EVG-19151: Generate unique webhook secrets (evergreen-ci#1733)

khelif96 · Mar 31, 2023 · a712d5b · a712d5b
1 parent 88e7350
commit a712d5b
Show file tree

Hide file tree

Showing 8 changed files with 222 additions and 139 deletions.
diff --git a/src/components/Notifications/form/notification.ts b/src/components/Notifications/form/notification.ts
@@ -1,5 +1,4 @@
 import { SpruceFormProps } from "components/SpruceForm/types";
-import { generateWebhookSecret } from "pages/projectSettings/tabs/NotificationsTab/utils";
 import {
   SubscriptionMethodOption,
   NotificationMethods,
@@ -99,7 +98,6 @@ export const getNotificationSchema = (
                   secretInput: {
                     type: "string" as "string",
                     title: "Webhook Secret",
-                    default: generateWebhookSecret(),
                   },
                   httpHeaders: {
                     type: "array" as "array",
@@ -187,6 +185,8 @@ export const getNotificationSchema = (
       },
       secretInput: {
         "ui:readonly": true,
+        "ui:placeholder":
+          "The secret will be shown upon saving the subscription.",
         "ui:data-cy": "secret-input",
       },
       httpHeaders: {

diff --git a/...tings/tabs/NotificationsTab/utils.test.ts → ...bs/NotificationsTab/getGqlPayload.test.ts b/...tings/tabs/NotificationsTab/utils.test.ts → ...bs/NotificationsTab/getGqlPayload.test.ts
@@ -1,4 +1,5 @@
-import { getGqlPayload } from "./utils";
+import { getGqlPayload } from "./getGqlPayload";
+import * as utils from "./utils";
 
 describe("getGqlPayload", () => {
   it("should correctly format multiple subscriptions", () => {
@@ -42,8 +43,9 @@ describe("getGqlPayload", () => {
       },
     ]);
   });
+
   it("should correctly format webhook subscription", () => {
-    const payload = getGqlPayload("project_id")(webhookSubscription);
+    const payload = getGqlPayload("project_id")(webhookSubscriptionWithSecret);
     expect(payload).toStrictEqual({
       id: "webhook_subscription",
       owner_type: "project",
@@ -68,6 +70,38 @@ describe("getGqlPayload", () => {
     });
   });
 
+  it("should correctly format and generate a secret for webhook subscription", () => {
+    jest
+      .spyOn(utils, "generateWebhookSecret")
+      .mockImplementationOnce(() => "my_generated_secret");
+
+    const payload = getGqlPayload("project_id")(
+      webhookSubscriptionWithoutSecret
+    );
+    expect(payload).toStrictEqual({
+      id: "webhook_subscription",
+      owner_type: "project",
+      regex_selectors: [],
+      resource_type: "TASK",
+      selectors: [
+        { type: "project", data: "project_id" },
+        { type: "requester", data: "gitter_request" },
+      ],
+      subscriber: {
+        target: "https://fake-website.com",
+        type: "evergreen-webhook",
+        webhookSubscriber: {
+          secret: "my_generated_secret",
+          url: "https://fake-website.com",
+          headers: [],
+        },
+        jiraIssueSubscriber: undefined,
+      },
+      trigger: "outcome",
+      trigger_data: { requester: "gitter_request" },
+    });
+  });
+
   it("should correctly format jira issue subscription", () => {
     const payload = getGqlPayload("project_id")(jiraIssueSubscription);
     expect(payload).toStrictEqual({
@@ -155,7 +189,7 @@ const multipleSubscriptions = [
   },
 ];
 
-const webhookSubscription = {
+const webhookSubscriptionWithSecret = {
   subscriptionData: {
     id: "webhook_subscription",
     event: {
@@ -175,6 +209,26 @@ const webhookSubscription = {
   },
 };
 
+const webhookSubscriptionWithoutSecret = {
+  subscriptionData: {
+    id: "webhook_subscription",
+    event: {
+      extraFields: {
+        requester: "gitter_request",
+      },
+      eventSelect: "any-task-finishes",
+    },
+    notification: {
+      webhookInput: {
+        secretInput: "",
+        urlInput: "https://fake-website.com",
+        httpHeaders: undefined,
+      },
+      notificationSelect: "evergreen-webhook",
+    },
+  },
+};
+
 const jiraIssueSubscription = {
   subscriptionData: {
     id: "jira_issue_subscription",

diff --git a/src/pages/projectSettings/tabs/NotificationsTab/getGqlPayload.ts b/src/pages/projectSettings/tabs/NotificationsTab/getGqlPayload.ts
@@ -0,0 +1,124 @@
+import { projectTriggers, allowedSelectors } from "constants/triggers";
+import { SubscriptionInput } from "gql/generated/types";
+import { NotificationMethods } from "types/subscription";
+import { ExtraField } from "types/triggers";
+import { Unpacked } from "types/utils";
+import {
+  FormState,
+  Notification,
+  FormExtraFields,
+  FormRegexSelector,
+} from "./types";
+import { getTargetForMethod, generateWebhookSecret } from "./utils";
+
+// Converts the form regexSelector into the proper format for GQL payload.
+// We need to check if the trigger has regex selectors because it's possible for data
+// from other dependencies to persist.
+const regexFormToGql = (
+  hasRegexSelectors: boolean,
+  regexForm: FormRegexSelector[]
+) =>
+  hasRegexSelectors && regexForm
+    ? regexForm.map((r) => ({
+        type: r.regexSelect,
+        data: r.regexInput,
+      }))
+    : [];
+
+const webhookFormToGql = (webhookInput: Notification["webhookInput"]) => {
+  if (!webhookInput) {
+    return null;
+  }
+  return {
+    url: webhookInput.urlInput,
+    // Use existing secret if it was already generated, otherwise generate a new secret.
+    secret: webhookInput.secretInput || generateWebhookSecret(),
+    headers:
+      webhookInput.httpHeaders?.map(({ keyInput, valueInput }) => ({
+        key: keyInput,
+        value: valueInput,
+      })) ?? [],
+  };
+};
+
+const jiraFormToGql = (jiraInput: Notification["jiraIssueInput"]) => {
+  if (!jiraInput) {
+    return null;
+  }
+  return {
+    project: jiraInput.projectInput,
+    issueType: jiraInput.issueInput,
+  };
+};
+
+// Converts the form extraFields into the proper format for GQL payload.
+// We need to check what extraFields exist for a particular trigger because it's possible
+// for data from other dependencies to persist.
+const extraFieldsFormToGql = (
+  extraFieldsToInclude: ExtraField[],
+  extraFieldsForm: FormExtraFields
+) =>
+  (extraFieldsToInclude || []).reduce((acc, e) => {
+    if (extraFieldsForm[e.key]) {
+      acc[e.key] = extraFieldsForm[e.key].toString();
+    }
+    return acc;
+  }, {} as { [key: string]: string });
+
+export const getGqlPayload =
+  (projectId: string) =>
+  (subscription: Unpacked<FormState["subscriptions"]>): SubscriptionInput => {
+    const { subscriptionData } = subscription;
+    const event = projectTriggers[subscriptionData.event.eventSelect];
+    const {
+      resourceType = "",
+      trigger,
+      extraFields,
+      regexSelectors,
+    } = event || {};
+
+    const triggerData = extraFieldsFormToGql(
+      extraFields,
+      subscriptionData.event.extraFields
+    );
+
+    const regexData = regexFormToGql(
+      !!regexSelectors,
+      subscriptionData.event.regexSelector
+    );
+
+    const method = subscriptionData.notification.notificationSelect;
+    const subscriber = getTargetForMethod(
+      method,
+      subscriptionData?.notification
+    );
+
+    const selectors = Object.entries(triggerData)
+      .map(([key, value]) => ({
+        type: key,
+        data: value.toString(),
+      }))
+      .filter(({ type }) => allowedSelectors.has(type));
+
+    return {
+      id: subscriptionData.id,
+      owner_type: "project",
+      regex_selectors: regexData,
+      resource_type: resourceType,
+      selectors: [{ type: "project", data: projectId }, ...selectors],
+      subscriber: {
+        type: method,
+        target: subscriber,
+        webhookSubscriber:
+          method === NotificationMethods.WEBHOOK
+            ? webhookFormToGql(subscriptionData.notification?.webhookInput)
+            : undefined,
+        jiraIssueSubscriber:
+          method === NotificationMethods.JIRA_ISSUE
+            ? jiraFormToGql(subscriptionData.notification?.jiraIssueInput)
+            : undefined,
+      },
+      trigger,
+      trigger_data: triggerData,
+    };
+  };
diff --git a/src/pages/projectSettings/tabs/NotificationsTab/transformers.test.ts b/src/pages/projectSettings/tabs/NotificationsTab/transformers.test.ts
@@ -146,7 +146,7 @@ describe("project data", () => {
               notificationSelect: "evergreen-webhook",
               webhookInput: {
                 urlInput: "https://example.com",
-                secretInput: "",
+                secretInput: "webhook_secret",
                 httpHeaders: [
                   {
                     keyInput: "Content-Type",
@@ -184,7 +184,7 @@ describe("project data", () => {
             jiraIssueSubscriber: undefined,
             webhookSubscriber: {
               url: "https://example.com",
-              secret: "",
+              secret: "webhook_secret",
               headers: [
                 {
                   key: "Content-Type",

diff --git a/src/pages/projectSettings/tabs/NotificationsTab/transformers.ts b/src/pages/projectSettings/tabs/NotificationsTab/transformers.ts
@@ -9,8 +9,8 @@ import { NotificationMethods } from "types/subscription";
 import { TriggerType } from "types/triggers";
 import { string } from "utils";
 import { FormToGqlFunction, GqlToFormFunction } from "../types";
+import { getGqlPayload } from "./getGqlPayload";
 import { FormState } from "./types";
-import { getGqlPayload } from "./utils";
 
 type Tab = ProjectSettingsTabRoutes.Notifications;