Add support for validating MS Teams outgoing webhooks #512
Conversation
|
I would rather not add more snowflake options for individual services. Any ideas on a more generic solution are welcome. The Scalr issue could be solved by a duration rule. This MS Teams issue appears to need some string concat/prefix/suffix actions before the compare. In pseudocode: |
|
Point taken. Took a quick peek at the previous discussion on context providers, which looks promising, although I'm not sure of the current state of this effort. Another option, at the cost of complexity, might be to add some kind of transform option, either for validation or for incoming headers in general. It might work with a simple stack-oriented approach with generic unary/binary functions, which would be easy to express using a list in JSON/YAML. I'm not entirely sure of the ergonomics or general usefulness of this though. And at this level of complexity, it would likely be better to prioritize other possible features instead, like some kind of schema validation for building more robust and discoverable webhooks. |
|
I started playing around with creating a new trigger rule that evaluates arbitrary expression using cel-go. It would greatly increase the rule flexibility and we could probably work towards phasing out some of the standard rules in favor of expressions? But yeah, it would be nice to standardize and create a pipeline request goes through, and expose hooks where the user scripts could transform payload, provide dynamic props to webhook (like the context-provider) and even provide the response body, headers, status code, etc... Maybe it would worth starting a solution design/plan discussion on this topic? |
|
Yes, open an issue to discuss expression evaluation because I've been tinkering with the exact same idea. |
Hi. Great project.
MS Teams supports outgoing webhooks for implementing lightweight chat-ops. However, the signature digest scheme is somewhat wonky and benefits greatly from a dedicated signature type, similar to the one already offered for scalr. Today, this needs to be done by the scripts themselves, which is less ergonomic.
If accepted, I'll look into writing some simple examples/docs as well.