fleet icon indicating copy to clipboard operation
fleet copied to clipboard

Published 20 hours ago verified publisher icon rancher

[forward] Azure Webhook Support [SURE-7047]

Open manno opened this issue 1 year ago • 4 comments

forwardport of https://github.com/rancher/fleet/issues/1997

manno avatar Nov 28 '23 11:11 manno

/forwardport v2.9.0 release/v0.9

manno avatar Dec 01 '23 09:12 manno

/backport v2.9.0 release/v0.9

manno avatar Dec 01 '23 09:12 manno

QA Template

Solution

Add webhook support for Azure Webhooks. It works the same way as existing webhooks for GitHub, Gitlab and BitBucket

Testing

  • Verify webhook in azure are working when no basic authentication is provided
  • Wrong basic auth credentials should show an error, and it should not update the Bundle
  • Valid auth credentials should work fine
  • Webhooks for other providers (GitHub, Gitlab and BitBucket) should keep working

Additional notes

  • How to create Azure Devops Webhooks https://learn.microsoft.com/en-us/azure/devops/service-hooks/services/webhooks?view=azure-devops-2020
  • How to configure webhooks in fleet https://fleet.rancher.io/webhook
  • Make sure the syncInterval is set to something very high (e.g 10000), so it does not interfere with the webhook tests

raulcabello avatar Jan 17 '24 13:01 raulcabello

Seems this is working with private Azure HTTPS repo but there are two issues:

  • #2352
  • #2345

thehejik avatar Apr 22 '24 13:04 thehejik

Test report

I successfully re-validated Azure devops Webhook support on rancher:v2.9-head with fleet:104.0.0+up0.10.0-rc.15. Tested were

  • private HTTP repo
  • private SSH repo

both were deployed on fleet-default namespace with and without webhook BASIC auth enabled. For testing I used new gitrepo flag spec.disablePolling: true.

For enabling webhook payload visibility in gitjob logs I created fleet entry in rancher-config configmap with multi-line entry:

debug: true
debugLevel: 1

Only know problem I spotted is not so nice stacktrace when webhook credentials doesn't match with those defined in webhook secret defined by kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=azure-username=user --from-literal=azure-password=password:

2024-06-17T12:31:02Z	DEBUG	webhook	Webhook payload	{"payload": null}
2024-06-17T12:31:02Z	ERROR	webhook	Webhook processing failed	{"error": "basic auth verification failed"}
github.com/rancher/fleet/pkg/webhook.(*Webhook).logAndReturn
	/home/runner/work/fleet/fleet/pkg/webhook/webhook.go:301
github.com/rancher/fleet/pkg/webhook.(*Webhook).ServeHTTP
	/home/runner/work/fleet/fleet/pkg/webhook/webhook.go:183
github.com/gorilla/mux.(*Router).ServeHTTP
	/home/runner/go/pkg/mod/github.com/gorilla/[email protected]/mux.go:212
net/http.serverHandler.ServeHTTP
	/opt/hostedtoolcache/go/1.22.4/x64/src/net/http/server.go:3137
net/http.(*conn).serve
	/opt/hostedtoolcache/go/1.22.4/x64/src/net/http/server.go:2039

Closing as we know how to enabled verbose logs for webhook payloads in gitjob pod in rancher and the issue for the stacktrace is reported.

thehejik avatar Jun 17 '24 12:06 thehejik