npearce / cac-github_webhook_server Goto Github PK

Any chance that bitbucket cloud support could be added?

Add access verification example command to setup documentation:

curl -v -k -X GET https://ip-172-31-1-200.us-west-1.compute.internal/api/v3/ -H 'Authorization: Token {your_token}' -H 'cache-control: no-cache'

Maybe remove them altogether and put them in /DOCS somewhere?

Currently using:
https://username:password@bigip_mgmt_ip/shared/webhook/github-listener

This can cause problems for passwords with special characters.

Propose adding 'token' generator feature to the webhook server as alternative to user:pass in URL string.

Did AS3 implement the 'autogeneration' of 'id' as part of build 34 release. Test this and, if so, remove 'id' values from example service definitions.

The git commit message is replacing the state somehow....

Currently IP addressing must be statically defined for single site use case with AS3 and Webhook (1 to 1 mapping between repo and BIG-IP). CAC specifies IP addresses to be used by the BIG-IP for configuration of components and there is no concept of which environment or site-specific values to enable code/repo reuse.

In regards to DR (where two distinct environments are referencing CAC) IP addressing my NOT overlap, and be unique. Creating a variable or reference mechanism within the repo based on different environments, allows for multiple environments to co-exist while leveraging the same Git repo.

Proposing:
AS3 should be able to pull from a IP Address file (environment dependant) such as GCP or AWS IP Addressing DB's, Git repo or external IPAM DB/dynamic source (future).

If references can be used instead such as {{ vip }} and then based on which BIG-IP the request comes from, populate that address, these would add the correct IP addressing values for different components deployed in different environments.

Verify that we have the right settings in the webhook server, perform an access check to the BIG-IP's repo.

Maybe use octokit.repo.getShaOfCommitRef(owner, repo, ref) to ensure access to the repo?

This will execute every time the settings are changed, and every time a webhook message is received, so we can fail, and createIssue() if no access to repo.

Requires #35

Ok, the prototype worked. Time we grown-up this a little.... :)

Currently only checking for 'action':

if (typeof service_def.action !== undefined && service_def.action === 'deploy' || service_def.action === 'dry-run') {

Proposed verification of 'action' and 'declaration.class' before proceeding:

if (typeof service_def.action !== undefined && typeof service_def.declaration.class !== undefined && service_def.declaration.class === 'ADC' && service_def.action === 'deploy' || service_def.action === 'dry-run') {

AS3 support pulling policing in via URI, e.g. a WAF policy or an iRule:

"Maintenance_iRule": {
    "class": "iRule",
    "iRule": {
        "url": "https://webserver.com/irule/maintenance-page.irule"
    }
}

Need to support URL rewrite option to fetch objects from {{source_repo}}:
https://{{source_repo}}/maintenance-page.irule

For example, if the branch is 'test', change the service definition action from 'deploy' to 'dry-run'.

Each time admin POSTs settings to /ghe_settings perform the following tests

1. validate worker API /available status
2. validate auth token
3. ??

POST to repo /status 'success' if all tests pass.

Status API:
https://developer.github.com/v3/repos/statuses/

Octokit: https://octokit.github.io/rest.js/#api-Repos-createStatus

If operator commits several complex service definitions together we can overwhelm AS3. Implement queuing to spoon feed the service definitions to AS3.

Requires single jobOpts Object: #10

Document minimum requirements for GitHub Enterprise eval version to be up and running and communicating with the F5 iControl LX Webhook server to enable field Config-as-Code demonstrations.

When I attempt to send your example declaration in 1a.AS3-EXAMPLE-Basic_L4_LB.json from my GHE repo to my BIG-IP, I get the following error:

info: [GheListener - ERROR] - getServiceDefinition(): {"code":406,"message":" "}

I don't get any other information, despite debug being enabled, and no issues were created in the repo for reference. Any thoughts @npearce ?

Add a link to the Service Definition 'commit' in the results 'Issue'.

The URL to the commit is provided in the Webhook message.

job specific details exist in too many locations

When we error in the promise chain, we're not executing createIssue() with the error.

1. Decide which "logger.info" statements should be for DEBUG mode.
2. Add support for { options.debug: true } to persisted state.
3. Make configurable through 'PUT' and visible through 'GET'.

Much has changed since original README.md

Review and update.

DNS, heard of it??

Document the process to spin up a new GitHub Enterprise eval service, license it (45-day eval license), and provision it with:

• webhook configration
• user account for webhook server callback to deployment repo
• creation of service template examples

Send bad VIP Address to AS3, error response is not captured and sent to Github Issue...

Right now its either 'success' and 'error'. But sometimes the error isn't really an error...

use 'class'

Or this only support enterprise?