connaisseur icon indicating copy to clipboard operation
connaisseur copied to clipboard

Published 20 hours ago verified publisher icon sse-secure-systems

Alert - Support for authentication when calling receiver endpoint.

Open andreee94 opened this issue 3 years ago • 2 comments

The changes implement more authentication options without requiring to hard-code the secret inside the url.

Until now is not possible to call an alert webhook which requires a basic or a bearer authentication.

The secrets should not be passed directly inside the configuration, instead they can be injected as environmental variables or files.

Description

Three authentication options have been implemented:

  • basic from environmental variables
  • bearer token from environmental variables
  • bearer token from file (for example the service account token file in kubernetes)

Is however possible to specify a custom header prefix other than Basic and Bearer.

The validation schema has been updated to support the new options and the unit test has been written. All tests pass (running them inside the alpine container as suggested by the documentation).

The documentation reports a description of the new functionalities and few examples.

The new connaisseur image has been installed manually (forked from master) inside a K3S cluster and it worked correctly .

Checklist

  • [x] PR is rebased to/aimed at branch develop
  • [x] PR follows Contributing Guide
  • [x] Updated schema validation (if necessary)
  • [x] Added tests (if necessary)
  • [x] Extended README/Documentation (if necessary)
  • [x] Adjusted versions of image and Helm chart in values.yaml and Chart.yaml (if necessary)

andreee94 avatar Feb 28 '22 18:02 andreee94

@peterthomassen I have updated the alert classes accordingly to your suggestions. Let me know if I can make something better.

andreee94 avatar Feb 28 '22 21:02 andreee94

Codecov Report

Merging #560 (6aa67ab) into develop (165f518) will increase coverage by 2.64%. The diff coverage is 96.47%.

@@             Coverage Diff             @@
##           develop     #560      +/-   ##
===========================================
+ Coverage    93.52%   96.17%   +2.64%     
===========================================
  Files           15       22       +7     
  Lines          633     1254     +621     
===========================================
+ Hits           592     1206     +614     
- Misses          41       48       +7
Impacted Files Coverage Δ
connaisseur/__main__.py 0.00% <0.00%> (ø)
connaisseur/kube_api.py 87.50% <66.66%> (ø)
...naisseur/validators/notaryv2/notaryv2_validator.py 80.00% <80.00%> (ø)
connaisseur/flask_application.py 92.63% <92.63%> (ø)
connaisseur/validators/static/static_validator.py 93.75% <93.75%> (ø)
connaisseur/alert.py 93.92% <93.92%> (ø)
connaisseur/util.py 95.45% <95.45%> (-4.55%) :arrow_down:
connaisseur/logging_wrapper.py 96.15% <96.15%> (ø)
connaisseur/config.py 97.29% <97.29%> (ø)
connaisseur/workload_object.py 98.24% <98.24%> (ø)
... and 12 more

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 0cc2957...6aa67ab. Read the comment docs.

codecov-commenter avatar Mar 16 '22 07:03 codecov-commenter