[pve-devel] partially-applied: [PATCH many v3 00/14] notifications: add support for webhook endpoints

Mon Nov 11 23:02:50 CET 2024

Am 08.11.24 um 15:41 schrieb Lukas Wagner:
> This series adds support for webhook notification targets to PVE
> and PBS.
> 
> A webhook is a HTTP API route provided by a third-party service that
> can be used to inform the third-party about an event. In our case,
> we can easily interact with various third-party notification/messaging
> systems and send PVE/PBS notifications via this service.
> The changes were tested against ntfy.sh, Discord and Slack.
> 
> The configuration of webhook targets allows one to configure:
>   - The URL
>   - The HTTP method (GET/POST/PUT)
>   - HTTP Headers
>   - Body
> 
> One can use handlebar templating to inject notification text and metadata
> in the url, headers and body.
> 
> One challenge is the handling of sensitve tokens and other secrets.
> Since the endpoint is completely generic, we cannot know in advance
> whether the body/header/url contains sensitive values.
> Thus we add 'secrets' which are stored in the protected config only
> accessible by root (e.g. /etc/pve/priv/notifications.cfg). These
> secrets are accessible in URLs/headers/body via templating:
> 
>   Url: https://example.com/{{ secrets.token }}
> 
> Secrets can only be set and updated, but never retrieved via the API.
> In the UI, secrets are handled like other secret tokens/passwords.
> 
> Bumps for PVE:
>   - libpve-rs-perl needs proxmox-notify bumped
>   - pve-manager needs proxmox-widget-toolkit and libpve-rs-perl bumped
>   - proxmox-mail-forward needs proxmox-notify bumped
> 
> Bumps for PBS:
>   - proxmox-backup needs proxmox-notify bumped
>   - proxmox-mail-forward needs proxmox-notify bumped
> 
> 
> Changes v1 -> v2:
>   - Rebase proxmox-notify changes
> 
> Changes v2 -> v3:
>   - Fix utf8 -> base64 encoding bug (thx @ Stefan)
>   - Fix bug that allowed one to save a target with an empty header
>     value when updating the target
>   - Additional UI-side input validation (e.g. target name, URL)
>   - Code documentation improvments
>   - Mask secrets in errors returned from the proxmox-notify crate, hopefully
>     preventing them to be shown in logs or error messages
>   - Rebased on the latest master branches
> 
> proxmox:
> 
> Lukas Wagner (3):
>   notify: renderer: adapt to changes in proxmox-time
>   notify: implement webhook targets
>   notify: add api for webhook targets
> 
>  proxmox-notify/Cargo.toml               |   9 +-
>  proxmox-notify/src/api/mod.rs           |  20 +
>  proxmox-notify/src/api/webhook.rs       | 432 +++++++++++++++++++
>  proxmox-notify/src/config.rs            |  23 +
>  proxmox-notify/src/endpoints/mod.rs     |   2 +
>  proxmox-notify/src/endpoints/webhook.rs | 550 ++++++++++++++++++++++++
>  proxmox-notify/src/lib.rs               |  17 +
>  proxmox-notify/src/renderer/mod.rs      |   4 +-
>  8 files changed, 1052 insertions(+), 5 deletions(-)
>  create mode 100644 proxmox-notify/src/api/webhook.rs
>  create mode 100644 proxmox-notify/src/endpoints/webhook.rs
> 
> 
> proxmox-perl-rs:
> 
> Lukas Wagner (2):
>   common: notify: add bindings for webhook API routes
>   common: notify: add bindings for get_targets
> 
>  common/src/notify.rs | 72 ++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 72 insertions(+)
> 
> 
> proxmox-widget-toolkit:
> 
> Gabriel Goller (1):
>   utils: add base64 conversion helper
> 
> Lukas Wagner (1):
>   notification: add UI for adding/updating webhook targets
> 
>  src/Makefile                  |   1 +
>  src/Schema.js                 |   5 +
>  src/Utils.js                  |  38 +++
>  src/panel/WebhookEditPanel.js | 424 ++++++++++++++++++++++++++++++++++
>  4 files changed, 468 insertions(+)
>  create mode 100644 src/panel/WebhookEditPanel.js
> 
> 
> pve-manager:
> 
> Lukas Wagner (2):
>   api: notifications: use get_targets impl from proxmox-notify
>   api: add routes for webhook notification endpoints
> 
>  PVE/API2/Cluster/Notifications.pm | 297 ++++++++++++++++++++++++++----
>  1 file changed, 263 insertions(+), 34 deletions(-)
> 
> 
> pve-docs:
> 
> Lukas Wagner (1):
>   notification: add documentation for webhook target endpoints.
> 
>  notifications.adoc | 93 ++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 93 insertions(+)
> 
> 

applied the common and PVE part of this series, thanks!