feat: activations with webhooks #595
Conversation
src/aap_eda/api/filters/webhook.py
Outdated
| @@ -0,0 +1,29 @@ | |||
| # Copyright 2023 Red Hat, Inc. | |||
There was a problem hiding this comment.
2024, instead? Other new files, also.
src/aap_eda/api/views/activation.py
Outdated
| extra_var_obj = models.ExtraVar.objects.get( | ||
| pk=response.extra_var_id | ||
| ) |
There was a problem hiding this comment.
This get() of the extra var looks to be redundant based on lines 87-91 which has already retrieved it when response.extra_var_id is set.
mkanoor
force-pushed
the
webhook_server
branch
2 times, most recently
from
4994620
to
5d5771e
Compare
|
@mkanoor what's the rbac settings for webhooks? do you need to pre-seed them into DB? I missed it when adding the source model. |
mkanoor
force-pushed
the
webhook_server
branch
from
5d5771e
to
e673bba
Compare
Updated |
mkanoor
force-pushed
the
webhook_server
branch
2 times, most recently
from
1b90b9d
to
4c255fb
Compare
pyproject.toml
Outdated
| @@ -49,6 +49,8 @@ django-ansible-base = { git = "https://github.com/ansible/django-ansible-base.gi | |||
| jinja2 = ">=3.1.3,<3.2" | |||
| django-split-settings = "^1.2.0" | |||
| pexpect = "^4.9.0" | |||
| psycopg = "*" | |||
There was a problem hiding this comment.
should be replaced the old psycopg? Have you check if there are overlaps or conflicts?
https://github.com/ansible/eda-server/blob/main/pyproject.toml#L35
There was a problem hiding this comment.
The previous version is called psycopg2? pyscopg is the psycopg3, there was a memory leak that was fixed in pyscopg related to PG Notify.
There was a problem hiding this comment.
@mkanoor What I'm saying is that we should remove psycopg2 and only use psycopg.
src/aap_eda/api/views/activation.py
Outdated
| if activation.webhooks: | ||
| extra_var = {} | ||
| if activation.extra_var_id: | ||
| extra_var_obj = models.ExtraVar.objects.get( |
There was a problem hiding this comment.
Not a big deal since right now the extra_vars are not deleted explicitly but this would raise an exception if the id if doesn't exist, don't? It might be less prone error to use filter or a try/except block.
| logger.error(f"Headers {request.headers}") | ||
| logger.error(f"Body {request.body}") |
There was a problem hiding this comment.
Is this a mistake? Why print it always as error? should it be debug?
| secret = EncryptedTextField( | ||
| null=False, help_text="The secret for the webhook" | ||
| ) | ||
| auth_type = models.TextField( |
| @action(detail=True, methods=["POST"], rbac_action=None) | ||
| def post(self, request, *args, **kwargs): | ||
| try: | ||
| self.webhook = Webhook.objects.get(uuid=kwargs["pk"]) |
There was a problem hiding this comment.
Why a parameter? I think it is more usual take the UUID from the uri. Also it would make easier for admins to apply custom logic for specific endpoints in load-balancers.
There was a problem hiding this comment.
@Alex-Izquierdo I am not sure if the admins would be routing based on each individual webhook, the routing would happen at a higher level from the NGINX configuration which will come from the UI NGINX in this PR https://github.com/ansible/ansible-ui/pull/1738/files
| command: | ||
| - /bin/bash | ||
| - -c | ||
| - aap-eda-manage runserver 0.0.0.0:8000 |
There was a problem hiding this comment.
stage should use gunicorn.
| @@ -165,5 +171,26 @@ services: | |||
| retries: 3 | |||
| start_period: 5s | |||
|
|
|||
| eda-webhook-api: | |||
There was a problem hiding this comment.
Without modify the nginx conf (aside of the url_prefix options) , this new service would be just a resource consumer. Anyway, if you want to add it, docker-compose-dev should have it too.
| SERVER_UUID = settings.get("SERVER_UUID", "abc-def-123-34567") | ||
| WEBHOOK_URL_PREFIX = settings.get( | ||
| "WEBHOOK_URL_PREFIX", | ||
| f"https://ui.eda.local:8443/{SERVER_UUID}/api/eda/v1/external_webhook", | ||
| ) |
There was a problem hiding this comment.
Should be these UUID empty by default, specially after the discussion when we agreed on implement it later
tools/docker/docker-compose-mac.yml
Outdated
| - EDA_WEBHOOK_URL_PREFIX=${EDA_WEBHOOK_URL_PREFIX:-https://my_nginix_server/edgecafe-beef-feed-fade-decadeedgecafe/api/eda/v1/external_webhook} | ||
| - EDA_WEBHOOK_HOST=${EDA_WEBHOOK_HOST:-eda-webhook-api:8000} | ||
| - EDA_WEBHOOK_SERVER=http://${EDA_WEBHOOK_HOST:-eda-webhook-api:8000} |
There was a problem hiding this comment.
I think the docker-compose should work out the box. (Docker-compose-dev not even is updated) Without override the nginx conf this wouldn't work. Probably is better to not enable the url prefix by default (related with my previous comment)
mkanoor
force-pushed
the
webhook_server
branch
6 times, most recently
from
11b2c6b
to
c58466b
Compare
pyproject.toml
Outdated
| @@ -49,6 +49,8 @@ django-ansible-base = { git = "https://github.com/ansible/django-ansible-base.gi | |||
| jinja2 = ">=3.1.3,<3.2" | |||
| django-split-settings = "^1.2.0" | |||
| pexpect = "^4.9.0" | |||
| psycopg = "*" | |||
There was a problem hiding this comment.
@mkanoor What I'm saying is that we should remove psycopg2 and only use psycopg.
pyproject.toml
Outdated
| @@ -49,6 +49,8 @@ django-ansible-base = { git = "https://github.com/ansible/django-ansible-base.gi | |||
| jinja2 = ">=3.1.3,<3.2" | |||
| django-split-settings = "^1.2.0" | |||
| pexpect = "^4.9.0" | |||
| psycopg = "*" | |||
There was a problem hiding this comment.
Can you set it as psycopg = "^3.1.17" ? that aligns with downstream constraints.
mkanoor
force-pushed
the
webhook_server
branch
8 times, most recently
from
6c66371
to
1695c02
Compare
mkanoor
force-pushed
the
webhook_server
branch
2 times, most recently
from
e09f82c
to
2d89172
Compare
mkanoor
force-pushed
the
webhook_server
branch
6 times, most recently
from
9e69bf1
to
e199afd
Compare
mkanoor
force-pushed
the
webhook_server
branch
3 times, most recently
from
4102c9f
to
57906fe
Compare
https://issues.redhat.com/browse/AAP-20844
Allow WebHooks to be added in the eda server that can be shared with different activations.
Support for HMAC and token authentication.
https://docs.google.com/document/d/1YJ5yQPKXNO7_Nqa_QEJ_NwXS-u6ZE-rLBx6tnM10Wxo/edit