feat: activations with webhooks

Author: mkanoor

poetry.lock

@@ -49,6 +49,8 @@ django-ansible-base = { git = "https://github.com/ansible/django-ansible-base.gi
 jinja2 = ">=3.1.3,<3.2"
 django-split-settings = "^1.2.0"
 pexpect = "^4.9.0"
+psycopg = "*"
+xxhash = "*"
 
 [tool.poetry.group.test.dependencies]
 pytest = "*"

pyproject.toml

@@ -0,0 +1,29 @@
+#  Copyright 2024 Red Hat, Inc.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+import django_filters
+
+from aap_eda.core import models
+
+
+class WebhookFilter(django_filters.FilterSet):
+    name = django_filters.CharFilter(
+        field_name="name",
+        lookup_expr="istartswith",
+        label="Filter by webhook name.",
+    )
+
+    class Meta:
+        model = models.Webhook
+        fields = ["name"]

src/aap_eda/api/filters/webhook.py

@@ -71,6 +71,7 @@
     UserListSerializer,
     UserSerializer,
 )
+from .webhook import WebhookInSerializer, WebhookOutSerializer
 
 __all__ = (
     # auth
@@ -119,4 +120,7 @@
     "EventStreamSerializer",
     "EventStreamCreateSerializer",
     "EventStreamOutSerializer",
+    # webhooks
+    "WebhookInSerializer",
+    "WebhookOutSerializer",
 )

src/aap_eda/api/serializers/__init__.py

@@ -34,6 +34,7 @@
     substitute_source_args,
     swap_sources,
 )
+from aap_eda.api.serializers.webhook import WebhookOutSerializer
 from aap_eda.core import models, validators
 from aap_eda.core.enums import ProcessParentType
 
@@ -44,7 +45,7 @@ def _updated_ruleset(validated_data):
     try:
         sources_info = []
 
-        for event_stream_id in validated_data["event_streams"]:
+        for event_stream_id in validated_data.get("event_streams", []):
             event_stream = models.EventStream.objects.get(id=event_stream_id)
 
             if event_stream.rulebook:
@@ -66,6 +67,18 @@ def _updated_ruleset(validated_data):
             )
             sources_info.append(source)
 
+        if validated_data.get("webhooks", []):
+            sources_info = [
+                {
+                    "name": "webhook_event_stream",
+                    "type": "ansible.eda.pg_listener",
+                    "args": {
+                        "dsn": "{{ EDA_PG_NOTIFY_DSN }}",
+                        "channels": "{{ EDA_WEBHOOK_CHANNELS }}",
+                    },
+                }
+            ]
+
         return swap_sources(validated_data["rulebook_rulesets"], sources_info)
     except Exception as e:
         logger.error(f"Failed to update rulesets: {e}")
@@ -87,6 +100,12 @@ class ActivationSerializer(serializers.ModelSerializer):
         child=EventStreamOutSerializer(),
     )
 
+    webhooks = serializers.ListField(
+        required=False,
+        allow_null=True,
+        child=WebhookOutSerializer(),
+    )
+
     class Meta:
         model = models.Activation
         fields = [
@@ -112,6 +131,7 @@ class Meta:
             "credentials",
             "event_streams",
             "log_level",
+            "webhooks",
         ]
         read_only_fields = [
             "id",
@@ -137,6 +157,11 @@ class ActivationListSerializer(serializers.ModelSerializer):
         allow_null=True,
         child=EventStreamOutSerializer(),
     )
+    webhooks = serializers.ListField(
+        required=False,
+        allow_null=True,
+        child=WebhookOutSerializer(),
+    )
 
     class Meta:
         model = models.Activation
@@ -163,6 +188,7 @@ class Meta:
             "credentials",
             "event_streams",
             "log_level",
+            "webhooks",
         ]
         read_only_fields = ["id", "created_at", "modified_at"]
 
@@ -178,6 +204,10 @@ def to_representation(self, activation):
             EventStreamOutSerializer(event_stream).data
             for event_stream in activation.event_streams.all()
         ]
+        webhooks = [
+            WebhookOutSerializer(webhook).data
+            for webhook in activation.webhooks.all()
+        ]
 
         return {
             "id": activation.id,
@@ -202,6 +232,7 @@ def to_representation(self, activation):
             "credentials": credentials,
             "event_streams": event_streams,
             "log_level": activation.log_level,
+            "webhooks": webhooks,
         }
 
 
@@ -223,6 +254,7 @@ class Meta:
             "credentials",
             "event_streams",
             "log_level",
+            "webhooks",
         ]
 
     rulebook_id = serializers.IntegerField(
@@ -254,6 +286,12 @@ class Meta:
         child=serializers.IntegerField(),
         validators=[validators.check_if_event_streams_exists],
     )
+    webhooks = serializers.ListField(
+        required=False,
+        allow_null=True,
+        child=serializers.IntegerField(),
+        validators=[validators.check_if_webhooks_exists],
+    )
 
     def validate(self, data):
         user = data["user"]
@@ -277,7 +315,9 @@ def create(self, validated_data):
         validated_data["rulebook_rulesets"] = rulebook.rulesets
         validated_data["git_hash"] = rulebook.project.git_hash
         validated_data["project_id"] = rulebook.project.id
-        if validated_data.get("event_streams"):
+        if validated_data.get("event_streams") or validated_data.get(
+            "webhooks"
+        ):
             validated_data["rulebook_rulesets"] = _updated_ruleset(
                 validated_data
             )
@@ -359,6 +399,7 @@ class Meta:
             "credentials",
             "event_streams",
             "log_level",
+            "webhooks",
         ]
         read_only_fields = ["id", "created_at", "modified_at", "restarted_at"]
 
@@ -409,6 +450,10 @@ def to_representation(self, activation):
             EventStreamOutSerializer(event_stream).data
             for event_stream in activation.event_streams.all()
         ]
+        webhooks = [
+            WebhookOutSerializer(webhook).data
+            for webhook in activation.webhooks.all()
+        ]
 
         return {
             "id": activation.id,
@@ -438,6 +483,7 @@ def to_representation(self, activation):
             "credentials": credentials,
             "event_streams": event_streams,
             "log_level": activation.log_level,
+            "webhooks": webhooks,
         }
 
 

src/aap_eda/api/serializers/activation.py

@@ -0,0 +1,91 @@
+#  Copyright 2024 Red Hat, Inc.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+from rest_framework import serializers
+
+from aap_eda.core import models, validators
+
+
+class WebhookInSerializer(serializers.ModelSerializer):
+    owner = serializers.HiddenField(default=serializers.CurrentUserDefault())
+    hmac_algorithm = serializers.CharField(
+        default="sha256",
+        help_text="Hash algorithm to use",
+        validators=[validators.valid_hash_algorithm],
+    )
+    hmac_format = serializers.CharField(
+        default="hex",
+        help_text="Hash format to use, hex or base64",
+        validators=[validators.valid_hash_format],
+    )
+    auth_type = serializers.CharField(
+        default="hmac",
+        help_text="Auth type to use hmac or token or basic",
+        validators=[validators.valid_webhook_auth_type],
+    )
+    additional_data_headers = serializers.ListField(
+        required=False,
+        allow_null=True,
+        child=serializers.CharField(),
+    )
+
+    class Meta:
+        model = models.Webhook
+        fields = [
+            "name",
+            "type",
+            "hmac_algorithm",
+            "header_key",
+            "auth_type",
+            "hmac_signature_prefix",
+            "hmac_format",
+            "owner",
+            "secret",
+            "username",
+            "test_mode",
+            "additional_data_headers",
+        ]
+
+
+class WebhookOutSerializer(serializers.ModelSerializer):
+    owner = serializers.SerializerMethodField()
+
+    class Meta:
+        model = models.Webhook
+        read_only_fields = [
+            "id",
+            "owner",
+            "url",
+            "type",
+            "created_at",
+            "modified_at",
+            "test_content_type",
+            "test_content",
+            "test_error_message",
+        ]
+        fields = [
+            "name",
+            "test_mode",
+            "hmac_algorithm",
+            "header_key",
+            "hmac_signature_prefix",
+            "hmac_format",
+            "auth_type",
+            "additional_data_headers",
+            "username",
+            *read_only_fields,
+        ]
+
+    def get_owner(self, obj) -> str:
+        return f"{obj.owner.username}"

src/aap_eda/api/serializers/webhook.py

@@ -44,6 +44,11 @@
 )
 router.register("credentials", views.CredentialViewSet)
 router.register("decision-environments", views.DecisionEnvironmentViewSet)
+router.register("webhooks", views.WebhookViewSet)
+router.register(
+    "external_webhook",
+    views.ExternalWebhookViewSet,
+)
 
 openapi_urls = [
     path(

src/aap_eda/api/urls.py

@@ -17,9 +17,11 @@
 from .credential import CredentialViewSet
 from .decision_environment import DecisionEnvironmentViewSet
 from .event_stream import EventStreamViewSet
+from .external_webhook import ExternalWebhookViewSet
 from .project import ExtraVarViewSet, ProjectViewSet
 from .rulebook import AuditRuleViewSet, RulebookViewSet
 from .user import CurrentUserAwxTokenViewSet, CurrentUserView, UserViewSet
+from .webhook import WebhookViewSet
 
 __all__ = (
     # auth
@@ -44,4 +46,8 @@
     "DecisionEnvironmentViewSet",
     # event_stream
     "EventStreamViewSet",
+    # webhook
+    "WebhookViewSet",
+    # External webhook
+    "ExternalWebhookViewSet",
 )

src/aap_eda/api/views/__init__.py

@@ -13,6 +13,8 @@
 #  limitations under the License.
 import logging
 
+import yaml
+from django.conf import settings
 from django.shortcuts import get_object_or_404
 from django_filters import rest_framework as defaultfilters
 from drf_spectacular.utils import (
@@ -84,6 +86,27 @@ def create(self, request):
         serializer.is_valid(raise_exception=True)
 
         activation = serializer.create(serializer.validated_data)
+        if activation.webhooks:
+            extra_var = {}
+            if activation.extra_var_id:
+                extra_var_obj = models.ExtraVar.objects.get(
+                    pk=activation.extra_var_id
+                )
+                extra_var = yaml.safe_load(extra_var_obj.extra_var)
+
+            extra_var["EDA_WEBHOOK_CHANNELS"] = [
+                webhook.channel_name for webhook in activation.webhooks.all()
+            ]
+            extra_var["EDA_PG_NOTIFY_DSN"] = settings.PG_NOTIFY_DSN
+            if activation.extra_var_id and extra_var_obj:
+                extra_var_obj.extra_var = yaml.dump(extra_var)
+                extra_var_obj.save()
+            else:
+                extra_var_obj = models.ExtraVar.objects.create(
+                    extra_var=yaml.dump(extra_var)
+                )
+                activation.extra_var_id = extra_var_obj.id
+                activation.save(update_fields=["extra_var_id"])
 
         if activation.is_enabled:
             start_rulebook_process(

src/aap_eda/api/views/activation.py

@@ -138,7 +138,6 @@ def get_serializer_class(self):
     def retrieve(self, _request, pk=None):
         # TODO: Optimization by querying to retrieve desired permission format
         role = get_object_or_404(self.queryset, pk=pk)
-
         detail_serialzer = self.get_serializer_class()
         role = detail_serialzer(role).data
         result = display_permissions(role)