auto investigate playbook

src/robusta/core/playbooks/internal/ai_integration.py

@@ -1,5 +1,6 @@
 import json
 import logging
+from typing import Optional
 
 import requests
 
@@ -15,6 +16,7 @@
 from robusta.core.playbooks.actions_registry import action
 from robusta.core.reporting import Finding, FindingSubject
 from robusta.core.reporting.base import EnrichmentType
+from robusta.core.reporting.blocks import MarkdownBlock
 from robusta.core.reporting.consts import FindingSubjectType, FindingType
 from robusta.core.reporting.holmes import (
     HolmesChatRequest,
@@ -29,6 +31,7 @@
 )
 from robusta.core.schedule.model import FixedDelayRepeat
 from robusta.integrations.kubernetes.autogenerated.events import KubernetesAnyChangeEvent
+from robusta.integrations.prometheus.models import PrometheusKubernetesAlert
 from robusta.integrations.prometheus.utils import HolmesDiscovery
 from robusta.utils.error_codes import ActionException, ErrorCodes
 
@@ -41,7 +44,36 @@ def build_investigation_title(params: AIInvestigateParams) -> str:
 
 
 @action
-def ask_holmes(event: ExecutionBaseEvent, params: AIInvestigateParams):
+def auto_ask_holmes(event: ExecutionBaseEvent):
+    """
+    Runs holmes investigation on an alert/event.
+    """
+    subject: FindingSubject = event.get_subject()
+    resource = ResourceInfo(
+        name=subject.name,
+        namespace=subject.namespace,
+        kind=str(subject.subject_type.value),
+        node=subject.node,
+        container=subject.container,
+    )
+    issue_type = event.alert_name if isinstance(event, PrometheusKubernetesAlert) else type(event).__name__
+    logging.warning(issue_type)
+    source = event.get_source()
+
+    context = {
+        "issue_type": issue_type,
+        "source": str(source.value),
+        "labels": subject.labels,
+    }
+
+    action_params = AIInvestigateParams(
+        resource=resource, investigation_type="issue", ask="Why is this alert firing?", context=context
+    )
+    ask_holmes(event, params=action_params, create_new_finding=False)
+
+
+@action
+def ask_holmes(event: ExecutionBaseEvent, params: AIInvestigateParams, create_new_finding: bool = True):
     holmes_url = HolmesDiscovery.find_holmes_url(params.holmes_url)
     if not holmes_url:
         raise ActionException(ErrorCodes.HOLMES_DISCOVERY_FAILED, "Robusta couldn't connect to the Holmes client.")
@@ -63,6 +95,10 @@ def ask_holmes(event: ExecutionBaseEvent, params: AIInvestigateParams):
         result.raise_for_status()
 
         holmes_result = HolmesResult(**json.loads(result.text))
+
+        if not create_new_finding:
+            event.add_enrichment([MarkdownBlock(f"{holmes_result.analysis}")])
+
         title_suffix = (
             f" on {params.resource.name}"
             if params.resource and params.resource.name and params.resource.name.lower() != "unresolved"
@@ -167,7 +203,9 @@ def build_conversation_title(params: HolmesConversationParams) -> str:
 
 
 def add_labels_to_ask(params: HolmesConversationParams) -> str:
-    label_string = f"the alert has the following labels: {params.context.get('labels')}" if params.context.get("labels") else ""
+    label_string = (
+        f"the alert has the following labels: {params.context.get('labels')}" if params.context.get("labels") else ""
+    )
     ask = f"{params.ask}, {label_string}" if label_string else params.ask
     logging.debug(f"holmes ask query: {ask}")
     return ask

src/robusta/core/sinks/webhook/webhook_sink.py

@@ -5,6 +5,7 @@
 
 import requests
 
+from robusta.core.reporting import TableBlock, FileBlock
 from robusta.core.reporting import HeaderBlock, JsonBlock, KubernetesDiffBlock, ListBlock, MarkdownBlock
 from robusta.core.reporting.base import BaseBlock, Finding
 from robusta.core.sinks.sink_base import SinkBase
@@ -25,6 +26,8 @@ def __init__(self, sink_config: WebhookSinkConfigWrapper, registry):
         )
         self.size_limit = sink_config.webhook_sink.size_limit
         self.slack_webhook = sink_config.webhook_sink.slack_webhook
+        self.send_table_block = sink_config.webhook_sink.table_blocks
+        self.send_file_block = sink_config.webhook_sink.file_blocks
 
     def write_finding(self, finding: Finding, platform_enabled: bool):
         if self.format == "text":
@@ -134,6 +137,10 @@ def __to_unformatted_text(cls, block: BaseBlock) -> List[str]:
             lines.append(cls.__to_clear_text(block.text))
         elif isinstance(block, JsonBlock):
             lines.append(block.json_str)
+        elif isinstance(block, TableBlock) and cls.send_table_block:
+            lines.append(block.to_table_string())
+        elif isinstance(block, FileBlock) and cls.send_file_block and block.is_text_file():
+            lines.append(str(block.contents))
         elif isinstance(block, KubernetesDiffBlock):
             for diff in block.diffs:
                 lines.append(f"*{'.'.join(diff.path)}*: {diff.other_value} ==> {diff.value}")

src/robusta/core/sinks/webhook/webhook_sink_params.py

@@ -10,6 +10,8 @@ class WebhookSinkParams(SinkBaseParams):
     authorization: SecretStr = None
     format: str = "text"
     slack_webhook: bool = False
+    table_blocks: bool = False
+    file_blocks: bool = False
 
     @classmethod
     def _get_sink_type(cls):