grafana/pkg/services/ngalert/api/util_test.go

package api

import (
	"math/rand"
	"net/http"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"

	"github.com/grafana/grafana/pkg/api/response"
	"github.com/grafana/grafana/pkg/infra/log"
	accesscontrolmock "github.com/grafana/grafana/pkg/services/accesscontrol/mock"
	"github.com/grafana/grafana/pkg/services/auth"
	contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
	"github.com/grafana/grafana/pkg/services/ngalert/eval"
	models2 "github.com/grafana/grafana/pkg/services/ngalert/models"
	"github.com/grafana/grafana/pkg/services/org"
	"github.com/grafana/grafana/pkg/services/user"
	"github.com/grafana/grafana/pkg/util"
	"github.com/grafana/grafana/pkg/web"
)

func TestToMacaronPath(t *testing.T) {
	testCases := []struct {
		inputPath          string
		expectedOutputPath string
	}{
		{
			inputPath:          "",
			expectedOutputPath: "",
		},
		{
			inputPath:          "/ruler/{DatasourceID}/api/v1/rules/{Namespace}/{Groupname}",
			expectedOutputPath: "/ruler/:DatasourceID/api/v1/rules/:Namespace/:Groupname",
		},
	}
	for _, tc := range testCases {
		outputPath := toMacaronPath(tc.inputPath)
		assert.Equal(t, tc.expectedOutputPath, outputPath)
	}
}

func TestAlertingProxy_createProxyContext(t *testing.T) {
	ctx := &contextmodel.ReqContext{
		Context: &web.Context{
			Req: &http.Request{},
		},
		SignedInUser:               &user.SignedInUser{},
		UserToken:                  &auth.UserToken{},
		IsSignedIn:                 rand.Int63()%2 == 1,
		IsRenderCall:               rand.Int63()%2 == 1,
		AllowAnonymous:             rand.Int63()%2 == 1,
		SkipDSCache:                rand.Int63()%2 == 1,
		SkipQueryCache:             rand.Int63()%2 == 1,
		Logger:                     log.New("test"),
		RequestNonce:               util.GenerateShortUID(),
		PublicDashboardAccessToken: util.GenerateShortUID(),
	}

	t.Run("should create a copy of request context", func(t *testing.T) {
		for _, mock := range []*accesscontrolmock.Mock{
			accesscontrolmock.New(), accesscontrolmock.New(),
		} {
			proxy := AlertingProxy{
				DataProxy: nil,
				ac:        mock,
			}

			req := &http.Request{}
			resp := &response.NormalResponse{}

			newCtx := proxy.createProxyContext(ctx, req, resp)

			require.NotEqual(t, ctx, newCtx)
			require.Equal(t, ctx.UserToken, newCtx.UserToken)
			require.Equal(t, ctx.IsSignedIn, newCtx.IsSignedIn)
			require.Equal(t, ctx.IsRenderCall, newCtx.IsRenderCall)
			require.Equal(t, ctx.AllowAnonymous, newCtx.AllowAnonymous)
			require.Equal(t, ctx.SkipDSCache, newCtx.SkipDSCache)
			require.Equal(t, ctx.SkipQueryCache, newCtx.SkipQueryCache)
			require.Equal(t, ctx.Logger, newCtx.Logger)
			require.Equal(t, ctx.RequestNonce, newCtx.RequestNonce)
			require.Equal(t, ctx.PublicDashboardAccessToken, newCtx.PublicDashboardAccessToken)
		}
	})
	t.Run("should overwrite response writer", func(t *testing.T) {
		proxy := AlertingProxy{
			DataProxy: nil,
			ac:        accesscontrolmock.New(),
		}

		req := &http.Request{}
		resp := &response.NormalResponse{}

		newCtx := proxy.createProxyContext(ctx, req, resp)

		require.NotEqual(t, ctx.Context.Resp, newCtx.Context.Resp)
		require.Equal(t, ctx.Context.Req, newCtx.Context.Req)

		require.NotEqual(t, 123, resp.Status())
		newCtx.Context.Resp.WriteHeader(123)
		require.Equal(t, 123, resp.Status())
	})
	t.Run("if access control is enabled", func(t *testing.T) {
		t.Run("should elevate permissions to Editor for Viewer", func(t *testing.T) {
			proxy := AlertingProxy{
				DataProxy: nil,
				ac:        accesscontrolmock.New(),
			}

			req := &http.Request{}
			resp := &response.NormalResponse{}

			viewerCtx := *ctx
			viewerCtx.SignedInUser = &user.SignedInUser{
				OrgRole: org.RoleViewer,
			}

			newCtx := proxy.createProxyContext(&viewerCtx, req, resp)
			require.NotEqual(t, viewerCtx.SignedInUser, newCtx.SignedInUser)
			require.Truef(t, newCtx.SignedInUser.HasRole(org.RoleEditor), "user of the proxy request should have at least Editor role but has %s", newCtx.SignedInUser.OrgRole)
		})
		t.Run("should not alter user if it is Editor", func(t *testing.T) {
			proxy := AlertingProxy{
				DataProxy: nil,
				ac:        accesscontrolmock.New(),
			}

			req := &http.Request{}
			resp := &response.NormalResponse{}

			for _, roleType := range []org.RoleType{org.RoleEditor, org.RoleAdmin} {
				roleCtx := *ctx
				roleCtx.SignedInUser = &user.SignedInUser{
					OrgRole: roleType,
				}
				newCtx := proxy.createProxyContext(&roleCtx, req, resp)
				require.Equalf(t, roleCtx.SignedInUser, newCtx.SignedInUser, "user should not be altered if role is %s", roleType)
			}
		})
	})
}

func Test_containsProvisionedAlerts(t *testing.T) {
	t.Run("should return true if at least one rule is provisioned", func(t *testing.T) {
		_, rules := models2.GenerateUniqueAlertRules(rand.Intn(4)+2, models2.AlertRuleGen())
		provenance := map[string]models2.Provenance{
			rules[rand.Intn(len(rules))].UID: []models2.Provenance{models2.ProvenanceAPI, models2.ProvenanceFile}[rand.Intn(2)],
		}
		require.Truef(t, containsProvisionedAlerts(provenance, rules), "the group of rules is expected to be considered as provisioned but it isn't. Provenances: %v", provenance)
	})
	t.Run("should return false if map does not contain or has ProvenanceNone", func(t *testing.T) {
		_, rules := models2.GenerateUniqueAlertRules(rand.Intn(5)+1, models2.AlertRuleGen())
		provenance := make(map[string]models2.Provenance)
		numProvenanceNone := rand.Intn(len(rules))
		for i := 0; i < numProvenanceNone; i++ {
			provenance[rules[i].UID] = models2.ProvenanceNone
		}
		require.Falsef(t, containsProvisionedAlerts(provenance, rules), "the group of rules is not expected to be provisioned but it is. Provenances: %v", provenance)
	})
}

type recordingConditionValidator struct {
	recorded []models2.Condition
	hook     func(c models2.Condition) error
}

func (r *recordingConditionValidator) Validate(_ eval.EvaluationContext, condition models2.Condition) error {
	r.recorded = append(r.recorded, condition)
	if r.hook != nil {
		return r.hook(condition)
	}
	return nil
}

var _ ConditionValidator = &recordingConditionValidator{}
AlertingNG: base API implementation (#31824) * AlertingNG: base API implementation * Pass the interface instead of the base impl * Ruler mock draft (WIP) * Update alerting-api dependency * Improve mock implementation 2021-03-11 13:28:00 -06:00			`package api`

			`import (`
Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled (#53620) 2022-08-12 08:56:18 -05:00			`"math/rand"`
			`"net/http"`
AlertingNG: base API implementation (#31824) * AlertingNG: base API implementation * Pass the interface instead of the base impl * Ruler mock draft (WIP) * Update alerting-api dependency * Improve mock implementation 2021-03-11 13:28:00 -06:00			`"testing"`

			`"github.com/stretchr/testify/assert"`
Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled (#53620) 2022-08-12 08:56:18 -05:00			`"github.com/stretchr/testify/require"`

			`"github.com/grafana/grafana/pkg/api/response"`
			`"github.com/grafana/grafana/pkg/infra/log"`
			`accesscontrolmock "github.com/grafana/grafana/pkg/services/accesscontrol/mock"`
Auth: Refactor auth package (#58920) * Auth: move interface to its own file * Auth: move to test package * Auth: move quota consts to auth file * Auth: move service to impl package * Auth: move interfaces and related models to auth package * Auth: Create sub package and type alias to avoid circular dependency 2022-11-18 02:56:06 -06:00			`"github.com/grafana/grafana/pkg/services/auth"`
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports 2023-01-27 01:50:36 -06:00			`contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"`
Alerting: update rules POST API to validate query and condition only for rules that changed. (#68667) * replace condition validation with just structural validation * validate conditions of only new and updated rules * add integration tests for rule update\delete API Co-authored-by: George Robinson <george.robinson@grafana.com> 2023-06-15 12:33:42 -05:00			`"github.com/grafana/grafana/pkg/services/ngalert/eval"`
Alerting: Update rules delete endpoint to handle rules in group (#53790) * update RouteDeleteAlertRules rules to update as a group * remove expecter from scheduler mock to support variadic function * create function to check for provisioning status + tests Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com> 2022-08-24 14:33:33 -05:00			`models2 "github.com/grafana/grafana/pkg/services/ngalert/models"`
Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled (#53620) 2022-08-12 08:56:18 -05:00			`"github.com/grafana/grafana/pkg/services/org"`
			`"github.com/grafana/grafana/pkg/services/user"`
			`"github.com/grafana/grafana/pkg/util"`
			`"github.com/grafana/grafana/pkg/web"`
AlertingNG: base API implementation (#31824) * AlertingNG: base API implementation * Pass the interface instead of the base impl * Ruler mock draft (WIP) * Update alerting-api dependency * Improve mock implementation 2021-03-11 13:28:00 -06:00			`)`

			`func TestToMacaronPath(t *testing.T) {`
			`testCases := []struct {`
			`inputPath string`
			`expectedOutputPath string`
			`}{`
			`{`
			`inputPath: "",`
			`expectedOutputPath: "",`
			`},`
			`{`
Alerting: Rename Recipient path parameter to DatasourceID (#47949) 2022-04-20 08:20:17 -05:00			`inputPath: "/ruler/{DatasourceID}/api/v1/rules/{Namespace}/{Groupname}",`
			`expectedOutputPath: "/ruler/:DatasourceID/api/v1/rules/:Namespace/:Groupname",`
AlertingNG: base API implementation (#31824) * AlertingNG: base API implementation * Pass the interface instead of the base impl * Ruler mock draft (WIP) * Update alerting-api dependency * Improve mock implementation 2021-03-11 13:28:00 -06:00			`},`
			`}`
			`for _, tc := range testCases {`
			`outputPath := toMacaronPath(tc.inputPath)`
			`assert.Equal(t, tc.expectedOutputPath, outputPath)`
			`}`
			`}`
Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled (#53620) 2022-08-12 08:56:18 -05:00
			`func TestAlertingProxy_createProxyContext(t *testing.T) {`
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports 2023-01-27 01:50:36 -06:00			`ctx := &contextmodel.ReqContext{`
Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled (#53620) 2022-08-12 08:56:18 -05:00			`Context: &web.Context{`
pkg/web: remove Router and Logger from Context (#53765) web.Context previously held references to the current *web.Router albeit not using it. It also had a log.Logger only being used once internally 2022-08-16 05:25:27 -05:00			`Req: &http.Request{},`
Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled (#53620) 2022-08-12 08:56:18 -05:00			`},`
PublicDashboards: Variables refactor (#73476) Co-authored-by: Juan Cabanas <juan.cabanas@grafana.com> Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com> Co-authored-by: Ryan McKinley <ryantxu@gmail.com> 2023-08-25 13:56:02 -05:00			`SignedInUser: &user.SignedInUser{},`
			`UserToken: &auth.UserToken{},`
			`IsSignedIn: rand.Int63()%2 == 1,`
			`IsRenderCall: rand.Int63()%2 == 1,`
			`AllowAnonymous: rand.Int63()%2 == 1,`
			`SkipDSCache: rand.Int63()%2 == 1,`
			`SkipQueryCache: rand.Int63()%2 == 1,`
			`Logger: log.New("test"),`
			`RequestNonce: util.GenerateShortUID(),`
			`PublicDashboardAccessToken: util.GenerateShortUID(),`
Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled (#53620) 2022-08-12 08:56:18 -05:00			`}`

			`t.Run("should create a copy of request context", func(t *testing.T) {`
			`for _, mock := range []*accesscontrolmock.Mock{`
Chore: remove `IsDisabled` method for access control (#74340) remove IsDisabled method for access control, clean up tests 2023-09-05 05:04:39 -05:00			`accesscontrolmock.New(), accesscontrolmock.New(),`
Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled (#53620) 2022-08-12 08:56:18 -05:00			`} {`
			`proxy := AlertingProxy{`
			`DataProxy: nil,`
			`ac: mock,`
			`}`

			`req := &http.Request{}`
			`resp := &response.NormalResponse{}`

			`newCtx := proxy.createProxyContext(ctx, req, resp)`

			`require.NotEqual(t, ctx, newCtx)`
			`require.Equal(t, ctx.UserToken, newCtx.UserToken)`
			`require.Equal(t, ctx.IsSignedIn, newCtx.IsSignedIn)`
			`require.Equal(t, ctx.IsRenderCall, newCtx.IsRenderCall)`
			`require.Equal(t, ctx.AllowAnonymous, newCtx.AllowAnonymous)`
Caching: Refactor enterprise query caching middleware to a wire service (#65616) * define initial service and add to wire * update caching service interface * add skipQueryCache header handler and update metrics query function to use it * add caching service as a dependency to query service * working caching impl * propagate cache status to frontend in response * beginning of improvements suggested by Lean - separate caching logic from query logic. * more changes to simplify query function * Decided to revert renaming of function * Remove error status from cache request * add extra documentation * Move query caching duration metric to query package * add a little bit of documentation * wip: convert resource caching * Change return type of query service QueryData to a QueryDataResponse with Headers * update codeowners * change X-Cache value to const * use resource caching in endpoint handlers * write resource headers to response even if it's not a cache hit * fix panic caused by lack of nil check * update unit test * remove NONE header - shouldn't show up in OSS * Convert everything to use the plugin middleware * revert a few more things * clean up unused vars * start reverting resource caching, start to implement in plugin middleware * revert more, fix typo * Update caching interfaces - resource caching now has a separate cache method * continue wiring up new resource caching conventions - still in progress * add more safety to implementation * remove some unused objects * remove some code that I left in by accident * add some comments, fix codeowners, fix duplicate registration * fix source of panic in resource middleware * Update client decorator test to provide an empty response object * create tests for caching middleware * fix unit test * Update pkg/services/caching/service.go Co-authored-by: Arati R. <33031346+suntala@users.noreply.github.com> * improve error message in error log * quick docs update * Remove use of mockery. Update return signature to return an explicit hit/miss bool * create unit test for empty request context * rename caching metrics to make it clear they pertain to caching * Update pkg/services/pluginsintegration/clientmiddleware/caching_middleware.go Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * Add clarifying comments to cache skip middleware func * Add comment pointing to the resource cache update call * fix unit tests (missing dependency) * try to fix mystery syntax error * fix a panic * Caching: Introduce feature toggle to caching service refactor (#66323) * introduce new feature toggle * hide calls to new service behind a feature flag * remove licensing flag from toggle (misunderstood what it was for) * fix unit tests * rerun toggle gen --------- Co-authored-by: Arati R. <33031346+suntala@users.noreply.github.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> 2023-04-12 11:30:33 -05:00			`require.Equal(t, ctx.SkipDSCache, newCtx.SkipDSCache)`
			`require.Equal(t, ctx.SkipQueryCache, newCtx.SkipQueryCache)`
Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled (#53620) 2022-08-12 08:56:18 -05:00			`require.Equal(t, ctx.Logger, newCtx.Logger)`
			`require.Equal(t, ctx.RequestNonce, newCtx.RequestNonce)`
PublicDashboards: Variables refactor (#73476) Co-authored-by: Juan Cabanas <juan.cabanas@grafana.com> Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com> Co-authored-by: Ryan McKinley <ryantxu@gmail.com> 2023-08-25 13:56:02 -05:00			`require.Equal(t, ctx.PublicDashboardAccessToken, newCtx.PublicDashboardAccessToken)`
Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled (#53620) 2022-08-12 08:56:18 -05:00			`}`
			`})`
			`t.Run("should overwrite response writer", func(t *testing.T) {`
			`proxy := AlertingProxy{`
			`DataProxy: nil,`
			`ac: accesscontrolmock.New(),`
			`}`

			`req := &http.Request{}`
			`resp := &response.NormalResponse{}`

			`newCtx := proxy.createProxyContext(ctx, req, resp)`

			`require.NotEqual(t, ctx.Context.Resp, newCtx.Context.Resp)`
			`require.Equal(t, ctx.Context.Req, newCtx.Context.Req)`

			`require.NotEqual(t, 123, resp.Status())`
			`newCtx.Context.Resp.WriteHeader(123)`
			`require.Equal(t, 123, resp.Status())`
			`})`
			`t.Run("if access control is enabled", func(t *testing.T) {`
			`t.Run("should elevate permissions to Editor for Viewer", func(t *testing.T) {`
			`proxy := AlertingProxy{`
			`DataProxy: nil,`
			`ac: accesscontrolmock.New(),`
			`}`

			`req := &http.Request{}`
			`resp := &response.NormalResponse{}`

			`viewerCtx := *ctx`
			`viewerCtx.SignedInUser = &user.SignedInUser{`
			`OrgRole: org.RoleViewer,`
			`}`

			`newCtx := proxy.createProxyContext(&viewerCtx, req, resp)`
			`require.NotEqual(t, viewerCtx.SignedInUser, newCtx.SignedInUser)`
			`require.Truef(t, newCtx.SignedInUser.HasRole(org.RoleEditor), "user of the proxy request should have at least Editor role but has %s", newCtx.SignedInUser.OrgRole)`
			`})`
			`t.Run("should not alter user if it is Editor", func(t *testing.T) {`
			`proxy := AlertingProxy{`
			`DataProxy: nil,`
			`ac: accesscontrolmock.New(),`
			`}`

			`req := &http.Request{}`
			`resp := &response.NormalResponse{}`

			`for _, roleType := range []org.RoleType{org.RoleEditor, org.RoleAdmin} {`
			`roleCtx := *ctx`
			`roleCtx.SignedInUser = &user.SignedInUser{`
			`OrgRole: roleType,`
			`}`
			`newCtx := proxy.createProxyContext(&roleCtx, req, resp)`
			`require.Equalf(t, roleCtx.SignedInUser, newCtx.SignedInUser, "user should not be altered if role is %s", roleType)`
			`}`
			`})`
			`})`
			`}`
Alerting: Update rules delete endpoint to handle rules in group (#53790) * update RouteDeleteAlertRules rules to update as a group * remove expecter from scheduler mock to support variadic function * create function to check for provisioning status + tests Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com> 2022-08-24 14:33:33 -05:00
			`func Test_containsProvisionedAlerts(t *testing.T) {`
			`t.Run("should return true if at least one rule is provisioned", func(t *testing.T) {`
			`_, rules := models2.GenerateUniqueAlertRules(rand.Intn(4)+2, models2.AlertRuleGen())`
			`provenance := map[string]models2.Provenance{`
Chore: Fix random indices for slices in test files (#61884) * Fix random indices for slices in test files * Empty commit 2023-01-24 12:07:37 -06:00			`rules[rand.Intn(len(rules))].UID: []models2.Provenance{models2.ProvenanceAPI, models2.ProvenanceFile}[rand.Intn(2)],`
Alerting: Update rules delete endpoint to handle rules in group (#53790) * update RouteDeleteAlertRules rules to update as a group * remove expecter from scheduler mock to support variadic function * create function to check for provisioning status + tests Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com> 2022-08-24 14:33:33 -05:00			`}`
			`require.Truef(t, containsProvisionedAlerts(provenance, rules), "the group of rules is expected to be considered as provisioned but it isn't. Provenances: %v", provenance)`
			`})`
			`t.Run("should return false if map does not contain or has ProvenanceNone", func(t *testing.T) {`
			`_, rules := models2.GenerateUniqueAlertRules(rand.Intn(5)+1, models2.AlertRuleGen())`
			`provenance := make(map[string]models2.Provenance)`
Chore: Fix random indices for slices in test files (#61884) * Fix random indices for slices in test files * Empty commit 2023-01-24 12:07:37 -06:00			`numProvenanceNone := rand.Intn(len(rules))`
			`for i := 0; i < numProvenanceNone; i++ {`
Alerting: Update rules delete endpoint to handle rules in group (#53790) * update RouteDeleteAlertRules rules to update as a group * remove expecter from scheduler mock to support variadic function * create function to check for provisioning status + tests Co-authored-by: Alexander Weaver <weaver.alex.d@gmail.com> 2022-08-24 14:33:33 -05:00			`provenance[rules[i].UID] = models2.ProvenanceNone`
			`}`
			`require.Falsef(t, containsProvisionedAlerts(provenance, rules), "the group of rules is not expected to be provisioned but it is. Provenances: %v", provenance)`
			`})`
			`}`
Alerting: update rules POST API to validate query and condition only for rules that changed. (#68667) * replace condition validation with just structural validation * validate conditions of only new and updated rules * add integration tests for rule update\delete API Co-authored-by: George Robinson <george.robinson@grafana.com> 2023-06-15 12:33:42 -05:00
			`type recordingConditionValidator struct {`
			`recorded []models2.Condition`
			`hook func(c models2.Condition) error`
			`}`

			`func (r *recordingConditionValidator) Validate(_ eval.EvaluationContext, condition models2.Condition) error {`
			`r.recorded = append(r.recorded, condition)`
			`if r.hook != nil {`
			`return r.hook(condition)`
			`}`
			`return nil`
			`}`

			`var _ ConditionValidator = &recordingConditionValidator{}`