Secure headers for HTTP Trigger #1229
Conversation
Signed-off-by: Luis <[email protected]> modified scope of http applyresource testcase Signed-off-by: Luis <[email protected]> corrected http-trigger documentation Signed-off-by: Luis <[email protected]> added pwclabs as a user Signed-off-by: Luis <[email protected]>
USERS.md
Outdated
| @@ -19,3 +19,4 @@ Organizations below are **officially** using Argo Events. Please send a PR with | |||
| 1. [RTL Nederland](https://www.rtl.nl) | |||
| 1. [Viaduct](https://www.viaduct.ai/) | |||
| 1. [Woolworths Group](https://www.woolworthsgroup.com.au/) | |||
| 1. [PwC Labs](https://www.pwc.com/us/en/careers/why-pwc/what-we-do/what-we-do-pwc-labs.html) | |||
manifests/install.yaml
Outdated
| - name: NAMESPACE | ||
| valueFrom: | ||
| fieldRef: | ||
| fieldPath: metadata.namespace | ||
| - name: EVENTSOURCE_IMAGE |
There was a problem hiding this comment.
The order change was cause by different kustomize version. Can you upgrade kustomize to the latest and rerun make manifests? Let me know if you are already running the latest.
pkg/apis/common/common.go
Outdated
| @@ -108,6 +108,11 @@ type BasicAuth struct { | |||
| Password *corev1.SecretKeySelector `json:"password,omitempty" protobuf:"bytes,2,opt,name=password"` | |||
| } | |||
|
|
|||
| type SecureHeaders struct { | |||
pkg/apis/common/common.go
Outdated
| @@ -108,6 +108,11 @@ type BasicAuth struct { | |||
| Password *corev1.SecretKeySelector `json:"password,omitempty" protobuf:"bytes,2,opt,name=password"` | |||
| } | |||
|
|
|||
| type SecureHeaders struct { | |||
| HeaderName string `json:"headerName,omitempty" protobuf:"bytes,1,opt,name=headerName"` | |||
pkg/apis/common/common.go
Outdated
| @@ -108,6 +108,11 @@ type BasicAuth struct { | |||
| Password *corev1.SecretKeySelector `json:"password,omitempty" protobuf:"bytes,2,opt,name=password"` | |||
| } | |||
|
|
|||
| type SecureHeaders struct { | |||
| HeaderName string `json:"headerName,omitempty" protobuf:"bytes,1,opt,name=headerName"` | |||
| Value *corev1.SecretKeySelector `json:"value,omitempty" protobuf:"bytes,2,opt,name=value"` | |||
There was a problem hiding this comment.
How about
ValueFrom *ValueFromSource
type ValueFromSource struct {
SecretRef *corev1.SecretKeySelector
ConfigMapRef *corev1.ConfigMapKeySelector
}
There was a problem hiding this comment.
Are you saying that header names should be read from configmaps and values from secrets? What would be the benefit from reading from configmaps? @whynowy
There was a problem hiding this comment.
No. I mean the value could come from configmaps OR secrets - similar to envFrom.
I think this struct could also be reused by the metadata carried by each of the event source, this is another topic.
|
@whynowy I tested with both secrets and configmaps. Given you switch to configMapKeyRef. e.g. apiVersion: v1
kind: ConfigMap
metadata:
name: dev-services-secret
namespace: argo-events
data:
serviceToken: secret |
Signed-off-by: Luis <[email protected]>
|
@whynowy I re-ran it with the latest Kustomize version and looks like that worked. It still generated event-bus.md and eventsource.md, though I discarded those changes. Let me know if this is good, I don't have access to re-run test cases. |
No worries, I'll handle that. |
|
@whynowy, any ETA on the next release? Would love this feature! |
I would expect the BitBucket implementation PR being merged before cutting v1.4, if that doesn't happen, I will tag the version anyways by the end of next week. |
* feat: Added secureHeaders to http-trigger Signed-off-by: Luis <[email protected]>
Checklist:
This solves issue #1227 and it adds support for adding headers to the HTTP Trigger as secrets, so tokens are not committed as code. See the example below: