Merge branch '211615-scope-waf-transaction-id-to-env-external-url' into 'master'

Use environment.external_url for fetching WAF anomalies See merge request gitlab-org/gitlab!27466

Merge branch '211615-scope-waf-transaction-id-to-env-external-url' into 'master'
Use environment.external_url for fetching WAF anomalies See merge request gitlab-org/gitlab!27466
48384751 · Bob Van Landuyt · 2d50c989 · 1d75b058 · 48384751 · 48384751
Commit 48384751 authored Mar 20, 2020 by Bob Van Landuyt
3 changed files
--- a/changelogs/unreleased/211615-scope-waf-transaction-id-to-env-external-url.yml
+++ b/changelogs/unreleased/211615-scope-waf-transaction-id-to-env-external-url.yml
+---
+title: Scope WAF Statistics anomalies to environment.external_url
+merge_request: 27466
+author:
+type: fixed
--- a/ee/app/services/security/waf_anomaly_summary_service.rb
+++ b/ee/app/services/security/waf_anomaly_summary_service.rb
@@ -14,6 +14,7 @@ module Security
    def execute
      return if elasticsearch_client.nil?
+      return unless @environment.external_url
      # Use multi-search with single query as we'll be adding nginx later
      # with https://gitlab.com/gitlab-org/gitlab/issues/14707
@@ -177,7 +178,7 @@ module Security
    # Derive server_name to filter modsec audit log by environment
    def application_server_name
-      "#{@environment.project.full_path_slug}.#{@environment.deployment_platform.cluster.base_domain}"
+      @environment.formatted_external_url
    end
    # Derive proxy upstream name to filter nginx log by environment

--- a/ee/spec/services/security/waf_anomaly_summary_service_spec.rb
+++ b/ee/spec/services/security/waf_anomaly_summary_service_spec.rb
@@ -3,7 +3,7 @@
 require 'spec_helper'
 describe Security::WafAnomalySummaryService do
-  let(:environment) { create(:environment, :with_review_app) }
+  let(:environment) { create(:environment, :with_review_app, environment_type: 'review') }
  let!(:cluster) do
    create(:cluster, :provided_by_gcp, environment_scope: '*', projects: [environment.project])
  end
@@ -76,6 +76,20 @@ describe Security::WafAnomalySummaryService do
      end
    end
+    context 'with environment missing external_url' do
+      before do
+        allow(environment.deployment_platform.cluster).to receive_message_chain(
+          :application_elastic_stack, :elasticsearch_client
+        ) { es_client }
+        allow(environment).to receive(:external_url) { nil }
+      end
+      it 'returns nil' do
+        expect(subject.execute).to be_nil
+      end
+    end
    context 'with default histogram' do
      before do
        allow(es_client).to receive(:msearch) do
@@ -130,6 +144,32 @@ describe Security::WafAnomalySummaryService do
      end
    end
+    context 'with review app' do
+      it 'resolves transaction_id from external_url' do
+        allow(subject).to receive(:elasticsearch_client) { es_client }
+        expect(es_client).to receive(:msearch).with(
+          body: array_including(
+            hash_including(
+              query: hash_including(
+                bool: hash_including(
+                  must: array_including(
+                    hash_including(
+                      prefix: hash_including(
+                        'transaction.unique_id': environment.formatted_external_url
+                      )
+                    )
+                  )
+                )
+              )
+            )
+          )
+        ).and_return({ 'responses' => [{}, {}] })
+        subject.execute
+      end
+    end
    context 'with time window' do
      it 'passes time frame to ElasticSearch' do
        from = 1.day.ago