Skip to content

CNV-80608: management: add update alert rule APIs#1047

Open
sradco wants to merge 1 commit into
openshift:main-alerts-management-apifrom
sradco:alert-mgmt-restructured-05-update-rule
Open

CNV-80608: management: add update alert rule APIs#1047
sradco wants to merge 1 commit into
openshift:main-alerts-management-apifrom
sradco:alert-mgmt-restructured-05-update-rule

Conversation

@sradco

@sradco sradco commented Jul 8, 2026

Copy link
Copy Markdown

Add PATCH /api/v1/alerting/rules for bulk
update of platform and user-defined alert
rules with drop/restore, label overrides,
and per-rule update support.

Signed-off-by: Shirly Radco sradco@redhat.com
Signed-off-by: João Vilaça jvilaca@redhat.com
Signed-off-by: Aviv Litman alitman@redhat.com
Co-authored-by: AI Assistant noreply@cursor.com

Made with Cursor

Summary by CodeRabbit

  • New Features

    • Added bulk update support for alert rules, including label changes, classification updates, and enable/disable toggles in a single request.
    • Alert rules can now be restored after being disabled, and classification changes are reflected in rule metadata.
  • Bug Fixes

    • Improved handling of mixed rule updates so one failed rule no longer blocks updates to others.
    • Tightened validation for rule IDs, request size, and status codes for more reliable responses.
    • Preserved protected alert labels during updates and improved rule ownership checks to prevent unsupported edits.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jul 8, 2026
@openshift-ci-robot

openshift-ci-robot commented Jul 8, 2026

Copy link
Copy Markdown

@sradco: This pull request references CNV-80608 which is a valid jira issue.

Details

In response to this:

Add PATCH /api/v1/alerting/rules for bulk
update of platform and user-defined alert
rules with drop/restore, label overrides,
and per-rule update support.

Signed-off-by: Shirly Radco sradco@redhat.com
Signed-off-by: João Vilaça jvilaca@redhat.com
Signed-off-by: Aviv Litman alitman@redhat.com
Co-authored-by: AI Assistant noreply@cursor.com

Made with Cursor

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot requested review from etmurasaki and zhuje July 8, 2026 18:31
@openshift-ci

openshift-ci Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sradco
Once this PR has been reviewed and has the lgtm label, please assign zhuje for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@sradco, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 46 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 04ce678e-f396-47ef-a160-255dc963855e

📥 Commits

Reviewing files that changed from the base of the PR and between 9997bc6 and 5a3282e.

📒 Files selected for processing (17)
  • api/openapi.yaml
  • internal/managementrouter/alert_rule_bulk_update.go
  • internal/managementrouter/alert_rule_bulk_update_test.go
  • internal/managementrouter/api_generated.go
  • internal/managementrouter/router.go
  • internal/managementrouter/user_defined_alert_rule_bulk_delete.go
  • pkg/management/alert_rule_preconditions.go
  • pkg/management/delete_user_defined_alert_rule_by_id.go
  • pkg/management/get_rule_by_id.go
  • pkg/management/get_rule_by_id_test.go
  • pkg/management/label_utils.go
  • pkg/management/types.go
  • pkg/management/update_platform_alert_rule.go
  • pkg/management/update_platform_alert_rule_test.go
  • pkg/management/update_user_defined_alert_rule.go
  • pkg/management/update_user_defined_alert_rule_test.go
  • test/e2e/update_alert_rule_test.go

Walkthrough

This PR adds a bulk alert-rule update capability: a new PATCH /rules OpenAPI operation and generated types, an HTTP handler processing per-rule label/classification/enable-disable updates, new management-client methods (GetRuleById, UpdateUserDefinedAlertRule, UpdatePlatformAlertRule, DropPlatformAlertRule, RestorePlatformAlertRule) with GitOps/operator precondition checks and ARC relabel-config manipulation, plus extensive unit and e2e tests.

Changes

Bulk Update Alert Rules

Layer / File(s) Summary
OpenAPI contract and generated types
api/openapi.yaml, internal/managementrouter/api_generated.go
Adds PATCH /rules operation, BulkUpdateAlertRulesRequest/Response, AlertRuleClassificationUpdate, UpdateAlertRuleResult schemas, tightens DeleteAlertRuleResult.statusCode/StatusCode to int32 with bounds, and registers generated route/interface wiring.
Bulk update HTTP handler and router support
internal/managementrouter/alert_rule_bulk_update.go, internal/managementrouter/alert_rule_bulk_update_test.go, internal/managementrouter/router.go, internal/managementrouter/user_defined_alert_rule_bulk_delete.go
Implements the BulkUpdateAlertRules handler with request validation, per-rule label/classification/enable-toggle processing, adds parseParam helper and maxBulkUpdateRuleIds constant, casts delete-result status codes to int32, and covers behavior with extensive tests.
Update precondition validation
pkg/management/alert_rule_preconditions.go, pkg/management/label_utils.go, pkg/management/types.go
Adds GitOps/operator update-blocking helpers, a protectedLabels/isProtectedLabel check, and expands the Client interface with new update/drop/restore methods.
GetRuleById client method
pkg/management/get_rule_by_id.go, pkg/management/get_rule_by_id_test.go
Adds a method to fetch a rule by ID with not-found handling, tested against managed-by label scenarios (operator/GitOps).
Platform alert rule update/drop/restore
pkg/management/update_platform_alert_rule.go, pkg/management/update_platform_alert_rule_test.go
Implements platform rule label updates, drop, and restore via AlertingRule labels or AlertRelabelConfig manipulation, enforcing preconditions and immutability, with comprehensive tests.
User-defined alert rule update and ARC migration
pkg/management/update_user_defined_alert_rule.go, pkg/management/update_user_defined_alert_rule_test.go
Implements user rule updates with clone-collision prevention and ARC classification migration on rule ID change.
Delete rule ARC cleanup refactor
pkg/management/delete_user_defined_alert_rule_by_id.go
Routes deletion flows through new ARC cleanup helpers and blocks deletion of GitOps-managed rules.
End-to-end bulk update tests
test/e2e/update_alert_rule_test.go
Adds e2e tests for drop/restore toggling and classification updates verified against ARC state.

Estimated code review effort: 5 (Critical) | ~120 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant BulkUpdateAlertRules
  participant ManagementClient
  participant K8sAPI

  Client->>BulkUpdateAlertRules: PATCH /rules {ruleIds, labels, classification, alertingRuleEnabled}
  loop each ruleId
    BulkUpdateAlertRules->>ManagementClient: DropPlatformAlertRule/RestorePlatformAlertRule
    ManagementClient->>K8sAPI: upsert/delete AlertRelabelConfig
    BulkUpdateAlertRules->>ManagementClient: UpdateAlertRuleClassification
    ManagementClient->>K8sAPI: update classification labels
    BulkUpdateAlertRules->>ManagementClient: UpdatePlatformAlertRule
    ManagementClient->>K8sAPI: update AlertingRule or AlertRelabelConfig
    ManagementClient-->>BulkUpdateAlertRules: NotAllowedError (fallback)
    BulkUpdateAlertRules->>ManagementClient: UpdateUserDefinedAlertRule
    ManagementClient->>K8sAPI: update PrometheusRule
    ManagementClient-->>BulkUpdateAlertRules: new rule id / error
  end
  BulkUpdateAlertRules-->>Client: BulkUpdateAlertRulesResponse{Rules: results}
Loading
🚥 Pre-merge checks | ✅ 5 | ❌ 10

❌ Failed checks (10 inconclusive)

Check name Status Explanation Resolution
Stable And Deterministic Test Names ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Test Structure And Quality ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Microshift Test Compatibility ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Single Node Openshift (Sno) Test Compatibility ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Topology-Aware Scheduling Compatibility ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Ote Binary Stdout Contract ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Ipv6 And Disconnected Network Test Compatibility ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
No-Weak-Crypto ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Container-Privileges ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
No-Sensitive-Data-In-Logs ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: adding alert rule update APIs.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (6)
pkg/management/get_rule_by_id.go (1)

9-9: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Add a doc comment on the exported method.

GetRuleById is an exported method but lacks a doc comment beginning with the method name. As per coding guidelines, "Exported Go functions and methods must have doc comments beginning with the function name".

📝 Proposed fix
+// GetRuleById retrieves a specific alert rule by its ID, returning a
+// NotFoundError when the rule is not present.
 func (c *client) GetRuleById(ctx context.Context, alertRuleId string) (monitoringv1.Rule, error) {
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/management/get_rule_by_id.go` at line 9, Add a Go doc comment for the
exported client method GetRuleById so it begins with the method name and
describes what it returns; place it directly above GetRuleById on the client
type, following the same comment style used for exported methods in this
package.

Source: Coding guidelines

pkg/management/alert_rule_preconditions.go (1)

87-95: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Optional: reuse validateGitOpsPreconditions to avoid duplicated GitOps checks.

Lines 88-95 replicate the rule-label and parent-PrometheusRule GitOps checks already implemented in validateGitOpsPreconditions (Lines 76-83). Delegating keeps the two paths in sync if GitOps gating logic changes.

♻️ Proposed refactor
 func validatePlatformUpdatePreconditions(relabeled monitoringv1.Rule, pr *monitoringv1.PrometheusRule, arc *osmv1.AlertRelabelConfig) error {
-	if isRuleManagedByGitOpsLabel(relabeled) {
-		return notAllowedGitOpsEdit()
-	}
-	if pr != nil {
-		if gitOpsManaged, _ := k8s.IsExternallyManagedObject(pr); gitOpsManaged {
-			return notAllowedGitOpsEdit()
-		}
-	}
+	if err := validateGitOpsPreconditions(relabeled, pr); err != nil {
+		return err
+	}
 	if arc != nil {
 		if k8s.IsManagedByGitOps(arc.Annotations, arc.Labels) {
 			return notAllowedGitOpsEdit()
 		}
 	}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/management/alert_rule_preconditions.go` around lines 87 - 95, The GitOps
checks in validatePlatformUpdatePreconditions are duplicated from
validateGitOpsPreconditions, so update validatePlatformUpdatePreconditions to
delegate to validateGitOpsPreconditions instead of repeating the rule-label and
parent PrometheusRule checks. Keep the existing behavior by passing the same
relabeled, pr, and arc inputs through the shared helper so the GitOps gating
logic stays centralized and consistent.
internal/managementrouter/alert_rule_bulk_update_test.go (2)

152-163: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Use httptest.NewRequestWithContext instead of httptest.NewRequest.

golangci-lint's noctx linter flags three calls to httptest.NewRequest (lines 158, 322, 342). If this linter is enabled in CI, these will fail the build.

🔧 Fix: pass context to httptest.NewRequest
 func (f *buFixture) do(t *testing.T, body any) *httptest.ResponseRecorder {
 	t.Helper()
 	buf, err := json.Marshal(body)
 	if err != nil {
 		t.Fatalf("marshal: %v", err)
 	}
-	req := httptest.NewRequest(http.MethodPatch, "/api/v1/alerting/rules", bytes.NewReader(buf))
+	req := httptest.NewRequestWithContext(context.Background(), http.MethodPatch, "/api/v1/alerting/rules", bytes.NewReader(buf))
 	req.Header.Set("Authorization", "Bearer test-token")
 	w := httptest.NewRecorder()
 	f.router.ServeHTTP(w, req)
 	return w
 }

Apply the same change to lines 322 and 342:

-	req := httptest.NewRequest(http.MethodPatch, "/api/v1/alerting/rules", bytes.NewBufferString("{"))
+	req := httptest.NewRequestWithContext(context.Background(), http.MethodPatch, "/api/v1/alerting/rules", bytes.NewBufferString("{"))
-	req := httptest.NewRequest(http.MethodPatch, "/api/v1/alerting/rules", bytes.NewReader(large))
+	req := httptest.NewRequestWithContext(context.Background(), http.MethodPatch, "/api/v1/alerting/rules", bytes.NewReader(large))

Also applies to: 320-333, 335-353

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/managementrouter/alert_rule_bulk_update_test.go` around lines 152 -
163, The test helper and the other two request builders in
alert_rule_bulk_update_test are using httptest.NewRequest, which trips the noctx
linter. Update do and the two other request-creation sites to use
httptest.NewRequestWithContext instead, passing an appropriate context such as
context.Background() or the test context already available. Keep the same
request method, URL, body, and headers, and make sure the change is applied
consistently across the helper and the related bulk update tests.

176-579: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Good test coverage — consider adding combined-operation tests.

The suite covers validation, label updates (set/drop via empty-string and null), toggle (drop/restore), classification, mixed platform/user, not-found, and invalid rule IDs. Two gaps worth considering:

  • Toggle + labels combined: Verify the "silently absorbed" behavior when alertingRuleEnabled is set on a user-defined rule alongside labels that succeed (spec says result should be 204).
  • Toggle + classification combined: Same absorbed-rejection behavior with classification instead of labels.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/managementrouter/alert_rule_bulk_update_test.go` around lines 176 -
579, Add two combined-operation tests in TestBulkUpdateAlertRules: one for
alertingRuleEnabled with labels on a user-defined rule, and one for
alertingRuleEnabled with classification. Use the existing bulk-update
fixture/helpers (newBUFixture, f.do, f.rebuild, buFixtureIDs) to assert the
user-rule toggle rejection is silently absorbed while the successful
labels/classification update still returns 204 for the rule and 200 overall.
Reuse the same response shape checks used in the other bulk update tests to
confirm the returned rule status codes.
pkg/management/update_user_defined_alert_rule.go (1)

128-135: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

alertName parameter is unused.

The body derives the alert name from the re-fetched updatedRule.Alert (Lines 196, 199) and never references the alertName argument. Either drop the parameter or use it in place of the re-fetch to avoid confusion about intent.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/management/update_user_defined_alert_rule.go` around lines 128 - 135, The
migrateClassificationOverrideIfRuleIDChanged function currently accepts
alertName but never uses it, while the alert name is re-derived from
updatedRule.Alert later in the flow. Either remove the alertName parameter from
the function signature and its callers, or replace the re-fetched alert name
usage with this argument consistently so the intent is clear and the API does
not expose an unused parameter.
pkg/management/update_platform_alert_rule.go (1)

31-31: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Add doc comments to exported methods.

UpdatePlatformAlertRule (Line 31), DropPlatformAlertRule (Line 279), and RestorePlatformAlertRule (Line 335) are exported but lack doc comments beginning with the method name.

As per coding guidelines, "Exported Go functions and methods must have doc comments beginning with the function name."

📝 Example
+// UpdatePlatformAlertRule applies label overrides to a platform alert rule via
+// its AlertingRule or AlertRelabelConfig.
 func (c *client) UpdatePlatformAlertRule(ctx context.Context, alertRuleId string, alertRule monitoringv1.Rule) error {

Also applies to: 279-279, 335-335

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/management/update_platform_alert_rule.go` at line 31, Add Go doc comments
for the exported methods in this client: UpdatePlatformAlertRule,
DropPlatformAlertRule, and RestorePlatformAlertRule. Each comment should start
with the exact method name and briefly describe what the method does, so the
exported API follows the standard Go documentation convention. Update the
declarations in the client type near those method definitions to include the
missing comments.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@internal/managementrouter/router.go`:
- Around line 107-118: `parseParam` is incorrectly URL-decoding rule IDs coming
from JSON body payloads, which can alter literal `%` sequences and differs from
the bulk delete flow. Update the bulk update path that uses `parseParam` to trim
the JSON `payload.RuleIds` values directly with `strings.TrimSpace`, matching
`user_defined_alert_rule_bulk_delete.go`, and keep `parseParam` reserved for
actual URL path parameters where `url.PathUnescape` belongs.

In `@pkg/management/delete_user_defined_alert_rule_by_id.go`:
- Around line 161-164: In deleteAssociatedARC, the current `if err != nil ||
!found { return nil }` path hides real `AlertRelabelConfigs().Get` failures by
treating them the same as a missing ARC. Update the lookup handling so `found ==
false` still returns nil, but any non-nil error is returned to the caller; keep
the existing delete flow in deleteAssociatedARC and let the higher-level caller
observe genuine API failures instead of silently skipping them.

---

Nitpick comments:
In `@internal/managementrouter/alert_rule_bulk_update_test.go`:
- Around line 152-163: The test helper and the other two request builders in
alert_rule_bulk_update_test are using httptest.NewRequest, which trips the noctx
linter. Update do and the two other request-creation sites to use
httptest.NewRequestWithContext instead, passing an appropriate context such as
context.Background() or the test context already available. Keep the same
request method, URL, body, and headers, and make sure the change is applied
consistently across the helper and the related bulk update tests.
- Around line 176-579: Add two combined-operation tests in
TestBulkUpdateAlertRules: one for alertingRuleEnabled with labels on a
user-defined rule, and one for alertingRuleEnabled with classification. Use the
existing bulk-update fixture/helpers (newBUFixture, f.do, f.rebuild,
buFixtureIDs) to assert the user-rule toggle rejection is silently absorbed
while the successful labels/classification update still returns 204 for the rule
and 200 overall. Reuse the same response shape checks used in the other bulk
update tests to confirm the returned rule status codes.

In `@pkg/management/alert_rule_preconditions.go`:
- Around line 87-95: The GitOps checks in validatePlatformUpdatePreconditions
are duplicated from validateGitOpsPreconditions, so update
validatePlatformUpdatePreconditions to delegate to validateGitOpsPreconditions
instead of repeating the rule-label and parent PrometheusRule checks. Keep the
existing behavior by passing the same relabeled, pr, and arc inputs through the
shared helper so the GitOps gating logic stays centralized and consistent.

In `@pkg/management/get_rule_by_id.go`:
- Line 9: Add a Go doc comment for the exported client method GetRuleById so it
begins with the method name and describes what it returns; place it directly
above GetRuleById on the client type, following the same comment style used for
exported methods in this package.

In `@pkg/management/update_platform_alert_rule.go`:
- Line 31: Add Go doc comments for the exported methods in this client:
UpdatePlatformAlertRule, DropPlatformAlertRule, and RestorePlatformAlertRule.
Each comment should start with the exact method name and briefly describe what
the method does, so the exported API follows the standard Go documentation
convention. Update the declarations in the client type near those method
definitions to include the missing comments.

In `@pkg/management/update_user_defined_alert_rule.go`:
- Around line 128-135: The migrateClassificationOverrideIfRuleIDChanged function
currently accepts alertName but never uses it, while the alert name is
re-derived from updatedRule.Alert later in the flow. Either remove the alertName
parameter from the function signature and its callers, or replace the re-fetched
alert name usage with this argument consistently so the intent is clear and the
API does not expose an unused parameter.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: c5fe80fb-3711-47a6-a729-28a333d7b34d

📥 Commits

Reviewing files that changed from the base of the PR and between 826838d and 9997bc6.

📒 Files selected for processing (17)
  • api/openapi.yaml
  • internal/managementrouter/alert_rule_bulk_update.go
  • internal/managementrouter/alert_rule_bulk_update_test.go
  • internal/managementrouter/api_generated.go
  • internal/managementrouter/router.go
  • internal/managementrouter/user_defined_alert_rule_bulk_delete.go
  • pkg/management/alert_rule_preconditions.go
  • pkg/management/delete_user_defined_alert_rule_by_id.go
  • pkg/management/get_rule_by_id.go
  • pkg/management/get_rule_by_id_test.go
  • pkg/management/label_utils.go
  • pkg/management/types.go
  • pkg/management/update_platform_alert_rule.go
  • pkg/management/update_platform_alert_rule_test.go
  • pkg/management/update_user_defined_alert_rule.go
  • pkg/management/update_user_defined_alert_rule_test.go
  • test/e2e/update_alert_rule_test.go

Comment thread internal/managementrouter/router.go
Comment thread pkg/management/delete_user_defined_alert_rule_by_id.go
Add PATCH /api/v1/alerting/rules for bulk
update of platform and user-defined alert
rules with drop/restore, label overrides,
and per-rule update support.

Signed-off-by: Shirly Radco <sradco@redhat.com>
Signed-off-by: João Vilaça <jvilaca@redhat.com>
Signed-off-by: Aviv Litman <alitman@redhat.com>
Co-authored-by: AI Assistant <noreply@cursor.com>
@sradco sradco force-pushed the alert-mgmt-restructured-05-update-rule branch from 9997bc6 to 5a3282e Compare July 8, 2026 18:43
@openshift-ci

openshift-ci Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

@sradco: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-management-api 5a3282e link true /test e2e-management-api
ci/prow/go-tests 5a3282e link true /test go-tests

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Comment thread api/openapi.yaml
type: boolean
nullable: true
description: >
When false, drops (silences) the platform alert rule.

@PeterYurkovich PeterYurkovich Jul 8, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it is accurate to state that dropping an alert silences it, they are two separate actions

// three-state omitted/null/string semantics are preserved on decode.
var payload BulkUpdateAlertRulesRequest
if err := json.Unmarshal(body, &payload); err != nil {
writeError(w, http.StatusBadRequest, "invalid request body")

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we include the error in the response as well so that rather than trying to guess at what went wrong the caller can directly make an adjustment

}

if payload.AlertingRuleEnabled == nil && payload.Labels == nil && payload.Classification == nil {
writeError(w, http.StatusBadRequest, "alertingRuleEnabled (toggle drop/restore) or labels (set/unset) or classification is required")

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
writeError(w, http.StatusBadRequest, "alertingRuleEnabled (toggle drop/restore) or labels (set/unset) or classification is required")
writeError(w, http.StatusBadRequest, "one of alertingRuleEnabled (toggle drop/restore) or labels (set/unset) or classification is required")

if id == "" {
msg := "missing ruleId"
results = append(results, UpdateAlertRuleResult{
Id: rawId,

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Won't this just be a whitespace only string?


notAllowedEnabled := false
if haveToggle {
var derr error

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other checks use err, I don't see any reason to have this one have a different name

return c.applyLabelChangesViaAlertRelabelConfig(ctx, arcNamespace, alertRuleId, *originalRule, alertRule.Labels)
}
return c.updateAlertingRuleLabels(ctx, ar, originalRule.Alert, alertRuleId, alertRule.Labels, arName)
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should !arFound be an error case?

return protectedLabels[label]
}

var validSeverities = map[string]bool{

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This may have already been gone over, but alertmanager doesn't have a set of valid severities, and user's can put whatever strings they want as a severity. Was it a design decision to only allow these 4?

updatedUserRule := currentRule
updatedUserRule.Labels = userLabels

newRuleId, err := hr.managementClient.UpdateUserDefinedAlertRule(req.Context(), id, updatedUserRule)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we determine if an alert rule is a platform or user defined ar before just trying platform and then falling back to user on a not allowed error?

if !enabled {
derr = hr.managementClient.DropPlatformAlertRule(req.Context(), id)
} else {
derr = hr.managementClient.RestorePlatformAlertRule(req.Context(), id)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it not possible to drop/restore user ar's? For example if an ar is gitops or operator managed?

}

if update.ComponentSet || update.LayerSet || update.ComponentFromSet || update.LayerFromSet {
if err := hr.managementClient.UpdateAlertRuleClassification(req.Context(), update); err != nil {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think looking more at the code it would be best to have the label update code and the drop/restore code also flow through a single function similar to UpdateAlertRuleClassification for the classification rather than being split into platform and user functions which are called in this http method. The difference between user and platform seems that it is being mixed in with whether something is gitops or operator managed. I think having a single point of entry for those actions which can perform all of the validation and route the actions to user or platform would help clarify the codepaths quite a bit

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants