Permit incoming payload from alertmanager

This payload needs to be serializable and we are checking its content in the NotifyService anyway.

Permit incoming payload from alertmanager
This payload needs to be serializable and we are checking its content in the NotifyService anyway.
7d35ab12 · Peter Leitzen · cf957405 · 7d35ab12 · 7d35ab12 · 7d35ab12
Commit 7d35ab12 authored Feb 01, 2019 by Peter Leitzen
4 changed files
--- a/ee/app/controllers/projects/prometheus/alerts_controller.rb
+++ b/ee/app/controllers/projects/prometheus/alerts_controller.rb
@@ -25,7 +25,8 @@ module Projects
      def notify
        token = extract_alert_manager_token(request)
-        notify = Projects::Prometheus::Alerts::NotifyService.new(project, current_user, params)
+        notify = Projects::Prometheus::Alerts::NotifyService
+          .new(project, current_user, params.permit!)
        if notify.execute(token)
          head :ok

--- a/ee/changelogs/unreleased/9552-alert-notification-emails-are-not-sent.yml
+++ b/ee/changelogs/unreleased/9552-alert-notification-emails-are-not-sent.yml
+---
+title: Fix alert notification emails are not being sent
+merge_request: 9393
+author:
+type: fixed
--- a/ee/spec/controllers/projects/prometheus/alerts_controller_spec.rb
+++ b/ee/spec/controllers/projects/prometheus/alerts_controller_spec.rb
@@ -86,16 +86,18 @@ describe Projects::Prometheus::AlertsController do
  describe 'POST #notify' do
    let(:notify_service) { spy }
-    let(:payload) { {} }
    before do
-      allow(Projects::Prometheus::Alerts::NotifyService).to receive(:new).and_return(notify_service)
+      expect(Projects::Prometheus::Alerts::NotifyService)
+        .to receive(:new)
+        .and_return(notify_service)
+        .with(project, user, duck_type(:permitted?))
    end
    it 'renders ok if notification succeeds' do
      expect(notify_service).to receive(:execute).and_return(true)
-      post :notify, params: project_params(payload), session: { as: :json }
+      post :notify, params: project_params, session: { as: :json }
      expect(response).to have_gitlab_http_status(200)
    end

--- a/ee/spec/services/projects/prometheus/alerts/notify_service_spec.rb
+++ b/ee/spec/services/projects/prometheus/alerts/notify_service_spec.rb
@@ -14,22 +14,22 @@ describe Projects::Prometheus::Alerts::NotifyService do
    let(:notification_service) { spy }
    let(:create_events_service) { spy }
-    before do
-      allow(NotificationService).to receive(:new).and_return(notification_service)
-      allow(Projects::Prometheus::Alerts::CreateEventsService)
-        .to receive(:new).and_return(create_events_service)
-    end
    it 'sends a notification for firing alerts only' do
+      expect(NotificationService)
+        .to receive(:new)
+        .and_return(notification_service)
      expect(notification_service)
        .to receive_message_chain(:async, :prometheus_alerts_fired)
-        .with(project, [payload_alert_firing])
      expect(subject).to eq(true)
    end
    it 'persists events' do
-      expect(create_events_service).to receive(:execute)
+      expect(Projects::Prometheus::Alerts::CreateEventsService)
+        .to receive(:new)
+        .and_return(create_events_service)
+      expect(create_events_service)
+        .to receive(:execute)
      expect(subject).to eq(true)
    end
@@ -50,8 +50,9 @@ describe Projects::Prometheus::Alerts::NotifyService do
  context 'with valid payload' do
    let(:alert_firing) { create(:prometheus_alert, project: project) }
    let(:alert_resolved) { create(:prometheus_alert, project: project) }
-    let(:payload) { payload_for(firing: [alert_firing], resolved: [alert_resolved]) }
+    let(:payload_raw) { payload_for(firing: [alert_firing], resolved: [alert_resolved]) }
-    let(:payload_alert_firing) { payload['alerts'].first }
+    let(:payload) { ActionController::Parameters.new(payload_raw).permit! }
+    let(:payload_alert_firing) { payload_raw['alerts'].first }
    let(:token) { 'token' }
    context 'with project specific cluster' do