Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability for Watcher's webhook actions to send additional header #93426

Merged
merged 11 commits into from
Feb 6, 2023
Merged

Add ability for Watcher's webhook actions to send additional header #93426

merged 11 commits into from
Feb 6, 2023

Conversation

dakrone
Copy link
Member

@dakrone dakrone commented Feb 1, 2023
edited
Loading

This commit builds on #92576 by adding the xpack.notification.webhook.host_token_pairs keystore setting to allow an additional token to be sent when Watcher performs a webhook request. This includes both the regular webhook action as well as the email action that uses an attachment parameter to a url (which internally uses a webhook to retrieve the attachment).

These settings can both by reloaded by updating the keystore and using the reload secure settings API.

  • xpack.notification.webhook.host_token_pairs is a comma-separated list of <host>:<port>=<token> pairs for which the header should be sent. For example, if this contains localhost:1234=token1,aoeu.com:9182=token2 then the token will only be added to the headers for webhook requests to the localhost and aoeu.com hosts on the 1234 and 9182 ports with tokens token1 and token2 respectively.

Also added is a cluster setting (non-dynamic) — xpack.notification.webhook.additional_token_enabled that determines whether the token should be sent. It defaults to false.

@dakrone
Add ability for Watcher's webhook actions to send additional header
e929d2d 
This commit builds on elastic#92576 by adding the `xpack.notification.webhook.additional_token` and
`xpack.notification.webhook.token_hosts` keystore settings to allow an additional token to be sent
when Watcher performs a webhook request. This includes both the regular `webhook` action as well as
the `email` action that uses an `attachment` parameter to a url (which internally uses a webhook to
retrieve the attachment).

These settings can both by reloaded by updating the keystore and using the reload secure settings
API.

`xpack.notification.webhook.additional_token` is the token that will be sent in the header.
`xpack.notification.webhook.token_hosts` is a comma-separated list of `host:port` pairs for which
the header should be sent. For example, if this contains `localhost:1234,aoeu.com:9182` then the
token will only be added to the headers for webhook requests to the `localhost` and `aoeu.com` hosts
on the 1234 and 9182 ports respectively.
@elasticsearchmachine
Copy link
Collaborator

Hi @dakrone, I've created a changelog YAML for you.

@dakrone
Copy link
Member Author

dakrone commented Feb 2, 2023

@elasticmachine update branch

jbaiera
jbaiera reviewed Feb 2, 2023
View reviewed changes
Copy link
Member

@jbaiera jbaiera left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Draft looks perfectly fine so far

...lugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/WebhookService.java

@Override
public String toString() {
return "WebhookAccount[" + this.hostTokenMap.keySet().stream().map(s -> s + "=********") + "]";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😄

@dakrone dakrone added the cloud-deploy Publish cloud docker image for Cloud-First-Testing label Feb 2, 2023
@dakrone
Copy link
Member Author

dakrone commented Feb 2, 2023

@elasticmachine update branch

@dakrone
Copy link
Member Author

dakrone commented Feb 6, 2023

I tested this on Cloud with the following watch:

PUT _watcher/watch/test_watch
{
  "trigger" : {
    "schedule" : { "cron" : "0 0 0 1 * ? 2099" }
  },
  "input" : {
    "simple" : {}
  },
  "actions" : { 
    "my_webhook" : {
      "webhook" : {
        "method" : "GET",
        "scheme": "https",
        "host" : "cft-custom-es-8.es.us-west2.gcp.elastic-cloud.com",
        "port" : 443,
        "path" : "/_cluster/health",
        "auth" : {
          "basic" : {
            "username" : "elastic", 
            "password" : "********"
          }
        }
      }
    },
    "email_my_team" : {
      "email" : {
        "to" : "lee@elastic.co",
        "subject" : "watcher test",
        "body" : "here is the body",
        "attachments" : {
          "dashboard.pdf" : {
            "reporting" : {
              "url": "https://cft-custom-es-8.kb.us-west2.gcp.elastic-cloud.com:9243/<long-pdf-generating-reporting-url>",
              "auth" : {
                "basic" : {
                  "username" : "elastic", 
                  "password" : "********"
                }
              }
            }
          }
        }
      }
    }
  }
}

And it works great, so I will toggle this to a regular PR.

@dakrone dakrone marked this pull request as ready for review February 6, 2023 17:56
@elasticsearchmachine elasticsearchmachine added the Team:Data Management Meta label for data/management team label Feb 6, 2023
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-data-management (Team:Data Management)

@dakrone dakrone requested a review from jbaiera February 6, 2023 18:01
@dakrone
Copy link
Member Author

dakrone commented Feb 6, 2023

I pushed another commit that adds the static cluster setting xpack.notification.webhook.additional_token_enabled, which defaults to 'false'. The new token will only be sent if this setting is set to 'true'.

jbaiera
jbaiera approved these changes Feb 6, 2023
View reviewed changes
Copy link
Member

@jbaiera jbaiera left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good to me!

@dakrone dakrone merged commit 5649ec2 into elastic:main Feb 6, 2023
@dakrone dakrone deleted the watcher-webhook-additional-token branch February 6, 2023 19:29
@ywangd ywangd mentioned this pull request Feb 6, 2023
Merged
@dakrone dakrone mentioned this pull request Apr 13, 2023
Merged
dakrone added a commit that referenced this pull request Apr 14, 2023
@dakrone
Fix Watcher email actions not using WebhookService for HTTP requests (#…
b325aab 
…95196)

This commit fixes a bug where the internal `WebhookService` was not being used for Watcher's `email` attachment `reporting` or `url` types. This meant that why the additional token configured as part of #93426 was sent for `webhook` Watcher actions, it was not being sent in the HTTP request made when resolving the attachments of the `email` action.

To accomplish this, the parts of `WebhookService` that modify and make the request have been extracted, and the `WebhookService` is now used by the `ReportingAttachmentParser` and `HttpEmailAttachmentParser` to perform their HTTP requests.

Additionally, some debug logging has been added for when the token is sent (and when a `WebhookService` request is executed).
dakrone added a commit to dakrone/elasticsearch that referenced this pull request Apr 14, 2023
@dakrone
Fix Watcher email actions not using WebhookService for HTTP requests (e…
3e55b5b 
…lastic#95196)

This commit fixes a bug where the internal `WebhookService` was not being used for Watcher's `email` attachment `reporting` or `url` types. This meant that why the additional token configured as part of elastic#93426 was sent for `webhook` Watcher actions, it was not being sent in the HTTP request made when resolving the attachments of the `email` action.

To accomplish this, the parts of `WebhookService` that modify and make the request have been extracted, and the `WebhookService` is now used by the `ReportingAttachmentParser` and `HttpEmailAttachmentParser` to perform their HTTP requests.

Additionally, some debug logging has been added for when the token is sent (and when a `WebhookService` request is executed).
elasticsearchmachine pushed a commit that referenced this pull request Apr 14, 2023
@dakrone
Fix Watcher email actions not using WebhookService for HTTP requests (#…
9228107 
…95196) (#95256)

This commit fixes a bug where the internal `WebhookService` was not being used for Watcher's `email` attachment `reporting` or `url` types. This meant that why the additional token configured as part of #93426 was sent for `webhook` Watcher actions, it was not being sent in the HTTP request made when resolving the attachments of the `email` action.

To accomplish this, the parts of `WebhookService` that modify and make the request have been extracted, and the `WebhookService` is now used by the `ReportingAttachmentParser` and `HttpEmailAttachmentParser` to perform their HTTP requests.

Additionally, some debug logging has been added for when the token is sent (and when a `WebhookService` request is executed).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jbaiera jbaiera jbaiera approved these changes

Assignees
No one assigned
Labels
cloud-deploy Publish cloud docker image for Cloud-First-Testing :Data Management/Watcher >enhancement Team:Data Management Meta label for data/management team v8.7.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dakrone @elasticsearchmachine @jbaiera @elasticmachine