feat(cubeapi): add webhook event notifications#702
Conversation
Test |
|
Thanks, I pushed an update for the webhook review items. This covers the startup/config validation path, stricter endpoint URL validation, safe endpoint debug output, and stronger payload redaction. In particular, malformed I also updated the local receiver docs and added tests for the validation, redaction, and debug-output cases. Verified on the server with fmt, the webhook logger tests, the full test suite, and build. |
|
Thanks for the detailed review. I addressed the latest webhook-related comments in this round. The changes mainly cover:
I also updated the README for the new DNS validation and pinned-address behavior. Validation on the server:
All tests passed locally on the validation server; existing build warnings are unrelated to this webhook change. |
|
Thanks for the detailed follow-up review. I addressed the latest webhook review comments with focused changes:
The existing webhook behavior is otherwise preserved: request body bytes, JSON payload shape, signing input, signature format, retry/backoff flow, timeout behavior, DNS pinning behavior, endpoint validation, redaction, and sanitization behavior are unchanged. I also reviewed the suggested top-level sanitizer pre-check, but did not implement it because it would be unsafe for nested secrets. The sanitizer intentionally removes sensitive fields recursively and enforces the nesting-depth limit, so a top-level-only bypass could allow nested sensitive fields to be delivered. Validation completed:
|
|
Update after the latest webhook follow-up commits: I addressed the lower-risk webhook review follow-ups in the latest commits:
Validation completed on Linux:
I intentionally left the maximum webhook payload body size as a separate follow-up because it introduces a new runtime behavior decision, such as whether to reject, truncate, or drop oversized webhook deliveries. |
|
Refs #642 (this is a multi-participation issue, please use Refs instead of Closes) |
|
Update after the latest documentation commit and validation: The latest commit mainly improves the webhook receiver example documentation. It clarifies:
Validation completed on Linux:
Manual lifecycle validation completed with the example receiver:
I also manually validated the non-blocking failure path. I configured the webhook endpoint to an intentionally unreachable receiver:
The receiver was not running. The sandbox lifecycle API calls still succeeded:
CubeAPI logs showed webhook delivery failures, retries, and retry exhaustion for the lifecycle events. Conclusion: the existing webhook delivery behavior is asynchronous and non-blocking; receiver unavailability does not prevent sandbox lifecycle API requests from succeeding. |
Summary
This PR adds CubeAPI webhook event notifications for sandbox lifecycle events.
Implemented features:
CUBE_API_WEBHOOK_ENDPOINTSsandbox.createdsandbox.deletedsandbox.pausedsandbox.resumedDesign Notes
Webhook delivery is implemented as a CubeAPI logging backend.
API handlers emit structured
LogEventvalues. The existing logger fan-out keepsFileLoggerbehavior and optionally addsHttpLoggerwhen webhook endpoints are configured.Webhook delivery is best-effort and asynchronous. Endpoint failures, timeouts, or retries do not change sandbox lifecycle API responses.
Lifecycle webhook payloads include
id,timestamp,level,event, andsandbox_id.template_idis included when available.The payload is not a complete
Sandboxobject and does not include tokens, secrets, environment variables, or runtime/network details.This PR does not add a REST API for managing webhooks, persistent outbox, disk spool, dead-letter queue, batch delivery, or exactly-once delivery.
Validation
Tested on a local CubeSandbox PVM deployment.
Results:
End-to-end webhook verification:
The example receiver was started with
WEBHOOK_SECRET=test-secret, so receiving these events also verifies the documented HMAC-SHA256 signing path.Refs #642