[Bps-public-commit] rt-extension-pagerduty branch doc-updates updated. 49d86a583fced519e324fb3e9b90dbb9624939ff

BPS Git Server git at git.bestpractical.com
Fri Apr 15 20:25:41 UTC 2022


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt-extension-pagerduty".

The branch, doc-updates has been updated
       via  49d86a583fced519e324fb3e9b90dbb9624939ff (commit)
       via  6d03f5315e9dc9459f502285abc9efd315e2a7e6 (commit)
      from  ee5a2e811872d35265d8723bb8548511a4fd6fe1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 49d86a583fced519e324fb3e9b90dbb9624939ff
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Sat Apr 16 04:22:59 2022 +0800

    Update doc to complement required rights that pagerduty user needs

diff --git a/README b/README
index eefefde..73b658f 100644
--- a/README
+++ b/README
@@ -170,7 +170,8 @@ PagerDuty Webhook
 
         The RT user will also need some rights in RT to update tickets. A
         typical set of rights to grant for the API user are SeeQueue,
-        CreateTicket, ModifyTicket, and ModifyCustomField.
+        ShowTicket, CreateTicket, ModifyTicket, SeeCustomField and
+        SetInitialCustomField(or ModifyCustomField).
 
     2. Create the WebHook
         Go to the PagerDuty Service Integrations Webhooks, add a new
diff --git a/lib/RT/Extension/PagerDuty.pm b/lib/RT/Extension/PagerDuty.pm
index 94984be..094ea8d 100644
--- a/lib/RT/Extension/PagerDuty.pm
+++ b/lib/RT/Extension/PagerDuty.pm
@@ -206,8 +206,9 @@ Unprivileged, the calls to the webhook will redirect to Self Service and
 not work.
 
 The RT user will also need some rights in RT to update tickets. A typical
-set of rights to grant for the API user are C<SeeQueue>, C<CreateTicket>,
-C<ModifyTicket>, and C<ModifyCustomField>.
+set of rights to grant for the API user are C<SeeQueue>, C<ShowTicket>,
+C<CreateTicket>, C<ModifyTicket>, C<SeeCustomField> and
+C<SetInitialCustomField>(or C<ModifyCustomField>).
 
 =item 2. Create the WebHook
 
commit 6d03f5315e9dc9459f502285abc9efd315e2a7e6
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Sat Apr 16 03:32:09 2022 +0800

    Check required rights before processing requests from PagerDuty
    
    Thus we can detect issues in advance, to prevent wrong tickets from
    being created, or even recurisve loops(when ticket isn't created with
    PagerDuty ID).

diff --git a/html/PagerDuty/WebHook.html b/html/PagerDuty/WebHook.html
index 521b55d..ffac4fd 100644
--- a/html/PagerDuty/WebHook.html
+++ b/html/PagerDuty/WebHook.html
@@ -40,6 +40,43 @@ unless ($user_obj) {
     $m->abort(401);
 }
 
+# check required rights
+my $queue_name = $service->{create_queue} // 'General';
+my $queue      = RT::Queue->new($user_obj);
+$queue->Load($queue_name);
+unless ( $queue->Id ) {
+    RT->Logger->error("Could not find queue $queue_name");
+    $m->abort(400);
+}
+
+my @missing_rights;
+for my $right (qw/SeeQueue ShowTicket CreateTicket ModifyTicket/) {
+    push @missing_rights, "Queue $queue_name: $right" unless $queue->CurrentUserHasRight($right);
+}
+
+my %cf;
+for my $name ( 'PagerDuty ID', 'PagerDuty URL' ) {
+    my $object = RT::CustomField->new($user_obj);
+    $object->LoadByName( Name => $name );
+    if ( my $id = $object->Id ) {
+        $cf{$name} = $id;
+        push @missing_rights, "CustomField $name: SeeCustomField" unless $object->CurrentUserHasRight('SeeCustomField');
+        push @missing_rights, "CustomField $name: SetInitialCustomField or ModifyCustomField"
+            unless $object->CurrentUserHasRight('SetInitialCustomField')
+            || $object->CurrentUserHasRight('ModifyCustomField');
+    }
+    else {
+        RT->Logger->error("Could not find custom field $name");
+        $m->abort(400);
+    }
+}
+
+if (@missing_rights) {
+    RT->Logger->error( "User " . $user_obj->Name . " lacks the following rights: " . join ', ', @missing_rights );
+    $m->abort(401);
+}
+
+
 # need to see if a ticket already exists for this incident
 my $tickets = RT::Tickets->new($user_obj);
 $tickets->LimitCustomField(
@@ -97,15 +134,6 @@ if ( ( $tickets->Count > 0 ) && ( $pd_event ne 'incident.triggered' ) ) {
 
 # if there is not a ticket already we only handle the triggered event
 elsif ( ( $tickets->Count == 0 ) && ( $pd_event eq 'incident.triggered' ) ) {
-    my $queue = $service->{create_queue} // 'General';
-
-    # look up ids for PagerDuty related custom fields
-    my $CF = RT::CustomField->new($user_obj);
-    $CF->LoadByName( Name => 'PagerDuty ID' );
-    my $cf_id = $CF->id;
-    $CF->LoadByName( Name => 'PagerDuty URL' );
-    my $cf_url = $CF->id;
-
     my $Ticket = RT::Ticket->new($user_obj);
     my ( $id, $Trans, $ErrMsg ) = $Ticket->Create(
         Type    => 'ticket',
@@ -113,8 +141,8 @@ elsif ( ( $tickets->Count == 0 ) && ( $pd_event eq 'incident.triggered' ) ) {
         Subject => 'PagerDuty Incident: '
             . $data->{event}{data}{service}{summary} . ' - '
             . $data->{event}{data}{title},
-        "CustomField-$cf_id"  => $data->{event}{data}{id}       // '',
-        "CustomField-$cf_url" => $data->{event}{data}{html_url} // '',
+        "CustomField-$cf{'PagerDuty ID'}"  => $data->{event}{data}{id}       // '',
+        "CustomField-$cf{'PagerDuty URL'}" => $data->{event}{data}{html_url} // '',
     );
 
     if ($id) {
-----------------------------------------------------------------------

Summary of changes:
 README                        |  3 ++-
 html/PagerDuty/WebHook.html   | 50 +++++++++++++++++++++++++++++++++----------
 lib/RT/Extension/PagerDuty.pm |  5 +++--
 3 files changed, 44 insertions(+), 14 deletions(-)


hooks/post-receive
-- 
rt-extension-pagerduty


More information about the Bps-public-commit mailing list