Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

control-service: fix webhooks authentication helm chart #2560

Merged
merged 2 commits into from
Aug 18, 2023
+10 −0
Merged

control-service: fix webhooks authentication helm chart #2560

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8246362
control-service: fix webhooks authtentication helm chart
mivanov1988 Aug 17, 2023
4d34246
Merge main into person/miroslavi/fix-webhooks-authentication-helm-chart
github-actions[bot] Aug 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .../control-service/projects/helm_charts/pipelines-control-service/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,8 @@ spec:
value: "{{ .Values.security.authorizationEnabled }}"
- name: DATAJOBS_AUTHORIZATION_WEBHOOK_ENDPOINT
value: "{{ .Values.security.authorization.webhookUri }}"
- name: DATAJOBS_AUTHORIZATION_WEBHOOK_AUTHENTICATION_ENABLED
value: "{{ .Values.security.authorization.webhookAuthenticationEnabled }}"
- name: SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI
value: "{{ .Values.security.oauth2.jwtIssuerUrl }}"
- name: AUTHORITIES_CLAIM_NAME
Expand All @@ -168,10 +170,14 @@ spec:
value: "{{ .Values.webHooks.postCreate.webhookUri }}"
- name: DATAJOBS_POST_CREATE_WEBHOOK_INTERNAL_ERRORS_RETRIES
value: "{{ .Values.webHooks.postCreate.internalErrorsRetries }}"
- name: DATAJOBS_POST_CREATE_WEBHOOK_AUTHENTICATION_ENABLED
value: "{{ .Values.webHooks.postCreate.authenticationEnabled }}"
- name: DATAJOBS_POST_DELETE_WEBHOOK_ENDPOINT
value: "{{ .Values.webHooks.postDelete.webhookUri }}"
- name: DATAJOBS_POST_DELETE_WEBHOOK_INTERNAL_ERRORS_RETRIES
value: "{{ .Values.webHooks.postDelete.internalErrorsRetries }}"
- name: DATAJOBS_POST_DELETE_WEBHOOK_AUTHENTICATION_ENABLED
value: "{{ .Values.webHooks.postDelete.authenticationEnabled }}"
- name: DATAJOBS_AUTHORIZATION_JWT_CLAIM_USERNAME
value: "{{ .Values.security.authorization.jwtClaimUsername }}"
- name: DATAJOBS_DEPLOYMENT_JOB_IMAGE_PULL_POLICY
Expand Down
3 changes: 3 additions & 0 deletions projects/control-service/projects/helm_charts/pipelines-control-service/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -494,6 +494,9 @@ security:
## 4xx response content is shown to end user as an error message.
## 5xx responses will be retried
webhookUri: ""
## In case webhookAuthenticationEnabled is set to true, the Control Service (CS) will transmit the oAuth2 access token
## to the WebHook API. This access token serves the purpose of authenticating the client against the CS.
webhookAuthenticationEnabled: false
## What JWT token claim (aka attribute/field) will fetch the username from.
jwtClaimUsername: "username"

Expand Down
1 change: 1 addition & 0 deletions ...trol-service/projects/pipelines_control_service/src/main/resources/application.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ spring.security.oauth2.resourceserver.jwt.jwk-set-uri=${SPRING_SECURITY_OAUTH2_R
# in order for the feature to fully work
featureflag.authorization.enabled=false
datajobs.authorization.webhook.endpoint=
datajobs.authorization.webhook.authentication.enabled=false
datajobs.authorization.jwt.claim.username=username


Expand Down