Alerting: Get grafana-managed alert rule by UID (#86845)

* Add auth checks and test * Check user is authorized to view rule and add tests * Change naming * Update Swagger params * Update auth test and swagger gen * Update swagger gen * Change response to GettableExtendedRuleNode * openapi3-gen * Update tests with refactors models pkg
2025-08-03 01:42:12 +08:00 · 2024-05-02 15:24:59 +01:00
parent 9e6de035c0
commit df25e9197e
12 changed files with 227 additions and 13 deletions
--- a/pkg/services/ngalert/api/api_ruler_test.go
+++ b/pkg/services/ngalert/api/api_ruler_test.go
@ -318,6 +318,79 @@ func TestRouteGetNamespaceRulesConfig(t *testing.T) {
 	})
 }

+func TestRouteGetRuleByUID(t *testing.T) {
+	t.Run("rule is successfully fetched with the correct UID", func(t *testing.T) {
+		orgID := rand.Int63()
+		folder := randFolder()
+		ruleStore := fakes.NewRuleStore(t)
+		ruleStore.Folders[orgID] = append(ruleStore.Folders[orgID], folder)
+		groupKey := models.GenerateGroupKey(orgID)
+		groupKey.NamespaceUID = folder.UID
+		gen := models.RuleGen.With(models.RuleGen.WithGroupKey(groupKey))
+
+		createdRules := gen.With(gen.WithUniqueGroupIndex(), gen.WithUniqueID()).GenerateManyRef(3)
+		require.Len(t, createdRules, 3)
+		ruleStore.PutRule(context.Background(), createdRules...)
+
+		perms := createPermissionsForRules(createdRules, orgID)
+		req := createRequestContextWithPerms(orgID, perms, nil)
+
+		expectedRule := createdRules[1]
+		response := createService(ruleStore).RouteGetRuleByUID(req, expectedRule.UID)
+
+		require.Equal(t, http.StatusOK, response.Status())
+		result := &apimodels.GettableExtendedRuleNode{}
+		require.NoError(t, json.Unmarshal(response.Body(), result))
+		require.NotNil(t, result)
+
+		require.Equal(t, expectedRule.UID, result.GrafanaManagedAlert.UID)
+		require.Equal(t, expectedRule.RuleGroup, result.GrafanaManagedAlert.RuleGroup)
+		require.Equal(t, expectedRule.Title, result.GrafanaManagedAlert.Title)
+	})
+
+	t.Run("error when fetching rule with non-existent UID", func(t *testing.T) {
+		orgID := rand.Int63()
+		folder := randFolder()
+		ruleStore := fakes.NewRuleStore(t)
+		ruleStore.Folders[orgID] = append(ruleStore.Folders[orgID], folder)
+		groupKey := models.GenerateGroupKey(orgID)
+		groupKey.NamespaceUID = folder.UID
+		gen := models.RuleGen.With(models.RuleGen.WithGroupKey(groupKey))
+
+		createdRules := gen.With(gen.WithUniqueGroupIndex(), gen.WithUniqueID()).GenerateManyRef(3)
+		require.Len(t, createdRules, 3)
+		ruleStore.PutRule(context.Background(), createdRules...)
+
+		perms := createPermissionsForRules(createdRules, orgID)
+		req := createRequestContextWithPerms(orgID, perms, nil)
+		response := createService(ruleStore).RouteGetRuleByUID(req, "foobar")
+
+		require.Equal(t, http.StatusNotFound, response.Status())
+	})
+
+	t.Run("error due to user not being authorized to view a rule in the group", func(t *testing.T) {
+		orgID := rand.Int63()
+		folder := randFolder()
+		ruleStore := fakes.NewRuleStore(t)
+		ruleStore.Folders[orgID] = append(ruleStore.Folders[orgID], folder)
+		groupKey := models.GenerateGroupKey(orgID)
+		groupKey.NamespaceUID = folder.UID
+		gen := models.RuleGen.With(models.RuleGen.WithGroupKey(groupKey))
+
+		authorizedRule := gen.With(gen.WithUniqueGroupIndex()).Generate()
+		ruleStore.PutRule(context.Background(), &authorizedRule)
+
+		unauthorizedRule := gen.With(gen.WithUniqueGroupIndex()).Generate()
+		ruleStore.PutRule(context.Background(), &unauthorizedRule)
+
+		perms := createPermissionsForRules([]*models.AlertRule{&authorizedRule}, orgID)
+		req := createRequestContextWithPerms(orgID, perms, nil)
+		response := createService(ruleStore).RouteGetRuleByUID(req, authorizedRule.UID)
+
+		require.Equal(t, http.StatusForbidden, response.Status())
+	})
+}
+
 func TestRouteGetRulesConfig(t *testing.T) {
 	gen := models.RuleGen
 	t.Run("fine-grained access is enabled", func(t *testing.T) {