New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: activations with webhooks #595
base: main
Are you sure you want to change the base?
Conversation
src/aap_eda/api/filters/webhook.py
Outdated
@@ -0,0 +1,29 @@ | |||
# Copyright 2023 Red Hat, Inc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2024, instead? Other new files, also.
src/aap_eda/api/views/activation.py
Outdated
extra_var_obj = models.ExtraVar.objects.get( | ||
pk=response.extra_var_id | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This get()
of the extra var looks to be redundant based on lines 87-91 which has already retrieved it when response.extra_var_id
is set.
4994620
to
5d5771e
Compare
@mkanoor what's the rbac settings for webhooks? do you need to pre-seed them into DB? I missed it when adding the source model. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Migrations are not sync.
5d5771e
to
e673bba
Compare
Updated |
1b90b9d
to
4c255fb
Compare
pyproject.toml
Outdated
@@ -49,6 +49,8 @@ django-ansible-base = { git = "https://github.com/ansible/django-ansible-base.gi | |||
jinja2 = ">=3.1.3,<3.2" | |||
django-split-settings = "^1.2.0" | |||
pexpect = "^4.9.0" | |||
psycopg = "*" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should be replaced the old psycopg? Have you check if there are overlaps or conflicts?
https://github.com/ansible/eda-server/blob/main/pyproject.toml#L35
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The previous version is called psycopg2? pyscopg is the psycopg3, there was a memory leak that was fixed in pyscopg related to PG Notify.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mkanoor What I'm saying is that we should remove psycopg2 and only use psycopg.
src/aap_eda/api/views/activation.py
Outdated
if activation.webhooks: | ||
extra_var = {} | ||
if activation.extra_var_id: | ||
extra_var_obj = models.ExtraVar.objects.get( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not a big deal since right now the extra_vars are not deleted explicitly but this would raise an exception if the id if doesn't exist, don't? It might be less prone error to use filter or a try/except block.
logger.error(f"Headers {request.headers}") | ||
logger.error(f"Body {request.body}") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this a mistake? Why print it always as error? should it be debug?
secret = EncryptedTextField( | ||
null=False, help_text="The secret for the webhook" | ||
) | ||
auth_type = models.TextField( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why not an enum?
@action(detail=True, methods=["POST"], rbac_action=None) | ||
def post(self, request, *args, **kwargs): | ||
try: | ||
self.webhook = Webhook.objects.get(uuid=kwargs["pk"]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why a parameter? I think it is more usual take the UUID from the uri. Also it would make easier for admins to apply custom logic for specific endpoints in load-balancers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Alex-Izquierdo I am not sure if the admins would be routing based on each individual webhook, the routing would happen at a higher level from the NGINX configuration which will come from the UI NGINX in this PR https://github.com/ansible/ansible-ui/pull/1738/files
command: | ||
- /bin/bash | ||
- -c | ||
- aap-eda-manage runserver 0.0.0.0:8000 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
stage should use gunicorn.
@@ -165,5 +171,26 @@ services: | |||
retries: 3 | |||
start_period: 5s | |||
|
|||
eda-webhook-api: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Without modify the nginx conf (aside of the url_prefix options) , this new service would be just a resource consumer. Anyway, if you want to add it, docker-compose-dev should have it too.
SERVER_UUID = settings.get("SERVER_UUID", "abc-def-123-34567") | ||
WEBHOOK_URL_PREFIX = settings.get( | ||
"WEBHOOK_URL_PREFIX", | ||
f"https://ui.eda.local:8443/{SERVER_UUID}/api/eda/v1/external_webhook", | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be these UUID empty by default, specially after the discussion when we agreed on implement it later
tools/docker/docker-compose-mac.yml
Outdated
- EDA_WEBHOOK_URL_PREFIX=${EDA_WEBHOOK_URL_PREFIX:-https://my_nginix_server/edgecafe-beef-feed-fade-decadeedgecafe/api/eda/v1/external_webhook} | ||
- EDA_WEBHOOK_HOST=${EDA_WEBHOOK_HOST:-eda-webhook-api:8000} | ||
- EDA_WEBHOOK_SERVER=http://${EDA_WEBHOOK_HOST:-eda-webhook-api:8000} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the docker-compose should work out the box. (Docker-compose-dev not even is updated) Without override the nginx conf this wouldn't work. Probably is better to not enable the url prefix by default (related with my previous comment)
11b2c6b
to
c58466b
Compare
pyproject.toml
Outdated
@@ -49,6 +49,8 @@ django-ansible-base = { git = "https://github.com/ansible/django-ansible-base.gi | |||
jinja2 = ">=3.1.3,<3.2" | |||
django-split-settings = "^1.2.0" | |||
pexpect = "^4.9.0" | |||
psycopg = "*" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mkanoor What I'm saying is that we should remove psycopg2 and only use psycopg.
pyproject.toml
Outdated
@@ -49,6 +49,8 @@ django-ansible-base = { git = "https://github.com/ansible/django-ansible-base.gi | |||
jinja2 = ">=3.1.3,<3.2" | |||
django-split-settings = "^1.2.0" | |||
pexpect = "^4.9.0" | |||
psycopg = "*" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you set it as psycopg = "^3.1.17"
? that aligns with downstream constraints.
6c66371
to
1695c02
Compare
e09f82c
to
2d89172
Compare
9e69bf1
to
e199afd
Compare
4102c9f
to
57906fe
Compare
https://issues.redhat.com/browse/AAP-20844
Allow WebHooks to be added in the eda server that can be shared with different activations.
Support for HMAC and token authentication.
https://docs.google.com/document/d/1YJ5yQPKXNO7_Nqa_QEJ_NwXS-u6ZE-rLBx6tnM10Wxo/edit