Add PagerDuty token generator to settings

3c26b1e3 · Vitali Tatarintev · d4182274 · 3c26b1e3 · 3c26b1e3
Commit 3c26b1e3 authored Jul 13, 2020 by Vitali Tatarintev
2 changed files
--- a/app/models/incident_management/project_incident_management_setting.rb
+++ b/app/models/incident_management/project_incident_management_setting.rb
@@ -8,6 +8,15 @@ module IncidentManagement
    validate :issue_template_exists, if: :create_issue?
+    before_validation :ensure_pagerduty_token
+    attr_encrypted :pagerduty_token,
+      mode: :per_attribute_iv,
+      key: Settings.attr_encrypted_db_key_base_truncated,
+      algorithm: 'aes-256-gcm',
+      encode: false, # No need to encode for binary column https://github.com/attr-encrypted/attr_encrypted#the-encode-encode_iv-encode_salt-and-default_encoding-options
+      encode_iv: false
    def available_issue_templates
      Gitlab::Template::IssueTemplate.all(project)
    end
@@ -30,5 +39,15 @@ module IncidentManagement
      Gitlab::Template::IssueTemplate.find(issue_template_key, project)
    rescue Gitlab::Template::Finders::RepoTemplateFinder::FileNotFoundError
    end
+    def ensure_pagerduty_token
+      return unless pagerduty_active
+      self.pagerduty_token ||= generate_pagerduty_token
+    end
+    def generate_pagerduty_token
+      SecureRandom.hex
+    end
  end
 end
--- a/spec/models/incident_management/project_incident_management_setting_spec.rb
+++ b/spec/models/incident_management/project_incident_management_setting_spec.rb
@@ -108,4 +108,42 @@ RSpec.describe IncidentManagement::ProjectIncidentManagementSetting do
      it_behaves_like 'no content'
    end
  end
+  describe '#pagerduty_token' do
+    let(:active) { true }
+    subject do
+      create(:project_incident_management_setting, project: project, pagerduty_active: active, pagerduty_token: token)
+    end
+    context 'when token already set' do
+      let(:token) { SecureRandom.hex }
+      it 'reads the token' do
+        expect(subject.pagerduty_token).to eq(token)
+        expect(subject.encrypted_pagerduty_token).not_to be_nil
+        expect(subject.encrypted_pagerduty_token_iv).not_to be_nil
+      end
+    end
+    context 'when not set' do
+      let(:token) { nil }
+      context 'when PagerDuty webhook is active' do
+        it 'generates a token before validation' do
+          expect(subject).to be_valid
+          expect(subject.pagerduty_token).to match(/\A\h{32}\z/)
+        end
+      end
+      context 'when PagerDuty webhook is not active' do
+        let(:active) { false }
+        it 'does not generate a token before validation' do
+          expect(subject).to be_valid
+          expect(subject.pagerduty_token).to be_nil
+        end
+      end
+    end
+  end
 end