Commit f590ba85 authored by Can Eldem's avatar Can Eldem Committed by Kerri Miller

Calculate fingerprint for alerts

Calculating fingerprint for Cilium alerts to
prevent Gitlab flooding with Cilium alerts
parent 86a5baf4
......@@ -6,13 +6,22 @@ module Gitlab
class Cilium < Gitlab::AlertManagement::Payload::Generic
DEFAULT_TITLE = 'New: Alert'
attribute :description, paths: %w(flow dropReasonDesc)
attribute :description, paths: %w(flow verdict)
attribute :title, paths: %w(ciliumNetworkPolicy metadata name), fallback: -> { DEFAULT_TITLE }
attribute :gitlab_fingerprint, paths: %w(fingerprint)
def monitoring_tool
Gitlab::AlertManagement::Payload::MONITORING_TOOLS[:cilium]
end
private
def plain_gitlab_fingerprint
fpayload = self.payload.deep_dup
fpayload = fpayload['flow'].except('time', 'Summary')
fpayload['l4']['TCP'].delete('flags') if fpayload.dig('l4', 'TCP', 'flags')
fpayload.to_s
end
end
end
end
......
......@@ -4,9 +4,38 @@ FactoryBot.define do
factory :network_alert_payload, class: Hash do
initialize_with do
{
fingerprint: 'a94a8fe5ccb19ba61c4c0873d391e987982fbbd3',
flow: {
dropReasonDesc: "POLICY_DENIED"
time: '2021-02-02T18:04:21.213587449Z',
verdict: 'POLICY_DENIED',
dropReasonDesc: 123,
ethernet: { source: '56:b6:52:62:6b:68', destination: '3a:dc:e3:9a:55:11' },
IP: { source: '10.0.0.224', destination: '10.0.0.87', ipVersion: 'IPv4' },
l4: { TCP: { sourcePort: 38_794, destinationPort: 5000, flags: { SYN: nil } } },
source: {
ID: 799,
identity: 37_570,
namespace: 'gitlab-managed-apps',
labels: [
'k8s:app.kubernetes.io/component=controller',
'k8s:app=nginx-ingress'
],
podName: 'ingress-nginx-ingress-controller-7dd4d7474d-m95gd'
},
destination: {
ID: 259,
identity: 30_147,
namespace: 'agent-project-21-production',
labels: [
'k8s:app=production',
'k8s:io.cilium.k8s.namespace.labels.app.gitlab.com/app=root-agent-project'
],
podName: 'production-7b998ffb56-vvl68'
},
Type: 'L3_L4',
nodeName: 'minikube',
eventType: { type: 5 },
trafficDirection: 'INGRESS',
Summary: 'TCP Flags: SYN'
},
ciliumNetworkPolicy: {
kind: 'bla',
......
......@@ -13,6 +13,6 @@ RSpec.describe Gitlab::AlertManagement::Payload::Cilium do
it 'parses cilium specific fields' do
expect(parsed_payload.title).to eq('Cilium Alert')
expect(parsed_payload.description).to eq('POLICY_DENIED')
expect(parsed_payload.gitlab_fingerprint).to eq('a94a8fe5ccb19ba61c4c0873d391e987982fbbd3')
expect(parsed_payload.gitlab_fingerprint).to eq('b2ad2a791756abe01692270c6a846129a09891b3')
end
end
......@@ -67,17 +67,10 @@ RSpec.describe API::Internal::Kubernetes do
stub_licensed_features(cilium_alerts: true)
end
let(:payload) do
{
alert: {
title: 'minimal',
message: 'network problem'
}
}
end
let(:payload) { build(:network_alert_payload) }
it 'returns success for valid alert payload' do
send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
it 'returns no_content for valid alert payload' do
send_request(params: { alert: payload }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
expect(AlertManagement::Alert.count).to eq(1)
expect(AlertManagement::Alert.all.first.project).to eq(agent.project)
......@@ -107,7 +100,7 @@ RSpec.describe API::Internal::Kubernetes do
end
it 'returns success' do
send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
send_request(params: { alert: payload }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
expect(response).to have_gitlab_http_status(:success)
end
......@@ -118,7 +111,7 @@ RSpec.describe API::Internal::Kubernetes do
let(:payload) { { temp: {} } }
it 'returns bad request' do
send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
send_request(params: { alert: payload }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
expect(response).to have_gitlab_http_status(:bad_request)
end
end
......@@ -129,7 +122,7 @@ RSpec.describe API::Internal::Kubernetes do
end
it 'returns forbidden for non licensed project' do
send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
send_request(params: { alert: payload }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
expect(response).to have_gitlab_http_status(:forbidden)
end
......
......@@ -26,16 +26,6 @@ RSpec.describe AlertManagement::NetworkAlertService do
subject(:execute) { service.execute }
context 'with minimal payload' do
let(:payload_raw) do
{}.with_indifferent_access
end
let(:payload) { ActionController::Parameters.new(payload_raw).permit! }
it_behaves_like 'creates an alert management alert'
end
context 'with valid payload' do
let(:payload_raw) { build(:network_alert_payload) }
......@@ -55,7 +45,7 @@ RSpec.describe AlertManagement::NetworkAlertService do
ended_at: nil,
environment_id: nil,
events: 1,
fingerprint: 'a94a8fe5ccb19ba61c4c0873d391e987982fbbd3',
fingerprint: '89269ffa3902af37f036a77bc9ea57cdee3a52c2',
hosts: [],
issue_id: nil,
monitoring_tool: 'Cilium',
......@@ -77,7 +67,7 @@ RSpec.describe AlertManagement::NetworkAlertService do
let!(:alert) do
create(
:alert_management_alert,
project: project, domain: :threat_monitoring, fingerprint: Digest::SHA1.hexdigest(fingerprint)
project: project, domain: :threat_monitoring, fingerprint: '89269ffa3902af37f036a77bc9ea57cdee3a52c2'
)
end
......@@ -85,7 +75,7 @@ RSpec.describe AlertManagement::NetworkAlertService do
end
context 'existing alert with same fingerprint' do
let(:fingerprint_sha) { Digest::SHA1.hexdigest(fingerprint) }
let(:fingerprint_sha) { '89269ffa3902af37f036a77bc9ea57cdee3a52c2' }
let!(:alert) do
create(:alert_management_alert, domain: :threat_monitoring, project: project, fingerprint: fingerprint_sha)
end
......@@ -167,9 +157,7 @@ RSpec.describe AlertManagement::NetworkAlertService do
end
context 'error duing save' do
let(:payload_raw) do
{}.with_indifferent_access
end
let(:payload_raw) { build(:network_alert_payload) }
let(:logger) { double(warn: {}) }
let(:payload) { ActionController::Parameters.new(payload_raw).permit! }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment