Documentation
¶
Overview ¶
Package pagerduty is the PagerDuty V3 webhook source adapter. It turns PagerDuty incident webhooks into investigation requests (incident.triggered) and resolutions (incident.resolved), and authenticates each delivery with the X-PagerDuty-Signature HMAC scheme.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Secret ¶
Secret reads the PagerDuty source config from the raw `sources:` map and resolves its signing secret from the env var named by secret_env. It reports the resolved secret and whether the source is enabled (its key is present). It lives here (not just in Build) so the serve path can enforce fail-closed auth before wiring the webhook. Config errors collapse to (empty, present): Build re-decodes the same block and surfaces the error at startup.
Types ¶
type Source ¶
type Source struct {
// contains filtered or unexported fields
}
Source is the PagerDuty V3 webhook source adapter. secret is the signing secret used to verify X-PagerDuty-Signature; an empty secret leaves the webhook open (mirroring the alertmanager source's optional bearer token).
func (Source) Authenticate ¶
Authenticate verifies a PagerDuty V3 webhook delivery. The X-PagerDuty-Signature header carries one or more comma-separated `v1=<hex>` signatures (multiple during a zero-downtime secret rotation), each an HMAC-SHA256 of the raw request body keyed by the signing secret. The request is authentic if ANY signature matches (constant-time compare).
When the source has no secret configured the webhook is open (returns true), mirroring the alertmanager source's optional bearer token. The serve path enforces fail-closed policy (a configured model, or mode=auto, requires a secret) before this is reached — see app.RequirePagerDutyAuth and Build.
func (Source) Decode ¶
Decode parses a PagerDuty V3 webhook body. incident.triggered becomes an investigation Request; incident.resolved becomes a Resolution keyed by the incident id (stable across the triggered↔resolved pair); every other event type is ignored. PagerDuty carries no Kubernetes namespace/workload, so those fields stay empty — such workload-less requests can recall only entries that are themselves resource-less (the scopeless tier; see investigate.resourceAgrees).