Calculate fingerprint for alerts

Calculating fingerprint for Cilium alerts to prevent Gitlab flooding with Cilium alerts

Calculate fingerprint for alerts
Calculating fingerprint for Cilium alerts to prevent Gitlab flooding with Cilium alerts
f590ba85 · Can Eldem · Kerri Miller · 86a5baf4 · f590ba85 · f590ba85
Commit f590ba85 authored Feb 10, 2021 by Can Eldem Committed by Kerri Miller Feb 10, 2021
5 changed files
--- a/ee/lib/gitlab/alert_management/payload/cilium.rb
+++ b/ee/lib/gitlab/alert_management/payload/cilium.rb
@@ -6,13 +6,22 @@ module Gitlab
      class Cilium < Gitlab::AlertManagement::Payload::Generic
        DEFAULT_TITLE = 'New: Alert'

-        attribute :description, paths: %w(flow dropReasonDesc)
+        attribute :description, paths: %w(flow verdict)
        attribute :title, paths: %w(ciliumNetworkPolicy metadata name), fallback: -> { DEFAULT_TITLE }
-        attribute :gitlab_fingerprint, paths: %w(fingerprint)

        def monitoring_tool
          Gitlab::AlertManagement::Payload::MONITORING_TOOLS[:cilium]
        end
+
+        private
+
+        def plain_gitlab_fingerprint
+          fpayload = self.payload.deep_dup
+          fpayload = fpayload['flow'].except('time', 'Summary')
+          fpayload['l4']['TCP'].delete('flags') if fpayload.dig('l4', 'TCP', 'flags')
+
+          fpayload.to_s
+        end
      end
    end
  end

--- a/ee/spec/factories/alert_management/alerts.rb
+++ b/ee/spec/factories/alert_management/alerts.rb
@@ -4,26 +4,55 @@ FactoryBot.define do
  factory :network_alert_payload, class: Hash do
    initialize_with do
      {
-       fingerprint: 'a94a8fe5ccb19ba61c4c0873d391e987982fbbd3',
-       flow: {
-           dropReasonDesc: "POLICY_DENIED"
+        flow: {
+          time: '2021-02-02T18:04:21.213587449Z',
+          verdict: 'POLICY_DENIED',
+          dropReasonDesc: 123,
+          ethernet: { source: '56:b6:52:62:6b:68', destination: '3a:dc:e3:9a:55:11' },
+          IP: { source: '10.0.0.224', destination: '10.0.0.87', ipVersion: 'IPv4' },
+          l4: { TCP: { sourcePort: 38_794, destinationPort: 5000, flags: { SYN: nil } } },
+          source: {
+            ID: 799,
+            identity: 37_570,
+            namespace: 'gitlab-managed-apps',
+            labels: [
+              'k8s:app.kubernetes.io/component=controller',
+              'k8s:app=nginx-ingress'
+            ],
+            podName: 'ingress-nginx-ingress-controller-7dd4d7474d-m95gd'
+          },
+          destination: {
+            ID: 259,
+            identity: 30_147,
+            namespace: 'agent-project-21-production',
+            labels: [
+              'k8s:app=production',
+              'k8s:io.cilium.k8s.namespace.labels.app.gitlab.com/app=root-agent-project'
+            ],
+            podName: 'production-7b998ffb56-vvl68'
+          },
+          Type: 'L3_L4',
+          nodeName: 'minikube',
+          eventType: { type: 5 },
+          trafficDirection: 'INGRESS',
+          Summary: 'TCP Flags: SYN'
        },
-       ciliumNetworkPolicy: {
-           kind: 'bla',
-           apiVersion: 'bla',
-           metadata: {
-               name: 'Cilium Alert',
-               generateName: 'generated NAme',
-               namespace: 'LocalGitlab',
-               selfLink: 'www.gitlab.com',
-               uid: '2d931510-d99f-494a-8c67-87feb05e1594',
-               resourceVersion: '23',
-               deletionGracePeriodSeconds: 42,
-               clusterName: 'TestCluster'
-            },
-           status: {}
+        ciliumNetworkPolicy: {
+          kind: 'bla',
+          apiVersion: 'bla',
+          metadata: {
+            name: 'Cilium Alert',
+            generateName: 'generated NAme',
+            namespace: 'LocalGitlab',
+            selfLink: 'www.gitlab.com',
+            uid: '2d931510-d99f-494a-8c67-87feb05e1594',
+            resourceVersion: '23',
+            deletionGracePeriodSeconds: 42,
+            clusterName: 'TestCluster'
+          },
+          status: {}
        }
-     }.with_indifferent_access
+      }.with_indifferent_access
    end
  end
 end
--- a/ee/spec/lib/gitlab/alert_management/payload/cilium_spec.rb
+++ b/ee/spec/lib/gitlab/alert_management/payload/cilium_spec.rb
@@ -13,6 +13,6 @@ RSpec.describe Gitlab::AlertManagement::Payload::Cilium do
  it 'parses cilium specific fields' do
    expect(parsed_payload.title).to eq('Cilium Alert')
    expect(parsed_payload.description).to eq('POLICY_DENIED')
-    expect(parsed_payload.gitlab_fingerprint).to eq('a94a8fe5ccb19ba61c4c0873d391e987982fbbd3')
+    expect(parsed_payload.gitlab_fingerprint).to eq('b2ad2a791756abe01692270c6a846129a09891b3')
  end
 end
--- a/ee/spec/requests/api/internal/kubernetes_spec.rb
+++ b/ee/spec/requests/api/internal/kubernetes_spec.rb
@@ -67,17 +67,10 @@ RSpec.describe API::Internal::Kubernetes do
        stub_licensed_features(cilium_alerts: true)
      end

-      let(:payload) do
-        {
-          alert: {
-            title: 'minimal',
-            message: 'network problem'
-          }
-        }
-      end
+      let(:payload) { build(:network_alert_payload) }

-      it 'returns success for valid alert payload' do
-        send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+      it 'returns no_content for valid alert payload' do
+        send_request(params: { alert: payload }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })

        expect(AlertManagement::Alert.count).to eq(1)
        expect(AlertManagement::Alert.all.first.project).to eq(agent.project)
@@ -107,7 +100,7 @@ RSpec.describe API::Internal::Kubernetes do
          end

          it 'returns success' do
-            send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+            send_request(params: { alert: payload }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })

            expect(response).to have_gitlab_http_status(:success)
          end
@@ -118,7 +111,7 @@ RSpec.describe API::Internal::Kubernetes do
        let(:payload) { { temp: {} } }

        it 'returns bad request' do
-          send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+          send_request(params: { alert: payload }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
          expect(response).to have_gitlab_http_status(:bad_request)
        end
      end
@@ -129,7 +122,7 @@ RSpec.describe API::Internal::Kubernetes do
        end

        it 'returns forbidden for non licensed project' do
-          send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+          send_request(params: { alert: payload }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })

          expect(response).to have_gitlab_http_status(:forbidden)
        end

--- a/ee/spec/services/alert_management/network_alert_service_spec.rb
+++ b/ee/spec/services/alert_management/network_alert_service_spec.rb
@@ -26,16 +26,6 @@ RSpec.describe AlertManagement::NetworkAlertService do

    subject(:execute) { service.execute }

-    context 'with minimal payload' do
-      let(:payload_raw) do
-        {}.with_indifferent_access
-      end
-
-      let(:payload) { ActionController::Parameters.new(payload_raw).permit! }
-
-      it_behaves_like 'creates an alert management alert'
-    end
-
    context 'with valid payload' do
      let(:payload_raw) { build(:network_alert_payload) }

@@ -55,7 +45,7 @@ RSpec.describe AlertManagement::NetworkAlertService do
          ended_at: nil,
          environment_id: nil,
          events:  1,
-          fingerprint: 'a94a8fe5ccb19ba61c4c0873d391e987982fbbd3',
+          fingerprint: '89269ffa3902af37f036a77bc9ea57cdee3a52c2',
          hosts: [],
          issue_id: nil,
          monitoring_tool: 'Cilium',
@@ -77,7 +67,7 @@ RSpec.describe AlertManagement::NetworkAlertService do
        let!(:alert) do
          create(
            :alert_management_alert,
-            project: project, domain: :threat_monitoring, fingerprint: Digest::SHA1.hexdigest(fingerprint)
+            project: project, domain: :threat_monitoring, fingerprint: '89269ffa3902af37f036a77bc9ea57cdee3a52c2'
          )
        end

@@ -85,7 +75,7 @@ RSpec.describe AlertManagement::NetworkAlertService do
      end

      context 'existing alert with same fingerprint' do
-        let(:fingerprint_sha) { Digest::SHA1.hexdigest(fingerprint) }
+        let(:fingerprint_sha) { '89269ffa3902af37f036a77bc9ea57cdee3a52c2' }
        let!(:alert) do
          create(:alert_management_alert, domain: :threat_monitoring, project: project, fingerprint: fingerprint_sha)
        end
@@ -167,9 +157,7 @@ RSpec.describe AlertManagement::NetworkAlertService do
    end

    context 'error duing save' do
-      let(:payload_raw) do
-        {}.with_indifferent_access
-      end
+      let(:payload_raw) { build(:network_alert_payload) }

      let(:logger) { double(warn: {}) }
      let(:payload) { ActionController::Parameters.new(payload_raw).permit! }