From b509a5bdbb57fe2c55a1792fdc2391333fbd1b6d Mon Sep 17 00:00:00 2001
From: Tyler Reid <tyler.reid@grafana.com>
Date: Tue, 15 Jun 2021 17:24:52 -0500
Subject: [PATCH] Add subject template for subject field. Better check for
 supplied creds, use GetTopicAttributes to check fifo

Signed-off-by: Tyler Reid <tyler.reid@grafana.com>
---
 config/notifiers.go   |  9 ++++++---
 notify/sns/sns.go     | 24 +++++++++++++++++++-----
 template/default.tmpl |  1 +
 3 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/config/notifiers.go b/config/notifiers.go
index e18be6f6..2797843b 100644
--- a/config/notifiers.go
+++ b/config/notifiers.go
@@ -133,8 +133,9 @@ var (
 		NotifierConfig: NotifierConfig{
 			VSendResolved: true,
 		},
-		APIVersion:  "sns.default.api_version",
-		Message:     `{{ template "sns.default.message" . }}`,
+		APIVersion: "sns.default.api_version",
+		Subject:    `{{ template "sns.default.subject" . }}`,
+		Message:    `{{ template "sns.default.message" . }}`,
 	}
 )
 
@@ -589,7 +590,6 @@ func (c *PushoverConfig) UnmarshalYAML(unmarshal func(interface{}) error) error
 	return nil
 }
 
-
 // SigV4Config is the configuration for signing remote write requests with
 // AWS's SigV4 verification process. Empty values will be retrieved using the
 // AWS default credentials chain.
@@ -628,5 +628,8 @@ func (c *SNSConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	if c.TargetARN == "" && c.TopicARN == "" && c.PhoneNumber == "" {
 		return fmt.Errorf("must provide either a Target ARN, Topic ARN, or Phone Number for SNS config")
 	}
+	if (c.Sigv4.AccessKey == "") != (c.Sigv4.SecretKey == "") {
+		return fmt.Errorf("must provide a AWS SigV4 Access key and Secret Key if credentials are specified in the SNS config")
+	}
 	return nil
 }
diff --git a/notify/sns/sns.go b/notify/sns/sns.go
index 262a8c39..580a2634 100644
--- a/notify/sns/sns.go
+++ b/notify/sns/sns.go
@@ -100,8 +100,16 @@ func (n Notifier) Notify(ctx context.Context, alert ...*types.Alert) (bool, erro
 			n.conf.Attributes["truncated"] = "true"
 		}
 
+		isFifo, err := checkTopicFifoAttribute(client, n.conf.TopicARN)
+		if err != nil {
+			if e, ok := err.(awserr.RequestFailure); ok {
+				return n.retrier.Check(e.StatusCode(), strings.NewReader(e.Message()))
+			} else {
+				return true, err
+			}
+		}
 		// Deduplication key and Message Group ID are only added if it's a FIFO SNS Topic.
-		if isFIFOTopic(n.conf.TopicARN) {
+		if isFifo {
 			key, err := notify.ExtractGroupKey(ctx)
 			if err != nil {
 				return false, err
@@ -163,11 +171,17 @@ func (n Notifier) Notify(ctx context.Context, alert ...*types.Alert) (bool, erro
 	return false, nil
 }
 
-func isFIFOTopic(topicARN string) bool {
-	if len(topicARN) > 5 && topicARN[len(topicARN)-5:] == ".fifo" {
-		return true
+func checkTopicFifoAttribute(client *sns.SNS, topicARN string) (bool, error) {
+	fmt.Println("Checking Attributes")
+	topicAttributes, err := client.GetTopicAttributes(&sns.GetTopicAttributesInput{TopicArn: aws.String(topicARN)})
+	if err != nil {
+		return false, err
 	}
-	return false
+	ta := topicAttributes.Attributes["FifoTopic"]
+	if ta != nil && *ta == "true" {
+		return true, nil
+	}
+	return false, nil
 }
 
 func validateAndTruncateMessage(message string) (string, bool, error) {
diff --git a/template/default.tmpl b/template/default.tmpl
index f74c590e..35e4b4c5 100644
--- a/template/default.tmpl
+++ b/template/default.tmpl
@@ -218,6 +218,7 @@ Alerts Resolved:
 {{ end }}
 {{ define "pushover.default.url" }}{{ template "__alertmanagerURL" . }}{{ end }}
 
+{{ define "sns.default.subject" }}{{ template "__subject" . }}{{ end }}
 {{ define "sns.default.message" }}{{ .CommonAnnotations.SortedPairs.Values | join " " }}
 {{ if gt (len .Alerts.Firing) 0 }}
 Alerts Firing: