Commit ee8a9ab6 authored by Zamir Martins Filho's avatar Zamir Martins Filho Committed by Jan Provaznik

Add validation for alert id with respective specs

parent 97ccd117
...@@ -10,11 +10,12 @@ module Projects ...@@ -10,11 +10,12 @@ module Projects
push_frontend_feature_flag(:threat_monitoring_alerts, project, default_enabled: :yaml) push_frontend_feature_flag(:threat_monitoring_alerts, project, default_enabled: :yaml)
end end
before_action :threat_monitoring_ff_enabled, only: [:alert_details]
feature_category :web_firewall feature_category :web_firewall
def alert_details def alert_details
render_404 unless Feature.enabled?(:threat_monitoring_alerts, project, default_enabled: :yaml) @alert_id = project.alert_management_alerts.find(params[:id]).id
@alert_id = params[:id]
end end
def edit def edit
...@@ -32,5 +33,11 @@ module Projects ...@@ -32,5 +33,11 @@ module Projects
render_404 render_404
end end
end end
private
def threat_monitoring_ff_enabled
render_404 unless Feature.enabled?(:threat_monitoring_alerts, project, default_enabled: :yaml)
end
end end
end end
...@@ -40,7 +40,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do ...@@ -40,7 +40,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resources :subscriptions, only: [:create, :destroy] resources :subscriptions, only: [:create, :destroy]
resource :threat_monitoring, only: [:show], controller: :threat_monitoring do resource :threat_monitoring, only: [:show], controller: :threat_monitoring do
get '/alerts/:id', action: 'alert_details' get '/alerts/:id', action: 'alert_details', constraints: { id: /\d+/ }
resources :policies, only: [:new, :edit], controller: :threat_monitoring resources :policies, only: [:new, :edit], controller: :threat_monitoring
end end
......
...@@ -4,6 +4,7 @@ require 'spec_helper' ...@@ -4,6 +4,7 @@ require 'spec_helper'
RSpec.describe Projects::ThreatMonitoringController do RSpec.describe Projects::ThreatMonitoringController do
let_it_be(:project) { create(:project, :repository, :private) } let_it_be(:project) { create(:project, :repository, :private) }
let_it_be(:alert) { create(:alert_management_alert, :cilium, project: project) }
let_it_be(:user) { create(:user) } let_it_be(:user) { create(:user) }
describe 'GET show' do describe 'GET show' do
...@@ -238,7 +239,9 @@ RSpec.describe Projects::ThreatMonitoringController do ...@@ -238,7 +239,9 @@ RSpec.describe Projects::ThreatMonitoringController do
end end
describe 'GET threat monitoring alerts' do describe 'GET threat monitoring alerts' do
subject { get :alert_details, params: { namespace_id: project.namespace, project_id: project, id: '5' } } let(:alert_id) { alert.id }
subject { get :alert_details, params: { namespace_id: project.namespace, project_id: project, id: alert_id } }
context 'with authorized user' do context 'with authorized user' do
before do before do
...@@ -246,6 +249,29 @@ RSpec.describe Projects::ThreatMonitoringController do ...@@ -246,6 +249,29 @@ RSpec.describe Projects::ThreatMonitoringController do
sign_in(user) sign_in(user)
end end
context 'with threat_monitoring feature and threat_monitoring_alerts feature flag' do
using RSpec::Parameterized::TableSyntax
where(:feature_flag, :feature, :http_status) do
false | false | :not_found
false | true | :not_found
true | false | :not_found
true | true | :ok
end
with_them do
before do
stub_licensed_features(threat_monitoring: feature)
stub_feature_flags(threat_monitoring_alerts: feature_flag)
end
specify do
subject
expect(response).to have_gitlab_http_status(http_status)
end
end
end
context 'when feature is available' do context 'when feature is available' do
before do before do
stub_licensed_features(threat_monitoring: true) stub_licensed_features(threat_monitoring: true)
...@@ -254,24 +280,28 @@ RSpec.describe Projects::ThreatMonitoringController do ...@@ -254,24 +280,28 @@ RSpec.describe Projects::ThreatMonitoringController do
it 'renders the show template' do it 'renders the show template' do
subject subject
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template(:alert_details) expect(response).to render_template(:alert_details)
end end
end
context 'when feature is not available' do context 'when id is invalid' do
before do let(:alert_id) { nil }
stub_licensed_features(threat_monitoring: true)
stub_feature_flags(threat_monitoring_alerts: false) it 'raises an error' do
expect { subject }.to raise_error(ActionController::UrlGenerationError)
end
end end
it 'returns 404' do context 'when id is not found' do
let(:alert_id) { non_existing_record_id }
it 'renders not found' do
subject subject
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
end end
end end
end end
end
context 'with unauthorized user' do context 'with unauthorized user' do
before do before do
......
...@@ -109,6 +109,20 @@ FactoryBot.define do ...@@ -109,6 +109,20 @@ FactoryBot.define do
end end
end end
trait :cilium do
monitoring_tool { Gitlab::AlertManagement::Payload::MONITORING_TOOLS[:cilium] }
payload do
{
annotations: {
title: 'This is a cilium alert',
summary: 'Summary of the alert',
description: 'Description of the alert'
},
startsAt: started_at
}.with_indifferent_access
end
end
trait :all_fields do trait :all_fields do
with_issue with_issue
with_assignee with_assignee
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment