67edc18de..73ee56ac1 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "keep"
-version = "0.34.1"
+version = "0.34.2"
 description = "Alerting. for developers, by developers."
 authors = ["Keep Alerting LTD"]
 packages = [{include = "keep"}]

+ + + Amazon SQS + +	@@ -96,14 +102,14 @@ Checkmk
Cilium
@@ -134,14 +140,14 @@ Elastic
GCP Monitoring
@@ -172,12 +178,6 @@ New Relic	- - - OpenObserve - -
@@ -218,6 +218,12 @@
+ + + OpenObserve + +	@@ -248,14 +254,14 @@ UptimeKuma
VictoriaMetrics
diff --git a/docs/mint.json b/docs/mint.json index 373398997..1ee51f5c0 100644 --- a/docs/mint.json +++ b/docs/mint.json @@ -111,6 +111,7 @@ "group": "Supported Providers", "pages": [ "providers/documentation/aks-provider", + "providers/documentation/amazonsqs-provider", "providers/documentation/appdynamics-provider", "providers/documentation/argocd-provider", "providers/documentation/auth0-provider", diff --git a/docs/providers/documentation/amazonsqs-provider.mdx b/docs/providers/documentation/amazonsqs-provider.mdx new file mode 100644 index 000000000..c636cf766 --- /dev/null +++ b/docs/providers/documentation/amazonsqs-provider.mdx @@ -0,0 +1,64 @@ +--- +title: "AmazonSQS Provider" +sidebarTitle: "AmazonSQS Provider" +description: "The AmazonSQS provider enables you to pull & push alerts to the Amazon SQS Queue." +--- + +## Overview + +The AmazonSQS Provider facilitates +Consuming SQS messages as alerts +Notifying/Pushing messages to SQS Queue + +## Authentication Parameters + +- Access Key Id (required): Access Key ID generated from your IAM. +- Secret Access Key (required): The secret corresponding to the above key-id. +- Region Name (required): The region of your data center eg. us-east-1, ap-sout-1, etc. +- SQS Queue URL (required): The url for the SQS Queue. + + +## Scopes + +- authenticated: Mandatory for all operations, ensures the user is authenticated. +- sqs::read: Mandatory for getting alerts, ensures user can read from the Queue. +- sqs::write: Mandatory only for Notifying/Pushing messages to queue, ensures user can write to Queue. + +If you only want to give read scope to your key-secret pair the permission policy: AmazonSQSReadOnlyAccess +If you only want to give read & write scope to your key-secret pair the permission policy: AmazonSQSFullAccess +Both are the policies are prebuilt in AWS. + +## Inputs for AmazonSQS Action + +- `message`: str: Body/Message for the notification +- `group_id`: str \| None: Mandatory only if Queue is of type FIFO, ignored incase of a normal Queue. +- `dedup_id`: str \| None: Mandatory only if Queue is of type FIFO, ignored incase of a normal Queue. +- kwargs: dict \| None: You can pass additional key-value pairs, that will be sent as MessageAttributes in the notification. + +## Output for AmazonSQS Action +For more detail, visit [sqs-documentation](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sqs/client/send_message.html#). + ```json + { + 'MD5OfMessageBody': 'string', + 'MD5OfMessageAttributes': 'string', + 'MD5OfMessageSystemAttributes': 'string', + 'MessageId': 'string', + 'SequenceNumber': 'string' + } + ``` + + + - When using the AmazonSQS action, if your queue is fifo, then it is mandatory to pass a dedup_id & group_id. + - All the extra fields present in the MessageAttribute is stored in alert.label as a key-value pair dictionary. + - You can pass these attributes in the SQS Queue message and keep will extract and use these field for the alert + - name + - status: Possible values 'firing' \| 'resolved' \| 'acknowledged' \| 'suppressed' \| 'pending' defaults to 'firing'. + - severity: Possible values 'critical' \| 'high' \| 'warning' \| 'info' \| 'low' defaults to 'high' + - description + + + +## Useful Links + +- [AmazonSQS Boto3 Examples](https://docs.aws.amazon.com/code-library/latest/ug/python_3_sqs_code_examples.html) +- [Boto3 SQS Documentation](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sqs.html) diff --git a/docs/providers/overview.mdx b/docs/providers/overview.mdx index 30c9b523e..8d8b0d7de 100644 --- a/docs/providers/overview.mdx +++ b/docs/providers/overview.mdx @@ -116,6 +116,14 @@ By leveraging Keep Providers, users are able to deeply integrate Keep with the t } /> + + } +> + dict[str, bool \| str]: + self.logger.info("Validating user scopes for AmazonSQS provider") + scopes = { + "authenticated": False, + "sqs::read": False, + "sqs::write": False, + } + sts = boto3.client( + "sts", + region_name=self.authentication_config.region_name, + aws_access_key_id=self.authentication_config.access_key_id, + aws_secret_access_key=self.authentication_config.secret_access_key, + ) + try: + sts.get_caller_identity() + self.logger.info( + "User identity fetched successfully, user is authenticated." + ) + scopes["authenticated"] = True + except botocore.exceptions.ClientError as e: + self.logger.error( + "Error while getting user identity, authentication failed", + extra={"exception": str(e)}, + ) + scopes["authenticated"] = str(e) + return scopes + + try: + self.__write_to_queue( + message="KEEP_SCOPE_TEST_MSG_PLEASE_IGNORE", + dedup_id=str(uuid.uuid4()), + group_id="keep", + ) + self.logger.info("All scopes verified successfully") + scopes["sqs::write"] = True + scopes["sqs::read"] = True + except botocore.exceptions.ClientError as e: + self.logger.error( + "User does not have permission to write to SQS queue", + extra={"exception": str(e)}, + ) + scopes["sqs::write"] = str(e) + try: + self.__read_from_queue() + self.logger.info("User has permission to read from SQS Queue") + scopes["sqs::read"] = True + except botocore.exceptions.ClientError as e: + self.logger.error( + "User does not have permission to read from SQS queue", + extra={"exception": str(e)}, + ) + scopes["sqs::read"] = str(e) + return scopes + + def __read_from_queue(self): + self.logger.info("Getting messages from SQS Queue") + try: + return self.__get_sqs_client.receive_message( + QueueUrl=self.authentication_config.sqs_queue_url, + MessageAttributeNames=["All"], + MessageSystemAttributeNames=["All"], + MaxNumberOfMessages=10, + WaitTimeSeconds=10, + ) + except Exception as e: + self.logger.error( + "Error while reading from SQS Queue", extra={"exception": str(e)} + ) + + def __write_to_queue(self, message, group_id, dedup_id, kwargs): + try: + self.logger.info("Sending message to SQS Queue") + message = str(message) + group_id = str(group_id) + dedup_id = str(dedup_id) + is_fifo = self.authentication_config.sqs_queue_url.endswith(".fifo") + self.logger.info("Building MessageAttributes") + msg_attrs = { + key: {"StringValue": kwargs[key], "DataType": "String"} + for key in kwargs + } + if is_fifo: + if not dedup_id or not group_id: + self.logger.error( + "Mandatory to provide dedup_id (Message deduplication ID) & group_id (Message group ID) when pushing to fifo queue" + ) + raise Exception( + "Mandatory to provide dedup_id (Message deduplication ID) & group_id (Message group ID) when pushing to fifo queue" + ) + response = self.__get_sqs_client.send_message( + QueueUrl=self.authentication_config.sqs_queue_url, + MessageAttributes=msg_attrs, + MessageBody=message, + MessageDeduplicationId=dedup_id, + MessageGroupId=group_id, + ) + else: + response = self.__get_sqs_client.send_message( + QueueUrl=self.authentication_config.sqs_queue_url, + MessageAttributes=msg_attrs, + MessageBody=message, + ) + + self.logger.info( + "Successfully pushed the message to SQS", + extra={"response": str(response)}, + ) + return response + except Exception as e: + self.logger.error( + "Error while writing to SQS queue", extra={"exception": str(e)} + ) + raise e + + def __delete_from_queue(self, receipt: str): + self.logger.info("Deleting message from SQS Queue") + try: + self.__get_sqs_client.delete_message( + QueueUrl=self.authentication_config.sqs_queue_url, ReceiptHandle=receipt + ) + self.logger.info("Successfully deleted message from SQS Queue") + except Exception as e: + self.logger.error( + "Error while deleting message from SQS queue", + extra={"exception": str(e)}, + ) + raise e + + @staticmethod + def get_status_or_default(status_value): + try: + # Check if status_value is a valid member of AlertStatus + return AlertStatus(status_value) + except ValueError: + # If not, return the default AlertStatus.FIRING + return AlertStatus.FIRING + + def _notify(self, message, group_id, dedup_id, kwargs): + return self.__write_to_queue( + message=message, group_id=group_id, dedup_id=dedup_id, kwargs + ) + + def start_consume(self): + self.consume = True + while self.consume: + response = self.__read_from_queue() + messages = response.get("Messages", []) + if not messages: + self.logger.info("No messages found. Queue is empty!") + + for message in messages: + try: + labels = {} + attrs = message.get("MessageAttributes", {}) + for msg_attr in attrs: + labels[msg_attr.lower()] = attrs[msg_attr].get( + "StringValue", attrs[msg_attr].get("BinaryValue", "") + ) + + alert_dict = { + "id": message["MessageId"], + "name": labels.get("name", message["Body"]), + "description": labels.get("description", message["Body"]), + "message": message["Body"], + "status": AmazonsqsProvider.get_status_or_default( + labels.get("status", "firing") + ), + "severity": self.alert_severity_dict.get( + labels.get("severity", "high"), AlertSeverity.HIGH + ), + "lastReceived": datetime.fromtimestamp( + float(message["Attributes"]["SentTimestamp"]) / 1000 + ).isoformat(), + "firingStartTime": datetime.fromtimestamp( + float(message["Attributes"]["SentTimestamp"]) / 1000 + ).isoformat(), + "labels": labels, + "source": ["amazonsqs"], + } + self._push_alert(alert_dict) + self.__delete_from_queue(receipt=message["ReceiptHandle"]) + except Exception as e: + self.logger.error(f"Error processing message: {e}") + + time.sleep(0.1) + self.logger.info("Consuming stopped") + + def stop_consume(self): + self.consume = False diff --git a/pyproject.toml b/pyproject.toml index 67edc18de..73ee56ac1 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "keep" -version = "0.34.1" +version = "0.34.2" description = "Alerting. for developers, by developers." authors = ["Keep Alerting LTD"] packages = [{include = "keep"}]