Add PagerDuty::ProcessWebhookService service

Add service to parse PagerDuty webhook payload, and create GitLab issues from parsed PagerDuty incidents.

Add PagerDuty::ProcessWebhookService service
Add service to parse PagerDuty webhook payload, and create GitLab issues from parsed PagerDuty incidents.
e82ebd5b · Vitali Tatarintev · 6a2d8fe7 · e82ebd5b · e82ebd5b · e82ebd5b
Commit e82ebd5b authored Jul 10, 2020 by Vitali Tatarintev
3 changed files
--- a/app/models/incident_management/project_incident_management_setting.rb
+++ b/app/models/incident_management/project_incident_management_setting.rb
@@ -12,7 +12,7 @@ module IncidentManagement

    attr_encrypted :pagerduty_token,
      mode: :per_attribute_iv,
-      key: Settings.attr_encrypted_db_key_base_truncated,
+      key: ::Settings.attr_encrypted_db_key_base_truncated,
      algorithm: 'aes-256-gcm',
      encode: false, # No need to encode for binary column https://github.com/attr-encrypted/attr_encrypted#the-encode-encode_iv-encode_salt-and-default_encoding-options
      encode_iv: false

--- a/app/services/incident_management/pager_duty/process_webhook_service.rb
+++ b/app/services/incident_management/pager_duty/process_webhook_service.rb
+# frozen_string_literal: true
+
+module IncidentManagement
+  module PagerDuty
+    class ProcessWebhookService < BaseService
+      include Gitlab::Utils::StrongMemoize
+      include IncidentManagement::Settings
+
+      # https://developer.pagerduty.com/docs/webhooks/webhook-behavior/#size-limit
+      PAGER_DUTY_PAYLOAD_SIZE_LIMIT = 55.kilobytes
+
+      # https://developer.pagerduty.com/docs/webhooks/v2-overview/#webhook-types
+      PAGER_DUTY_PROCESSABLE_EVENT_TYPES = %w(incident.trigger).freeze
+
+      def execute(token)
+        return forbidden unless webhook_setting_active?
+        return unauthorized unless valid_token?(token)
+        return bad_request unless valid_payload_size?
+
+        process_incidents
+
+        accepted
+      end
+
+      private
+
+      def process_incidents
+        pager_duty_processable_events.each do |event|
+          ::IncidentManagement::PagerDuty::ProcessIncidentWorker.perform_async(project.id, event['incident'])
+        end
+      end
+
+      def pager_duty_processable_events
+        strong_memoize(:pager_duty_processable_events) do
+          ::PagerDuty::WebhookPayloadParser
+            .call(params.to_h)
+            .filter { |msg| msg['event'].in?(PAGER_DUTY_PROCESSABLE_EVENT_TYPES) }
+        end
+      end
+
+      def webhook_setting_active?
+        Feature.enabled?(:pagerduty_webhook, project) &&
+          incident_management_setting.pagerduty_active?
+      end
+
+      def valid_token?(token)
+        token && incident_management_setting.pagerduty_token == token
+      end
+
+      def valid_payload_size?
+        Gitlab::Utils::DeepSize.new(params, max_size: PAGER_DUTY_PAYLOAD_SIZE_LIMIT).valid?
+      end
+
+      def accepted
+        ServiceResponse.success(http_status: :accepted)
+      end
+
+      def forbidden
+        ServiceResponse.error(message: 'Forbidden', http_status: :forbidden)
+      end
+
+      def unauthorized
+        ServiceResponse.error(message: 'Unauthorized', http_status: :unauthorized)
+      end
+
+      def bad_request
+        ServiceResponse.error(message: 'Bad Request', http_status: :bad_request)
+      end
+    end
+  end
+end
--- a/spec/services/incident_management/pager_duty/process_webhook_service_spec.rb
+++ b/spec/services/incident_management/pager_duty/process_webhook_service_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe IncidentManagement::PagerDuty::ProcessWebhookService do
+  let_it_be(:project, reload: true) { create(:project) }
+
+  describe '#execute' do
+    shared_examples 'does not process incidents' do
+      it 'does not process incidents' do
+        expect(::IncidentManagement::PagerDuty::ProcessIncidentWorker).not_to receive(:perform_async)
+
+        execute
+      end
+    end
+
+    let(:webhook_payload) { Gitlab::Json.parse(fixture_file('pager_duty/webhook_incident_trigger.json')) }
+    let(:token) { nil }
+
+    subject(:execute) { described_class.new(project, nil, webhook_payload).execute(token) }
+
+    context 'when pagerduty_webhook feature is enabled' do
+      before do
+        stub_feature_flags(pagerduty_webhook: project)
+      end
+
+      context 'when PagerDuty webhook setting is active' do
+        let_it_be(:incident_management_setting) { create(:project_incident_management_setting, project: project, pagerduty_active: true) }
+
+        context 'when token is valid' do
+          let(:token) { incident_management_setting.pagerduty_token }
+
+          context 'when webhook payload has acceptable size' do
+            it 'responds with Accepted' do
+              result = execute
+
+              expect(result).to be_success
+              expect(result.http_status).to eq(:accepted)
+            end
+
+            it 'processes issues' do
+              incident_payload = ::PagerDuty::WebhookPayloadParser.call(webhook_payload).first['incident']
+
+              expect(::IncidentManagement::PagerDuty::ProcessIncidentWorker)
+                .to receive(:perform_async)
+                .with(project.id, incident_payload)
+                .once
+
+              execute
+            end
+          end
+
+          context 'when webhook payload is too big' do
+            let(:deep_size) { instance_double(Gitlab::Utils::DeepSize, valid?: false) }
+
+            before do
+              allow(Gitlab::Utils::DeepSize)
+                .to receive(:new)
+                .with(webhook_payload, max_size: described_class::PAGER_DUTY_PAYLOAD_SIZE_LIMIT)
+                .and_return(deep_size)
+            end
+
+            it 'responds with Bad Request' do
+              result = execute
+
+              expect(result).to be_error
+              expect(result.http_status).to eq(:bad_request)
+            end
+
+            it_behaves_like 'does not process incidents'
+          end
+
+          context 'when webhook payload is blank' do
+            let(:webhook_payload) { nil }
+
+            it 'responds with Accepted' do
+              result = execute
+
+              expect(result).to be_success
+              expect(result.http_status).to eq(:accepted)
+            end
+
+            it_behaves_like 'does not process incidents'
+          end
+        end
+
+        context 'when token is invalid' do
+          let(:token) { 'invalid-token' }
+
+          it 'responds with Unauthorized' do
+            result = execute
+
+            expect(result).to be_error
+            expect(result.http_status).to eq(:unauthorized)
+          end
+
+          it_behaves_like 'does not process incidents'
+        end
+      end
+
+      context 'when both tokens are nil' do
+        let_it_be(:incident_management_setting) { create(:project_incident_management_setting, project: project, pagerduty_active: false) }
+        let(:token) { nil }
+
+        before do
+          incident_management_setting.update_column(:pagerduty_active, true)
+        end
+
+        it 'responds with Unauthorized' do
+          result = execute
+
+          expect(result).to be_error
+          expect(result.http_status).to eq(:unauthorized)
+        end
+
+        it_behaves_like 'does not process incidents'
+      end
+
+      context 'when PagerDuty webhook setting is not active' do
+        let_it_be(:incident_management_setting) { create(:project_incident_management_setting, project: project, pagerduty_active: false) }
+
+        it 'responds with Forbidden' do
+          result = execute
+
+          expect(result).to be_error
+          expect(result.http_status).to eq(:forbidden)
+        end
+
+        it_behaves_like 'does not process incidents'
+      end
+    end
+
+    context 'when pagerduty_webhook feature is disabled' do
+      before do
+        stub_feature_flags(pagerduty_webhook: false)
+      end
+
+      it 'responds with Forbidden' do
+        result = execute
+
+        expect(result).to be_error
+        expect(result.http_status).to eq(:forbidden)
+      end
+
+      it_behaves_like 'does not process incidents'
+    end
+  end
+end