Merge branch 'calculate-fingerprint-for-alerts' into 'master'

Calculate fingerprint for alerts See merge request gitlab-org/gitlab!53225

Merge branch 'calculate-fingerprint-for-alerts' into 'master'
Calculate fingerprint for alerts See merge request gitlab-org/gitlab!53225
b7275478 · Kerri Miller · 3dde5140 · f590ba85 · b7275478 · b7275478
Commit b7275478 authored Feb 10, 2021 by Kerri Miller
5 changed files
--- a/ee/lib/gitlab/alert_management/payload/cilium.rb
+++ b/ee/lib/gitlab/alert_management/payload/cilium.rb
@@ -6,13 +6,22 @@ module Gitlab
      class Cilium < Gitlab::AlertManagement::Payload::Generic
        DEFAULT_TITLE = 'New: Alert'
-        attribute :description, paths: %w(flow dropReasonDesc)
+        attribute :description, paths: %w(flow verdict)
        attribute :title, paths: %w(ciliumNetworkPolicy metadata name), fallback: -> { DEFAULT_TITLE }
-        attribute :gitlab_fingerprint, paths: %w(fingerprint)
        def monitoring_tool
          Gitlab::AlertManagement::Payload::MONITORING_TOOLS[:cilium]
        end
+        private
+        def plain_gitlab_fingerprint
+          fpayload = self.payload.deep_dup
+          fpayload = fpayload['flow'].except('time', 'Summary')
+          fpayload['l4']['TCP'].delete('flags') if fpayload.dig('l4', 'TCP', 'flags')
+          fpayload.to_s
+        end
      end
    end
  end

--- a/ee/spec/factories/alert_management/alerts.rb
+++ b/ee/spec/factories/alert_management/alerts.rb
@@ -4,26 +4,55 @@ FactoryBot.define do
  factory :network_alert_payload, class: Hash do
    initialize_with do
      {
-       fingerprint: 'a94a8fe5ccb19ba61c4c0873d391e987982fbbd3',
+        flow: {
-       flow: {
+          time: '2021-02-02T18:04:21.213587449Z',
-           dropReasonDesc: "POLICY_DENIED"
+          verdict: 'POLICY_DENIED',
+          dropReasonDesc: 123,
+          ethernet: { source: '56:b6:52:62:6b:68', destination: '3a:dc:e3:9a:55:11' },
+          IP: { source: '10.0.0.224', destination: '10.0.0.87', ipVersion: 'IPv4' },
+          l4: { TCP: { sourcePort: 38_794, destinationPort: 5000, flags: { SYN: nil } } },
+          source: {
+            ID: 799,
+            identity: 37_570,
+            namespace: 'gitlab-managed-apps',
+            labels: [
+              'k8s:app.kubernetes.io/component=controller',
+              'k8s:app=nginx-ingress'
+            ],
+            podName: 'ingress-nginx-ingress-controller-7dd4d7474d-m95gd'
+          },
+          destination: {
+            ID: 259,
+            identity: 30_147,
+            namespace: 'agent-project-21-production',
+            labels: [
+              'k8s:app=production',
+              'k8s:io.cilium.k8s.namespace.labels.app.gitlab.com/app=root-agent-project'
+            ],
+            podName: 'production-7b998ffb56-vvl68'
+          },
+          Type: 'L3_L4',
+          nodeName: 'minikube',
+          eventType: { type: 5 },
+          trafficDirection: 'INGRESS',
+          Summary: 'TCP Flags: SYN'
        },
-       ciliumNetworkPolicy: {
+        ciliumNetworkPolicy: {
-           kind: 'bla',
+          kind: 'bla',
-           apiVersion: 'bla',
+          apiVersion: 'bla',
-           metadata: {
+          metadata: {
-               name: 'Cilium Alert',
+            name: 'Cilium Alert',
-               generateName: 'generated NAme',
+            generateName: 'generated NAme',
-               namespace: 'LocalGitlab',
+            namespace: 'LocalGitlab',
-               selfLink: 'www.gitlab.com',
+            selfLink: 'www.gitlab.com',
-               uid: '2d931510-d99f-494a-8c67-87feb05e1594',
+            uid: '2d931510-d99f-494a-8c67-87feb05e1594',
-               resourceVersion: '23',
+            resourceVersion: '23',
-               deletionGracePeriodSeconds: 42,
+            deletionGracePeriodSeconds: 42,
-               clusterName: 'TestCluster'
+            clusterName: 'TestCluster'
-            },
+          },
-           status: {}
+          status: {}
        }
-     }.with_indifferent_access
+      }.with_indifferent_access
    end
  end
 end
--- a/ee/spec/lib/gitlab/alert_management/payload/cilium_spec.rb
+++ b/ee/spec/lib/gitlab/alert_management/payload/cilium_spec.rb
@@ -13,6 +13,6 @@ RSpec.describe Gitlab::AlertManagement::Payload::Cilium do
  it 'parses cilium specific fields' do
    expect(parsed_payload.title).to eq('Cilium Alert')
    expect(parsed_payload.description).to eq('POLICY_DENIED')
-    expect(parsed_payload.gitlab_fingerprint).to eq('a94a8fe5ccb19ba61c4c0873d391e987982fbbd3')
+    expect(parsed_payload.gitlab_fingerprint).to eq('b2ad2a791756abe01692270c6a846129a09891b3')
  end
 end
--- a/ee/spec/requests/api/internal/kubernetes_spec.rb
+++ b/ee/spec/requests/api/internal/kubernetes_spec.rb
@@ -67,17 +67,10 @@ RSpec.describe API::Internal::Kubernetes do
        stub_licensed_features(cilium_alerts: true)
      end
-      let(:payload) do
+      let(:payload) { build(:network_alert_payload) }
-        {
-          alert: {
-            title: 'minimal',
-            message: 'network problem'
-          }
-        }
-      end
-      it 'returns success for valid alert payload' do
+      it 'returns no_content for valid alert payload' do
-        send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+        send_request(params: { alert: payload }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
        expect(AlertManagement::Alert.count).to eq(1)
        expect(AlertManagement::Alert.all.first.project).to eq(agent.project)
@@ -107,7 +100,7 @@ RSpec.describe API::Internal::Kubernetes do
          end
          it 'returns success' do
-            send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+            send_request(params: { alert: payload }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
            expect(response).to have_gitlab_http_status(:success)
          end
@@ -118,7 +111,7 @@ RSpec.describe API::Internal::Kubernetes do
        let(:payload) { { temp: {} } }
        it 'returns bad request' do
-          send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+          send_request(params: { alert: payload }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
          expect(response).to have_gitlab_http_status(:bad_request)
        end
      end
@@ -129,7 +122,7 @@ RSpec.describe API::Internal::Kubernetes do
        end
        it 'returns forbidden for non licensed project' do
-          send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+          send_request(params: { alert: payload }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
          expect(response).to have_gitlab_http_status(:forbidden)
        end

--- a/ee/spec/services/alert_management/network_alert_service_spec.rb
+++ b/ee/spec/services/alert_management/network_alert_service_spec.rb
@@ -26,16 +26,6 @@ RSpec.describe AlertManagement::NetworkAlertService do
    subject(:execute) { service.execute }
-    context 'with minimal payload' do
-      let(:payload_raw) do
-        {}.with_indifferent_access
-      end
-      let(:payload) { ActionController::Parameters.new(payload_raw).permit! }
-      it_behaves_like 'creates an alert management alert'
-    end
    context 'with valid payload' do
      let(:payload_raw) { build(:network_alert_payload) }
@@ -55,7 +45,7 @@ RSpec.describe AlertManagement::NetworkAlertService do
          ended_at: nil,
          environment_id: nil,
          events:  1,
-          fingerprint: 'a94a8fe5ccb19ba61c4c0873d391e987982fbbd3',
+          fingerprint: '89269ffa3902af37f036a77bc9ea57cdee3a52c2',
          hosts: [],
          issue_id: nil,
          monitoring_tool: 'Cilium',
@@ -77,7 +67,7 @@ RSpec.describe AlertManagement::NetworkAlertService do
        let!(:alert) do
          create(
            :alert_management_alert,
-            project: project, domain: :threat_monitoring, fingerprint: Digest::SHA1.hexdigest(fingerprint)
+            project: project, domain: :threat_monitoring, fingerprint: '89269ffa3902af37f036a77bc9ea57cdee3a52c2'
          )
        end
@@ -85,7 +75,7 @@ RSpec.describe AlertManagement::NetworkAlertService do
      end
      context 'existing alert with same fingerprint' do
-        let(:fingerprint_sha) { Digest::SHA1.hexdigest(fingerprint) }
+        let(:fingerprint_sha) { '89269ffa3902af37f036a77bc9ea57cdee3a52c2' }
        let!(:alert) do
          create(:alert_management_alert, domain: :threat_monitoring, project: project, fingerprint: fingerprint_sha)
        end
@@ -167,9 +157,7 @@ RSpec.describe AlertManagement::NetworkAlertService do
    end
    context 'error duing save' do
-      let(:payload_raw) do
+      let(:payload_raw) { build(:network_alert_payload) }
-        {}.with_indifferent_access
-      end
      let(:logger) { double(warn: {}) }
      let(:payload) { ActionController::Parameters.new(payload_raw).permit! }