Brigade

Brigade - Event-driven scripting for Kubernetes.

Generic Gateway

Generic Gateway

Brigade contains a Generic Gateway that can be used to accept requests from other platforms or systems. Generic Gateway is a separate component in the Brigade system, like Github and Container Registry (CR) Gateways.

Generic Gateway is not enabled by default and provides Brigade developers with the ability to trigger scripts based on messages received from any platform that can send a POST HTTP request.

Intro to Generic Gateway

Generic Gateway listens and accepts POST JSON messages at two different endpoints, /simpleevents/v1/:projectID/:secret and /cloudevents/v02/:projectID/:secret. When one of these endpoints is called, Brigade will respond by creating a Build with a simpleevent event or a cloudevent one, respectively.

SimpleEvent

Generic Gateway accepts valid JSON objects (thereafter called SimpleEvent) at the /simpleevents/v1/:projectID/:secret endpoint. Here’s a sample JSON object:

{
    "ref": "refs/heads/changes",
    "commit": "b60ad9543b2ddbbe73430dd6898b75883306cecc"
}

We are using v1 in the endpoint path in case we want to have another version of SimpleEvent in the future.

CloudEvent

Generic Gateway accepts CloudEvents messages at the /cloudevents/v02/:projectID/:secret endpoint. As you can understand from the endpoint path, Generic Gateway currently supports version 0.2 of the CloudEvents specification, using the CloudEvents Go SDK. CloudEvent messages should be JSON encoded and transferred via HTTP(S).

Generic Gateway

Generic Gateway is disabled by default, but can easily be turned on during installation or upgrade of Brigade:

$ helm install -n brigade brigade/brigade --set genericGateway.enabled=true

This will enable and configure the Generic Gateway Deployment/Services/RBAC permissions. However, be aware that Generic Gateway is not exposed outside the cluster by default. In case you are certain from a security perspective that you want to expose the Generic Gateway via a Kubernetes LoadBalancer Service, you can install Brigade via the following command:

$ helm install -n brigade brigade/brigade --set genericGateway.enabled=true,genericGateway.service.type=LoadBalancer

Alternatively, for enhanced security, you can install an SSL proxy (like cert-manager) and direct it to the Generic Gateway Service.

Using the Generic Gateway

As mentioned, Generic Gateway accepts POST requests at /simpleevents/v1/:projectID/:secret and /cloudevents/v02/:projectID/:secret endpoint. These requests should also carry a JSON payload (either a SimpleEvent or a CloudEvent).

Moreover: - projectID is the Brigade Project ID - secret is a custom secret for this specific project, in order to properly authenticate Generic Gateway requests. In other words, each project that wants to accept Generic Gateway events should have its own Generic Gateway secret. This secret serves as a simple authentication mechanism.

When you create a new Brigade Project via Brig CLI, you can optionally create such a secret by using the Advanced Options during brig project create. This secret must contain only alphanumeric characters. If you provide an empty string, Brig will generate and output a secret for you.

Important: If you do not go into “Advanced Options” during brig project create, a secret will not be created and you will not be able to use Generic Gateway for your project. However, you can always use brig project create --replace (or just kubectl edit your project Secret) to update your project and include a genericGatewaySecret string value.

Calling the SimpleEvents endpoint

When calling the Generic Gateway endpoint for a simpleevent (currently this is /simpleevents/v1), you must include a SimpleEvent with a custom JSON payload such as:

{
    "ref": "refs/heads/changes",
    "commit": "b60ad9543b2ddbbe73430dd6898b75883306cecc",
    "key1": "value1",
    "key2": "value2"
}

You can use curl to test it:

curl --header "Content-Type: application/json" \
  --request POST \
  --data '{
    "ref": "refs/heads/changes",
    "commit": "b60ad9543b2ddbbe73430dd6898b75883306cecc",
    "key1": "value1",
    "key2": "value2"
}' \
  http://localhost:8000/simpleevents/v1/PROJECT_ID/SECRET

This will trigger a Build and raise an event of type simpleevent which you should handle in your brigade.js file. Moreover, if you do not wish to provide any payload, you can send empty POST data or just an empty JSON object ({}).


NOTE

If you plan to use this type of event with source control, you should specify ref and commit values. These are used to configure the specific revision that Brigade will pull from your repository. If both values are missing, your Build’s ref will be set to master. Of course, you can also provide any other values you need.


Calling the CloudEvent endpoint

When calling the Generic Gateway endpoint for a cloudevent (currently this is /cloudevents/v02), you must include a valid 0.2 CloudEvent message such as:

{
    "type":   "com.example.file.created",
    "source": "/providers/Example.COM/storage/account#fileServices/default/{new-file}",
    "id":     "ea35b24ede421",
    "specversion": "0.2",
    "data": {
        "ref": "refs/heads/changes",
        "commit": "63c09efb6eb544f41a48901a6d0cc6ddfa4adb28",
        "key1": "value1",
        "key2": "value2"
  }
}

You can use curl to test it:

curl --header "Content-Type: application/json" \
  --request POST \
  --data '{ "type":   "com.example.file.created",
    "source": "/providers/Example.COM/storage/account#fileServices/default/{new-file}",
    "id":     "ea35b24ede421",
    "specversion": "0.2",
    "data": {
        "ref": "refs/heads/changes",
        "commit": "63c09efb6eb544f41a48901a6d0cc6ddfa4adb28",
        "key1": "value1",
        "key2": "value2"
  }}' \
  http://localhost:8000/cloudevents/v02/PROJECT_ID/SECRET

This will trigger a Build and raise an event of type cloudevent which you should handle in your brigade.js file.

Bear in mind that 0.2 Cloud Events specification requires non-empty and proper values for “type”, “source”, “id” and “specversion” (source).

A CloudEvent may include domain-specific information in the data field (source).


NOTE

If you plan to use this type of event with source control, you should specify ref and commit values in the data field in order to to configure the specific revision that Brigade will pull from your repository. If both values are missing, your Build’s ref will be set to master.


Sample Brigade.js

Here is a sample Brigade.js file that could be used as a base for your own scripts that respond to both Generic Gateway events.

const { events, Job } = require("brigadier");

events.on("simpleevent", (e, p) => {  // handler for a SimpleEvent
  var echo = new Job("echosimpleevent", "alpine:3.8");
  echo.tasks = [
    "echo Project " + p.name,
    "echo event type: $EVENT_TYPE"
  ];
  echo.env = {
    "EVENT_TYPE": e.type
  };
  echo.run();
});

events.on("cloudevent", (e, p) => { // handler for a CloudEvent
  var echo = new Job("echocloudevent", "alpine:3.8");
  echo.tasks = [
    "echo Project " + p.name,
    "echo event type: $EVENT_TYPE"
  ];
  echo.env = {
    "EVENT_TYPE": e.type
  };
  echo.run();
});