refactor: IRM config moved to irm/escalation.yaml

цепочки эскалации описаны в yaml, vault-метки (vault:key) подставляются через locals.tf
2026-04-01 08:36:20 +03:00
parent 5d05640e80
commit 0eb7f5d963
2 changed files with 48 additions and 20 deletions
--- a/environments/dev/adibrov/locals.tf
+++ b/environments/dev/adibrov/locals.tf
@ -5,28 +5,26 @@ locals {
    "X-Disable-Provenance" = var.disable_provenance ? "true" : "false"
  }

-  # IRM escalation chains
-  # ID пользователей/расписаний хранятся в Vault: app/groups/monitoring/grafana/dev/ext
+  # IRM: читаем конфигурацию из irm/escalation.yaml
+  # Метки вида "vault:key_name" заменяются значениями из Vault (secret_ext)
+  _irm_raw  = yamldecode(file("${path.module}/irm/escalation.yaml"))
+  _irm_ext  = data.vault_kv_secret_v2.secret_ext.data
+
  irm_escalation_chains = [
-    {
-      name = "infra-default"
+    for chain in local._irm_raw.chains : {
+      name    = chain.name
+      team_id = try(chain.team_id, null)
      steps = [
-        {
-          type              = "notify_persons"
-          persons_to_notify = [data.vault_kv_secret_v2.secret_ext.data["irm_user_adibrov"]]
-        },
-        {
-          type             = "wait"
-          duration_seconds = 300
-        },
-        {
-          type              = "notify_persons"
-          persons_to_notify = [data.vault_kv_secret_v2.secret_ext.data["irm_user_adibrov"]]
-          important         = true
-        },
-        {
-          type = "repeat_escalation"
-        }
+        for step in chain.steps : merge(step, {
+          persons_to_notify = try([
+            for p in step.persons_to_notify :
+            startswith(p, "vault:") ? local._irm_ext[trimprefix(p, "vault:")] : p
+          ], null)
+          persons_to_notify_next_each_time = try([
+            for p in step.persons_to_notify_next_each_time :
+            startswith(p, "vault:") ? local._irm_ext[trimprefix(p, "vault:")] : p
+          ], null)
+        })
      ]
    }
  ]