Ezequiel Victorero
540 lines
17 KiB
Go
540 lines
17 KiB
Go
package shorturl
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
"testing"
|
|
|
|
"github.com/grafana/grafana/pkg/services/shorturls"
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
|
|
"github.com/grafana/grafana/pkg/api/dtos"
|
|
grafanarest "github.com/grafana/grafana/pkg/apiserver/rest"
|
|
"github.com/grafana/grafana/pkg/services/apiserver/options"
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
"github.com/grafana/grafana/pkg/tests/apis"
|
|
"github.com/grafana/grafana/pkg/tests/testinfra"
|
|
"github.com/grafana/grafana/pkg/tests/testsuite"
|
|
)
|
|
|
|
func TestMain(m *testing.M) {
|
|
testsuite.Run(m)
|
|
}
|
|
|
|
var gvr = schema.GroupVersionResource{
|
|
Group: "shorturl.grafana.app",
|
|
Version: "v1alpha1",
|
|
Resource: "shorturls",
|
|
}
|
|
|
|
var RESOURCEGROUP = gvr.GroupResource().String()
|
|
|
|
func TestIntegrationShortURL(t *testing.T) {
|
|
if testing.Short() {
|
|
t.Skip("skipping integration test")
|
|
}
|
|
|
|
t.Run("default setup with k8s flag turned off (legacy APIs)", func(t *testing.T) {
|
|
helper := apis.NewK8sTestHelper(t, testinfra.GrafanaOpts{
|
|
AppModeProduction: true, // do not start extra port 6443
|
|
DisableAnonymous: true,
|
|
EnableFeatureToggles: []string{}, // legacy APIs only
|
|
})
|
|
// In this setup, K8s APIs are not available - legacy APIs only
|
|
doLegacyOnlyTests(t, helper)
|
|
|
|
// When no feature toggles are enabled, shortURL K8s APIs should not be available
|
|
disco := helper.NewDiscoveryClient()
|
|
groups, err := disco.ServerGroups()
|
|
require.NoError(t, err)
|
|
|
|
hasShortURLGroup := false
|
|
for _, group := range groups.Groups {
|
|
if group.Name == "shorturl.grafana.app" {
|
|
hasShortURLGroup = true
|
|
break
|
|
}
|
|
}
|
|
require.False(t, hasShortURLGroup, "shortURL K8s APIs should not be available when kubernetesShortURLs feature toggle is disabled")
|
|
})
|
|
|
|
t.Run("with dual write (unified storage, mode 0)", func(t *testing.T) {
|
|
helper := apis.NewK8sTestHelper(t, testinfra.GrafanaOpts{
|
|
AppModeProduction: false, // required for unified storage
|
|
DisableAnonymous: true,
|
|
APIServerStorageType: options.StorageTypeUnified,
|
|
EnableFeatureToggles: []string{"kubernetesShortURLs"},
|
|
UnifiedStorageConfig: map[string]setting.UnifiedStorageConfig{
|
|
RESOURCEGROUP: {
|
|
DualWriterMode: grafanarest.Mode0,
|
|
},
|
|
},
|
|
})
|
|
doLegacyOnlyTests(t, helper)
|
|
})
|
|
|
|
t.Run("with dual write (unified storage, mode 1)", func(t *testing.T) {
|
|
mode := grafanarest.Mode1
|
|
helper := apis.NewK8sTestHelper(t, testinfra.GrafanaOpts{
|
|
AppModeProduction: false,
|
|
DisableAnonymous: true,
|
|
APIServerStorageType: options.StorageTypeUnified,
|
|
EnableFeatureToggles: []string{"kubernetesShortURLs"},
|
|
UnifiedStorageConfig: map[string]setting.UnifiedStorageConfig{
|
|
RESOURCEGROUP: {
|
|
DualWriterMode: mode,
|
|
},
|
|
},
|
|
})
|
|
doDualWriteTests(t, helper, mode)
|
|
})
|
|
|
|
t.Run("with dual write (unified storage, mode 2)", func(t *testing.T) {
|
|
mode := grafanarest.Mode2
|
|
helper := apis.NewK8sTestHelper(t, testinfra.GrafanaOpts{
|
|
AppModeProduction: false,
|
|
DisableAnonymous: true,
|
|
APIServerStorageType: options.StorageTypeUnified,
|
|
EnableFeatureToggles: []string{"kubernetesShortURLs"},
|
|
UnifiedStorageConfig: map[string]setting.UnifiedStorageConfig{
|
|
RESOURCEGROUP: {
|
|
DualWriterMode: mode,
|
|
},
|
|
},
|
|
})
|
|
doDualWriteTests(t, helper, mode)
|
|
})
|
|
|
|
t.Run("with dual write (unified storage, mode 3)", func(t *testing.T) {
|
|
mode := grafanarest.Mode3
|
|
helper := apis.NewK8sTestHelper(t, testinfra.GrafanaOpts{
|
|
AppModeProduction: false,
|
|
DisableAnonymous: true,
|
|
APIServerStorageType: options.StorageTypeUnified,
|
|
EnableFeatureToggles: []string{"kubernetesShortURLs"},
|
|
UnifiedStorageConfig: map[string]setting.UnifiedStorageConfig{
|
|
RESOURCEGROUP: {
|
|
DualWriterMode: mode,
|
|
},
|
|
},
|
|
})
|
|
doDualWriteTests(t, helper, mode)
|
|
})
|
|
|
|
t.Run("with dual write (unified storage, mode 5)", func(t *testing.T) {
|
|
helper := apis.NewK8sTestHelper(t, testinfra.GrafanaOpts{
|
|
AppModeProduction: false,
|
|
DisableAnonymous: true,
|
|
APIServerStorageType: options.StorageTypeUnified,
|
|
EnableFeatureToggles: []string{"kubernetesShortURLs"},
|
|
UnifiedStorageConfig: map[string]setting.UnifiedStorageConfig{
|
|
RESOURCEGROUP: {
|
|
DualWriterMode: grafanarest.Mode5,
|
|
},
|
|
},
|
|
})
|
|
doUnifiedOnlyTests(t, helper)
|
|
})
|
|
}
|
|
|
|
// doLegacyOnlyTests tests functionality for Mode 0 (legacy only)
|
|
// Only legacy API should be used, no K8s API interaction
|
|
func doLegacyOnlyTests(t *testing.T, helper *apis.K8sTestHelper) {
|
|
client := helper.GetResourceClient(apis.ResourceClientArgs{
|
|
User: helper.Org1.Editor,
|
|
GVR: gvr,
|
|
})
|
|
|
|
t.Run("Legacy API CRUD", func(t *testing.T) {
|
|
// Create via legacy API
|
|
legacyPayload := `{
|
|
"path": "d/xCmMwXdVz/legacy-only-test"
|
|
}`
|
|
legacyCreate := apis.DoRequest(helper, apis.RequestParams{
|
|
User: client.Args.User,
|
|
Method: http.MethodPost,
|
|
Path: "/api/short-urls",
|
|
Body: []byte(legacyPayload),
|
|
}, &dtos.ShortURL{})
|
|
require.NotNil(t, legacyCreate.Result)
|
|
uid := legacyCreate.Result.UID
|
|
require.NotEmpty(t, uid)
|
|
|
|
// Read via legacy API
|
|
legacyGet := apis.DoRequest(helper, apis.RequestParams{
|
|
User: client.Args.User,
|
|
Method: http.MethodGet,
|
|
Path: "/api/short-urls/" + uid,
|
|
}, &shorturls.ShortUrl{})
|
|
require.NotNil(t, legacyGet.Result)
|
|
assert.Equal(t, uid, legacyGet.Result.Uid)
|
|
assert.Equal(t, "d/xCmMwXdVz/legacy-only-test", legacyGet.Result.Path)
|
|
})
|
|
|
|
t.Run("Legacy API redirect functionality", func(t *testing.T) {
|
|
// Create via legacy API
|
|
legacyPayload := `{
|
|
"path": "d/test/legacy-redirect"
|
|
}`
|
|
legacyCreate := apis.DoRequest(helper, apis.RequestParams{
|
|
User: client.Args.User,
|
|
Method: http.MethodPost,
|
|
Path: "/api/short-urls",
|
|
Body: []byte(legacyPayload),
|
|
}, &dtos.ShortURL{})
|
|
require.NotNil(t, legacyCreate.Result)
|
|
uid := legacyCreate.Result.UID
|
|
|
|
// Test redirect functionality
|
|
redirectResponse := apis.DoRequest(helper, apis.RequestParams{
|
|
User: client.Args.User,
|
|
Method: http.MethodGet,
|
|
Path: "/goto/" + uid + "?orgId=default",
|
|
}, (*interface{})(nil))
|
|
assert.Equal(t, 302, redirectResponse.Response.StatusCode)
|
|
})
|
|
}
|
|
|
|
// doDualWriteTests tests functionality for Modes 1-3 (dual write modes)
|
|
// Both APIs available with cross-API visibility
|
|
func doDualWriteTests(t *testing.T, helper *apis.K8sTestHelper, mode grafanarest.DualWriterMode) {
|
|
// Check if shortURL K8s APIs are available
|
|
hasShortURLAPI := checkShortURLAPIAvailable(t, helper)
|
|
if !hasShortURLAPI {
|
|
t.Log("ShortURL Kubernetes APIs not available - skipping K8s API tests")
|
|
return
|
|
}
|
|
|
|
t.Run("Legacy API -> K8s API visibility", func(t *testing.T) {
|
|
client := helper.GetResourceClient(apis.ResourceClientArgs{
|
|
User: helper.Org1.Editor,
|
|
GVR: gvr,
|
|
})
|
|
|
|
// Create via legacy API
|
|
legacyPayload := `{
|
|
"path": "d/xCmMwXdVz/dual-write-test"
|
|
}`
|
|
legacyCreate := apis.DoRequest(helper, apis.RequestParams{
|
|
User: client.Args.User,
|
|
Method: http.MethodPost,
|
|
Path: "/api/short-urls",
|
|
Body: []byte(legacyPayload),
|
|
}, &dtos.ShortURL{})
|
|
require.NotNil(t, legacyCreate.Result)
|
|
uid := legacyCreate.Result.UID
|
|
require.NotEmpty(t, uid)
|
|
|
|
// Should be visible via K8s API
|
|
found, err := client.Resource.Get(context.Background(), uid, metav1.GetOptions{})
|
|
require.NoError(t, err)
|
|
assert.Equal(t, uid, found.GetName())
|
|
|
|
// Verify cross-API consistency
|
|
getFromBothAPIs(t, helper, client, uid)
|
|
|
|
// Clean up
|
|
err = client.Resource.Delete(context.Background(), uid, metav1.DeleteOptions{})
|
|
require.NoError(t, err)
|
|
})
|
|
|
|
t.Run("K8s API -> Legacy API visibility", func(t *testing.T) {
|
|
client := helper.GetResourceClient(apis.ResourceClientArgs{
|
|
User: helper.Org1.Editor,
|
|
GVR: gvr,
|
|
})
|
|
|
|
// Create via K8s API
|
|
obj := apis.DoRequest(helper, apis.RequestParams{
|
|
User: client.Args.User,
|
|
Method: http.MethodPost,
|
|
Path: "/apis/shorturl.grafana.app/v1alpha1/namespaces/default/shorturls",
|
|
Body: []byte(`{ "metadata": { "generateName": "test-" }, "spec": { "path": "d/xCmMwXdVz/k8s-dual-write" } }`),
|
|
}, &unstructured.Unstructured{})
|
|
require.NotNil(t, obj.Result)
|
|
|
|
uid := obj.Result.GetName()
|
|
assert.NotEmpty(t, uid)
|
|
|
|
// Should be visible via legacy API
|
|
legacyShortURL := apis.DoRequest(helper, apis.RequestParams{
|
|
User: client.Args.User,
|
|
Method: http.MethodGet,
|
|
Path: "/api/short-urls/" + uid,
|
|
}, &shorturls.ShortUrl{}).Result
|
|
require.NotNil(t, legacyShortURL)
|
|
assert.Equal(t, uid, legacyShortURL.Uid)
|
|
|
|
// Verify cross-API consistency
|
|
getFromBothAPIs(t, helper, client, uid)
|
|
|
|
// Clean up
|
|
err := client.Resource.Delete(context.Background(), uid, metav1.DeleteOptions{})
|
|
require.NoError(t, err)
|
|
})
|
|
|
|
t.Run("Redirect functionality", func(t *testing.T) {
|
|
client := helper.GetResourceClient(apis.ResourceClientArgs{
|
|
User: helper.Org1.Editor,
|
|
GVR: gvr,
|
|
})
|
|
|
|
// Create via K8s API
|
|
obj := apis.DoRequest(helper, apis.RequestParams{
|
|
User: client.Args.User,
|
|
Method: http.MethodPost,
|
|
Path: "/apis/shorturl.grafana.app/v1alpha1/namespaces/default/shorturls",
|
|
Body: []byte(`{ "metadata": { "generateName": "redirect-" }, "spec": { "path": "d/test/redirect" } }`),
|
|
}, &unstructured.Unstructured{})
|
|
require.NotNil(t, obj.Result)
|
|
|
|
uid := obj.Result.GetName()
|
|
|
|
// Test redirect functionality and lastSeenAt update
|
|
redirectResponse := apis.DoRequest(helper, apis.RequestParams{
|
|
User: client.Args.User,
|
|
Method: http.MethodGet,
|
|
Path: "/goto/" + uid + "?orgId=default",
|
|
}, (*interface{})(nil))
|
|
assert.Equal(t, 302, redirectResponse.Response.StatusCode)
|
|
|
|
// Verify lastSeenAt was updated (should be > 0 now)
|
|
found, err := client.Resource.Get(context.Background(), uid, metav1.GetOptions{})
|
|
require.NoError(t, err)
|
|
status, exists := found.Object["status"].(map[string]interface{})
|
|
assert.True(t, exists)
|
|
lastSeenAt, exists := status["lastSeenAt"].(int64)
|
|
assert.True(t, exists)
|
|
|
|
assert.Greater(t, lastSeenAt, int64(0))
|
|
|
|
// Clean up
|
|
err = client.Resource.Delete(context.Background(), uid, metav1.DeleteOptions{})
|
|
require.NoError(t, err)
|
|
})
|
|
}
|
|
|
|
// doUnifiedOnlyTests tests functionality for Modes 4-5 (unified only)
|
|
// Only K8s API, no legacy API interaction
|
|
func doUnifiedOnlyTests(t *testing.T, helper *apis.K8sTestHelper) {
|
|
// Check if shortURL K8s APIs are available
|
|
hasShortURLAPI := checkShortURLAPIAvailable(t, helper)
|
|
if !hasShortURLAPI {
|
|
t.Log("ShortURL Kubernetes APIs not available - skipping K8s API tests")
|
|
return
|
|
}
|
|
|
|
t.Run("K8s API CRUD (unified storage only)", func(t *testing.T) {
|
|
client := helper.GetResourceClient(apis.ResourceClientArgs{
|
|
User: helper.Org1.Editor,
|
|
GVR: gvr,
|
|
})
|
|
|
|
// Create via K8s API
|
|
obj := apis.DoRequest(helper, apis.RequestParams{
|
|
User: client.Args.User,
|
|
Method: http.MethodPost,
|
|
Path: "/apis/shorturl.grafana.app/v1alpha1/namespaces/default/shorturls",
|
|
Body: []byte(`{ "metadata": { "generateName": "unified-" }, "spec": { "path": "d/xCmMwXdVz/unified-only" } }`),
|
|
}, &unstructured.Unstructured{})
|
|
require.NotNil(t, obj.Result)
|
|
|
|
uid := obj.Result.GetName()
|
|
assert.NotEmpty(t, uid)
|
|
|
|
// Read via K8s API
|
|
found, err := client.Resource.Get(context.Background(), uid, metav1.GetOptions{})
|
|
require.NoError(t, err)
|
|
assert.Equal(t, uid, found.GetName())
|
|
|
|
// Should NOT be visible via legacy API in unified-only mode
|
|
legacyResponse := apis.DoRequest(helper, apis.RequestParams{
|
|
User: client.Args.User,
|
|
Method: http.MethodGet,
|
|
Path: "/api/short-urls/" + uid,
|
|
}, (*shorturls.ShortUrl)(nil))
|
|
// In unified-only mode, legacy API should not see the resource
|
|
assert.Nil(t, legacyResponse.Result)
|
|
|
|
// Clean up
|
|
err = client.Resource.Delete(context.Background(), uid, metav1.DeleteOptions{})
|
|
require.NoError(t, err)
|
|
})
|
|
|
|
t.Run("K8s API validation - invalid paths", func(t *testing.T) {
|
|
client := helper.GetResourceClient(apis.ResourceClientArgs{
|
|
User: helper.Org1.Editor,
|
|
GVR: gvr,
|
|
})
|
|
|
|
testCases := []struct {
|
|
name string
|
|
path string
|
|
expectedError string
|
|
}{
|
|
{
|
|
name: "absolute path should be rejected",
|
|
path: "/dashboard/absolute-path",
|
|
expectedError: "path should be relative",
|
|
},
|
|
{
|
|
name: "path with directory traversal should be rejected",
|
|
path: "d/../../../etc/passwd",
|
|
expectedError: "invalid short URL path",
|
|
},
|
|
{
|
|
name: "path with multiple directory traversals should be rejected",
|
|
path: "d/some/../path/../../../secret",
|
|
expectedError: "invalid short URL path",
|
|
},
|
|
}
|
|
|
|
for _, tc := range testCases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
// Attempt to create ShortURL with invalid path
|
|
invalidBody := fmt.Sprintf(`{ "metadata": { "generateName": "invalid-" }, "spec": { "path": "%s" } }`, tc.path)
|
|
response := apis.DoRequest(helper, apis.RequestParams{
|
|
User: client.Args.User,
|
|
Method: http.MethodPost,
|
|
Path: "/apis/shorturl.grafana.app/v1alpha1/namespaces/default/shorturls",
|
|
Body: []byte(invalidBody),
|
|
}, (*unstructured.Unstructured)(nil))
|
|
|
|
// Should get a validation error, it should be 400 Bad Request but the validation hook returns 403 Forbidden
|
|
assert.Equal(t, http.StatusForbidden, response.Response.StatusCode,
|
|
"Expected 403 for invalid path: %s", tc.path)
|
|
|
|
// Check that the error message contains expected validation error
|
|
assert.Contains(t, string(response.Body), tc.expectedError,
|
|
"Response should contain validation error message")
|
|
|
|
// Should not have created a resource
|
|
assert.Nil(t, response.Result, "No resource should be created for invalid path")
|
|
})
|
|
}
|
|
})
|
|
|
|
t.Run("K8s API validation - valid edge cases", func(t *testing.T) {
|
|
client := helper.GetResourceClient(apis.ResourceClientArgs{
|
|
User: helper.Org1.Editor,
|
|
GVR: gvr,
|
|
})
|
|
|
|
validPaths := []string{
|
|
"d/dashboard/valid-path",
|
|
"dashboard/some-id",
|
|
"explore?from=123&to=456",
|
|
"d/abc123/dashboard-with-params?var-test=value",
|
|
}
|
|
|
|
for _, validPath := range validPaths {
|
|
t.Run(fmt.Sprintf("valid path: %s", validPath), func(t *testing.T) {
|
|
validBody := fmt.Sprintf(`{ "metadata": { "generateName": "valid-" }, "spec": { "path": "%s" } }`, validPath)
|
|
response := apis.DoRequest(helper, apis.RequestParams{
|
|
User: client.Args.User,
|
|
Method: http.MethodPost,
|
|
Path: "/apis/shorturl.grafana.app/v1alpha1/namespaces/default/shorturls",
|
|
Body: []byte(validBody),
|
|
}, &unstructured.Unstructured{})
|
|
|
|
// Should succeed
|
|
assert.Equal(t, http.StatusCreated, response.Response.StatusCode,
|
|
"Expected 201 Created for valid path: %s", validPath)
|
|
assert.NotNil(t, response.Result, "Resource should be created for valid path")
|
|
|
|
if response.Result != nil {
|
|
uid := response.Result.GetName()
|
|
|
|
// Clean up
|
|
err := client.Resource.Delete(context.Background(), uid, metav1.DeleteOptions{})
|
|
assert.NoError(t, err, "Cleanup should succeed")
|
|
}
|
|
})
|
|
}
|
|
})
|
|
|
|
t.Run("Redirect functionality (unified only)", func(t *testing.T) {
|
|
client := helper.GetResourceClient(apis.ResourceClientArgs{
|
|
User: helper.Org1.Editor,
|
|
GVR: gvr,
|
|
})
|
|
|
|
// Create via K8s API
|
|
obj := apis.DoRequest[unstructured.Unstructured](helper, apis.RequestParams{
|
|
User: client.Args.User,
|
|
Method: http.MethodPost,
|
|
Path: "/apis/shorturl.grafana.app/v1alpha1/namespaces/default/shorturls",
|
|
Body: []byte(`{ "metadata": { "generateName": "redirect-unified-" }, "spec": { "path": "d/test/unified-redirect" } }`),
|
|
}, &unstructured.Unstructured{})
|
|
require.NotNil(t, obj.Result)
|
|
|
|
uid := obj.Result.GetName()
|
|
|
|
// Test redirect functionality
|
|
redirectResponse := apis.DoRequest(helper, apis.RequestParams{
|
|
User: client.Args.User,
|
|
Method: http.MethodGet,
|
|
Path: "/goto/" + uid + "?orgId=default",
|
|
}, (*interface{})(nil))
|
|
assert.Equal(t, 302, redirectResponse.Response.StatusCode)
|
|
|
|
// Clean up
|
|
err := client.Resource.Delete(context.Background(), uid, metav1.DeleteOptions{})
|
|
require.NoError(t, err)
|
|
})
|
|
}
|
|
|
|
// Helper function to check if shortURL K8s APIs are available
|
|
func checkShortURLAPIAvailable(t *testing.T, helper *apis.K8sTestHelper) bool {
|
|
disco := helper.NewDiscoveryClient()
|
|
groups, err := disco.ServerGroups()
|
|
if err != nil {
|
|
t.Logf("Failed to get server groups: %v", err)
|
|
return false
|
|
}
|
|
|
|
for _, group := range groups.Groups {
|
|
if group.Name == "shorturl.grafana.app" {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
// This does a get with both k8s and legacy API, and verifies the results are the same
|
|
func getFromBothAPIs(t *testing.T,
|
|
helper *apis.K8sTestHelper,
|
|
client *apis.K8sResourceClient,
|
|
uid string,
|
|
) {
|
|
t.Helper()
|
|
|
|
k8sResource, err := client.Resource.Get(context.Background(), uid, metav1.GetOptions{})
|
|
require.NoError(t, err)
|
|
assert.Equal(t, uid, k8sResource.GetName())
|
|
|
|
// Legacy API: Try to get the shortURL (might not be implemented)
|
|
legacyShortURL := apis.DoRequest(helper, apis.RequestParams{
|
|
User: client.Args.User,
|
|
Method: http.MethodGet,
|
|
Path: "/api/short-urls/" + uid,
|
|
}, &shorturls.ShortUrl{}).Result
|
|
|
|
if legacyShortURL != nil {
|
|
// If legacy API returns data, verify consistency
|
|
spec, ok := k8sResource.Object["spec"].(map[string]interface{})
|
|
require.True(t, ok)
|
|
status, ok := k8sResource.Object["status"].(map[string]interface{})
|
|
require.True(t, ok)
|
|
assert.Equal(t, legacyShortURL.Uid, k8sResource.GetName())
|
|
assert.Equal(t, legacyShortURL.Path, spec["path"].(string))
|
|
assert.Equal(t, legacyShortURL.LastSeenAt, status["lastSeenAt"].(int64))
|
|
}
|
|
}
|