Feat: Add a generic webhook for sending event notifications

.env.example

@@ -16,6 +16,7 @@ SLACK_BOT_USER_ACCESS_TOKEN=''
 GOCD_WEBHOOK_SECRET=''
 KAFKA_CONTROL_PLANE_WEBHOOK_SECRET=''
 SENTRY_OPTIONS_WEBHOOK_SECRET=''
+EXAMPLE_SERVICE_SECRET=''
 
 # Silence some GCP noise
 DRY_RUN=true

.env.test

@@ -19,6 +19,7 @@ SLACK_BOT_APP_ID="5678"
 GOCD_WEBHOOK_SECRET="webhooksecret"
 KAFKA_CONTROL_PLANE_WEBHOOK_SECRET="kcpwebhooksecret"
 SENTRY_OPTIONS_WEBHOOK_SECRET="sentryoptionswebhooksecret"
+EXAMPLE_SERVICE_SECRET="examplewebhooksecret"
 
 # Other
 GOCD_SENTRYIO_FE_PIPELINE_NAME="getsentry-frontend"

bin/deploy.sh

@@ -27,6 +27,7 @@ GOCD_WEBHOOK_SECRET
 KAFKA_CONTROL_PLANE_WEBHOOK_SECRET
 SENTRY_OPTIONS_WEBHOOK_SECRET
 "
+# TODO: Revamp this and make it easier to add secrets & deploy to GCP
 
 secrets=""
 for secret_name in $secret_names; do

src/README.md

@@ -20,6 +20,10 @@ Below are descriptions for how this application is organized. Each directory con
 
 ## Common Use Cases
 
+## Generic Event Notifier
+
+You can use this service to send a message to Sentry Slack or Datadog. All you have to do is create a small PR to create a HMAC secret for your use case, and your service can send messages to Sentry Slack and Datadog via infra-hub. See [this README](webhooks/README.md) for more details.
+
 ### Adding a New Webhook
 
 To add a new webhook, nagivate to `webhooks` and follow the directions there. Most of the logic should be self-contained within the `webhooks` directory, with handlers in `brain` being appropriate if the webhook is for receiving event streams. To send a message to external sources, use the APIs in `api`.

src/buildServer.ts

@@ -15,7 +15,6 @@ import { loadBrain } from '@utils/loadBrain';
 
 import { SENTRY_DSN } from './config';
 import { routeJobs } from './jobs';
-import { SlackRouter } from './slack';
 
 export async function buildServer(
   logger: boolean | { prettyPrint: boolean } = {
@@ -96,11 +95,5 @@ export async function buildServer(
   // Endpoints for Cloud Scheduler webhooks (Cron Jobs)
   server.register(routeJobs, { prefix: '/jobs' });
 
-  server.post<{ Params: { service: string } }>(
-    '/slack/:service/webhook',
-    {},
-    SlackRouter(server)
-  );
-
   return server;
 }

src/config/secrets.ts

@@ -0,0 +1,15 @@
+/*
+
+This file contains secrets used for verifying incoming events from different HTTP sources.
+
+*/
+
+export const EVENT_NOTIFIER_SECRETS = {
+  // Follow the pattern below to add a new secret
+  // The secret will also need to be added in the deploy.sh script and in
+  // Google Secret manager
+  // 'example-service': process.env.EXAMPLE_SERVICE_SECRET,
+};
+if (process.env.ENV !== 'production')
+  EVENT_NOTIFIER_SECRETS['example-service'] =
+    process.env.EXAMPLE_SERVICE_SECRET;

src/service-registry/service_registry.json

@@ -0,0 +1,36 @@
+{
+  "example_service": {
+    "alert_slack_channels": [
+      "slack-channel-id-or-name"
+    ],
+    "aspiring_domain_experts": [],
+    "component": "tool",
+    "dashboard": null,
+    "docs": {
+      "notion page": "https://www.notion.so/"
+    },
+    "domain_experts": [
+      {
+        "email": "[email protected]",
+        "name": "Example Person"
+      }
+    ],
+    "escalation": "https://sentry.pagerduty.com/",
+    "id": "example_service",
+    "name": "Example service",
+    "notes": null,
+    "production_readiness_docs": [],
+    "slack_channels": [
+      "discuss-stuff"
+    ],
+    "slos": [],
+    "teams": [
+      {
+        "display_name": "Team 1",
+        "id": "team1",
+        "tags": []
+      }
+    ],
+    "tier": 1
+  }
+}

src/service-registry/types/index.ts

@@ -0,0 +1,32 @@
+export interface Team {
+  id: string;
+  display_name: string;
+  tags: string[];
+}
+
+export interface Expert {
+  email: string;
+  name: string;
+}
+
+export interface Service {
+  id: string;
+  name: string;
+  tier: number | null;
+  component: string | null;
+  teams: Team[];
+  slack_channels: string[];
+  alert_slack_channels: string[];
+  domain_experts: Expert[];
+  escalation: string;
+  slos: string[];
+  dashboard: string | null;
+  production_readiness_docs: string[];
+  notes: string | null;
+  docs: Record<string, string>;
+  aspiring_domain_experts: Expert[];
+}
+
+export type ServiceRegistry = {
+  [serviceName: string]: Service;
+};

src/types/index.ts

@@ -1,5 +1,7 @@
 import { IncomingMessage, Server, ServerResponse } from 'http';
 
+import { EventAlertType } from '@datadog/datadog-api-client/dist/packages/datadog-api-client-v1';
+import { Block, KnownBlock } from '@slack/types';
 import { FastifyInstance } from 'fastify';
 
 // e.g. the return type of `buildServer`
@@ -26,3 +28,40 @@ export interface KafkaControlPlaneResponse {
   title: string;
   body: string;
 }
+
+interface BaseSlackMessage {
+  type: 'slack';
+  text: string;
+  blocks?: KnownBlock[] | Block[];
+}
+
+export interface SlackChannel extends BaseSlackMessage {
+  channels: string[];
+}
+
+// Currently service registry is only used for Slack notifications since
+// it only contains Slack alert channels (and not DD or Jira or others)
+export interface ServiceSlackChannel extends BaseSlackMessage {
+  service_name: string;
+}
+export type SlackMessage = SlackChannel | ServiceSlackChannel;
+
+export interface DatadogEvent {
+  type: 'datadog';
+  title: string;
+  text: string;
+  tags: string[];
+  alertType: EventAlertType;
+}
+
+export interface JiraEvent {
+  type: 'jira';
+  projectId: string;
+  title: string;
+}
+
+export type GenericEvent = {
+  source: string;
+  timestamp: number;
+  data: (DatadogEvent | JiraEvent | SlackMessage)[];
+};

src/utils/misc/serviceRegistry.ts

@@ -0,0 +1,8 @@
+import servicesData from '@/service-registry/service_registry.json';
+import type { Service, ServiceRegistry } from '@/service-registry/types/index';
+
+const services: ServiceRegistry = servicesData;
+
+export function getService(serviceId: string): Service {
+  return services[serviceId];
+}

src/webhooks/README.md

@@ -3,6 +3,46 @@
 * Webhooks in "production" are deployed to a Google Cloud Run instance, in the project `super-big-data`. Why? (TODO insert why)
 * The webhook points to `https://product-eng-webhooks-vmrqv3f7nq-uw.a.run.app`
 
+## Generic Event Notifier
+
+The folder `generic-notifier` provides a generic webhook which can be used to send messages to Sentry Slack channels and Sentry Datadog.
+
+Simply, go to `@/config/secrets.ts` and add an entry to the `EVENT_NOTIFIER_SECRETS` object. This entry should contain a mapping from the source of the message (for example, `example-service`) to an environment variable. As of now, you will also need to edit `bin/deploy.sh` to add the new secret to the deployment and also add the secret to Google Secret Manager. Make a PR with this change and get it approved & merged.
+
+Once this has been deployed, all you have to do is send a POST request to `https://product-eng-webhooks-vmrqv3f7nq-uw.a.run.app/event-notifier/v1` with a JSON payload in the format of the type `GenericEvent` defined in `@/types/index.ts`. Currently, only Datadog and Slack messages are supported. Example:
+
+```json
+{
+ "source": "example-service", // This must match the mapping string you define in the EVENT_NOTIFIER_SECRETS obj
+ "timestamp": 0,
+ "data": [
+  {
+   "type": "slack", // Basic Slack message
+   "text": "Random text here", 
+   "channels": ["#aaaaaa"],
+   // Optionally, include Slack Blocks
+   "blocks": []
+  }, {
+   "type": "service_notification", // Slack message using service registry information
+   "service_name": "eng_pipes_gh_notifications", 
+   "text": "Random text here",
+   // Optionally, include Slack Blocks
+   "blocks": []
+  }, {
+   "type": "datadog", // Datadog message
+   "title": "This is an Example Notification",
+   "text": "Random text here",
+   "tags": ["source:example-service", "sentry-region:all", "sentry-user:bob"],
+   "alertType": "info"
+  }
+ ]
+}
+```
+
+Additionally, you must compute the HMAC SHA256 hash of the raw payload string computed with the secret key, and attach it to the `Authorization` header. EX: `Authorization: <Hash here>`
+
+TODO: Add the service registry configs to the deployed instance & replace the current dummy json at `@/service-registry/service_registry.json` with the actual service registry json.
+
 ## Adding a webhook to GoCD event emitter
 
 * goto [gocd](deploy.getsentry.net)

src/webhooks/generic-notifier/generic-notifier.test.ts

@@ -0,0 +1,105 @@
+import testInvalidPayload from '@test/payloads/generic-notifier/testInvalidPayload.json';
+import testPayload from '@test/payloads/generic-notifier/testPayload.json';
+import { createNotifierRequest } from '@test/utils/createGenericMessageRequest';
+
+import { buildServer } from '@/buildServer';
+import { DATADOG_API_INSTANCE } from '@/config';
+import { GenericEvent, SlackMessage } from '@/types';
+import { bolt } from '@api/slack';
+
+import { messageSlack } from './generic-notifier';
+
+describe('generic messages webhook', function () {
+  let fastify;
+  beforeEach(async function () {
+    fastify = await buildServer(false);
+  });
+
+  afterEach(function () {
+    fastify.close();
+    jest.clearAllMocks();
+  });
+
+  it('correctly inserts generic notifier when stage starts', async function () {
+    jest.spyOn(bolt.client.chat, 'postMessage').mockImplementation(jest.fn());
+    jest
+      .spyOn(DATADOG_API_INSTANCE, 'createEvent')
+      .mockImplementation(jest.fn());
+    const response = await createNotifierRequest(
+      fastify,
+      testPayload as GenericEvent
+    );
+
+    expect(response.statusCode).toBe(200);
+  });
+
+  it('returns 400 for an invalid source', async function () {
+    const response = await fastify.inject({
+      method: 'POST',
+      url: '/event-notifier/v1',
+      payload: testInvalidPayload,
+    });
+    expect(response.statusCode).toBe(400);
+  });
+  it('returns 400 for invalid signature', async function () {
+    const response = await fastify.inject({
+      method: 'POST',
+      url: '/event-notifier/v1',
+      headers: {
+        'x-infra-hub-signature': 'invalid',
+      },
+      payload: testPayload,
+    });
+    expect(response.statusCode).toBe(400);
+  });
+
+  it('returns 400 for no signature', async function () {
+    const response = await fastify.inject({
+      method: 'POST',
+      url: '/event-notifier/v1',
+      payload: testPayload,
+    });
+    expect(response.statusCode).toBe(400);
+  });
+
+  describe('messageSlack tests', function () {
+    afterEach(function () {
+      jest.clearAllMocks();
+    });
+
+    it('writes to slack', async function () {
+      const postMessageSpy = jest.spyOn(bolt.client.chat, 'postMessage');
+      await messageSlack(testPayload.data[0] as SlackMessage);
+      expect(postMessageSpy).toHaveBeenCalledTimes(1);
+      const message = postMessageSpy.mock.calls[0][0];
+      expect(message).toEqual({
+        channel: '#aaaaaa',
+        text: 'Random text here',
+        unfurl_links: false,
+      });
+    });
+  });
+
+  it('checks that slack msg is sent', async function () {
+    const postMessageSpy = jest.spyOn(bolt.client.chat, 'postMessage');
+    const response = await createNotifierRequest(
+      fastify,
+      testPayload as GenericEvent
+    );
+
+    expect(postMessageSpy).toHaveBeenCalledTimes(2);
+
+    expect(response.statusCode).toBe(200);
+  });
+  it('checks that dd msg is sent', async function () {
+    const ddMessageSpy = jest.spyOn(DATADOG_API_INSTANCE, 'createEvent');
+    const response = await createNotifierRequest(
+      fastify,
+      testPayload as GenericEvent
+    );
+
+    expect(ddMessageSpy).toHaveBeenCalledTimes(1);
+
+    expect(response.statusCode).toBe(200);
+  });
+});