Add "generic-hmac" Provider #426
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
makkes
force-pushed
the
generic-hmac-provider
branch
from
d568b77
to
fdbe46f
Compare
makkes
force-pushed
the
generic-hmac-provider
branch
2 times, most recently
from
1ea26c2
to
70b804b
Compare
makkes
force-pushed
the
generic-hmac-provider
branch
2 times, most recently
from
cb3ee2d
to
bebb27d
Compare
pjbgf
reviewed
Oct 3, 2022
This commit adds the "generic-hmac" Provider type for authenticating webhook requests coming from notification-controller. I extended the `Forwarder` notifier to accept an optional key used for generating the HMAC. If the key is nil or empty no HMAC header is generated and the forwarder behaves as before. If it is provided an `X-Signature` HTTP header is added to the request carrying the HMAC. I transformed the `TestForwarder_Post` test into a table-driven test so that we can use the same setup and testing code for testing HMAC and non-HMAC forwarder instances. Any existing `X-Signature` header value set through a `Provider.spec.secretRef` Secret's `header` field will be overwritten. closes #99 Signed-off-by: Max Jonas Werner <max@e13.dev>
makkes
force-pushed
the
generic-hmac-provider
branch
from
bebb27d
to
a76b9a0
Compare
pjbgf
approved these changes
Oct 5, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit adds the "generic-hmac" Provider type for authenticating
webhook requests coming from notification-controller. I extended the
Forwardernotifier to accept an optional key used for generating theHMAC. If the key is nil or empty no HMAC header is generated and the
forwarder behaves as before. If it is provided an
X-SignatureHTTPheader is added to the request carrying the HMAC.
I transformed the
TestForwarder_Posttest into a table-driven testso that we can use the same setup and testing code for testing HMAC
and non-HMAC forwarder instances.
The Flux CLI will support this new type automatically as it doesn't validate the given type by itself (this is done by the API server using the CRD spec.
closes #99