zulip/zerver/webhooks/harbor/view.py

# Webhooks for external integrations.
from typing import Any, Dict, Optional

from django.db.models import Q
from django.http import HttpRequest, HttpResponse

from zerver.decorator import webhook_view
from zerver.lib.exceptions import UnsupportedWebhookEventType
from zerver.lib.request import REQ, has_request_variables
from zerver.lib.response import json_success
from zerver.lib.webhooks.common import check_send_webhook_message
from zerver.models import Realm, UserProfile

IGNORED_EVENTS = [
    "downloadChart",
    "deleteChart",
    "uploadChart",
    "pullImage",
    "deleteImage",
    "scanningFailed",
]


def guess_zulip_user_from_harbor(harbor_username: str, realm: Realm) -> Optional[UserProfile]:
    try:
        # Try to find a matching user in Zulip
        # We search a user's full name, short name,
        # and beginning of email address
        user = UserProfile.objects.filter(
            Q(full_name__iexact=harbor_username) | Q(email__istartswith=harbor_username),
            is_active=True,
            realm=realm,
        ).order_by("id")[0]
        return user  # nocoverage
    except IndexError:
        return None


def handle_push_image_event(
    payload: Dict[str, Any], user_profile: UserProfile, operator_username: str
) -> str:
    image_name = payload["event_data"]["repository"]["repo_full_name"]
    image_tag = payload["event_data"]["resources"][0]["tag"]

    return f"{operator_username} pushed image `{image_name}:{image_tag}`"


VULNERABILITY_SEVERITY_NAME_MAP = {
    1: "None",
    2: "Unknown",
    3: "Low",
    4: "Medium",
    5: "High",
}

SCANNING_COMPLETED_TEMPLATE = """
Image scan completed for `{image_name}:{image_tag}`. Vulnerabilities by severity:

{scan_results}
""".strip()


def handle_scanning_completed_event(
    payload: Dict[str, Any], user_profile: UserProfile, operator_username: str
) -> str:
    scan_results = ""
    scan_summaries = payload["event_data"]["resources"][0]["scan_overview"]["components"]["summary"]
    summaries_sorted = sorted(scan_summaries, key=lambda x: x["severity"], reverse=True)
    for scan_summary in summaries_sorted:
        scan_results += "* {}: **{}**\n".format(
            VULNERABILITY_SEVERITY_NAME_MAP[scan_summary["severity"]], scan_summary["count"]
        )

    return SCANNING_COMPLETED_TEMPLATE.format(
        image_name=payload["event_data"]["repository"]["repo_full_name"],
        image_tag=payload["event_data"]["resources"][0]["tag"],
        scan_results=scan_results,
    )


EVENT_FUNCTION_MAPPER = {
    "pushImage": handle_push_image_event,
    "scanningCompleted": handle_scanning_completed_event,
}

ALL_EVENT_TYPES = list(EVENT_FUNCTION_MAPPER.keys())


@webhook_view("Harbor", all_event_types=ALL_EVENT_TYPES)
@has_request_variables
def api_harbor_webhook(
    request: HttpRequest,
    user_profile: UserProfile,
    payload: Dict[str, Any] = REQ(argument_type="body"),
) -> HttpResponse:

    operator_username = "**{}**".format(payload["operator"])

    if operator_username != "auto":
        operator_profile = guess_zulip_user_from_harbor(operator_username, user_profile.realm)

    if operator_profile:
        operator_username = f"@**{operator_profile.full_name}**"  # nocoverage

    event = payload["type"]
    topic = payload["event_data"]["repository"]["repo_full_name"]

    if event in IGNORED_EVENTS:
        return json_success(request)

    content_func = EVENT_FUNCTION_MAPPER.get(event)

    if content_func is None:
        raise UnsupportedWebhookEventType(event)

    content: str = content_func(payload, user_profile, operator_username)

    check_send_webhook_message(
        request, user_profile, topic, content, event, unquote_url_parameters=True
    )
    return json_success(request)
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00			`# Webhooks for external integrations.`
			`from typing import Any, Dict, Optional`

			`from django.db.models import Q`
			`from django.http import HttpRequest, HttpResponse`

webhooks: Rename api_key_only_webhook_view to webhook_view. There are no other types of webhook views; this is more concise. 2020-08-20 00:32:15 +02:00			`from zerver.decorator import webhook_view`
webhooks: Rename UnexpectedWebhookEventType to UnsupportedWebhookEventType. Any exception is an "unexpected event", which means talking about having an "unexpected event logger" or "unexpected event exception" is confusing. As the error message in `exceptions.py` already explains, this is about an _unsupported_ event type. This also switches the path that these exceptions are written to, accordingly. 2020-08-19 22:26:38 +02:00			`from zerver.lib.exceptions import UnsupportedWebhookEventType`
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00			`from zerver.lib.request import REQ, has_request_variables`
			`from zerver.lib.response import json_success`
webhooks: Move UnexpectedWebhookEventType into zerver.lib.exceptions. 8e10ab282a moved UnexpectedWebhookEventType into `zerver.lib.exceptions`, but left the import into `zserver.lib.webhooks.common` so that webhooks could continue to import the exception from there. This clutters things and adds complexity; there is no compelling reason that the exception's source of truth should not move alongside all other exceptions. 2020-08-19 22:14:40 +02:00			`from zerver.lib.webhooks.common import check_send_webhook_message`
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00			`from zerver.models import Realm, UserProfile`

			`IGNORED_EVENTS = [`
			`"downloadChart",`
			`"deleteChart",`
			`"uploadChart",`
			`"pullImage",`
			`"deleteImage",`
python: Use trailing commas consistently. Automatically generated by the following script, based on the output of lint with flake8-comma: import re import sys last_filename = None last_row = None lines = [] for msg in sys.stdin: m = re.match( r"\x1b\[35mflake8 \\|\x1b\[0m \x1b\[1;31m(.+):(\d+):(\d+): (\w+)", msg ) if m: filename, row_str, col_str, err = m.groups() row, col = int(row_str), int(col_str) if filename == last_filename: assert last_row != row else: if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) with open(filename) as f: lines = f.readlines() last_filename = filename last_row = row line = lines[row - 1] if err in ["C812", "C815"]: lines[row - 1] = line[: col - 1] + "," + line[col - 1 :] elif err in ["C819"]: assert line[col - 2] == "," lines[row - 1] = line[: col - 2] + line[col - 1 :].lstrip(" ") if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2020-04-10 05:23:40 +02:00			`"scanningFailed",`
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00			`]`


			`def guess_zulip_user_from_harbor(harbor_username: str, realm: Realm) -> Optional[UserProfile]:`
			`try:`
			`# Try to find a matching user in Zulip`
			`# We search a user's full name, short name,`
			`# and beginning of email address`
			`user = UserProfile.objects.filter(`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`Q(full_name__iexact=harbor_username) \| Q(email__istartswith=harbor_username),`
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00			`is_active=True,`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`realm=realm,`
			`).order_by("id")[0]`
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00			`return user # nocoverage`
			`except IndexError:`
			`return None`


python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`def handle_push_image_event(`
			`payload: Dict[str, Any], user_profile: UserProfile, operator_username: str`
			`) -> str:`
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00			`image_name = payload["event_data"]["repository"]["repo_full_name"]`
			`image_tag = payload["event_data"]["resources"][0]["tag"]`

python: Convert more "".format to Python 3.6 f-strings. Generated by pyupgrade --py36-plus --keep-percent-format, with more restrictions patched out. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-10 06:40:53 +02:00			return f"{operator_username} pushed image `{image_name}:{image_tag}`"
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00

			`VULNERABILITY_SEVERITY_NAME_MAP = {`
			`1: "None",`
			`2: "Unknown",`
			`3: "Low",`
			`4: "Medium",`
			`5: "High",`
			`}`

			`SCANNING_COMPLETED_TEMPLATE = """`
			Image scan completed for `{image_name}:{image_tag}`. Vulnerabilities by severity:

			`{scan_results}`
			`""".strip()`


python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`def handle_scanning_completed_event(`
			`payload: Dict[str, Any], user_profile: UserProfile, operator_username: str`
			`) -> str:`
python: Modernize legacy Python 2 syntax with pyupgrade. Generated by `pyupgrade --py3-plus --keep-percent-format` on all our Python code except `zthumbor` and `zulip-ec2-configure-interfaces`, followed by manual indentation fixes. Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2020-04-09 21:51:58 +02:00			`scan_results = ""`
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00			`scan_summaries = payload["event_data"]["resources"][0]["scan_overview"]["components"]["summary"]`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`summaries_sorted = sorted(scan_summaries, key=lambda x: x["severity"], reverse=True)`
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00			`for scan_summary in summaries_sorted:`
python: Modernize legacy Python 2 syntax with pyupgrade. Generated by `pyupgrade --py3-plus --keep-percent-format` on all our Python code except `zthumbor` and `zulip-ec2-configure-interfaces`, followed by manual indentation fixes. Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2020-04-09 21:51:58 +02:00			`scan_results += "* {}: {}\n".format(`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`VULNERABILITY_SEVERITY_NAME_MAP[scan_summary["severity"]], scan_summary["count"]`
			`)`
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00
			`return SCANNING_COMPLETED_TEMPLATE.format(`
			`image_name=payload["event_data"]["repository"]["repo_full_name"],`
			`image_tag=payload["event_data"]["resources"][0]["tag"],`
python: Use trailing commas consistently. Automatically generated by the following script, based on the output of lint with flake8-comma: import re import sys last_filename = None last_row = None lines = [] for msg in sys.stdin: m = re.match( r"\x1b\[35mflake8 \\|\x1b\[0m \x1b\[1;31m(.+):(\d+):(\d+): (\w+)", msg ) if m: filename, row_str, col_str, err = m.groups() row, col = int(row_str), int(col_str) if filename == last_filename: assert last_row != row else: if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) with open(filename) as f: lines = f.readlines() last_filename = filename last_row = row line = lines[row - 1] if err in ["C812", "C815"]: lines[row - 1] = line[: col - 1] + "," + line[col - 1 :] elif err in ["C819"]: assert line[col - 2] == "," lines[row - 1] = line[: col - 2] + line[col - 1 :].lstrip(" ") if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2020-04-10 05:23:40 +02:00			`scan_results=scan_results,`
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00			`)`


			`EVENT_FUNCTION_MAPPER = {`
			`"pushImage": handle_push_image_event,`
			`"scanningCompleted": handle_scanning_completed_event,`
			`}`

webhooks: Add support to event filtering system for webhooks. This add support to event filtering system for most webhooks that require trivial changes to adapt this feature. 2021-07-16 11:40:46 +02:00			`ALL_EVENT_TYPES = list(EVENT_FUNCTION_MAPPER.keys())`
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00
webhooks: Add support to event filtering system for webhooks. This add support to event filtering system for most webhooks that require trivial changes to adapt this feature. 2021-07-16 11:40:46 +02:00
			`@webhook_view("Harbor", all_event_types=ALL_EVENT_TYPES)`
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00			`@has_request_variables`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`def api_harbor_webhook(`
			`request: HttpRequest,`
			`user_profile: UserProfile,`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`payload: Dict[str, Any] = REQ(argument_type="body"),`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`) -> HttpResponse:`
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00
python: Modernize legacy Python 2 syntax with pyupgrade. Generated by `pyupgrade --py3-plus --keep-percent-format` on all our Python code except `zthumbor` and `zulip-ec2-configure-interfaces`, followed by manual indentation fixes. Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2020-04-09 21:51:58 +02:00			`operator_username = "{}".format(payload["operator"])`
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00
			`if operator_username != "auto":`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`operator_profile = guess_zulip_user_from_harbor(operator_username, user_profile.realm)`
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00
			`if operator_profile:`
python: Convert "".format to Python 3.6 f-strings. Generated by pyupgrade --py36-plus --keep-percent-format, but with the NamedTuple changes reverted (see commit ba7906a3c657905fa35bbcfb4e97b053f050272d, #15132). Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-09 00:25:09 +02:00			`operator_username = f"@{operator_profile.full_name}" # nocoverage`
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00
			`event = payload["type"]`
			`topic = payload["event_data"]["repository"]["repo_full_name"]`

			`if event in IGNORED_EVENTS:`
backend: Add request as parameter to json_success. Adds request as a parameter to json_success as a refactor towards making `ignored_parameters_unsupported` functionality available for all API endpoints. Also, removes any data parameters that are an empty dict or a dict with the generic success response values. 2022-01-31 13:44:02 +01:00			`return json_success(request)`
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00
			`content_func = EVENT_FUNCTION_MAPPER.get(event)`

			`if content_func is None:`
webhooks: Remove repetitive argument to UnsupportedWebhookEventType. The name of the webhook can be added by the webhook decorator. 2020-08-20 00:50:06 +02:00			`raise UnsupportedWebhookEventType(event)`
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00
python: Convert assignment type annotations to Python 3.6 style. This commit was split by tabbott; this piece covers the vast majority of files in Zulip, but excludes scripts/, tools/, and puppet/ to help ensure we at least show the right error messages for Xenial systems. We can likely further refine the remaining pieces with some testing. Generated by com2ann, with whitespace fixes and various manual fixes for runtime issues: - invoiced_through: Optional[LicenseLedger] = models.ForeignKey( + invoiced_through: Optional["LicenseLedger"] = models.ForeignKey( -_apns_client: Optional[APNsClient] = None +_apns_client: Optional["APNsClient"] = None - notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - signup_notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + signup_notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - author: Optional[UserProfile] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) + author: Optional["UserProfile"] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) - bot_owner: Optional[UserProfile] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) + bot_owner: Optional["UserProfile"] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) - default_sending_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) - default_events_register_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_sending_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_events_register_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) -descriptors_by_handler_id: Dict[int, ClientDescriptor] = {} +descriptors_by_handler_id: Dict[int, "ClientDescriptor"] = {} -worker_classes: Dict[str, Type[QueueProcessingWorker]] = {} -queues: Dict[str, Dict[str, Type[QueueProcessingWorker]]] = {} +worker_classes: Dict[str, Type["QueueProcessingWorker"]] = {} +queues: Dict[str, Dict[str, Type["QueueProcessingWorker"]]] = {} -AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional[LDAPSearch] = None +AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional["LDAPSearch"] = None Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2020-04-22 01:09:50 +02:00			`content: str = content_func(payload, user_profile, operator_username)`
webhooks: Add Harbor webhook integration. 2019-10-20 02:12:00 +02:00
webhooks: Add support to event filtering system for webhooks. This add support to event filtering system for most webhooks that require trivial changes to adapt this feature. 2021-07-16 11:40:46 +02:00			`check_send_webhook_message(`
			`request, user_profile, topic, content, event, unquote_url_parameters=True`
			`)`
backend: Add request as parameter to json_success. Adds request as a parameter to json_success as a refactor towards making `ignored_parameters_unsupported` functionality available for all API endpoints. Also, removes any data parameters that are an empty dict or a dict with the generic success response values. 2022-01-31 13:44:02 +01:00			`return json_success(request)`