Merge pull request #399 from grafana/dev

Merge dev to main

Author: matiasb

CHANGELOG.md

@@ -1,5 +1,8 @@
 # Change Log
 
+## v1.0.23 (2022-08-23)
+- Bug fixes
+
 ## v1.0.22 (2022-08-16)
 - Make STATIC_URL configurable from environment variable
 

docker-compose-developer-pg.yml

@@ -53,7 +53,7 @@ services:
       retries: 10
 
   grafana:
-    image: "grafana/grafana:9.0.0-beta3"
+    image: "grafana/grafana:main"
     restart: always
     mem_limit: 500m
     cpus: 0.5

docker-compose-developer.yml

@@ -48,7 +48,7 @@ services:
         condition: service_healthy
 
   grafana:
-    image: "grafana/grafana:9.0.0-beta3"
+    image: "grafana/grafana:main"
     restart: always
     mem_limit: 500m
     cpus: 0.5
@@ -65,5 +65,5 @@ services:
     ports:
       - 3000:3000
     depends_on:
-      mysql-to-create-grafana-db:
+      mysql:
         condition: service_healthy

docs/sources/open-source.md

@@ -25,6 +25,8 @@ There are three Grafana OnCall OSS environments available:
 ## Production Environment
 We suggest using our official helm chart for the reliable production deployment of Grafana OnCall. It will deploy Grafana OnCall engine and celery workers, along with RabbitMQ cluster, Redis Cluster, and the database. 
 
+>**Note:** The Grafana OnCall engine currently supports one instance  of the Grafana OnCall plugin at a time. 
+
 Check the [helm chart](https://github.com/grafana/oncall/tree/dev/helm/oncall) for more details. 
 
 We'll always be happy to provide assistance with production deployment in [our communities](https://github.com/grafana/oncall#join-community)! 

engine/apps/alerts/tasks/call_ack_url.py

@@ -30,13 +30,34 @@ def call_ack_url(ack_url, alert_group_pk, channel, http_method="GET"):
         else None
     )
 
+    text = "{}".format(debug_message)
+    footer = "{}".format(info_message)
+    blocks = [
+        {
+            "type": "section",
+            "block_id": "alert",
+            "text": {
+                "type": "mrkdwn",
+                "text": text,
+            },
+        },
+        {"type": "divider"},
+        {
+            "type": "section",
+            "block_id": "alert",
+            "text": {
+                "type": "mrkdwn",
+                "text": footer,
+            },
+        },
+    ]
+
     if channel is not None:
         result = sc.api_call(
             "chat.postMessage",
             channel=channel,
-            attachments=[
-                {"callback_id": "alert", "text": "{}".format(debug_message), "footer": "{}".format(info_message)},
-            ],
+            text=text,
+            blocks=blocks,
             thread_ts=alert_group.slack_message.slack_id,
             mrkdwn=True,
         )

engine/apps/api/serializers/alert.py

@@ -5,18 +5,28 @@
 
 
 class AlertSerializer(serializers.ModelSerializer):
+    id = serializers.CharField(read_only=True, source="public_primary_key")
     render_for_web = serializers.SerializerMethodField()
 
     class Meta:
         model = Alert
         fields = [
-            "title",
-            "message",
-            "image_url",
+            "id",
             "link_to_upstream_details",
             "render_for_web",
             "created_at",
         ]
 
     def get_render_for_web(self, obj):
         return AlertWebRenderer(obj).render()
+
+
+class AlertRawSerializer(serializers.ModelSerializer):
+    id = serializers.CharField(read_only=True, source="public_primary_key")
+
+    class Meta:
+        model = Alert
+        fields = [
+            "id",
+            "raw_request_data",
+        ]

engine/apps/api/tests/test_schedules.py

@@ -912,7 +912,7 @@ def test_merging_same_shift_events(
             "is_gap": False,
             "priority_level": 1,
             "start": start_date + timezone.timedelta(hours=10),
-            "users": [user_a.username, user_b.username],
+            "users": sorted([user_a.username, user_b.username]),
             "missing_users": [user_c.username],
         }
     ]
@@ -929,7 +929,7 @@ def test_merging_same_shift_events(
             "is_gap": e["is_gap"],
             "priority_level": e["priority_level"],
             "start": e["start"],
-            "users": [u["display_name"] for u in e["users"]] if e["users"] else None,
+            "users": sorted([u["display_name"] for u in e["users"]]) if e["users"] else None,
             "missing_users": e["missing_users"],
         }
         for e in response.data["events"]
@@ -950,7 +950,7 @@ def test_merging_same_shift_events(
             "is_gap": e["is_gap"],
             "priority_level": e["priority_level"],
             "start": e["start"],
-            "users": [u["display_name"] for u in e["users"]] if e["users"] else None,
+            "users": sorted([u["display_name"] for u in e["users"]]) if e["users"] else None,
             "missing_users": e["missing_users"],
         }
         for e in response.data["events"]

engine/apps/api/tests/test_team.py

@@ -85,3 +85,198 @@ def test_list_teams_permissions(
     response = client.get(url, format="json", **make_user_auth_headers(user, token))
 
     assert response.status_code == status.HTTP_200_OK
+
+
+@pytest.mark.django_db
+def test_team_permissions_wrong_team_general(
+    make_organization,
+    make_team,
+    make_alert_group,
+    make_alert_receive_channel,
+    make_user,
+    make_escalation_chain,
+    make_schedule,
+    make_custom_action,
+    make_token_for_organization,
+    make_user_auth_headers,
+):
+    organization = make_organization()
+
+    user = make_user(organization=organization)
+    _, token = make_token_for_organization(organization)
+
+    team = make_team(organization)
+
+    user.teams.add(team)
+    user.current_team = team
+    user.save(update_fields=["current_team"])
+
+    alert_receive_channel = make_alert_receive_channel(organization)
+    alert_group = make_alert_group(alert_receive_channel)
+
+    # escalation_chain = make_escalation_chain(organization)
+    # schedule = make_schedule(organization, schedule_class=OnCallScheduleCalendar)
+    # webhook = make_custom_action(organization)
+
+    for endpoint, instance in (
+        ("alertgroup", alert_group),
+        # todo: implement team filtering for other resources
+        # ("alert_receive_channel", alert_receive_channel),
+        # ("escalation_chain", escalation_chain),
+        # ("schedule", schedule),
+        # ("custom_button", webhook),
+    ):
+        client = APIClient()
+        url = reverse(f"api-internal:{endpoint}-detail", kwargs={"pk": instance.public_primary_key})
+
+        response = client.get(url, **make_user_auth_headers(user, token))
+
+        assert response.status_code == status.HTTP_403_FORBIDDEN
+        assert response.json() == {
+            "error_code": "wrong_team",
+            "owner_team": {"name": "General", "id": None, "email": None, "avatar_url": None},
+        }
+
+
+@pytest.mark.django_db
+def test_team_permissions_wrong_team(
+    make_organization,
+    make_team,
+    make_alert_group,
+    make_alert_receive_channel,
+    make_user,
+    make_escalation_chain,
+    make_schedule,
+    make_custom_action,
+    make_token_for_organization,
+    make_user_auth_headers,
+):
+    organization = make_organization()
+
+    user = make_user(organization=organization)
+    _, token = make_token_for_organization(organization)
+
+    team = make_team(organization)
+    user.teams.add(team)
+
+    alert_receive_channel = make_alert_receive_channel(organization, team=team)
+    alert_group = make_alert_group(alert_receive_channel)
+
+    # escalation_chain = make_escalation_chain(organization, team=team)
+    # schedule = make_schedule(organization, schedule_class=OnCallScheduleCalendar, team=team)
+    # webhook = make_custom_action(organization, team=team)
+
+    for endpoint, instance in (
+        ("alertgroup", alert_group),
+        # todo: implement team filtering for other resources
+        # ("alert_receive_channel", alert_receive_channel),
+        # ("escalation_chain", escalation_chain),
+        # ("schedule", schedule),
+        # ("custom_button", webhook),
+    ):
+        client = APIClient()
+        url = reverse(f"api-internal:{endpoint}-detail", kwargs={"pk": instance.public_primary_key})
+
+        response = client.get(url, **make_user_auth_headers(user, token))
+
+        assert response.status_code == status.HTTP_403_FORBIDDEN
+        assert response.json() == {
+            "error_code": "wrong_team",
+            "owner_team": {
+                "name": team.name,
+                "id": team.public_primary_key,
+                "email": team.email,
+                "avatar_url": team.avatar_url,
+            },
+        }
+
+
+@pytest.mark.django_db
+def test_team_permissions_not_in_team(
+    make_organization,
+    make_team,
+    make_alert_group,
+    make_alert_receive_channel,
+    make_user,
+    make_escalation_chain,
+    make_schedule,
+    make_custom_action,
+    make_token_for_organization,
+    make_user_auth_headers,
+):
+    organization = make_organization()
+
+    user = make_user(organization=organization)
+    _, token = make_token_for_organization(organization)
+
+    team = make_team(organization)
+
+    alert_receive_channel = make_alert_receive_channel(organization, team=team)
+    alert_group = make_alert_group(alert_receive_channel)
+
+    # escalation_chain = make_escalation_chain(organization, team=team)
+    # schedule = make_schedule(organization, schedule_class=OnCallScheduleCalendar, team=team)
+    # webhook = make_custom_action(organization, team=team)
+
+    for endpoint, instance in (
+        ("alertgroup", alert_group),
+        # todo: implement team filtering for other resources
+        # ("alert_receive_channel", alert_receive_channel),
+        # ("escalation_chain", escalation_chain),
+        # ("schedule", schedule),
+        # ("custom_button", webhook),
+    ):
+        client = APIClient()
+        url = reverse(f"api-internal:{endpoint}-detail", kwargs={"pk": instance.public_primary_key})
+
+        response = client.get(url, **make_user_auth_headers(user, token))
+
+        assert response.status_code == status.HTTP_403_FORBIDDEN
+        assert response.json() == {"error_code": "wrong_team"}
+
+
+@pytest.mark.django_db
+def test_team_permissions_right_team(
+    make_organization,
+    make_team,
+    make_alert_group,
+    make_alert_receive_channel,
+    make_user,
+    make_escalation_chain,
+    make_schedule,
+    make_custom_action,
+    make_token_for_organization,
+    make_user_auth_headers,
+):
+    organization = make_organization()
+
+    user = make_user(organization=organization)
+    _, token = make_token_for_organization(organization)
+
+    team = make_team(organization)
+
+    user.teams.add(team)
+    user.current_team = team
+    user.save(update_fields=["current_team"])
+
+    alert_receive_channel = make_alert_receive_channel(organization, team=team)
+    alert_group = make_alert_group(alert_receive_channel)
+
+    # escalation_chain = make_escalation_chain(organization, team=team)
+    # schedule = make_schedule(organization, schedule_class=OnCallScheduleCalendar, team=team)
+    # webhook = make_custom_action(organization, team=team)
+
+    for endpoint, instance in (
+        ("alertgroup", alert_group),
+        # todo: implement team filtering for other resources
+        # ("alert_receive_channel", alert_receive_channel),
+        # ("escalation_chain", escalation_chain),
+        # ("schedule", schedule),
+        # ("custom_button", webhook),
+    ):
+        client = APIClient()
+        url = reverse(f"api-internal:{endpoint}-detail", kwargs={"pk": instance.public_primary_key})
+
+        response = client.get(url, **make_user_auth_headers(user, token))
+
+        assert response.status_code == status.HTTP_200_OK

engine/apps/api/urls.py

@@ -1,12 +1,13 @@
 from django.conf import settings
-from django.urls import include, path
+from django.urls import include, path, re_path
 
 from common.api_helpers.optional_slash_router import OptionalSlashRouter, optional_slash_path
 
 from .views import UserNotificationPolicyView, auth
 from .views.alert_group import AlertGroupView
 from .views.alert_receive_channel import AlertReceiveChannelView
 from .views.alert_receive_channel_template import AlertReceiveChannelTemplateView
+from .views.alerts import AlertDetailView
 from .views.apns_device import APNSDeviceAuthorizedViewSet
 from .views.channel_filter import ChannelFilterView
 from .views.custom_button import CustomButtonView
@@ -110,6 +111,7 @@
     ),
     optional_slash_path("route_regex_debugger", RouteRegexDebuggerView.as_view(), name="route_regex_debugger"),
     optional_slash_path("insight_logs_test", TestInsightLogsAPIView.as_view(), name="insight-logs-test"),
+    re_path(r"^alerts/(?P<id>\w+)/?$", AlertDetailView.as_view(), name="alerts-detail"),
 ]
 
 urlpatterns += [

engine/apps/api/views/alert_group.py

@@ -18,7 +18,7 @@
 from apps.user_management.models import User
 from common.api_helpers.exceptions import BadRequest
 from common.api_helpers.filters import DateRangeFilterMixin, ModelFieldFilterMixin
-from common.api_helpers.mixins import PreviewTemplateMixin, PublicPrimaryKeyMixin
+from common.api_helpers.mixins import PreviewTemplateMixin, PublicPrimaryKeyMixin, TeamFilteringMixin
 from common.api_helpers.paginators import TwentyFiveCursorPaginator
 
 
@@ -143,8 +143,13 @@ def filter_with_resolution_note(self, queryset, name, value):
         return queryset
 
 
+class AlertGroupTeamFilteringMixin(TeamFilteringMixin):
+    TEAM_LOOKUP = "channel__team"
+
+
 class AlertGroupView(
     PreviewTemplateMixin,
+    AlertGroupTeamFilteringMixin,
     PublicPrimaryKeyMixin,
     mixins.RetrieveModelMixin,
     mixins.ListModelMixin,