control-service: fix webhooks authentication helm chart (#2560)

Added missing deployment properties. Signed-off-by: Miroslav Ivanov [email protected] Signed-off-by: Miroslav Ivanov [email protected]
vmware · Aug 18, 2023 · 3fbaca2 · 3fbaca2
1 parent 7524aca
commit 3fbaca2
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 0 deletions.
diff --git a/.../control-service/projects/helm_charts/pipelines-control-service/templates/deployment.yaml b/.../control-service/projects/helm_charts/pipelines-control-service/templates/deployment.yaml
@@ -154,6 +154,8 @@ spec:
               value: "{{ .Values.security.authorizationEnabled }}"
             - name: DATAJOBS_AUTHORIZATION_WEBHOOK_ENDPOINT
               value: "{{ .Values.security.authorization.webhookUri }}"
+            - name: DATAJOBS_AUTHORIZATION_WEBHOOK_AUTHENTICATION_ENABLED
+              value: "{{ .Values.security.authorization.webhookAuthenticationEnabled }}"
             - name: SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI
               value: "{{ .Values.security.oauth2.jwtIssuerUrl }}"
             - name: AUTHORITIES_CLAIM_NAME
@@ -168,10 +170,14 @@ spec:
               value: "{{ .Values.webHooks.postCreate.webhookUri }}"
             - name: DATAJOBS_POST_CREATE_WEBHOOK_INTERNAL_ERRORS_RETRIES
               value: "{{ .Values.webHooks.postCreate.internalErrorsRetries }}"
+            - name: DATAJOBS_POST_CREATE_WEBHOOK_AUTHENTICATION_ENABLED
+              value: "{{ .Values.webHooks.postCreate.authenticationEnabled }}"
             - name: DATAJOBS_POST_DELETE_WEBHOOK_ENDPOINT
               value: "{{ .Values.webHooks.postDelete.webhookUri }}"
             - name: DATAJOBS_POST_DELETE_WEBHOOK_INTERNAL_ERRORS_RETRIES
               value: "{{ .Values.webHooks.postDelete.internalErrorsRetries }}"
+            - name: DATAJOBS_POST_DELETE_WEBHOOK_AUTHENTICATION_ENABLED
+              value: "{{ .Values.webHooks.postDelete.authenticationEnabled }}"
             - name: DATAJOBS_AUTHORIZATION_JWT_CLAIM_USERNAME
               value: "{{ .Values.security.authorization.jwtClaimUsername }}"
             - name: DATAJOBS_DEPLOYMENT_JOB_IMAGE_PULL_POLICY

diff --git a/projects/control-service/projects/helm_charts/pipelines-control-service/values.yaml b/projects/control-service/projects/helm_charts/pipelines-control-service/values.yaml
@@ -494,6 +494,9 @@ security:
       ## 4xx response content is shown to end user as an error message.
       ## 5xx responses will be retried
       webhookUri: ""
+      ## In case webhookAuthenticationEnabled is set to true, the Control Service (CS) will transmit the oAuth2 access token
+      ## to the WebHook API. This access token serves the purpose of authenticating the client against the CS.
+      webhookAuthenticationEnabled: false
       ## What JWT token claim (aka attribute/field) will fetch the username from.
       jwtClaimUsername: "username"
 

diff --git a/...trol-service/projects/pipelines_control_service/src/main/resources/application.properties b/...trol-service/projects/pipelines_control_service/src/main/resources/application.properties
@@ -65,6 +65,7 @@ spring.security.oauth2.resourceserver.jwt.jwk-set-uri=${SPRING_SECURITY_OAUTH2_R
 # in order for the feature to fully work
 featureflag.authorization.enabled=false
 datajobs.authorization.webhook.endpoint=
+datajobs.authorization.webhook.authentication.enabled=false
 datajobs.authorization.jwt.claim.username=username