diff options
Diffstat (limited to 'spec/lib/gitlab/observability_spec.rb')
| -rw-r--r-- | spec/lib/gitlab/observability_spec.rb | 186 |
1 files changed, 177 insertions, 9 deletions
diff --git a/spec/lib/gitlab/observability_spec.rb b/spec/lib/gitlab/observability_spec.rb index 8068d2f8ec9..5082d193197 100644 --- a/spec/lib/gitlab/observability_spec.rb +++ b/spec/lib/gitlab/observability_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Gitlab::Observability do +RSpec.describe Gitlab::Observability, feature_category: :error_tracking do describe '.observability_url' do let(:gitlab_url) { 'https://example.com' } @@ -31,29 +31,189 @@ RSpec.describe Gitlab::Observability do end end - describe '.observability_enabled?' do - let_it_be(:group) { build(:user) } - let_it_be(:user) { build(:group) } + describe '.build_full_url' do + let_it_be(:group) { build_stubbed(:group, id: 123) } + let(:observability_url) { described_class.observability_url } + + it 'returns the full observability url for the given params' do + url = described_class.build_full_url(group, '/foo?bar=baz', '/') + expect(url).to eq("https://observe.gitlab.com/-/123/foo?bar=baz") + end + + it 'handles missing / from observability_path' do + url = described_class.build_full_url(group, 'foo?bar=baz', '/') + expect(url).to eq("https://observe.gitlab.com/-/123/foo?bar=baz") + end + + it 'sanitises observability_path' do + url = described_class.build_full_url(group, "/test?groupId=<script>alert('attack!')</script>", '/') + expect(url).to eq("https://observe.gitlab.com/-/123/test?groupId=alert('attack!')") + end + + context 'when observability_path is missing' do + it 'builds the url with the fallback_path' do + url = described_class.build_full_url(group, nil, '/fallback') + expect(url).to eq("https://observe.gitlab.com/-/123/fallback") + end + + it 'defaults to / if fallback_path is also missing' do + url = described_class.build_full_url(group, nil, nil) + expect(url).to eq("https://observe.gitlab.com/-/123/") + end + end + end + + describe '.embeddable_url' do + before do + stub_config_setting(url: "https://www.gitlab.com") + # Can't use build/build_stubbed as we want the routes to be generated as well + create(:group, path: 'test-path', id: 123) + end + + context 'when URL is valid' do + where(:input, :expected) do + [ + [ + "https://www.gitlab.com/groups/test-path/-/observability/explore?observability_path=%2Fexplore%3FgroupId%3D14485840%26left%3D%255B%2522now-1h%2522,%2522now%2522,%2522new-sentry.gitlab.net%2522,%257B%257D%255D", + "https://observe.gitlab.com/-/123/explore?groupId=14485840&left=%5B%22now-1h%22,%22now%22,%22new-sentry.gitlab.net%22,%7B%7D%5D" + ], + [ + "https://www.gitlab.com/groups/test-path/-/observability/explore?observability_path=/goto/foo", + "https://observe.gitlab.com/-/123/goto/foo" + ] + ] + end + + with_them do + it 'returns an embeddable observability url' do + expect(described_class.embeddable_url(input)).to eq(expected) + end + end + end + + context 'when URL is invalid' do + where(:input) do + [ + # direct links to observe.gitlab.com + "https://observe.gitlab.com/-/123/explore", + 'https://observe.gitlab.com/v1/auth/start', + + # invalid GitLab URL + "not a link", + "https://foo.bar/groups/test-path/-/observability/explore?observability_path=/explore", + "http://www.gitlab.com/groups/test-path/-/observability/explore?observability_path=/explore", + "https://www.gitlab.com:123/groups/test-path/-/observability/explore?observability_path=/explore", + "https://www.gitlab.com@example.com/groups/test-path/-/observability/explore?observability_path=/explore", + "https://www.gitlab.com/groups/test-path/-/observability/explore?observability_path=@example.com", + + # invalid group/controller/actions + "https://www.gitlab.com/groups/INVALID_GROUP/-/observability/explore?observability_path=/explore", + "https://www.gitlab.com/groups/test-path/-/INVALID_CONTROLLER/explore?observability_path=/explore", + "https://www.gitlab.com/groups/test-path/-/observability/INVALID_ACTION?observability_path=/explore", + + # invalid observablity path + "https://www.gitlab.com/groups/test-path/-/observability/explore", + "https://www.gitlab.com/groups/test-path/-/observability/explore?missing_observability_path=/explore", + "https://www.gitlab.com/groups/test-path/-/observability/explore?observability_path=/not_embeddable", + "https://www.gitlab.com/groups/test-path/-/observability/explore?observability_path=/datasources", + "https://www.gitlab.com/groups/test-path/-/observability/explore?observability_path=not a valid path" + ] + end + + with_them do + it 'returns nil' do + expect(described_class.embeddable_url(input)).to be_nil + end + end + + it 'returns nil if the path detection throws an error' do + test_url = "https://www.gitlab.com/groups/test-path/-/observability/explore" + allow(Rails.application.routes).to receive(:recognize_path).with(test_url) { + raise ActionController::RoutingError, 'test' + } + expect(described_class.embeddable_url(test_url)).to be_nil + end + + it 'returns nil if parsing observaboility path throws an error' do + observability_path = 'some-path' + test_url = "https://www.gitlab.com/groups/test-path/-/observability/explore?observability_path=#{observability_path}" + + allow(URI).to receive(:parse).and_call_original + allow(URI).to receive(:parse).with(observability_path) { + raise URI::InvalidURIError, 'test' + } + + expect(described_class.embeddable_url(test_url)).to be_nil + end + end + end + + describe '.allowed_for_action?' do + let(:group) { build_stubbed(:group) } + let(:user) { build_stubbed(:user) } + + before do + allow(described_class).to receive(:allowed?).and_call_original + end + + it 'returns false if action is nil' do + expect(described_class.allowed_for_action?(user, group, nil)).to eq(false) + end + + describe 'allowed? calls' do + using RSpec::Parameterized::TableSyntax + + where(:action, :permission) do + :foo | :admin_observability + :explore | :read_observability + :datasources | :admin_observability + :manage | :admin_observability + :dashboards | :read_observability + end + + with_them do + it "calls allowed? with #{params[:permission]} when actions is #{params[:action]}" do + described_class.allowed_for_action?(user, group, action) + expect(described_class).to have_received(:allowed?).with(user, group, permission) + end + end + end + end + + describe '.allowed?' do + let(:user) { build_stubbed(:user) } + let(:group) { build_stubbed(:group) } + let(:test_permission) { :read_observability } + + before do + allow(Ability).to receive(:allowed?).and_return(false) + end subject do - described_class.observability_enabled?(user, group) + described_class.allowed?(user, group, test_permission) end - it 'checks if read_observability ability is allowed for the given user and group' do + it 'checks if ability is allowed for the given user and group' do allow(Ability).to receive(:allowed?).and_return(true) subject - expect(Ability).to have_received(:allowed?).with(user, :read_observability, group) + expect(Ability).to have_received(:allowed?).with(user, test_permission, group) end - it 'returns true if the read_observability ability is allowed' do + it 'checks for admin_observability if permission is missing' do + described_class.allowed?(user, group) + + expect(Ability).to have_received(:allowed?).with(user, :admin_observability, group) + end + + it 'returns true if the ability is allowed' do allow(Ability).to receive(:allowed?).and_return(true) expect(subject).to eq(true) end - it 'returns false if the read_observability ability is not allowed' do + it 'returns false if the ability is not allowed' do allow(Ability).to receive(:allowed?).and_return(false) expect(subject).to eq(false) @@ -64,5 +224,13 @@ RSpec.describe Gitlab::Observability do expect(subject).to eq(false) end + + it 'returns false if group is missing' do + expect(described_class.allowed?(user, nil, :read_observability)).to eq(false) + end + + it 'returns false if user is missing' do + expect(described_class.allowed?(nil, group, :read_observability)).to eq(false) + end end end |