Merge pull request #133 from leanix/feature/CID-3890/Only-support-configured-Webhook-Events

CID-3890: Only support configured Webhook Events

Author: mohamedlajmileanix

src/main/kotlin/net/leanix/githubagent/dto/GenericWebhookEvent.kt

@@ -0,0 +1,8 @@
+package net.leanix.githubagent.dto
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+class GenericWebhookEvent(
+    val action: String? = null
+)

src/main/kotlin/net/leanix/githubagent/handler/BrokerStompSessionHandler.kt

@@ -18,6 +18,7 @@ class BrokerStompSessionHandler(
     private val repositoryGetHandler: RepositoryGetHandler,
     private val installationGetHandler: InstallationGetHandler,
     private val fullScanHandler: FullScanHandler,
+    private val configurationSetHandler: ConfigurationSetHandler,
     private val eventPublisher: ApplicationEventPublisher
 ) : StompSessionHandlerAdapter() {
     @Lazy
@@ -35,6 +36,7 @@ class BrokerStompSessionHandler(
         session.subscribe("/user/queue/message/repository", repositoryGetHandler)
         session.subscribe("/user/queue/message/installation", installationGetHandler)
         session.subscribe("/user/queue/message/fullScan", fullScanHandler)
+        session.subscribe("/user/queue/message/configurationSet", configurationSetHandler)
         eventPublisher.publishEvent(ConnectionEstablishedEvent())
     }
 

src/main/kotlin/net/leanix/githubagent/handler/ConfigurationSetHandler.kt

@@ -0,0 +1,36 @@
+package net.leanix.githubagent.handler
+
+import net.leanix.githubagent.services.GitHubWebhookService
+import org.slf4j.LoggerFactory
+import org.springframework.messaging.simp.stomp.StompFrameHandler
+import org.springframework.messaging.simp.stomp.StompHeaders
+import org.springframework.stereotype.Component
+import java.lang.reflect.Type
+
+@Component
+class ConfigurationSetHandler : StompFrameHandler {
+
+    private val logger = LoggerFactory.getLogger(ConfigurationSetHandler::class.java)
+
+    override fun getPayloadType(headers: StompHeaders): Type {
+        return AgentConfigurationRequest::class.java
+    }
+
+    override fun handleFrame(headers: StompHeaders, payload: Any?) {
+        payload?.let {
+            val config = payload as AgentConfigurationRequest
+            logger.info("Received configuration set message from server")
+            runCatching {
+                config.supportedWebhookEvents?.let { supportedEvents ->
+                    GitHubWebhookService.updateSupportedWebhookEvents(supportedEvents)
+                    logger.info(
+                        "Supported webhook events updated: ${GitHubWebhookService.getSupportedWebhookEvents()}"
+                    )
+                }
+            }
+        }
+    }
+}
+
+data class SupportedWebhookEvent(val eventType: String, val actions: List<String>)
+data class AgentConfigurationRequest(val supportedWebhookEvents: List<SupportedWebhookEvent>?)

src/main/kotlin/net/leanix/githubagent/services/GitHubWebhookService.kt

@@ -1,9 +1,11 @@
 package net.leanix.githubagent.services
 
+import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper
 import net.leanix.githubagent.config.GitHubEnterpriseProperties
+import net.leanix.githubagent.dto.GenericWebhookEvent
 import net.leanix.githubagent.exceptions.InvalidEventSignatureException
 import net.leanix.githubagent.exceptions.WebhookSecretNotSetException
-import net.leanix.githubagent.shared.SUPPORTED_EVENT_TYPES
+import net.leanix.githubagent.handler.SupportedWebhookEvent
 import net.leanix.githubagent.shared.hmacSHA256
 import net.leanix.githubagent.shared.timingSafeEqual
 import org.slf4j.LoggerFactory
@@ -17,6 +19,17 @@ class GitHubWebhookService(
     private val cachingService: CachingService,
 ) {
 
+    companion object {
+        private var supportedWebhookEvents = listOf<SupportedWebhookEvent>()
+
+        fun updateSupportedWebhookEvents(events: List<SupportedWebhookEvent>) {
+            supportedWebhookEvents = events
+        }
+
+        fun getSupportedWebhookEvents(): List<SupportedWebhookEvent> = supportedWebhookEvents
+    }
+
+    private val objectMapper = jacksonObjectMapper()
     private val logger = LoggerFactory.getLogger(GitHubWebhookService::class.java)
 
     @Async
@@ -26,7 +39,10 @@ class GitHubWebhookService(
             logger.debug("Received a webhook event while a full sync is in progress, ignoring the event.")
             return
         }
-        if (SUPPORTED_EVENT_TYPES.contains(eventType.uppercase())) {
+
+        val eventAction = extractEventAction(payload)
+        val supportedWebhookEvent = findSupportedWebhookEvent(eventType)
+        if (isEventSupported(supportedWebhookEvent, eventAction)) {
             if (!gitHubEnterpriseProperties.baseUrl.contains(host)) {
                 logger.error("Received a webhook event from an unknown host: $host")
                 return
@@ -49,7 +65,19 @@ class GitHubWebhookService(
             logger.info("Received a webhook event of type: $eventType")
             webhookEventService.consumeWebhookEvent(eventType, payload)
         } else {
-            logger.warn("Received an unsupported event of type: $eventType")
+            logger.warn("Received an unsupported event of type: $eventType with action: $eventAction")
         }
     }
+
+    private fun findSupportedWebhookEvent(eventType: String): SupportedWebhookEvent? {
+        return getSupportedWebhookEvents().find { it.eventType.equals(eventType, ignoreCase = true) }
+    }
+
+    private fun extractEventAction(payload: String): String? {
+        return objectMapper.readValue(payload, GenericWebhookEvent::class.java).action
+    }
+
+    private fun isEventSupported(event: SupportedWebhookEvent?, action: String?): Boolean {
+        return event != null && (event.actions.isEmpty() || (action != null && action in event.actions))
+    }
 }

src/main/kotlin/net/leanix/githubagent/shared/Constants.kt

@@ -4,17 +4,6 @@ const val TOPIC_PREFIX = "/app/ghe/"
 const val APP_NAME_TOPIC = "appName"
 const val LOGS_TOPIC = "logs"
 const val MANIFEST_FILE_NAME = "leanix.yaml"
-const val WORKFLOW_RUN_EVENT = "WORKFLOW_RUN"
-const val INSTALLATION_REPOSITORIES = "INSTALLATION_REPOSITORIES"
-
-val SUPPORTED_EVENT_TYPES = listOf(
-    "REPOSITORY",
-    "PUSH",
-    "ORGANIZATION",
-    "INSTALLATION",
-    WORKFLOW_RUN_EVENT,
-    INSTALLATION_REPOSITORIES
-)
 
 val fileNameMatchRegex = Regex("/?$MANIFEST_FILE_NAME\$", RegexOption.IGNORE_CASE)
 

src/test/kotlin/net/leanix/githubagent/controllers/GitHubWebhookControllerTest.kt

@@ -5,6 +5,7 @@ import com.ninjasquad.springmockk.SpykBean
 import io.mockk.every
 import io.mockk.verify
 import net.leanix.githubagent.exceptions.WebhookSecretNotSetException
+import net.leanix.githubagent.helper.defaultSupportedWebhookEvents
 import net.leanix.githubagent.services.CachingService
 import net.leanix.githubagent.services.GitHubWebhookService
 import net.leanix.githubagent.services.SyncLogService
@@ -40,6 +41,7 @@ class GitHubWebhookControllerTest {
         every { syncLogService.sendErrorLog(any()) } returns Unit
         every { cachingService.get(any()) } returns Unit
         every { cachingService.set(any(), any(), any()) } returns Unit
+        GitHubWebhookService.updateSupportedWebhookEvents(defaultSupportedWebhookEvents())
     }
 
     @Test

src/test/kotlin/net/leanix/githubagent/handler/ConfigurationSetHandlerTest.kt

@@ -0,0 +1,43 @@
+package net.leanix.githubagent.handler
+
+import io.mockk.mockkObject
+import io.mockk.verify
+import net.leanix.githubagent.services.GitHubWebhookService
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.BeforeEach
+import org.junit.jupiter.api.Test
+import org.springframework.messaging.simp.stomp.StompHeaders
+
+class ConfigurationSetHandlerTest {
+
+    private val configurationSetHandler = ConfigurationSetHandler()
+
+    @BeforeEach
+    fun setUp() {
+        mockkObject(GitHubWebhookService.Companion)
+    }
+
+    @Test
+    fun `should update supported webhook events when payload is valid`() {
+        val headers = StompHeaders()
+        val supportedEvents = listOf(
+            SupportedWebhookEvent("PUSH", listOf("created", "updated")),
+            SupportedWebhookEvent("PULL_REQUEST", listOf("opened", "closed"))
+        )
+        val payload = AgentConfigurationRequest(supportedWebhookEvents = supportedEvents)
+
+        configurationSetHandler.handleFrame(headers, payload)
+
+        verify { GitHubWebhookService.updateSupportedWebhookEvents(supportedEvents) }
+        assertEquals(GitHubWebhookService.getSupportedWebhookEvents().size, supportedEvents.size)
+    }
+
+    @Test
+    fun `should not update supported webhook events when payload is null`() {
+        val headers = StompHeaders()
+
+        configurationSetHandler.handleFrame(headers, null)
+
+        verify(exactly = 0) { GitHubWebhookService.updateSupportedWebhookEvents(any()) }
+    }
+}

src/test/kotlin/net/leanix/githubagent/helper/TestDataBuilder.kt

@@ -0,0 +1,13 @@
+package net.leanix.githubagent.helper
+
+import net.leanix.githubagent.handler.SupportedWebhookEvent
+
+fun defaultSupportedWebhookEvents() =
+    listOf(
+        SupportedWebhookEvent("WORKFLOW_RUN", listOf("completed")),
+        SupportedWebhookEvent("REPOSITORY", listOf("archived", "unarchived", "renamed", "edited")),
+        SupportedWebhookEvent("INSTALLATION_REPOSITORIES", listOf("removed", "added")),
+        SupportedWebhookEvent("PUSH", emptyList()),
+        SupportedWebhookEvent("INSTALLATION", listOf("created")),
+        SupportedWebhookEvent("ORGANIZATION", listOf("created"))
+    )

src/test/kotlin/net/leanix/githubagent/services/GitHubWebhookServiceTest.kt

@@ -6,6 +6,7 @@ import io.mockk.verify
 import net.leanix.githubagent.config.GitHubEnterpriseProperties
 import net.leanix.githubagent.exceptions.InvalidEventSignatureException
 import net.leanix.githubagent.exceptions.WebhookSecretNotSetException
+import net.leanix.githubagent.helper.defaultSupportedWebhookEvents
 import org.junit.jupiter.api.BeforeEach
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.assertThrows
@@ -24,6 +25,7 @@ class GitHubWebhookServiceTest {
     @BeforeEach
     fun setUp() {
         every { cachingService.get("runId") } returns null
+        GitHubWebhookService.updateSupportedWebhookEvents(defaultSupportedWebhookEvents())
     }
 
     @Test