pagerduty

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 3, 2026 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package pagerduty is the PagerDuty V3 webhook source adapter. It turns PagerDuty incident webhooks into investigation requests (incident.triggered) and resolutions (incident.resolved), and authenticates each delivery with the X-PagerDuty-Signature HMAC scheme.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Secret

func Secret(raw map[string]yaml.Node) (secret string, enabled bool)

Secret reads the PagerDuty source config from the raw `sources:` map and resolves its signing secret from the env var named by secret_env. It reports the resolved secret and whether the source is enabled (its key is present). It lives here (not just in Build) so the serve path can enforce fail-closed auth before wiring the webhook. Config errors collapse to (empty, present): Build re-decodes the same block and surfaces the error at startup.

Types

type Source

type Source struct {
	// contains filtered or unexported fields
}

Source is the PagerDuty V3 webhook source adapter. secret is the signing secret used to verify X-PagerDuty-Signature; an empty secret leaves the webhook open (mirroring the alertmanager source's optional bearer token).

func (Source) Authenticate

func (s Source) Authenticate(body []byte, h http.Header) bool

Authenticate verifies a PagerDuty V3 webhook delivery. The X-PagerDuty-Signature header carries one or more comma-separated `v1=<hex>` signatures (multiple during a zero-downtime secret rotation), each an HMAC-SHA256 of the raw request body keyed by the signing secret. The request is authentic if ANY signature matches (constant-time compare).

When the source has no secret configured the webhook is open (returns true), mirroring the alertmanager source's optional bearer token. The serve path enforces fail-closed policy (a configured model, or mode=auto, requires a secret) before this is reached — see app.RequirePagerDutyAuth and Build.

func (Source) Decode

func (Source) Decode(body []byte, _ http.Header) (source.DecodeResult, error)

Decode parses a PagerDuty V3 webhook body. incident.triggered becomes an investigation Request; incident.resolved becomes a Resolution keyed by the incident id (stable across the triggered↔resolved pair); every other event type is ignored. PagerDuty carries no Kubernetes namespace/workload, so those fields stay empty — recall and structural matching tolerate that.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL