pact_broker 2.22.0 → 2.23.0

data/lib/pact_broker/api/resources/all_webhooks.rb

@@ -0,0 +1,82 @@
+require 'pact_broker/services'
+require 'pact_broker/api/resources/base_resource'
+require 'pact_broker/api/decorators/webhooks_decorator'
+require 'pact_broker/api/decorators/webhook_decorator'
+require 'pact_broker/api/contracts/webhook_contract'
+
+module PactBroker
+  module Api
+    module Resources
+      class AllWebhooks < BaseResource
+
+        def content_types_provided
+          [["application/hal+json", :to_json]]
+        end
+
+        def content_types_accepted
+          [["application/json", :from_json]]
+        end
+
+        def allowed_methods
+          ["GET", "POST"]
+        end
+
+        def create_path
+          webhook_url next_uuid, base_url
+        end
+
+        def post_is_create?
+          true
+        end
+
+        def malformed_request?
+          if request.post?
+            return invalid_json? || validation_errors?(webhook)
+          end
+          false
+        end
+
+        def to_json
+          Decorators::WebhooksDecorator.new(webhooks).to_json(user_options: decorator_context(resource_title: "Webhooks"))
+        end
+
+        def from_json
+          saved_webhook = webhook_service.create next_uuid, webhook, consumer, provider
+          response.body = Decorators::WebhookDecorator.new(saved_webhook).to_json(user_options: { base_url: base_url })
+        end
+
+        private
+
+        def validation_errors? webhook
+          errors = webhook_service.errors(webhook)
+
+          unless errors.empty?
+            set_json_validation_error_messages(errors.messages)
+          end
+
+          !errors.empty?
+        end
+
+        def consumer
+          webhook.consumer ? pacticipant_service.find_pacticipant_by_name(webhook.consumer.name) : nil
+        end
+
+        def provider
+          webhook.provider ? pacticipant_service.find_pacticipant_by_name(webhook.provider.name) : nil
+        end
+
+        def webhooks
+          webhook_service.find_all
+        end
+
+        def webhook
+          @webhook ||= Decorators::WebhookDecorator.new(PactBroker::Domain::Webhook.new).from_json(request_body)
+        end
+
+        def next_uuid
+          @next_uuid ||= webhook_service.next_uuid
+        end
+      end
+    end
+  end
+end

data/lib/pact_broker/api/resources/base_resource.rb

@@ -152,6 +152,24 @@ module PactBroker
         def with_matrix_refresh &block
           matrix_service.refresh(identifier_from_path, &block)
         end
+
+        def find_pacticipant name, role
+          pacticipant_service.find_pacticipant_by_name(name).tap do | pacticipant |
+            set_json_error_message("No #{role} with name '#{name}' found") if pacticipant.nil?
+          end
+        end
+
+        def consumer
+          @consumer ||= identifier_from_path[:consumer_name] && find_pacticipant(identifier_from_path[:consumer_name], "consumer")
+        end
+
+        def provider
+          @provider ||= identifier_from_path[:provider_name] && find_pacticipant(identifier_from_path[:provider_name], "provider")
+        end
+
+        def pact
+          @pact ||= pact_service.find_pact(pact_params)
+        end
       end
     end
   end

data/lib/pact_broker/api/resources/error_handler.rb

@@ -11,7 +11,11 @@ module PactBroker
         def self.call e, request, response
           logger.error e
           logger.error e.backtrace
-          response.body = {:message => e.message, :backtrace => e.backtrace }.to_json
+          response_body = { error: { :message => e.message } }
+          if PactBroker.configuration.show_backtrace_in_error_response?
+            response_body[:error][:backtrace] = e.backtrace
+          end
+          response.body = response_body.to_json
           report(e, request) if reportable?(e)
         end
 

data/lib/pact_broker/api/resources/pact_triggered_webhooks.rb

@@ -0,0 +1,41 @@
+require 'pact_broker/api/decorators/triggered_webhooks_decorator'
+
+module PactBroker
+  module Api
+    module Resources
+      class PactTriggeredWebhooks < BaseResource
+        def allowed_methods
+          ["GET"]
+        end
+
+        def content_types_provided
+          [["application/hal+json", :to_json]]
+        end
+
+        def resource_exists?
+          !!pact
+        end
+
+        def to_json
+          Decorators::TriggeredWebhooksDecorator.new(triggered_webhooks).to_json(decorator_options)
+        end
+
+        private
+
+        def triggered_webhooks
+          webhook_service.find_triggered_webhooks_for_pact(pact)
+        end
+
+        def resource_title
+          "Webhooks triggered by the publication of the #{pact.name[0].downcase}#{pact.name[1..-1]}"
+        end
+
+        def decorator_options
+          {
+            user_options: decorator_context.merge(resource_title: resource_title)
+          }
+        end
+      end
+    end
+  end
+end

data/lib/pact_broker/api/resources/pact_webhooks.rb

@@ -1,4 +1,3 @@
-
 require 'pact_broker/api/resources/base_resource'
 require 'pact_broker/api/decorators/webhook_decorator'
 require 'pact_broker/api/decorators/webhooks_decorator'
@@ -24,7 +23,8 @@ module PactBroker
         end
 
         def resource_exists?
-          consumer && provider
+          (identifier_from_path[:consumer_name].nil? || consumer) &&
+            (identifier_from_path[:provider_name].nil? || provider)
         end
 
         def malformed_request?
@@ -76,19 +76,6 @@ module PactBroker
           @next_uuid ||= webhook_service.next_uuid
         end
 
-        def consumer
-          @consumer ||= find_pacticipant(identifier_from_path[:consumer_name], "consumer")
-        end
-
-        def provider
-          @provider ||= find_pacticipant(identifier_from_path[:provider_name], "provider")
-        end
-
-        def find_pacticipant name, role
-          pacticipant_service.find_pacticipant_by_name(name).tap do | pacticipant |
-            set_json_error_message("No #{role} with name '#{name}' found") if pacticipant.nil?
-          end
-        end
 
       end
     end

data/lib/pact_broker/api/resources/pact_webhooks_status.rb

@@ -27,7 +27,7 @@ module PactBroker
         private
 
         def latest_triggered_webhooks
-          @latest_triggered_webhooks ||= webhook_service.find_latest_triggered_webhooks(consumer, provider)
+          @latest_triggered_webhooks ||= webhook_service.find_latest_triggered_webhooks_for_pact(pact)
         end
 
         def pact

data/lib/pact_broker/api/resources/verification_triggered_webhooks.rb

@@ -0,0 +1,45 @@
+require 'pact_broker/api/decorators/triggered_webhooks_decorator'
+
+module PactBroker
+  module Api
+    module Resources
+      class VerificationTriggeredWebhooks < BaseResource
+        def allowed_methods
+          ["GET"]
+        end
+
+        def content_types_provided
+          [["application/hal+json", :to_json]]
+        end
+
+        def resource_exists?
+          !!verification
+        end
+
+        def to_json
+          Decorators::TriggeredWebhooksDecorator.new(triggered_webhooks).to_json(decorator_options)
+        end
+
+        private
+
+        def triggered_webhooks
+          webhook_service.find_triggered_webhooks_for_verification(verification)
+        end
+
+        def resource_title
+          "Webhooks triggered by the publication of verification result #{verification.number}"
+        end
+
+        def decorator_options
+          {
+            user_options: decorator_context.merge(resource_title: resource_title)
+          }
+        end
+
+        def verification
+          @verification ||= verification_service.find(identifier_from_path)
+        end
+      end
+    end
+  end
+end

data/lib/pact_broker/api/resources/webhook_execution.rb

@@ -14,7 +14,7 @@ module PactBroker
         end
 
         def process_post
-          webhook_execution_result = webhook_service.execute_webhook_now webhook, pact
+          webhook_execution_result = webhook_service.test_execution(webhook)
           response.headers['Content-Type'] = 'application/hal+json;charset=utf-8'
           response.body = post_response_body webhook_execution_result
           if webhook_execution_result.success?
@@ -39,10 +39,6 @@ module PactBroker
           @webhook ||= webhook_service.find_by_uuid uuid
         end
 
-        def pact
-          @pact ||= pact_service.find_latest_pact consumer_name: webhook.consumer_name, provider_name: webhook.provider_name
-        end
-
         def uuid
           identifier_from_path[:uuid]
         end

data/lib/pact_broker/api/resources/webhooks.rb

@@ -1,29 +1,92 @@
-require 'pact_broker/services'
 require 'pact_broker/api/resources/base_resource'
+require 'pact_broker/api/decorators/webhook_decorator'
 require 'pact_broker/api/decorators/webhooks_decorator'
+require 'pact_broker/api/contracts/webhook_contract'
 
 module PactBroker
   module Api
     module Resources
-
       class Webhooks < BaseResource
 
+        def allowed_methods
+          ["POST", "GET"]
+        end
+
         def content_types_provided
           [["application/hal+json", :to_json]]
         end
 
-        def allowed_methods
-          ["GET"]
+        def content_types_accepted
+          [["application/json", :from_json]]
+        end
+
+        def resource_exists?
+          (identifier_from_path[:consumer_name].nil? || consumer) &&
+            (identifier_from_path[:provider_name].nil? || provider)
+        end
+
+        def malformed_request?
+          if request.post?
+            return invalid_json? || validation_errors?(webhook)
+          end
+          false
+        end
+
+        def validation_errors? webhook
+          errors = webhook_service.errors(webhook)
+
+          unless errors.empty?
+            response.headers['Content-Type'] = 'application/hal+json;charset=utf-8'
+            response.body = { errors: errors.messages }.to_json
+          end
+
+          !errors.empty?
+        end
+
+        def create_path
+          webhook_url next_uuid, base_url
+        end
+
+        def post_is_create?
+          true
+        end
+
+        def from_json
+          saved_webhook = webhook_service.create next_uuid, webhook, consumer, provider
+          response.body = Decorators::WebhookDecorator.new(saved_webhook).to_json(user_options: { base_url: base_url })
         end
 
         def to_json
-          Decorators::WebhooksDecorator.new(webhooks).to_json(user_options: decorator_context(resource_title: "Webhooks"))
+          Decorators::WebhooksDecorator.new(webhooks).to_json(user_options: decorator_context(resource_title: 'Pact webhooks'))
         end
 
+        private
+
         def webhooks
-          webhook_service.find_all
+          webhook_service.find_by_consumer_and_provider consumer, provider
+        end
+
+        def webhook
+          @webhook ||= Decorators::WebhookDecorator.new(PactBroker::Domain::Webhook.new).from_json(request_body)
         end
 
+        def next_uuid
+          @next_uuid ||= webhook_service.next_uuid
+        end
+
+        def consumer
+          @consumer ||= identifier_from_path[:consumer_name] && find_pacticipant(identifier_from_path[:consumer_name], "consumer")
+        end
+
+        def provider
+          @provider ||= identifier_from_path[:provider_name] && find_pacticipant(identifier_from_path[:provider_name], "provider")
+        end
+
+        def find_pacticipant name, role
+          pacticipant_service.find_pacticipant_by_name(name).tap do | pacticipant |
+            set_json_error_message("No #{role} with name '#{name}' found") if pacticipant.nil?
+          end
+        end
       end
     end
   end

data/lib/pact_broker/configuration.rb

@@ -73,8 +73,7 @@ module PactBroker
       config.version_parser = PactBroker::Versions::ParseSemanticVersion
       config.sha_generator = PactBroker::Pacts::GenerateSha
       config.base_equality_only_on_content_that_affects_verification_results = false
-      # TODO change this to true
-      config.order_versions_by_date = false
+      config.order_versions_by_date = true
       config.semver_formats = ["%M.%m.%p%s%d", "%M.%m", "%M"]
       config.webhook_retry_schedule = [10, 60, 120, 300, 600, 1200] #10 sec, 1 min, 2 min, 5 min, 10 min, 20 min => 38 minutes
       config.check_for_potential_duplicate_pacticipant_names = true
@@ -92,6 +91,10 @@ module PactBroker
       }
     end
 
+    def show_backtrace_in_error_response?
+      !!(ENV['RACK_ENV'] && ENV['RACK_ENV'].downcase != 'production')
+    end
+
     def authentication_configured?
       !!authenticate || !!authenticate_with_basic_auth
     end

data/lib/pact_broker/doc/controllers/app.rb

@@ -13,8 +13,7 @@ module PactBroker
 
         MAPPINGS = {
           'webhooks-create' => 'webhooks',
-          'webhooks-webhooks' => 'webhooks',
-          'pact-webhooks' => 'webhooks',
+          'webhooks-webhooks' => 'webhooks'
         }.freeze
 
         helpers do

data/lib/pact_broker/doc/views/pact-webhooks.markdown

@@ -0,0 +1,3 @@
+# Pact webhooks
+
+This resource is deprecated, as it requires both a consumer and provider to be specified. See [/doc/webhooks](/doc/webhooks) for the latest documentation on creating webhooks that can have an optional consumer and provider.

data/lib/pact_broker/doc/views/webhooks.markdown

@@ -2,27 +2,28 @@
 
 *Collection resource*
 
-Path: `/webhooks/provider/PROVIDER/consumer/CONSUMER`
+Path: `/webhooks`
 
 Allowed methods: `GET`, `POST`
 
 *Individual resource*
 
-Path: `/webhook
-s/UUID`
+Path: `/webhook/UUID`
 
 Allowed methods: `GET`, `PUT`, `DELETE`
 
+Webhooks are HTTP requests that are executed asynchronously after certain events occur in the Pact Broker, that can be used to create a workflow or notify people of changes to the data contained in the Pact Broker. The most common use for webhooks is to trigger builds when a pact has changed or a verification result has been published, but they can also be used for conveying information like posting notifications to Slack, or commit statuses to Github.
+
 ### Creating
 
-1. To create a webhook, in the HAL Browser, navigate to the pact you want to create the webhook for
-(Click "Go to Entry Point", then select "latest-pacts", then select the pact you want to create the webhook for.)
-2. Click the "NON-GET" button for the "pact-webhooks" relation.
-3. Paste in the webhook JSON (example shown below) in the body section and click "Make Request".
+To create a webhook, send a `POST` request to `/webhooks` with the body described below. You can do this through the API Browser by clicking on the `NON-GET` button for the `pb:webhooks` relation on the index, pasting in the JSON body, and clicking "Make Request".
 
-An example webhook to trigger a Bamboo job when a contract has changed.
+Below is an example webhook to trigger a Bamboo job when any contract for the provider "Foo" has changed. Both provider and consumer are optional - omitting either indicates that any pacticipant in that role will be matched. Webhooks with neither provider nor consumer specified are "global" webhooks that will trigger for any consumer/provider pair.
 
     {
+      "provider": {
+        "name": "Bar"
+      },
       "events": [{
         "name": "contract_content_changed"
       }],
@@ -46,45 +47,42 @@ A request body can be specified as well.
       "request": {
         "method": "POST",
         "url": "http://example.org/something",
+        "headers": {
+          "Content-Type": "application/json"
+        },
         "body": {
           "some" : "json"
         }
       }
     }
 
-**BEWARE** The password can be reverse engineered from the database, so make a separate account for the Pact Broker to use, don't use your personal account!
-
-<a name="whitelist"></a>
-#### Webhook Whitelist
-
-To ensure that webhooks cannot be used maliciously to expose either data about your contracts or your internal network, the following validation rules are applied to webhooks via the Pact Broker configuration settings.
-
-* **Scheme**: Must be included in the `webhook_scheme_whitelist`, which by default only includes `https`. You can change this to include `http` if absolutely necessary, however, keep in mind that the body of any http traffic is visible to the network. You can load a self signed certificate into the Pact Broker to be used for https connections using [script/insert-self-signed-certificate-from-url.rb](https://github.com/pact-foundation/pact_broker/blob/master/script/insert-self-signed-certificate-from-url.rb) in the
-Pact Broker Github repository.
-
-* **HTTP method**: Must be included in the `webhook_http_method_whitelist`, which by default only includes `POST`. It is highly recommended that only `POST` requests are allowed to ensure that webhooks cannot be used to retrieve sensitive information from hosts within the same network.
-
-* **Host**: If the `webhook_host_whitelist` contains any entries, the host must match one or more of the entries. By default, it is empty. For security purposes, if the host whitelist is empty, the response details will not be logged to the UI (though they can be seen in the application logs at debug level).
-
-  The host whitelist may contain hostnames (eg `"github.com"`), IPs (eg `"192.0.345.4"`), network ranges (eg `"10.0.0.0/8"`) or regular expressions (eg `/.*\.foo\.com$/`). Note that IPs are not resolved, so if you specify an IP range, you need to use the IP in the webhook URL. If you wish to allow webhooks to any host (not recommended!), you can set `webhook_host_whitelist` to `[/.*/]`. Beware of any sensitive endpoints that may be exposed within the same network.
-
-  The recommended set of values to start with are:
-
-    * your CI server's hostname (for triggering builds)
-    * your company chat (eg. Slack, for publishing notifications)
-    * your code repository (eg. Github, for sending commit statuses)
+To specify an XML body, you will need to use a correctly escaped string (or use single quotes if allowed).
+
+        {
+          "events": [{
+            "name": "contract_content_changed"
+          }],
+          "request": {
+            "method": "POST",
+            "url": "http://example.org/something",
+            "headers": {
+              "Content-Type": "application/xml"
+            },
+            "body": "<xml \"foo\"=\"bar\"></xml>"
+          }
+        }
 
-  Alternatively, you could use a regular expression to limit requests to your company's domain. eg `/.*\.foo\.com$/` (don't forget the end of string anchor). You can test Ruby regular expressions at [rubular.com](http://rubular.com).
+**BEWARE** While the basic auth password, and any header containing the word `authorization` or `token` will be redacted from the UI and the logs, the password could be reverse engineered from the database, so make a separate account for the Pact Broker to use in your webhooks. Don't use your personal account!
 
 #### Event types
 
-`contract_content_changed:` triggered when the content of the contract has changed since the previous publication. Uses plain string equality, so changes to the ordering of hash keys, or whitespace changes will trigger this webhook.
+`contract_content_changed:` triggered when the content of the contract has changed since the previous publication. If `base_equality_only_on_content_that_affects_verification_results` is set to `true` in the configuration (the default), any changes to whitespace, ordering of keys, or the ordering of the `interactions` or `messages` will be ignored, and will not trigger this event.
 
 `provider_verification_published:` triggered whenever a provider publishes a verification.
 
 ### Dynamic variable substitution
 
-The following variables may be used in the request parameters or body, and will be replaced with their appropriate values at runtime.
+The following variables may be used in the request path, parameters or body, and will be replaced with their appropriate values at runtime.
 
 `${pactbroker.consumerName}`: the consumer name
 `${pactbroker.providerName}`: the provider name
@@ -111,9 +109,31 @@ Example usage:
       }
     }
 
+<a name="whitelist"></a>
+### Webhook Whitelist
+
+To ensure that webhooks cannot be used maliciously to expose either data about your contracts or your internal network, the following validation rules are applied to webhooks via the Pact Broker configuration settings.
+
+* **Scheme**: Must be included in the `webhook_scheme_whitelist`, which by default only includes `https`. You can change this to include `http` if absolutely necessary, however, keep in mind that the body of any http traffic is visible to the network. You can load a self signed certificate into the Pact Broker to be used for https connections using [script/insert-self-signed-certificate-from-url.rb](https://github.com/pact-foundation/pact_broker/blob/master/script/insert-self-signed-certificate-from-url.rb) in the
+Pact Broker Github repository.
+
+* **HTTP method**: Must be included in the `webhook_http_method_whitelist`, which by default only includes `POST`. It is highly recommended that only `POST` requests are allowed to ensure that webhooks cannot be used to retrieve sensitive information from hosts within the same network.
+
+* **Host**: If the `webhook_host_whitelist` contains any entries, the host must match one or more of the entries. By default, it is empty. For security purposes, if the host whitelist is empty, the response details will not be logged to the UI (though they can be seen in the application logs at debug level).
+
+  The host whitelist may contain hostnames (eg `"github.com"`), IPs (eg `"192.0.345.4"`), network ranges (eg `"10.0.0.0/8"`) or regular expressions (eg `/.*\.foo\.com$/`). Note that IPs are not resolved, so if you specify an IP range, you need to use the IP in the webhook URL. If you wish to allow webhooks to any host (not recommended!), you can set `webhook_host_whitelist` to `[/.*/]`. Beware of any sensitive endpoints that may be exposed within the same network.
+
+  The recommended set of values to start with are:
+
+    * your CI server's hostname (for triggering builds)
+    * your company chat (eg. Slack, for publishing notifications)
+    * your code repository (eg. Github, for sending commit statuses)
+
+  Alternatively, you could use a regular expression to limit requests to your company's domain. eg `/.*\.foo\.com$/` (don't forget the end of string anchor). You can test Ruby regular expressions at [rubular.com](http://rubular.com).
+
 ### Testing
 
-To test a webhook, navigate to the webhook in the HAL browser, then make a POST request to the "execute" relation. The response or error will be shown in the window.
+To test a webhook, navigate to the webhook in the HAL browser, then make a POST request to the "pb:execute" relation. The latest matching pact/verification will be used in the template, or a placeholder if none exists. The response or error will be shown in the window.
 
 ### Deleting