oncall-engine/engine/apps/api/serializers/webhook.py

from collections import defaultdict

from rest_framework import serializers
from rest_framework.validators import UniqueTogetherValidator

from apps.webhooks.models import Webhook, WebhookResponse
from apps.webhooks.models.webhook import WEBHOOK_FIELD_PLACEHOLDER
from common.api_helpers.custom_fields import TeamPrimaryKeyRelatedField
from common.api_helpers.utils import CurrentOrganizationDefault, CurrentTeamDefault, CurrentUserDefault
from common.jinja_templater import apply_jinja_template
from common.jinja_templater.apply_jinja_template import JinjaTemplateError, JinjaTemplateWarning


class WebhookResponseSerializer(serializers.ModelSerializer):
    class Meta:
        model = WebhookResponse
        fields = [
            "timestamp",
            "url",
            "request_trigger",
            "request_headers",
            "request_data",
            "status_code",
            "content",
            "event_data",
        ]


class WebhookSerializer(serializers.ModelSerializer):
    id = serializers.CharField(read_only=True, source="public_primary_key")
    organization = serializers.HiddenField(default=CurrentOrganizationDefault())
    team = TeamPrimaryKeyRelatedField(allow_null=True, default=CurrentTeamDefault())
    user = serializers.HiddenField(default=CurrentUserDefault())
    trigger_type = serializers.CharField(required=True)
    forward_all = serializers.BooleanField(allow_null=True, required=False)
    last_response_log = serializers.SerializerMethodField()
    trigger_type_name = serializers.SerializerMethodField()

    class Meta:
        model = Webhook
        fields = [
            "id",
            "name",
            "is_webhook_enabled",
            "is_legacy",
            "team",
            "data",
            "user",
            "username",
            "password",
            "authorization_header",
            "organization",
            "trigger_template",
            "headers",
            "url",
            "data",
            "forward_all",
            "http_method",
            "trigger_type",
            "trigger_type_name",
            "last_response_log",
            "integration_filter",
        ]
        extra_kwargs = {
            "name": {"required": True, "allow_null": False, "allow_blank": False},
            "url": {"required": True, "allow_null": False, "allow_blank": False},
        }

        validators = [UniqueTogetherValidator(queryset=Webhook.objects.all(), fields=["name", "organization"])]

    def to_representation(self, instance):
        result = super().to_representation(instance)
        if instance.password:
            result["password"] = WEBHOOK_FIELD_PLACEHOLDER
        if instance.authorization_header:
            result["authorization_header"] = WEBHOOK_FIELD_PLACEHOLDER
        return result

    def to_internal_value(self, data):
        webhook = self.instance

        # If webhook is being copied instance won't exist to copy values from
        if not webhook and "id" in data:
            webhook = Webhook.objects.get(
                public_primary_key=data["id"], organization=self.context["request"].auth.organization
            )

        if data.get("password") == WEBHOOK_FIELD_PLACEHOLDER:
            data["password"] = webhook.password
        if data.get("authorization_header") == WEBHOOK_FIELD_PLACEHOLDER:
            data["authorization_header"] = webhook.authorization_header
        return super().to_internal_value(data)

    def _validate_template_field(self, template):
        try:
            apply_jinja_template(template, alert_payload=defaultdict(str), alert_group_id="alert_group_1")
        except JinjaTemplateError as e:
            raise serializers.ValidationError(e.fallback_message)
        except JinjaTemplateWarning:
            # Suppress render exceptions since we do not have a representative payload to test with
            pass
        return template

    def validate_trigger_template(self, trigger_template):
        if not trigger_template:
            return None
        return self._validate_template_field(trigger_template)

    def validate_headers(self, headers):
        if not headers:
            return None
        return self._validate_template_field(headers)

    def validate_url(self, url):
        if not url:
            return None
        return self._validate_template_field(url)

    def validate_data(self, data):
        if not data:
            return None
        return self._validate_template_field(data)

    def validate_forward_all(self, data):
        if data is None:
            return False
        return data

    def get_last_response_log(self, obj):
        return WebhookResponseSerializer(obj.responses.all().last()).data

    def get_trigger_type_name(self, obj):
        trigger_type_name = ""
        if obj.trigger_type is not None:
            trigger_type_name = Webhook.TRIGGER_TYPES[int(obj.trigger_type)][1]
        return trigger_type_name
Add initial webhooks internal plugin API (#1524) 2023-03-10 14:00:06 -03:00			`from collections import defaultdict`

			`from rest_framework import serializers`
			`from rest_framework.validators import UniqueTogetherValidator`

Keep webhook responses data (#1580) Track all webhook responses data, and allow using this between alertgroup-related webhooks (e.g. use firing webhook response data when templating the acknowledge webhook request data). NOTE: dropping the table is not backwards compatible but the feature is not enabled (and in any case it would drop log entries only used for status display) 2023-03-21 10:43:37 -03:00			`from apps.webhooks.models import Webhook, WebhookResponse`
Webhooks 2 hide secrets (#2104) Replace password and authorization header fields with placeholders when returning data to the UI. Mask the authorization header field when editing and in the status logs. 2023-06-06 01:59:12 -06:00			`from apps.webhooks.models.webhook import WEBHOOK_FIELD_PLACEHOLDER`
Add initial webhooks internal plugin API (#1524) 2023-03-10 14:00:06 -03:00			`from common.api_helpers.custom_fields import TeamPrimaryKeyRelatedField`
			`from common.api_helpers.utils import CurrentOrganizationDefault, CurrentTeamDefault, CurrentUserDefault`
			`from common.jinja_templater import apply_jinja_template`
			`from common.jinja_templater.apply_jinja_template import JinjaTemplateError, JinjaTemplateWarning`


Keep webhook responses data (#1580) Track all webhook responses data, and allow using this between alertgroup-related webhooks (e.g. use firing webhook response data when templating the acknowledge webhook request data). NOTE: dropping the table is not backwards compatible but the feature is not enabled (and in any case it would drop log entries only used for status display) 2023-03-21 10:43:37 -03:00			`class WebhookResponseSerializer(serializers.ModelSerializer):`
Add initial webhooks internal plugin API (#1524) 2023-03-10 14:00:06 -03:00			`class Meta:`
Keep webhook responses data (#1580) Track all webhook responses data, and allow using this between alertgroup-related webhooks (e.g. use firing webhook response data when templating the acknowledge webhook request data). NOTE: dropping the table is not backwards compatible but the feature is not enabled (and in any case it would drop log entries only used for status display) 2023-03-21 10:43:37 -03:00			`model = WebhookResponse`
Add initial webhooks internal plugin API (#1524) 2023-03-10 14:00:06 -03:00			`fields = [`
Keep webhook responses data (#1580) Track all webhook responses data, and allow using this between alertgroup-related webhooks (e.g. use firing webhook response data when templating the acknowledge webhook request data). NOTE: dropping the table is not backwards compatible but the feature is not enabled (and in any case it would drop log entries only used for status display) 2023-03-21 10:43:37 -03:00			`"timestamp",`
Add initial webhooks internal plugin API (#1524) 2023-03-10 14:00:06 -03:00			`"url",`
Keep webhook responses data (#1580) Track all webhook responses data, and allow using this between alertgroup-related webhooks (e.g. use firing webhook response data when templating the acknowledge webhook request data). NOTE: dropping the table is not backwards compatible but the feature is not enabled (and in any case it would drop log entries only used for status display) 2023-03-21 10:43:37 -03:00			`"request_trigger",`
			`"request_headers",`
			`"request_data",`
			`"status_code",`
			`"content",`
Rares/add template editor to webhooks (#2455) # What this PR does Bring new Jinja editor to webhooks ## Which issue(s) this PR fixes https://github.com/grafana/oncall/issues/2344 ## Checklist - [ ] Unit, integration, and e2e (if applicable) tests updated - [ ] Documentation added (or `pr:no public docs` PR label added if not required) - [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not required) --------- Co-authored-by: Maxim <maxim.mordasov@grafana.com> Co-authored-by: Michael Derynck <michael.derynck@grafana.com> 2023-07-11 21:03:34 +03:00			`"event_data",`
Add initial webhooks internal plugin API (#1524) 2023-03-10 14:00:06 -03:00			`]`


			`class WebhookSerializer(serializers.ModelSerializer):`
			`id = serializers.CharField(read_only=True, source="public_primary_key")`
			`organization = serializers.HiddenField(default=CurrentOrganizationDefault())`
			`team = TeamPrimaryKeyRelatedField(allow_null=True, default=CurrentTeamDefault())`
			`user = serializers.HiddenField(default=CurrentUserDefault())`
			`trigger_type = serializers.CharField(required=True)`
			`forward_all = serializers.BooleanField(allow_null=True, required=False)`
Keep webhook responses data (#1580) Track all webhook responses data, and allow using this between alertgroup-related webhooks (e.g. use firing webhook response data when templating the acknowledge webhook request data). NOTE: dropping the table is not backwards compatible but the feature is not enabled (and in any case it would drop log entries only used for status display) 2023-03-21 10:43:37 -03:00			`last_response_log = serializers.SerializerMethodField()`
Add initial webhooks internal plugin API (#1524) 2023-03-10 14:00:06 -03:00			`trigger_type_name = serializers.SerializerMethodField()`

			`class Meta:`
			`model = Webhook`
			`fields = [`
			`"id",`
			`"name",`
New webhook improvements (#1728) - Enable/Disable Toggle - Add Integrations Filter - Enable log for non-triggered webhook for troubleshooting - Improve UI to better show enabled, trigger status, request status - Standardize terms New, Firing, Triggered to Firing - Mask password field - Fix bug where UI did not update when webhook is deleted - Change responses to be referenced by webhook ID rather than trigger type 2023-04-13 12:52:29 -06:00			`"is_webhook_enabled",`
Add is_legacy column to handle webhook migration (#1813) Legacy webhooks won't be editable at first. Keep data templates compatibility. Possible migration code: ```python from apps.webhooks.models import Webhook from apps.alerts.models import CustomButton, EscalationPolicy custom_buttons = CustomButton.objects.all() for cb in custom_buttons: webhook, _ = Webhook.objects.get_or_create( organization=cb.organization, team=cb.team, name=cb.name, is_legacy=True, defaults=dict( created_at=cb.created_at, url=cb.webhook, username=cb.user, password=cb.password, authorization_header=cb.authorization_header, trigger_type=Webhook.TRIGGER_ESCALATION_STEP, forward_all=cb.forward_whole_payload, data=cb.data, ) ) # migrate related escalation policies policies = EscalationPolicy.objects.filter( step=EscalationPolicy.STEP_TRIGGER_CUSTOM_BUTTON, custom_button_trigger=cb, ).update( step=EscalationPolicy.STEP_TRIGGER_CUSTOM_WEBHOOK, custom_webhook=webhook, ) ``` 2023-04-25 11:22:56 -03:00			`"is_legacy",`
Add initial webhooks internal plugin API (#1524) 2023-03-10 14:00:06 -03:00			`"team",`
			`"data",`
			`"user",`
			`"username",`
			`"password",`
			`"authorization_header",`
			`"organization",`
			`"trigger_template",`
			`"headers",`
			`"url",`
			`"data",`
			`"forward_all",`
			`"http_method",`
			`"trigger_type",`
			`"trigger_type_name",`
Keep webhook responses data (#1580) Track all webhook responses data, and allow using this between alertgroup-related webhooks (e.g. use firing webhook response data when templating the acknowledge webhook request data). NOTE: dropping the table is not backwards compatible but the feature is not enabled (and in any case it would drop log entries only used for status display) 2023-03-21 10:43:37 -03:00			`"last_response_log",`
New webhook improvements (#1728) - Enable/Disable Toggle - Add Integrations Filter - Enable log for non-triggered webhook for troubleshooting - Improve UI to better show enabled, trigger status, request status - Standardize terms New, Firing, Triggered to Firing - Mask password field - Fix bug where UI did not update when webhook is deleted - Change responses to be referenced by webhook ID rather than trigger type 2023-04-13 12:52:29 -06:00			`"integration_filter",`
Add initial webhooks internal plugin API (#1524) 2023-03-10 14:00:06 -03:00			`]`
			`extra_kwargs = {`
			`"name": {"required": True, "allow_null": False, "allow_blank": False},`
			`"url": {"required": True, "allow_null": False, "allow_blank": False},`
			`}`

			`validators = [UniqueTogetherValidator(queryset=Webhook.objects.all(), fields=["name", "organization"])]`

Webhooks 2 hide secrets (#2104) Replace password and authorization header fields with placeholders when returning data to the UI. Mask the authorization header field when editing and in the status logs. 2023-06-06 01:59:12 -06:00			`def to_representation(self, instance):`
			`result = super().to_representation(instance)`
			`if instance.password:`
			`result["password"] = WEBHOOK_FIELD_PLACEHOLDER`
			`if instance.authorization_header:`
			`result["authorization_header"] = WEBHOOK_FIELD_PLACEHOLDER`
			`return result`

			`def to_internal_value(self, data):`
Check original webhook for sensitive fields when copying (#2608) # What this PR does When a webhook is being copied if it contains a password or authorization header reference the original webhook to get this data since it has been masked in the input data. ## Which issue(s) this PR fixes Fixes #2604 ## Checklist - [x] Unit, integration, and e2e (if applicable) tests updated - [x] Documentation added (or `pr:no public docs` PR label added if not required) - [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not required) 2023-07-20 15:23:33 -06:00			`webhook = self.instance`

			`# If webhook is being copied instance won't exist to copy values from`
			`if not webhook and "id" in data:`
			`webhook = Webhook.objects.get(`
			`public_primary_key=data["id"], organization=self.context["request"].auth.organization`
			`)`

Webhooks 2 hide secrets (#2104) Replace password and authorization header fields with placeholders when returning data to the UI. Mask the authorization header field when editing and in the status logs. 2023-06-06 01:59:12 -06:00			`if data.get("password") == WEBHOOK_FIELD_PLACEHOLDER:`
Check original webhook for sensitive fields when copying (#2608) # What this PR does When a webhook is being copied if it contains a password or authorization header reference the original webhook to get this data since it has been masked in the input data. ## Which issue(s) this PR fixes Fixes #2604 ## Checklist - [x] Unit, integration, and e2e (if applicable) tests updated - [x] Documentation added (or `pr:no public docs` PR label added if not required) - [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not required) 2023-07-20 15:23:33 -06:00			`data["password"] = webhook.password`
Webhooks 2 hide secrets (#2104) Replace password and authorization header fields with placeholders when returning data to the UI. Mask the authorization header field when editing and in the status logs. 2023-06-06 01:59:12 -06:00			`if data.get("authorization_header") == WEBHOOK_FIELD_PLACEHOLDER:`
Check original webhook for sensitive fields when copying (#2608) # What this PR does When a webhook is being copied if it contains a password or authorization header reference the original webhook to get this data since it has been masked in the input data. ## Which issue(s) this PR fixes Fixes #2604 ## Checklist - [x] Unit, integration, and e2e (if applicable) tests updated - [x] Documentation added (or `pr:no public docs` PR label added if not required) - [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not required) 2023-07-20 15:23:33 -06:00			`data["authorization_header"] = webhook.authorization_header`
Webhooks 2 hide secrets (#2104) Replace password and authorization header fields with placeholders when returning data to the UI. Mask the authorization header field when editing and in the status logs. 2023-06-06 01:59:12 -06:00			`return super().to_internal_value(data)`

Add initial webhooks internal plugin API (#1524) 2023-03-10 14:00:06 -03:00			`def _validate_template_field(self, template):`
			`try:`
			`apply_jinja_template(template, alert_payload=defaultdict(str), alert_group_id="alert_group_1")`
			`except JinjaTemplateError as e:`
			`raise serializers.ValidationError(e.fallback_message)`
			`except JinjaTemplateWarning:`
			`# Suppress render exceptions since we do not have a representative payload to test with`
			`pass`
			`return template`

			`def validate_trigger_template(self, trigger_template):`
			`if not trigger_template:`
			`return None`
			`return self._validate_template_field(trigger_template)`

			`def validate_headers(self, headers):`
			`if not headers:`
			`return None`
			`return self._validate_template_field(headers)`

			`def validate_url(self, url):`
			`if not url:`
			`return None`
			`return self._validate_template_field(url)`

			`def validate_data(self, data):`
			`if not data:`
			`return None`
			`return self._validate_template_field(data)`

			`def validate_forward_all(self, data):`
			`if data is None:`
			`return False`
			`return data`

Keep webhook responses data (#1580) Track all webhook responses data, and allow using this between alertgroup-related webhooks (e.g. use firing webhook response data when templating the acknowledge webhook request data). NOTE: dropping the table is not backwards compatible but the feature is not enabled (and in any case it would drop log entries only used for status display) 2023-03-21 10:43:37 -03:00			`def get_last_response_log(self, obj):`
			`return WebhookResponseSerializer(obj.responses.all().last()).data`
Add initial webhooks internal plugin API (#1524) 2023-03-10 14:00:06 -03:00
			`def get_trigger_type_name(self, obj):`
			`trigger_type_name = ""`
Add escalation chain support for new webhooks (#1654) Allow setting a webhook as escalation chain policy step. 2023-04-05 09:03:55 -03:00			`if obj.trigger_type is not None:`
Add initial webhooks internal plugin API (#1524) 2023-03-10 14:00:06 -03:00			`trigger_type_name = Webhook.TRIGGER_TYPES[int(obj.trigger_type)][1]`
			`return trigger_type_name`