debian-mirror-gitlab/spec/models/integrations/prometheus_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

539 lines
17 KiB
Ruby
Raw Normal View History

2018-12-13 13:39:08 +05:30
# frozen_string_literal: true
2017-08-17 22:00:37 +05:30
require 'spec_helper'
2021-02-11 23:33:58 +05:30
require 'googleauth'
2021-09-30 23:02:18 +05:30
RSpec.describe Integrations::Prometheus, :use_clean_rails_memory_store_caching, :snowplow do
2017-08-17 22:00:37 +05:30
include PrometheusHelpers
include ReactiveCachingHelpers
2021-02-11 23:33:58 +05:30
let_it_be_with_reload(:project) { create(:prometheus_project) }
2021-04-29 21:17:54 +05:30
2021-09-30 23:02:18 +05:30
let(:integration) { project.prometheus_integration }
2017-08-17 22:00:37 +05:30
2018-11-29 20:51:05 +05:30
context 'redirects' do
it 'does not follow redirects' do
redirect_to = 'https://redirected.example.com'
redirect_req_stub = stub_prometheus_request(prometheus_query_url('1'), status: 302, headers: { location: redirect_to })
redirected_req_stub = stub_prometheus_request(redirect_to, body: { 'status': 'success' })
2021-09-30 23:02:18 +05:30
result = integration.test
2018-11-29 20:51:05 +05:30
# result = { success: false, result: error }
expect(result[:success]).to be_falsy
2020-07-28 23:09:34 +05:30
expect(result[:result]).to be_instance_of(Gitlab::PrometheusClient::UnexpectedResponseError)
2018-11-29 20:51:05 +05:30
expect(redirect_req_stub).to have_been_requested
expect(redirected_req_stub).not_to have_been_requested
end
end
2017-08-17 22:00:37 +05:30
describe 'Validations' do
2018-03-17 18:26:18 +05:30
context 'when manual_configuration is enabled' do
2017-09-10 17:25:29 +05:30
before do
2021-09-30 23:02:18 +05:30
integration.manual_configuration = true
2017-09-10 17:25:29 +05:30
end
2017-08-17 22:00:37 +05:30
2019-03-13 22:55:13 +05:30
it 'validates presence of api_url' do
2021-09-30 23:02:18 +05:30
expect(integration).to validate_presence_of(:api_url)
2019-03-13 22:55:13 +05:30
end
2017-08-17 22:00:37 +05:30
end
2018-03-17 18:26:18 +05:30
context 'when manual configuration is disabled' do
2017-09-10 17:25:29 +05:30
before do
2021-09-30 23:02:18 +05:30
integration.manual_configuration = false
2019-03-13 22:55:13 +05:30
end
it 'does not validate presence of api_url' do
2021-09-30 23:02:18 +05:30
expect(integration).not_to validate_presence_of(:api_url)
expect(integration.valid?).to eq(true)
2020-04-22 19:07:51 +05:30
end
context 'local connections allowed' do
before do
stub_application_setting(allow_local_requests_from_web_hooks_and_services: true)
end
it 'does not validate presence of api_url' do
2021-09-30 23:02:18 +05:30
expect(integration).not_to validate_presence_of(:api_url)
expect(integration.valid?).to eq(true)
2020-04-22 19:07:51 +05:30
end
2017-09-10 17:25:29 +05:30
end
2019-03-13 22:55:13 +05:30
end
context 'when the api_url domain points to localhost or local network' do
2021-09-30 23:02:18 +05:30
let(:domain) { Addressable::URI.parse(integration.api_url).hostname }
2017-08-17 22:00:37 +05:30
2019-03-13 22:55:13 +05:30
it 'cannot query' do
2021-09-30 23:02:18 +05:30
expect(integration.can_query?).to be true
2019-03-13 22:55:13 +05:30
aggregate_failures do
['127.0.0.1', '192.168.2.3'].each do |url|
allow(Addrinfo).to receive(:getaddrinfo).with(domain, any_args).and_return([Addrinfo.tcp(url, 80)])
2021-09-30 23:02:18 +05:30
expect(integration.can_query?).to be false
2019-03-13 22:55:13 +05:30
end
end
end
2019-12-26 22:10:19 +05:30
2020-04-22 19:07:51 +05:30
it 'can query when local requests are allowed' do
stub_application_setting(allow_local_requests_from_web_hooks_and_services: true)
aggregate_failures do
['127.0.0.1', '192.168.2.3'].each do |url|
allow(Addrinfo).to receive(:getaddrinfo).with(domain, any_args).and_return([Addrinfo.tcp(url, 80)])
2021-09-30 23:02:18 +05:30
expect(integration.can_query?).to be true
2020-04-22 19:07:51 +05:30
end
end
end
2019-12-26 22:10:19 +05:30
context 'with self-monitoring project and internal Prometheus' do
before do
2021-09-30 23:02:18 +05:30
integration.api_url = 'http://localhost:9090'
2019-12-26 22:10:19 +05:30
2020-03-13 15:44:24 +05:30
stub_application_setting(self_monitoring_project_id: project.id)
2021-03-08 18:12:59 +05:30
stub_config(prometheus: { enable: true, server_address: 'localhost:9090' })
2019-12-26 22:10:19 +05:30
end
it 'allows self-monitoring project to connect to internal Prometheus' do
aggregate_failures do
['127.0.0.1', '192.168.2.3'].each do |url|
allow(Addrinfo).to receive(:getaddrinfo).with(domain, any_args).and_return([Addrinfo.tcp(url, 80)])
2021-09-30 23:02:18 +05:30
expect(integration.can_query?).to be true
2019-12-26 22:10:19 +05:30
end
end
end
it 'does not allow self-monitoring project to connect to other local URLs' do
2021-09-30 23:02:18 +05:30
integration.api_url = 'http://localhost:8000'
2019-12-26 22:10:19 +05:30
aggregate_failures do
['127.0.0.1', '192.168.2.3'].each do |url|
allow(Addrinfo).to receive(:getaddrinfo).with(domain, any_args).and_return([Addrinfo.tcp(url, 80)])
2021-09-30 23:02:18 +05:30
expect(integration.can_query?).to be false
2019-12-26 22:10:19 +05:30
end
end
end
end
2017-08-17 22:00:37 +05:30
end
end
2020-04-22 19:07:51 +05:30
describe 'callbacks' do
context 'after_create' do
let(:project) { create(:project) }
2021-09-30 23:02:18 +05:30
let(:integration) { build(:prometheus_integration, project: project) }
2020-04-22 19:07:51 +05:30
2021-09-30 23:02:18 +05:30
subject(:create_integration) { integration.save! }
2020-04-22 19:07:51 +05:30
it 'creates default alerts' do
expect(Prometheus::CreateDefaultAlertsWorker)
.to receive(:perform_async)
.with(project.id)
2021-09-30 23:02:18 +05:30
create_integration
2020-04-22 19:07:51 +05:30
end
context 'no project exists' do
2021-09-30 23:02:18 +05:30
let(:integration) { build(:prometheus_integration, :instance) }
2020-04-22 19:07:51 +05:30
it 'does not create default alerts' do
expect(Prometheus::CreateDefaultAlertsWorker)
.not_to receive(:perform_async)
2021-09-30 23:02:18 +05:30
create_integration
2020-04-22 19:07:51 +05:30
end
end
end
end
2017-08-17 22:00:37 +05:30
describe '#test' do
2018-03-17 18:26:18 +05:30
before do
2021-09-30 23:02:18 +05:30
integration.manual_configuration = true
2018-03-17 18:26:18 +05:30
end
2017-08-17 22:00:37 +05:30
let!(:req_stub) { stub_prometheus_request(prometheus_query_url('1'), body: prometheus_value_body('vector')) }
context 'success' do
it 'reads the discovery endpoint' do
2021-09-30 23:02:18 +05:30
expect(integration.test[:result]).to eq('Checked API endpoint')
expect(integration.test[:success]).to be_truthy
2018-03-17 18:26:18 +05:30
expect(req_stub).to have_been_requested.twice
2017-08-17 22:00:37 +05:30
end
end
context 'failure' do
let!(:req_stub) { stub_prometheus_request(prometheus_query_url('1'), status: 404) }
it 'fails to read the discovery endpoint' do
2021-09-30 23:02:18 +05:30
expect(integration.test[:success]).to be_falsy
2017-08-17 22:00:37 +05:30
expect(req_stub).to have_been_requested
end
end
end
2018-03-27 19:54:05 +05:30
describe '#prometheus_client' do
2019-03-13 22:55:13 +05:30
let(:api_url) { 'http://some_url' }
before do
2021-09-30 23:02:18 +05:30
integration.active = true
integration.api_url = api_url
integration.manual_configuration = manual_configuration
2019-03-13 22:55:13 +05:30
end
2018-03-17 18:26:18 +05:30
context 'manual configuration is enabled' do
2019-03-13 22:55:13 +05:30
let(:manual_configuration) { true }
2018-03-27 19:54:05 +05:30
2019-03-13 22:55:13 +05:30
it 'calls valid?' do
2021-09-30 23:02:18 +05:30
allow(integration).to receive(:valid?).and_call_original
2019-03-13 22:55:13 +05:30
2021-09-30 23:02:18 +05:30
expect(integration.prometheus_client).not_to be_nil
2019-03-13 22:55:13 +05:30
2021-09-30 23:02:18 +05:30
expect(integration).to have_received(:valid?)
2018-03-17 18:26:18 +05:30
end
end
context 'manual configuration is disabled' do
2019-03-13 22:55:13 +05:30
let(:manual_configuration) { false }
2018-03-17 18:26:18 +05:30
2018-03-27 19:54:05 +05:30
it 'no client provided' do
2021-09-30 23:02:18 +05:30
expect(integration.prometheus_client).to be_nil
2018-03-17 18:26:18 +05:30
end
end
2020-04-22 19:07:51 +05:30
context 'when local requests are allowed' do
let(:manual_configuration) { true }
let(:api_url) { 'http://192.168.1.1:9090' }
before do
stub_application_setting(allow_local_requests_from_web_hooks_and_services: true)
stub_prometheus_request("#{api_url}/api/v1/query?query=1")
end
it 'allows local requests' do
2021-09-30 23:02:18 +05:30
expect(integration.prometheus_client).not_to be_nil
expect { integration.prometheus_client.ping }.not_to raise_error
2020-04-22 19:07:51 +05:30
end
end
context 'when local requests are blocked' do
let(:manual_configuration) { true }
let(:api_url) { 'http://192.168.1.1:9090' }
before do
stub_application_setting(allow_local_requests_from_web_hooks_and_services: false)
stub_prometheus_request("#{api_url}/api/v1/query?query=1")
end
it 'blocks local requests' do
2021-09-30 23:02:18 +05:30
expect(integration.prometheus_client).to be_nil
2020-04-22 19:07:51 +05:30
end
context 'with self monitoring project and internal Prometheus URL' do
before do
stub_application_setting(allow_local_requests_from_web_hooks_and_services: false)
stub_application_setting(self_monitoring_project_id: project.id)
stub_config(prometheus: {
enable: true,
2021-03-08 18:12:59 +05:30
server_address: api_url
2020-04-22 19:07:51 +05:30
})
end
it 'allows local requests' do
2021-09-30 23:02:18 +05:30
expect(integration.prometheus_client).not_to be_nil
expect { integration.prometheus_client.ping }.not_to raise_error
2020-04-22 19:07:51 +05:30
end
end
end
2020-06-23 00:09:42 +05:30
context 'behind IAP' do
let(:manual_configuration) { true }
2021-02-11 23:33:58 +05:30
let(:google_iap_service_account) do
{
type: "service_account",
# dummy private key generated only for this test to pass openssl validation
private_key: <<~KEY
-----BEGIN RSA PRIVATE KEY-----
MIIBOAIBAAJAU85LgUY5o6j6j/07GMLCNUcWJOBA1buZnNgKELayA6mSsHrIv31J
Y8kS+9WzGPQninea7DcM4hHA7smMgQD1BwIDAQABAkAqKxMy6PL3tn7dFL43p0ex
JyOtSmlVIiAZG1t1LXhE/uoLpYi5DnbYqGgu0oih+7nzLY/dXpNpXUmiRMOUEKmB
AiEAoTi2rBXbrLSi2C+H7M/nTOjMQQDuZ8Wr4uWpKcjYJTMCIQCFEskL565oFl/7
RRQVH+cARrAsAAoJSbrOBAvYZ0PI3QIgIEFwis10vgEF86rOzxppdIG/G+JL0IdD
9IluZuXAGPECIGUo7qSaLr75o2VEEgwtAFH5aptIPFjrL5LFCKwtdB4RAiAYZgFV
HCMmaooAw/eELuMoMWNYmujZ7VaAnOewGDW0uw==
-----END RSA PRIVATE KEY-----
KEY
}
end
def stub_iap_request
2021-09-30 23:02:18 +05:30
integration.google_iap_service_account_json = Gitlab::Json.generate(google_iap_service_account)
integration.google_iap_audience_client_id = 'IAP_CLIENT_ID.apps.googleusercontent.com'
2020-06-23 00:09:42 +05:30
2021-02-11 23:33:58 +05:30
stub_request(:post, 'https://oauth2.googleapis.com/token')
.to_return(
status: 200,
body: '{"id_token": "FOO"}',
headers: { 'Content-Type': 'application/json; charset=UTF-8' }
)
2020-06-23 00:09:42 +05:30
end
it 'includes the authorization header' do
2021-02-11 23:33:58 +05:30
stub_iap_request
2021-09-30 23:02:18 +05:30
expect(integration.prometheus_client).not_to be_nil
expect(integration.prometheus_client.send(:options)).to have_key(:headers)
expect(integration.prometheus_client.send(:options)[:headers]).to eq(authorization: "Bearer FOO")
2020-06-23 00:09:42 +05:30
end
2021-02-11 23:33:58 +05:30
context 'when passed with token_credential_uri', issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/284819' do
let(:malicious_host) { 'http://example.com' }
where(:param_name) do
[
:token_credential_uri,
:tokencredentialuri,
:Token_credential_uri,
:tokenCredentialUri
]
end
with_them do
it 'does not make any unexpected HTTP requests' do
google_iap_service_account[param_name] = malicious_host
stub_iap_request
stub_request(:any, malicious_host).to_raise('Making additional HTTP requests is forbidden!')
2021-09-30 23:02:18 +05:30
expect(integration.prometheus_client).not_to be_nil
2021-02-11 23:33:58 +05:30
end
end
end
2020-06-23 00:09:42 +05:30
end
2018-03-17 18:26:18 +05:30
end
2018-12-13 13:39:08 +05:30
describe '#prometheus_available?' do
2021-09-04 01:27:46 +05:30
context 'clusters with enabled prometheus' do
2020-01-01 13:55:28 +05:30
before do
2021-09-04 01:27:46 +05:30
create(:clusters_integrations_prometheus, cluster: cluster)
2020-01-01 13:55:28 +05:30
end
2018-03-17 18:26:18 +05:30
2020-01-01 13:55:28 +05:30
context 'cluster belongs to project' do
let(:cluster) { create(:cluster, projects: [project]) }
it 'returns true' do
2021-09-30 23:02:18 +05:30
expect(integration.prometheus_available?).to be(true)
2020-01-01 13:55:28 +05:30
end
end
context 'cluster belongs to projects group' do
2020-03-13 15:44:24 +05:30
let_it_be(:group) { create(:group) }
2021-04-29 21:17:54 +05:30
2020-01-01 13:55:28 +05:30
let(:project) { create(:prometheus_project, group: group) }
2021-09-04 01:27:46 +05:30
let(:cluster) { create(:cluster_for_group, groups: [group]) }
2020-01-01 13:55:28 +05:30
it 'returns true' do
2021-09-30 23:02:18 +05:30
expect(integration.prometheus_available?).to be(true)
2020-01-01 13:55:28 +05:30
end
2020-04-08 14:13:33 +05:30
it 'avoids N+1 queries' do
2021-09-30 23:02:18 +05:30
integration
2020-04-08 14:13:33 +05:30
5.times do |i|
2021-09-04 01:27:46 +05:30
other_cluster = create(:cluster_for_group, groups: [group], environment_scope: i)
create(:clusters_integrations_prometheus, cluster: other_cluster)
2020-04-08 14:13:33 +05:30
end
2021-09-30 23:02:18 +05:30
expect { integration.prometheus_available? }.not_to exceed_query_limit(1)
2020-04-08 14:13:33 +05:30
end
2020-01-01 13:55:28 +05:30
end
context 'cluster belongs to gitlab instance' do
let(:cluster) { create(:cluster, :instance) }
it 'returns true' do
2021-09-30 23:02:18 +05:30
expect(integration.prometheus_available?).to be(true)
2020-01-01 13:55:28 +05:30
end
2018-12-13 13:39:08 +05:30
end
end
2021-09-04 01:27:46 +05:30
context 'clusters with prometheus disabled' do
2018-03-17 18:26:18 +05:30
let(:cluster) { create(:cluster, projects: [project]) }
2021-09-04 01:27:46 +05:30
let!(:prometheus) { create(:clusters_integrations_prometheus, :disabled, cluster: cluster) }
2018-03-17 18:26:18 +05:30
it 'returns false' do
2021-09-30 23:02:18 +05:30
expect(integration.prometheus_available?).to be(false)
2018-03-17 18:26:18 +05:30
end
end
context 'clusters without prometheus' do
let(:cluster) { create(:cluster, projects: [project]) }
it 'returns false' do
2021-09-30 23:02:18 +05:30
expect(integration.prometheus_available?).to be(false)
2018-03-17 18:26:18 +05:30
end
end
context 'no clusters' do
it 'returns false' do
2021-09-30 23:02:18 +05:30
expect(integration.prometheus_available?).to be(false)
2018-03-17 18:26:18 +05:30
end
end
end
2018-03-27 19:54:05 +05:30
describe '#synchronize_service_state before_save callback' do
2018-03-17 18:26:18 +05:30
context 'no clusters with prometheus are installed' do
2021-09-30 23:02:18 +05:30
context 'when integration is inactive' do
2018-03-17 18:26:18 +05:30
before do
2021-09-30 23:02:18 +05:30
integration.active = false
2018-03-17 18:26:18 +05:30
end
2021-09-30 23:02:18 +05:30
it 'activates integration when manual_configuration is enabled' do
expect { integration.update!(manual_configuration: true) }.to change { integration.active }.from(false).to(true)
2018-03-17 18:26:18 +05:30
end
2021-09-30 23:02:18 +05:30
it 'keeps integration inactive when manual_configuration is disabled' do
expect { integration.update!(manual_configuration: false) }.not_to change { integration.active }.from(false)
2018-03-17 18:26:18 +05:30
end
end
2021-09-30 23:02:18 +05:30
context 'when integration is active' do
2018-03-17 18:26:18 +05:30
before do
2021-09-30 23:02:18 +05:30
integration.active = true
2018-03-17 18:26:18 +05:30
end
2021-09-30 23:02:18 +05:30
it 'keeps the integration active when manual_configuration is enabled' do
expect { integration.update!(manual_configuration: true) }.not_to change { integration.active }.from(true)
2018-03-17 18:26:18 +05:30
end
2021-09-30 23:02:18 +05:30
it 'inactivates the integration when manual_configuration is disabled' do
expect { integration.update!(manual_configuration: false) }.to change { integration.active }.from(true).to(false)
2018-03-17 18:26:18 +05:30
end
end
end
context 'with prometheus installed in the cluster' do
before do
2021-09-30 23:02:18 +05:30
allow(integration).to receive(:prometheus_available?).and_return(true)
2018-03-17 18:26:18 +05:30
end
2021-09-30 23:02:18 +05:30
context 'when integration is inactive' do
2018-03-17 18:26:18 +05:30
before do
2021-09-30 23:02:18 +05:30
integration.active = false
2018-03-17 18:26:18 +05:30
end
2021-09-30 23:02:18 +05:30
it 'activates integration when manual_configuration is enabled' do
expect { integration.update!(manual_configuration: true) }.to change { integration.active }.from(false).to(true)
2018-03-17 18:26:18 +05:30
end
2021-09-30 23:02:18 +05:30
it 'activates integration when manual_configuration is disabled' do
expect { integration.update!(manual_configuration: false) }.to change { integration.active }.from(false).to(true)
2018-03-17 18:26:18 +05:30
end
end
2021-09-30 23:02:18 +05:30
context 'when integration is active' do
2018-03-17 18:26:18 +05:30
before do
2021-09-30 23:02:18 +05:30
integration.active = true
2018-03-17 18:26:18 +05:30
end
2021-09-30 23:02:18 +05:30
it 'keeps integration active when manual_configuration is enabled' do
expect { integration.update!(manual_configuration: true) }.not_to change { integration.active }.from(true)
2018-03-17 18:26:18 +05:30
end
2021-09-30 23:02:18 +05:30
it 'keeps integration active when manual_configuration is disabled' do
expect { integration.update!(manual_configuration: false) }.not_to change { integration.active }.from(true)
2018-03-17 18:26:18 +05:30
end
end
end
end
2020-01-01 13:55:28 +05:30
describe '#track_events after_commit callback' do
before do
2021-09-30 23:02:18 +05:30
allow(integration).to receive(:prometheus_available?).and_return(true)
2020-01-01 13:55:28 +05:30
end
context "enabling manual_configuration" do
it "tracks enable event" do
2021-09-30 23:02:18 +05:30
integration.update!(manual_configuration: false)
integration.update!(manual_configuration: true)
2021-01-03 14:25:43 +05:30
expect_snowplow_event(category: 'cluster:services:prometheus', action: 'enabled_manual_prometheus')
2020-01-01 13:55:28 +05:30
end
it "tracks disable event" do
2021-09-30 23:02:18 +05:30
integration.update!(manual_configuration: true)
integration.update!(manual_configuration: false)
2021-01-03 14:25:43 +05:30
expect_snowplow_event(category: 'cluster:services:prometheus', action: 'disabled_manual_prometheus')
2020-01-01 13:55:28 +05:30
end
end
end
2020-04-22 19:07:51 +05:30
describe '#editable?' do
it 'is editable' do
2021-09-30 23:02:18 +05:30
expect(integration.editable?).to be(true)
2020-04-22 19:07:51 +05:30
end
2021-09-04 01:27:46 +05:30
context 'when cluster exists with prometheus enabled' do
2020-04-22 19:07:51 +05:30
let(:cluster) { create(:cluster, projects: [project]) }
before do
2021-09-30 23:02:18 +05:30
integration.update!(manual_configuration: false)
2020-04-22 19:07:51 +05:30
2021-09-04 01:27:46 +05:30
create(:clusters_integrations_prometheus, cluster: cluster)
2020-04-22 19:07:51 +05:30
end
it 'remains editable' do
2021-09-30 23:02:18 +05:30
expect(integration.editable?).to be(true)
2020-04-22 19:07:51 +05:30
end
end
end
describe '#fields' do
let(:expected_fields) do
[
{
type: 'checkbox',
name: 'manual_configuration',
title: s_('PrometheusService|Active'),
2021-04-17 20:07:23 +05:30
help: s_('PrometheusService|Select this checkbox to override the auto configuration settings with your own settings.'),
2020-04-22 19:07:51 +05:30
required: true
},
{
type: 'text',
name: 'api_url',
title: 'API URL',
2021-04-17 20:07:23 +05:30
placeholder: s_('PrometheusService|https://prometheus.example.com/'),
help: s_('PrometheusService|The Prometheus API base URL.'),
2020-04-22 19:07:51 +05:30
required: true
2020-07-28 23:09:34 +05:30
},
2020-06-23 00:09:42 +05:30
{
type: 'text',
name: 'google_iap_audience_client_id',
title: 'Google IAP Audience Client ID',
2021-04-17 20:07:23 +05:30
placeholder: s_('PrometheusService|IAP_CLIENT_ID.apps.googleusercontent.com'),
2021-11-11 11:23:49 +05:30
help: s_('PrometheusService|The ID of the IAP-secured resource.'),
2020-06-23 00:09:42 +05:30
autocomplete: 'off',
required: false
},
{
type: 'textarea',
name: 'google_iap_service_account_json',
title: 'Google IAP Service Account JSON',
2021-04-17 20:07:23 +05:30
placeholder: s_('PrometheusService|{ "type": "service_account", "project_id": ... }'),
help: s_('PrometheusService|The contents of the credentials.json file of your service account.'),
2020-06-23 00:09:42 +05:30
required: false
}
]
end
2020-04-22 19:07:51 +05:30
it 'returns fields' do
2021-09-30 23:02:18 +05:30
expect(integration.fields).to eq(expected_fields)
2020-04-22 19:07:51 +05:30
end
end
2017-08-17 22:00:37 +05:30
end