mirror of
https://github.com/gravitational/teleport
synced 2024-10-21 17:53:28 +00:00
f07b291d44
* Move opsgenie client code to integrations/access * Add initial opsgenie bot skeleton and stubs * Add opsgenie check and set default to pluginv1 * Fix check and set defaults for opsgenie plugin config * Fill out bot stubs for opsgenie bot * Add loadOpsgenieConfig to integrations * Swap to using bearer token for opsgenie plugin * Fix formating in opsgenie bot * Reorder imports to fix lint errors * Add config field to plugins to allow for different recipient logic Allows bots that use schedules as recipients to determine their own logic for defaulting etc * Add notimplemented err for check health for opsgenie bots * Add check health to opsgenie client and bot * Rename recipientsAreSchedules to usersAsRecipients * Add pluginBearertokencredentials checkAndSetdefaults * Add resolveAnnotations to reqdata and use schedules from that * Update integrations/access/opsgenie/bot.go Co-authored-by: Roman Tkachenko <roman@goteleport.com> * Prevent default schedules being processed if annotations are set * Remove loadOpsgenieConfig * Rename opsgneie addr field * Add more verbose error messages to opsgenie client * Update api/proto/teleport/legacy/types/types.proto Co-authored-by: Roman Tkachenko <roman@goteleport.com> * Update integrations/access/opsgenie/bot.go Co-authored-by: Roman Tkachenko <roman@goteleport.com> * Fix error message for recipients field in opsgenie bot * Change apiEndpoint field name * Remove check for unused field from opsgenie config * Remove usersAsRecipients flag * Reserve addr and change change field number of api_endpoint * Update integrations/access/opsgenie/client.go Co-authored-by: Roman Tkachenko <roman@goteleport.com> * Rename reqAnnotationresponderskey to reqannotationscheduleskey * Remove unused check and set defaults * Rename REqAnnotationScheduleskey * Use types.Labels alias where possible * Simplify loop in opsgenie bot to satisfy linter --------- Co-authored-by: Roman Tkachenko <roman@goteleport.com>
160 lines
4.3 KiB
Go
160 lines
4.3 KiB
Go
/*
|
|
Copyright 2015-2023 Gravitational, Inc.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package opsgenie
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"io"
|
|
"log"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/gravitational/trace"
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/gravitational/teleport/api/types"
|
|
)
|
|
|
|
func TestCreateAlert(t *testing.T) {
|
|
recievedReq := ""
|
|
testServer := httptest.NewServer(http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) {
|
|
bodyBytes, err := io.ReadAll(req.Body)
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
recievedReq = string(bodyBytes)
|
|
}))
|
|
defer func() { testServer.Close() }()
|
|
|
|
c, err := NewClient(ClientConfig{
|
|
APIEndpoint: testServer.URL,
|
|
Priority: "somePriority",
|
|
ClusterName: "someClusterName",
|
|
})
|
|
assert.NoError(t, err)
|
|
|
|
_, err = c.CreateAlert(context.Background(), "someRequestID", RequestData{
|
|
User: "someUser",
|
|
Roles: []string{"role1", "role2"},
|
|
RequestReason: "someReason",
|
|
ResolveAnnotations: types.Labels{
|
|
types.TeleportNamespace + types.ReqAnnotationSchedulesLabel: {"responder@teleport.com"},
|
|
},
|
|
})
|
|
assert.NoError(t, err)
|
|
|
|
expected := AlertBody{
|
|
Message: "Access request from someUser",
|
|
Alias: "teleport-access-request/someRequestID",
|
|
Description: "someUser requested permissions for roles role1, role2 on Teleport at 01 Jan 01 00:00 UTC.\nReason: someReason\n\n",
|
|
Responders: []Responder{{Type: "schedule", ID: "responder@teleport.com"}},
|
|
Priority: "somePriority",
|
|
}
|
|
var got AlertBody
|
|
err = json.Unmarshal([]byte(recievedReq), &got)
|
|
assert.NoError(t, err)
|
|
|
|
assert.Equal(t, expected, got)
|
|
}
|
|
|
|
func TestPostReviewNote(t *testing.T) {
|
|
recievedReq := ""
|
|
testServer := httptest.NewServer(http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) {
|
|
bodyBytes, err := io.ReadAll(req.Body)
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
recievedReq = string(bodyBytes)
|
|
}))
|
|
defer func() { testServer.Close() }()
|
|
|
|
c, err := NewClient(ClientConfig{
|
|
APIEndpoint: testServer.URL,
|
|
Priority: "somePriority",
|
|
ClusterName: "someClusterName",
|
|
})
|
|
assert.NoError(t, err)
|
|
|
|
err = c.PostReviewNote(context.Background(), "someAlertID", types.AccessReview{
|
|
ProposedState: types.RequestState_APPROVED,
|
|
Author: "someUser",
|
|
Reason: "someReason",
|
|
})
|
|
assert.NoError(t, err)
|
|
|
|
expected := AlertNote{
|
|
Note: "someUser reviewed the request at 01 Jan 01 00:00 UTC.\nResolution: APPROVED.\nReason: someReason.",
|
|
}
|
|
var got AlertNote
|
|
err = json.Unmarshal([]byte(recievedReq), &got)
|
|
assert.NoError(t, err)
|
|
|
|
assert.Equal(t, expected, got)
|
|
}
|
|
|
|
func TestResolveAlert(t *testing.T) {
|
|
recievedReq := ""
|
|
testServer := httptest.NewServer(http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) {
|
|
bodyBytes, err := io.ReadAll(req.Body)
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
recievedReq = string(bodyBytes)
|
|
}))
|
|
defer func() { testServer.Close() }()
|
|
|
|
c, err := NewClient(ClientConfig{
|
|
APIEndpoint: testServer.URL,
|
|
Priority: "somePriority",
|
|
ClusterName: "someClusterName",
|
|
})
|
|
assert.NoError(t, err)
|
|
|
|
err = c.ResolveAlert(context.Background(), "someAlertID", Resolution{
|
|
Tag: ResolvedApproved,
|
|
Reason: "someReason",
|
|
})
|
|
assert.NoError(t, err)
|
|
|
|
expected := AlertNote{
|
|
Note: "Access request has been approved\nReason: someReason",
|
|
}
|
|
var got AlertNote
|
|
err = json.Unmarshal([]byte(recievedReq), &got)
|
|
assert.NoError(t, err)
|
|
|
|
assert.Equal(t, expected, got)
|
|
|
|
}
|
|
|
|
func TestCreateAlertError(t *testing.T) {
|
|
testServer := httptest.NewServer(http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) {
|
|
res.WriteHeader(http.StatusForbidden)
|
|
}))
|
|
defer func() { testServer.Close() }()
|
|
|
|
c, err := NewClient(ClientConfig{
|
|
APIEndpoint: testServer.URL,
|
|
})
|
|
assert.NoError(t, err)
|
|
|
|
_, err = c.CreateAlert(context.Background(), "someRequestID", RequestData{})
|
|
assert.True(t, trace.IsAccessDenied(err))
|
|
}
|