[Bps-public-commit] rt-extension-pagerduty branch doc-updates updated. 49d86a583fced519e324fb3e9b90dbb9624939ff
BPS Git Server
git at git.bestpractical.com
Fri Apr 15 20:25:41 UTC 2022
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt-extension-pagerduty".
The branch, doc-updates has been updated
via 49d86a583fced519e324fb3e9b90dbb9624939ff (commit)
via 6d03f5315e9dc9459f502285abc9efd315e2a7e6 (commit)
from ee5a2e811872d35265d8723bb8548511a4fd6fe1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 49d86a583fced519e324fb3e9b90dbb9624939ff
Author: sunnavy <sunnavy at bestpractical.com>
Date: Sat Apr 16 04:22:59 2022 +0800
Update doc to complement required rights that pagerduty user needs
diff --git a/README b/README
index eefefde..73b658f 100644
--- a/README
+++ b/README
@@ -170,7 +170,8 @@ PagerDuty Webhook
The RT user will also need some rights in RT to update tickets. A
typical set of rights to grant for the API user are SeeQueue,
- CreateTicket, ModifyTicket, and ModifyCustomField.
+ ShowTicket, CreateTicket, ModifyTicket, SeeCustomField and
+ SetInitialCustomField(or ModifyCustomField).
2. Create the WebHook
Go to the PagerDuty Service Integrations Webhooks, add a new
diff --git a/lib/RT/Extension/PagerDuty.pm b/lib/RT/Extension/PagerDuty.pm
index 94984be..094ea8d 100644
--- a/lib/RT/Extension/PagerDuty.pm
+++ b/lib/RT/Extension/PagerDuty.pm
@@ -206,8 +206,9 @@ Unprivileged, the calls to the webhook will redirect to Self Service and
not work.
The RT user will also need some rights in RT to update tickets. A typical
-set of rights to grant for the API user are C<SeeQueue>, C<CreateTicket>,
-C<ModifyTicket>, and C<ModifyCustomField>.
+set of rights to grant for the API user are C<SeeQueue>, C<ShowTicket>,
+C<CreateTicket>, C<ModifyTicket>, C<SeeCustomField> and
+C<SetInitialCustomField>(or C<ModifyCustomField>).
=item 2. Create the WebHook
commit 6d03f5315e9dc9459f502285abc9efd315e2a7e6
Author: sunnavy <sunnavy at bestpractical.com>
Date: Sat Apr 16 03:32:09 2022 +0800
Check required rights before processing requests from PagerDuty
Thus we can detect issues in advance, to prevent wrong tickets from
being created, or even recurisve loops(when ticket isn't created with
PagerDuty ID).
diff --git a/html/PagerDuty/WebHook.html b/html/PagerDuty/WebHook.html
index 521b55d..ffac4fd 100644
--- a/html/PagerDuty/WebHook.html
+++ b/html/PagerDuty/WebHook.html
@@ -40,6 +40,43 @@ unless ($user_obj) {
$m->abort(401);
}
+# check required rights
+my $queue_name = $service->{create_queue} // 'General';
+my $queue = RT::Queue->new($user_obj);
+$queue->Load($queue_name);
+unless ( $queue->Id ) {
+ RT->Logger->error("Could not find queue $queue_name");
+ $m->abort(400);
+}
+
+my @missing_rights;
+for my $right (qw/SeeQueue ShowTicket CreateTicket ModifyTicket/) {
+ push @missing_rights, "Queue $queue_name: $right" unless $queue->CurrentUserHasRight($right);
+}
+
+my %cf;
+for my $name ( 'PagerDuty ID', 'PagerDuty URL' ) {
+ my $object = RT::CustomField->new($user_obj);
+ $object->LoadByName( Name => $name );
+ if ( my $id = $object->Id ) {
+ $cf{$name} = $id;
+ push @missing_rights, "CustomField $name: SeeCustomField" unless $object->CurrentUserHasRight('SeeCustomField');
+ push @missing_rights, "CustomField $name: SetInitialCustomField or ModifyCustomField"
+ unless $object->CurrentUserHasRight('SetInitialCustomField')
+ || $object->CurrentUserHasRight('ModifyCustomField');
+ }
+ else {
+ RT->Logger->error("Could not find custom field $name");
+ $m->abort(400);
+ }
+}
+
+if (@missing_rights) {
+ RT->Logger->error( "User " . $user_obj->Name . " lacks the following rights: " . join ', ', @missing_rights );
+ $m->abort(401);
+}
+
+
# need to see if a ticket already exists for this incident
my $tickets = RT::Tickets->new($user_obj);
$tickets->LimitCustomField(
@@ -97,15 +134,6 @@ if ( ( $tickets->Count > 0 ) && ( $pd_event ne 'incident.triggered' ) ) {
# if there is not a ticket already we only handle the triggered event
elsif ( ( $tickets->Count == 0 ) && ( $pd_event eq 'incident.triggered' ) ) {
- my $queue = $service->{create_queue} // 'General';
-
- # look up ids for PagerDuty related custom fields
- my $CF = RT::CustomField->new($user_obj);
- $CF->LoadByName( Name => 'PagerDuty ID' );
- my $cf_id = $CF->id;
- $CF->LoadByName( Name => 'PagerDuty URL' );
- my $cf_url = $CF->id;
-
my $Ticket = RT::Ticket->new($user_obj);
my ( $id, $Trans, $ErrMsg ) = $Ticket->Create(
Type => 'ticket',
@@ -113,8 +141,8 @@ elsif ( ( $tickets->Count == 0 ) && ( $pd_event eq 'incident.triggered' ) ) {
Subject => 'PagerDuty Incident: '
. $data->{event}{data}{service}{summary} . ' - '
. $data->{event}{data}{title},
- "CustomField-$cf_id" => $data->{event}{data}{id} // '',
- "CustomField-$cf_url" => $data->{event}{data}{html_url} // '',
+ "CustomField-$cf{'PagerDuty ID'}" => $data->{event}{data}{id} // '',
+ "CustomField-$cf{'PagerDuty URL'}" => $data->{event}{data}{html_url} // '',
);
if ($id) {
-----------------------------------------------------------------------
Summary of changes:
README | 3 ++-
html/PagerDuty/WebHook.html | 50 +++++++++++++++++++++++++++++++++----------
lib/RT/Extension/PagerDuty.pm | 5 +++--
3 files changed, 44 insertions(+), 14 deletions(-)
hooks/post-receive
--
rt-extension-pagerduty
More information about the Bps-public-commit
mailing list