mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-14 15:48:53 +00:00
feat: M19 API audit log + M16a notifier connectors (Slack, Teams, PagerDuty, OpsGenie)
M19: HTTP middleware records every API call to the immutable audit trail with method, path, actor, SHA-256 body hash, status, and latency. Best-effort async recording via goroutine. Health/ready probes excluded. M16a: Four pluggable notifier connectors — Slack (incoming webhook), Teams (MessageCard), PagerDuty (Events API v2), OpsGenie (Alert API v2). Each enabled by config env var. 30 new tests across middleware and connectors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Shankar
@@ -0,0 +1,100 @@
|
||||
package pagerduty
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"time"
|
||||
)
|
||||
|
||||
const eventsAPIURL = "https://events.pagerduty.com/v2/enqueue"
|
||||
|
||||
// Config holds configuration for the PagerDuty notifier.
|
||||
type Config struct {
|
||||
// RoutingKey is the PagerDuty Events API v2 integration/routing key.
|
||||
RoutingKey string `json:"routing_key"`
|
||||
// Severity is the default event severity (critical, error, warning, info).
|
||||
// Defaults to "warning" if not set.
|
||||
Severity string `json:"severity,omitempty"`
|
||||
}
|
||||
|
||||
// Notifier sends notifications to PagerDuty via the Events API v2.
|
||||
type Notifier struct {
|
||||
config Config
|
||||
httpClient *http.Client
|
||||
}
|
||||
|
||||
// New creates a new PagerDuty notifier.
|
||||
func New(config Config) *Notifier {
|
||||
if config.Severity == "" {
|
||||
config.Severity = "warning"
|
||||
}
|
||||
return &Notifier{
|
||||
config: config,
|
||||
httpClient: &http.Client{
|
||||
Timeout: 10 * time.Second,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// Channel returns the channel identifier.
|
||||
func (n *Notifier) Channel() string {
|
||||
return "PagerDuty"
|
||||
}
|
||||
|
||||
// Send delivers a notification to PagerDuty as a trigger event.
|
||||
func (n *Notifier) Send(ctx context.Context, recipient string, subject string, body string) error {
|
||||
event := pdEvent{
|
||||
RoutingKey: n.config.RoutingKey,
|
||||
EventAction: "trigger",
|
||||
Payload: pdPayload{
|
||||
Summary: subject,
|
||||
Severity: n.config.Severity,
|
||||
Source: "certctl",
|
||||
CustomDetails: map[string]string{
|
||||
"body": body,
|
||||
"recipient": recipient,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
jsonBytes, err := json.Marshal(event)
|
||||
if err != nil {
|
||||
return fmt.Errorf("pagerduty: failed to marshal payload: %w", err)
|
||||
}
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, http.MethodPost, eventsAPIURL, bytes.NewReader(jsonBytes))
|
||||
if err != nil {
|
||||
return fmt.Errorf("pagerduty: failed to create request: %w", err)
|
||||
}
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
|
||||
resp, err := n.httpClient.Do(req)
|
||||
if err != nil {
|
||||
return fmt.Errorf("pagerduty: request failed: %w", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
if resp.StatusCode != http.StatusAccepted && resp.StatusCode != http.StatusOK {
|
||||
respBody, _ := io.ReadAll(resp.Body)
|
||||
return fmt.Errorf("pagerduty: API returned HTTP %d: %s", resp.StatusCode, string(respBody))
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
type pdEvent struct {
|
||||
RoutingKey string `json:"routing_key"`
|
||||
EventAction string `json:"event_action"`
|
||||
Payload pdPayload `json:"payload"`
|
||||
}
|
||||
|
||||
type pdPayload struct {
|
||||
Summary string `json:"summary"`
|
||||
Severity string `json:"severity"`
|
||||
Source string `json:"source"`
|
||||
CustomDetails map[string]string `json:"custom_details,omitempty"`
|
||||
}
|
||||
@@ -0,0 +1,144 @@
|
||||
package pagerduty
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"strings"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestPagerDuty_Channel(t *testing.T) {
|
||||
n := New(Config{RoutingKey: "test-key"})
|
||||
if n.Channel() != "PagerDuty" {
|
||||
t.Errorf("expected channel PagerDuty, got %s", n.Channel())
|
||||
}
|
||||
}
|
||||
|
||||
func TestPagerDuty_DefaultSeverity(t *testing.T) {
|
||||
n := New(Config{RoutingKey: "test-key"})
|
||||
if n.config.Severity != "warning" {
|
||||
t.Errorf("expected default severity 'warning', got %s", n.config.Severity)
|
||||
}
|
||||
}
|
||||
|
||||
func TestPagerDuty_CustomSeverity(t *testing.T) {
|
||||
n := New(Config{RoutingKey: "test-key", Severity: "critical"})
|
||||
if n.config.Severity != "critical" {
|
||||
t.Errorf("expected severity 'critical', got %s", n.config.Severity)
|
||||
}
|
||||
}
|
||||
|
||||
func TestPagerDuty_SendSuccess(t *testing.T) {
|
||||
var receivedEvent pdEvent
|
||||
|
||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method != http.MethodPost {
|
||||
t.Errorf("expected POST, got %s", r.Method)
|
||||
}
|
||||
if ct := r.Header.Get("Content-Type"); ct != "application/json" {
|
||||
t.Errorf("expected application/json, got %s", ct)
|
||||
}
|
||||
if err := json.NewDecoder(r.Body).Decode(&receivedEvent); err != nil {
|
||||
t.Fatalf("failed to decode payload: %v", err)
|
||||
}
|
||||
w.WriteHeader(http.StatusAccepted)
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
// Override the events URL for testing — use a custom HTTP client that redirects
|
||||
n := New(Config{RoutingKey: "test-routing-key", Severity: "error"})
|
||||
// We can't easily override the const URL, so test with a direct HTTP call approach.
|
||||
// Instead, test the payload structure by calling Send with a mock server.
|
||||
// We need to make the notifier use our test server URL.
|
||||
// The simplest way: create the notifier, then manually set the URL by using the test server.
|
||||
// Since eventsAPIURL is a const, we'll test by replacing the http client's transport.
|
||||
|
||||
// Alternative approach: just test that the method constructs the right payload
|
||||
// by using a custom transport that intercepts the request.
|
||||
n.httpClient = server.Client()
|
||||
|
||||
// For this test, we need to override the target URL. Since it's a package-level const,
|
||||
// we'll create a custom RoundTripper that redirects to our test server.
|
||||
originalURL := eventsAPIURL
|
||||
_ = originalURL // just to avoid unused var in case we reference it
|
||||
|
||||
transport := &urlRewriteTransport{
|
||||
target: server.URL,
|
||||
transport: http.DefaultTransport,
|
||||
}
|
||||
n.httpClient = &http.Client{Transport: transport}
|
||||
|
||||
err := n.Send(context.Background(), "oncall@example.com", "Cert Expired", "mc-api-prod has expired")
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
|
||||
if receivedEvent.RoutingKey != "test-routing-key" {
|
||||
t.Errorf("expected routing key test-routing-key, got %s", receivedEvent.RoutingKey)
|
||||
}
|
||||
if receivedEvent.EventAction != "trigger" {
|
||||
t.Errorf("expected event action trigger, got %s", receivedEvent.EventAction)
|
||||
}
|
||||
if receivedEvent.Payload.Summary != "Cert Expired" {
|
||||
t.Errorf("expected summary 'Cert Expired', got %s", receivedEvent.Payload.Summary)
|
||||
}
|
||||
if receivedEvent.Payload.Severity != "error" {
|
||||
t.Errorf("expected severity error, got %s", receivedEvent.Payload.Severity)
|
||||
}
|
||||
if receivedEvent.Payload.Source != "certctl" {
|
||||
t.Errorf("expected source certctl, got %s", receivedEvent.Payload.Source)
|
||||
}
|
||||
if receivedEvent.Payload.CustomDetails["body"] != "mc-api-prod has expired" {
|
||||
t.Errorf("expected body in custom_details, got %v", receivedEvent.Payload.CustomDetails)
|
||||
}
|
||||
if receivedEvent.Payload.CustomDetails["recipient"] != "oncall@example.com" {
|
||||
t.Errorf("expected recipient in custom_details, got %v", receivedEvent.Payload.CustomDetails)
|
||||
}
|
||||
}
|
||||
|
||||
func TestPagerDuty_SendHTTPError(t *testing.T) {
|
||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
w.Write([]byte(`{"status":"invalid","message":"bad routing key"}`))
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
n := New(Config{RoutingKey: "bad-key"})
|
||||
n.httpClient = &http.Client{Transport: &urlRewriteTransport{target: server.URL, transport: http.DefaultTransport}}
|
||||
|
||||
err := n.Send(context.Background(), "", "Test", "body")
|
||||
if err == nil {
|
||||
t.Fatal("expected error, got nil")
|
||||
}
|
||||
if !strings.Contains(err.Error(), "HTTP 400") {
|
||||
t.Errorf("expected HTTP 400 in error, got %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestPagerDuty_SendConnectionError(t *testing.T) {
|
||||
n := New(Config{RoutingKey: "test-key"})
|
||||
n.httpClient = &http.Client{Transport: &urlRewriteTransport{target: "http://127.0.0.1:1", transport: http.DefaultTransport}}
|
||||
|
||||
err := n.Send(context.Background(), "", "Test", "body")
|
||||
if err == nil {
|
||||
t.Fatal("expected connection error, got nil")
|
||||
}
|
||||
if !strings.Contains(err.Error(), "request failed") {
|
||||
t.Errorf("expected 'request failed' in error, got %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
// urlRewriteTransport redirects all requests to a test server URL.
|
||||
type urlRewriteTransport struct {
|
||||
target string
|
||||
transport http.RoundTripper
|
||||
}
|
||||
|
||||
func (t *urlRewriteTransport) RoundTrip(req *http.Request) (*http.Response, error) {
|
||||
req = req.Clone(req.Context())
|
||||
req.URL.Scheme = "http"
|
||||
req.URL.Host = strings.TrimPrefix(t.target, "http://")
|
||||
return t.transport.RoundTrip(req)
|
||||
}
|
||||
Reference in New Issue
Block a user