Merge branch '229125-validate-pagerduty-payload-using-json-schemer' into 'master'

Validate PagerDuty payload using json_schemer Closes #229125 See merge request gitlab-org/gitlab!42862

Merge branch '229125-validate-pagerduty-payload-using-json-schemer' into 'master'
Validate PagerDuty payload using json_schemer Closes #229125 See merge request gitlab-org/gitlab!42862
529fb7f7 · Peter Leitzen · f576abbd · e529930a · 529fb7f7 · 529fb7f7
Commit 529fb7f7 authored Sep 28, 2020 by Peter Leitzen
4 changed files
--- a/app/services/incident_management/pager_duty/process_webhook_service.rb
+++ b/app/services/incident_management/pager_duty/process_webhook_service.rb
@@ -34,7 +34,7 @@ module IncidentManagement
        strong_memoize(:pager_duty_processable_events) do
          ::PagerDuty::WebhookPayloadParser
            .call(params.to_h)
-            .filter { |msg| msg['event'].in?(PAGER_DUTY_PROCESSABLE_EVENT_TYPES) }
+            .filter { |msg| msg['event'].to_s.in?(PAGER_DUTY_PROCESSABLE_EVENT_TYPES) }
        end
      end


--- a/lib/pager_duty/validator/schemas/message.json
+++ b/lib/pager_duty/validator/schemas/message.json
+{
+  "type": "object",
+  "required": ["event", "incident"],
+  "properties": {
+    "event": { "type": "string" },
+    "incident": {
+      "type": "object",
+      "required": [
+        "html_url",
+        "incident_number",
+        "title",
+        "status",
+        "created_at",
+        "urgency",
+        "incident_key"
+      ],
+      "properties": {
+        "html_url": { "type": "string" },
+        "incindent_number": { "type": "integer" },
+        "title": { "type": "string" },
+        "status": { "type": "string" },
+        "created_at": { "type": "string" },
+        "urgency": { "type": "string", "enum": ["high", "low"] },
+        "incident_key": { "type": ["string", "null"] },
+        "assignments": {
+          "type": "array",
+          "items": {
+            "assignee": {
+              "type": "array",
+              "items": {
+                "summary": { "type": "string" },
+                "html_url": { "type": "string" }
+              }
+            }
+          }
+        },
+        "impacted_services": {
+          "type": "array",
+          "items": {
+            "summary": { "type": "string" },
+            "html_url": { "type": "string" }
+          }
+        }
+      }
+    }
+  }
+}
--- a/lib/pager_duty/webhook_payload_parser.rb
+++ b/lib/pager_duty/webhook_payload_parser.rb
@@ -2,6 +2,8 @@

 module PagerDuty
  class WebhookPayloadParser
+    SCHEMA_PATH = File.join('lib', 'pager_duty', 'validator', 'schemas', 'message.json')
+
    def initialize(payload)
      @payload = payload
    end
@@ -11,7 +13,7 @@ module PagerDuty
    end

    def call
-      Array(payload['messages']).map { |msg| parse_message(msg) }
+      Array(payload['messages']).map { |msg| parse_message(msg) }.reject(&:empty?)
    end

    private
@@ -19,6 +21,8 @@ module PagerDuty
    attr_reader :payload

    def parse_message(message)
+      return {} unless valid_message?(message)
+
      {
        'event' => message['event'],
        'incident' => parse_incident(message['incident'])
@@ -26,8 +30,6 @@ module PagerDuty
    end

    def parse_incident(incident)
-      return {} if incident.blank?
-
      {
        'url' => incident['html_url'],
        'incident_number' => incident['incident_number'],
@@ -62,5 +64,9 @@ module PagerDuty
    def reject_empty(entities)
      Array(entities).reject { |e| e['summary'].blank? && e['url'].blank? }
    end
+
+    def valid_message?(message)
+      ::JSONSchemer.schema(Pathname.new(SCHEMA_PATH)).valid?(message)
+    end
  end
 end
--- a/spec/lib/pager_duty/webhook_payload_parser_spec.rb
+++ b/spec/lib/pager_duty/webhook_payload_parser_spec.rb
 # frozen_string_literal: true

 require 'fast_spec_helper'
+require 'json_schemer'

 RSpec.describe PagerDuty::WebhookPayloadParser do
  describe '.call' do
@@ -8,36 +9,36 @@ RSpec.describe PagerDuty::WebhookPayloadParser do
      File.read(File.join(File.dirname(__FILE__), '../../fixtures/pager_duty/webhook_incident_trigger.json'))
    end

+    let(:triggered_event) do
+      {
+        'event' => 'incident.trigger',
+        'incident' => {
+          'url' => 'https://webdemo.pagerduty.com/incidents/PRORDTY',
+          'incident_number' => 33,
+          'title' => 'My new incident',
+          'status' => 'triggered',
+          'created_at' => '2017-09-26T15:14:36Z',
+          'urgency' => 'high',
+          'incident_key' => nil,
+          'assignees' => [{
+            'summary' => 'Laura Haley',
+            'url' => 'https://webdemo.pagerduty.com/users/P553OPV'
+          }],
+          'impacted_services' => [{
+            'summary' => 'Production XDB Cluster',
+            'url' => 'https://webdemo.pagerduty.com/services/PN49J75'
+          }]
+        }
+      }
+    end
+
    subject(:parse) { described_class.call(payload) }

    context 'when payload is a correct PagerDuty payload' do
      let(:payload) { Gitlab::Json.parse(fixture_file) }

      it 'returns parsed payload' do
-        is_expected.to eq(
-          [
-            {
-              'event' => 'incident.trigger',
-              'incident' => {
-                'url' => 'https://webdemo.pagerduty.com/incidents/PRORDTY',
-                'incident_number' => 33,
-                'title' => 'My new incident',
-                'status' => 'triggered',
-                'created_at' => '2017-09-26T15:14:36Z',
-                'urgency' => 'high',
-                'incident_key' => nil,
-                'assignees' => [{
-                  'summary' => 'Laura Haley',
-                  'url' => 'https://webdemo.pagerduty.com/users/P553OPV'
-                }],
-                'impacted_services' => [{
-                  'summary' => 'Production XDB Cluster',
-                  'url' => 'https://webdemo.pagerduty.com/services/PN49J75'
-                }]
-              }
-            }
-          ]
-        )
+        is_expected.to eq([triggered_event])
      end

      context 'when assignments summary and html_url are blank' do
@@ -69,11 +70,42 @@ RSpec.describe PagerDuty::WebhookPayloadParser do
      end
    end

-    context 'when payload has no incidents' do
+    context 'when payload schema is invalid' do
      let(:payload) { { 'messages' => [{ 'event' => 'incident.trigger' }] } }

      it 'returns payload with blank incidents' do
-        is_expected.to eq([{ 'event' => 'incident.trigger', 'incident' => {} }])
+        is_expected.to eq([])
+      end
+    end
+
+    context 'when payload consists of two messages' do
+      context 'when one of the messages has no incident data' do
+        let(:payload) do
+          valid_payload = Gitlab::Json.parse(fixture_file)
+          event = { 'event' => 'incident.trigger' }
+          valid_payload['messages'] = valid_payload['messages'].append(event)
+          valid_payload
+        end
+
+        it 'returns parsed payload with valid events only' do
+          is_expected.to eq([triggered_event])
+        end
+      end
+
+      context 'when one of the messages has unknown event' do
+        let(:payload) do
+          valid_payload = Gitlab::Json.parse(fixture_file)
+          event = { 'event' => 'incident.unknown', 'incident' => valid_payload['messages'].first['incident'] }
+          valid_payload['messages'] = valid_payload['messages'].append(event)
+          valid_payload
+        end
+
+        it 'returns parsed payload' do
+          unknown_event = triggered_event.dup
+          unknown_event['event'] = 'incident.unknown'
+
+          is_expected.to contain_exactly(triggered_event, unknown_event)
+        end
      end
    end
  end