Merge branch '227192-provide-pager-duty-data-to-frontend' into 'master'

Provide PagerDuty integration data to frontend Closes #227192 See merge request gitlab-org/gitlab!36653

Merge branch '227192-provide-pager-duty-data-to-frontend' into 'master'
Provide PagerDuty integration data to frontend Closes #227192 See merge request gitlab-org/gitlab!36653
bd83690e · Peter Leitzen · 784df1cb · 28ec1471 · bd83690e · bd83690e
Commit bd83690e authored Jul 14, 2020 by Peter Leitzen
11 changed files
--- a/app/controllers/projects/settings/operations_controller.rb
+++ b/app/controllers/projects/settings/operations_controller.rb
@@ -5,7 +5,12 @@ module Projects
    class OperationsController < Projects::ApplicationController
      before_action :authorize_admin_operations!
      before_action :authorize_read_prometheus_alerts!, only: [:reset_alerting_token]
-      respond_to :json, only: [:reset_alerting_token]
+
+      before_action do
+        push_frontend_feature_flag(:pagerduty_webhook, project)
+      end
+
+      respond_to :json, only: [:reset_alerting_token, :reset_pagerduty_token]

      helper_method :error_tracking_setting

@@ -37,12 +42,31 @@ module Projects
        end
      end

+      def reset_pagerduty_token
+        result = ::Projects::Operations::UpdateService
+          .new(project, current_user, pagerduty_token_params)
+          .execute
+
+        if result[:status] == :success
+          pagerduty_token = project.incident_management_setting&.pagerduty_token
+          webhook_url = project_incidents_pagerduty_url(project, token: pagerduty_token)
+
+          render json: { pagerduty_webhook_url: webhook_url, pagerduty_token: pagerduty_token }
+        else
+          render json: {}, status: :unprocessable_entity
+        end
+      end
+
      private

      def alerting_params
        { alerting_setting_attributes: { regenerate_token: true } }
      end

+      def pagerduty_token_params
+        { incident_management_setting_attributes: { regenerate_token: true } }
+      end
+
      def render_update_response(result)
        respond_to do |format|
          format.html do

--- a/app/helpers/operations_helper.rb
+++ b/app/helpers/operations_helper.rb
@@ -32,6 +32,23 @@ module OperationsHelper
      'disabled' => disabled.to_s
    }
  end
+
+  def operations_settings_data
+    setting = project_incident_management_setting
+    templates = setting.available_issue_templates.map { |t| { key: t.key, name: t.name } }
+
+    {
+      operations_settings_endpoint: project_settings_operations_path(@project),
+      templates: templates.to_json,
+      create_issue: setting.create_issue.to_s,
+      issue_template_key: setting.issue_template_key.to_s,
+      send_email: setting.send_email.to_s,
+      pagerduty_active: setting.pagerduty_active.to_s,
+      pagerduty_token: setting.pagerduty_token.to_s,
+      pagerduty_webhook_url: project_incidents_pagerduty_url(@project, token: setting.pagerduty_token),
+      pagerduty_reset_key_path: reset_pagerduty_token_project_settings_operations_path(@project)
+    }
+  end
 end

 OperationsHelper.prepend_if_ee('EE::OperationsHelper')
--- a/app/models/incident_management/project_incident_management_setting.rb
+++ b/app/models/incident_management/project_incident_management_setting.rb
@@ -8,6 +8,15 @@ module IncidentManagement

    validate :issue_template_exists, if: :create_issue?

+    before_validation :ensure_pagerduty_token
+
+    attr_encrypted :pagerduty_token,
+      mode: :per_attribute_iv,
+      key: Settings.attr_encrypted_db_key_base_truncated,
+      algorithm: 'aes-256-gcm',
+      encode: false, # No need to encode for binary column https://github.com/attr-encrypted/attr_encrypted#the-encode-encode_iv-encode_salt-and-default_encoding-options
+      encode_iv: false
+
    def available_issue_templates
      Gitlab::Template::IssueTemplate.all(project)
    end
@@ -30,5 +39,15 @@ module IncidentManagement
      Gitlab::Template::IssueTemplate.find(issue_template_key, project)
    rescue Gitlab::Template::Finders::RepoTemplateFinder::FileNotFoundError
    end
+
+    def ensure_pagerduty_token
+      return unless pagerduty_active
+
+      self.pagerduty_token ||= generate_pagerduty_token
+    end
+
+    def generate_pagerduty_token
+      SecureRandom.hex
+    end
  end
 end
--- a/app/services/projects/operations/update_service.rb
+++ b/app/services/projects/operations/update_service.rb
@@ -108,7 +108,18 @@ module Projects
      end

      def incident_management_setting_params
-        params.slice(:incident_management_setting_attributes)
+        attrs = params[:incident_management_setting_attributes]
+        return {} unless attrs
+
+        regenerate_token = attrs.delete(:regenerate_token)
+
+        if regenerate_token
+          attrs[:pagerduty_token] = nil
+        else
+          attrs = attrs.except(:pagerduty_token)
+        end
+
+        { incident_management_setting_attributes: attrs }
      end
    end
  end

--- a/app/views/projects/settings/operations/_incidents.html.haml
+++ b/app/views/projects/settings/operations/_incidents.html.haml
- setting = project_incident_management_setting
- templates = setting.available_issue_templates.map { |t| { key: t.key, name: t.name } }
-
-.js-incidents-settings{ data: { operations_settings_endpoint: project_settings_operations_path(@project),
-        templates: templates.to_json,
-        create_issue: setting.create_issue.to_s,
-        issue_template_key: setting.issue_template_key.to_s,
-        send_email: setting.send_email.to_s } }
+.js-incidents-settings{ data: operations_settings_data }
--- a/config/routes/project.rb
+++ b/config/routes/project.rb
@@ -82,6 +82,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
          resource :operations, only: [:show, :update] do
            member do
              post :reset_alerting_token
+              post :reset_pagerduty_token
            end
          end

@@ -406,7 +407,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do

      post 'alerts/notify', to: 'alerting/notifications#create'

-      post 'incident_management/pager_duty', to: 'incident_management/pager_duty_incidents#create'
+      post 'incidents/pagerduty', to: 'incident_management/pager_duty_incidents#create'

      draw :legacy_builds


--- a/ee/app/services/ee/projects/operations/update_service.rb
+++ b/ee/app/services/ee/projects/operations/update_service.rb
@@ -11,7 +11,6 @@ module EE
        def project_update_params
          super
            .merge(tracing_setting_params)
-            .merge(incident_management_setting_params)
            .merge(status_page_setting_params)
        end

@@ -26,10 +25,6 @@ module EE
          { tracing_setting_attributes: attr.merge(_destroy: destroy) }
        end

-        def incident_management_setting_params
-          params.slice(:incident_management_setting_attributes)
-        end
-
        def status_page_setting_params
          return {} unless attrs = params[:status_page_setting_attributes]


--- a/lib/gitlab/tracking/incident_management.rb
+++ b/lib/gitlab/tracking/incident_management.rb
@@ -32,6 +32,9 @@ module Gitlab
            },
            send_email: {
              name: 'sending_emails'
+            },
+            pagerduty_active: {
+              name: 'pagerduty_webhook'
            }
          }.with_indifferent_access.freeze
        end

--- a/spec/controllers/projects/settings/operations_controller_spec.rb
+++ b/spec/controllers/projects/settings/operations_controller_spec.rb
@@ -151,7 +151,8 @@ RSpec.describe Projects::Settings::OperationsController do
          incident_management_setting_attributes: {
            create_issue: 'false',
            send_email: 'false',
-            issue_template_key: 'some-other-template'
+            issue_template_key: 'some-other-template',
+            pagerduty_active: 'true'
          }
        }
      end
@@ -159,7 +160,6 @@ RSpec.describe Projects::Settings::OperationsController do
      it_behaves_like 'PATCHable'

      context 'updating each incident management setting' do
-        let(:project) { create(:project) }
        let(:new_incident_management_settings) { {} }

        before do
@@ -185,6 +185,98 @@ RSpec.describe Projects::Settings::OperationsController do
        it_behaves_like 'a gitlab tracking event', { issue_template_key: nil }, 'disabled_issue_template_on_alerts'
        it_behaves_like 'a gitlab tracking event', { send_email: '1' }, 'enabled_sending_emails'
        it_behaves_like 'a gitlab tracking event', { send_email: '0' }, 'disabled_sending_emails'
+        it_behaves_like 'a gitlab tracking event', { pagerduty_active: '1' }, 'enabled_pagerduty_webhook'
+        it_behaves_like 'a gitlab tracking event', { pagerduty_active: '0' }, 'disabled_pagerduty_webhook'
+      end
+    end
+
+    describe 'POST #reset_pagerduty_token' do
+      before do
+        project.add_maintainer(user)
+      end
+
+      context 'with existing incident management setting has active PagerDuty webhook' do
+        let!(:incident_management_setting) do
+          create(:project_incident_management_setting, project: project, pagerduty_active: true)
+        end
+
+        let!(:old_token) { incident_management_setting.pagerduty_token }
+
+        it 'returns newly reset token' do
+          reset_pagerduty_token
+
+          new_token = incident_management_setting.reload.pagerduty_token
+          new_webhook_url = project_incidents_pagerduty_url(project, token: new_token)
+
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(json_response['pagerduty_webhook_url']).to eq(new_webhook_url)
+          expect(json_response['pagerduty_token']).to eq(new_token)
+          expect(old_token).not_to eq(new_token)
+        end
+      end
+
+      context 'without existing incident management setting' do
+        it 'does not reset a token' do
+          reset_pagerduty_token
+
+          new_webhook_url = project_incidents_pagerduty_url(project, token: nil)
+
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(json_response['pagerduty_webhook_url']).to eq(new_webhook_url)
+          expect(project.incident_management_setting.pagerduty_token).to be_nil
+        end
+      end
+
+      context 'when update fails' do
+        let(:operations_update_service) { spy(:operations_update_service) }
+        let(:pagerduty_token_params) do
+          { incident_management_setting_attributes: { regenerate_token: true } }
+        end
+
+        before do
+          expect(::Projects::Operations::UpdateService)
+            .to receive(:new).with(project, user, pagerduty_token_params)
+            .and_return(operations_update_service)
+          expect(operations_update_service).to receive(:execute)
+            .and_return(status: :error)
+        end
+
+        it 'returns unprocessable_entity' do
+          reset_pagerduty_token
+
+          expect(response).to have_gitlab_http_status(:unprocessable_entity)
+          expect(json_response).to be_empty
+        end
+      end
+
+      context 'with insufficient permissions' do
+        before do
+          project.add_reporter(user)
+        end
+
+        it 'returns 404' do
+          reset_pagerduty_token
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+
+      context 'as an anonymous user' do
+        before do
+          sign_out(user)
+        end
+
+        it 'returns a redirect' do
+          reset_pagerduty_token
+
+          expect(response).to have_gitlab_http_status(:redirect)
+        end
+      end
+
+      private
+
+      def reset_pagerduty_token
+        post :reset_pagerduty_token, params: project_params(project), format: :json
      end
    end
  end
@@ -296,9 +388,7 @@ RSpec.describe Projects::Settings::OperationsController do
      end
    end

-    describe 'POST reset_alerting_token' do
-      let(:project) { create(:project) }
-
+    describe 'POST #reset_alerting_token' do
      before do
        project.add_maintainer(user)
      end

--- a/spec/helpers/operations_helper_spec.rb
+++ b/spec/helpers/operations_helper_spec.rb
@@ -5,15 +5,18 @@ require 'spec_helper'
 RSpec.describe OperationsHelper do
  include Gitlab::Routing

-  describe '#alerts_settings_data' do
-    let_it_be(:user) { create(:user) }
-    let_it_be(:project, reload: true) { create(:project) }
+  let_it_be(:user) { create(:user) }
+  let_it_be(:project, reload: true) { create(:project) }
+
+  before do
+    helper.instance_variable_set(:@project, project)
+    allow(helper).to receive(:current_user) { user }
+  end

+  describe '#alerts_settings_data' do
    subject { helper.alerts_settings_data }

    before do
-      helper.instance_variable_set(:@project, project)
-      allow(helper).to receive(:current_user) { user }
      allow(helper).to receive(:can?).with(user, :admin_operations, project) { true }
    end

@@ -127,4 +130,31 @@ RSpec.describe OperationsHelper do
      end
    end
  end
+
+  describe '#operations_settings_data' do
+    let_it_be(:operations_settings) do
+      create(
+        :project_incident_management_setting,
+        project: project,
+        issue_template_key: 'template-key',
+        pagerduty_active: true
+      )
+    end
+
+    subject { helper.operations_settings_data }
+
+    it 'returns the correct set of data' do
+      is_expected.to eq(
+        operations_settings_endpoint: project_settings_operations_path(project),
+        templates: '[]',
+        create_issue: 'false',
+        issue_template_key: 'template-key',
+        send_email: 'false',
+        pagerduty_active: 'true',
+        pagerduty_token: operations_settings.pagerduty_token,
+        pagerduty_webhook_url: project_incidents_pagerduty_url(project, token: operations_settings.pagerduty_token),
+        pagerduty_reset_key_path: reset_pagerduty_token_project_settings_operations_path(project)
+      )
+    end
+  end
 end
--- a/spec/models/incident_management/project_incident_management_setting_spec.rb
+++ b/spec/models/incident_management/project_incident_management_setting_spec.rb
@@ -108,4 +108,42 @@ RSpec.describe IncidentManagement::ProjectIncidentManagementSetting do
      it_behaves_like 'no content'
    end
  end
+
+  describe '#pagerduty_token' do
+    let(:active) { true }
+
+    subject do
+      create(:project_incident_management_setting, project: project, pagerduty_active: active, pagerduty_token: token)
+    end
+
+    context 'when token already set' do
+      let(:token) { SecureRandom.hex }
+
+      it 'reads the token' do
+        expect(subject.pagerduty_token).to eq(token)
+        expect(subject.encrypted_pagerduty_token).not_to be_nil
+        expect(subject.encrypted_pagerduty_token_iv).not_to be_nil
+      end
+    end
+
+    context 'when not set' do
+      let(:token) { nil }
+
+      context 'when PagerDuty webhook is active' do
+        it 'generates a token before validation' do
+          expect(subject).to be_valid
+          expect(subject.pagerduty_token).to match(/\A\h{32}\z/)
+        end
+      end
+
+      context 'when PagerDuty webhook is not active' do
+        let(:active) { false }
+
+        it 'does not generate a token before validation' do
+          expect(subject).to be_valid
+          expect(subject.pagerduty_token).to be_nil
+        end
+      end
+    end
+  end
 end