foreman_webhooks 0.0.2 → 0.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a9463b5bd544237c5746c80546263831614867cd514146ec019332759618e2b8
-  data.tar.gz: ee3c69e62926cd35b9ed665b5dc09199052fb7d72556040851d571cdbd0a01de
+  metadata.gz: ca37dd6a9541d2de7fd5bcf755c36b04f225023917c6068d83ff0b81a50ff8a9
+  data.tar.gz: 8f34d322989908647a9ce14e3d6801341ed80633387d98f7fdc43c88719d92b8
 SHA512:
-  metadata.gz: 8b3580cd4a8987e5ad9e3410bf87be6b9c84c299f0e38bcc68db14dfe97c7458f4976621f19d614d39b56380be8a7ba8cefbf7a42d358bbe91a417b05603d153
-  data.tar.gz: ef59e908b1f0c9cad872b73bd86922064f01552a8f8287b720d040f0a9b4f44fbf066d752492637aff633752db5453b35e07cf376f7e86838d756cb4d8fd1dcb
+  metadata.gz: b234299b2ca09dbae3b95174d451f77609cddbaa823f137c48233684866279db4128b48d130e5d879007cd35343cdcc8e503cc9f2bb4e05e63df548253882e9b
+  data.tar.gz: 54546c3269a713b86a120edc2ea496862301067393bcc437d3c399585ea8215844a83ac9e340be450f312f85c125a262aa9e2bcaba306a1482973f071d1a1f3c

data/app/controllers/api/v2/webhooks_controller.rb

@@ -34,6 +34,7 @@ module Api
           param :user, String
           param :password, String
           param :http_headers, String
+          param :proxy_authorization, :boolean, N_('Authorize with Foreman client certificate and validate smart-proxy CA from Settings')
         end
       end
 

data/app/controllers/concerns/foreman_webhooks/controller/parameters/webhook.rb

@@ -20,7 +20,8 @@ module ForemanWebhooks
                             :ssl_ca_certs,
                             :user,
                             :password,
-                            :http_headers
+                            :http_headers,
+                            :proxy_authorization
             end
           end
         end

data/app/services/foreman_webhooks/webhook_service.rb

@@ -14,6 +14,22 @@ module ForemanWebhooks
       @rendered_url = url
     end
 
+    def foreman_ssl_auth_params
+      cert         = Setting[:ssl_certificate]
+      ca_cert      = Setting[:ssl_ca_file]
+      hostprivkey  = Setting[:ssl_priv_key]
+
+      {
+        cert: OpenSSL::X509::Certificate.new(File.read(cert)),
+        key: OpenSSL::PKey::RSA.new(File.read(hostprivkey)),
+        ca_file: ca_cert
+      }
+    rescue StandardError => e
+      msg = 'Unable to read SSL proxy CA, cert or key'
+      Foreman::Logging.exception(msg, e)
+      raise Foreman::WrappedException.new(e, msg)
+    end
+
     def execute
       logger.info("Performing '#{webhook.name}' webhook request for event '#{event_name}'")
       Foreman::Logging.blob("Payload for '#{event_name}'", payload)
@@ -25,6 +41,16 @@ module ForemanWebhooks
         logger.debug("Headers: #{rendered_headers}")
       end
 
+      verify = webhook.verify_ssl?
+      ca_string = webhook.ca_certs_store
+      if webhook.proxy_authorization
+        foreman_ssl = foreman_ssl_auth_params
+        verify = true
+        ca_file = foreman_ssl[:ca_file]
+        cert = foreman_ssl[:cert]
+        key = foreman_ssl[:key]
+      end
+
       response = self.class.request(url: rendered_url,
                                     payload: payload,
                                     http_method: webhook.http_method,
@@ -32,8 +58,11 @@ module ForemanWebhooks
                                     password: webhook.password,
                                     content_type: webhook.http_content_type,
                                     headers: headers,
-                                    ca_verify: webhook.verify_ssl?,
-                                    ca_string: webhook.ca_certs_store,
+                                    ca_verify: verify,
+                                    ca_string: ca_string,
+                                    ca_file: ca_file,
+                                    cert: cert,
+                                    key: key,
                                     follow_redirects: true)
 
       status = case response.code.to_i
@@ -61,6 +90,7 @@ module ForemanWebhooks
 
     def self.request(url:, payload: '', http_method: :GET, user: nil, password: nil,
                      content_type: 'application/json', headers: {}, ca_string: nil,
+                     ca_file: nil, cert: nil, key: nil,
                      ca_verify: false, follow_redirects: true, redirect_limit: 3)
       uri = URI.parse(url)
 
@@ -69,8 +99,8 @@ module ForemanWebhooks
       request['Content-Type'] = content_type
       request['X-Request-Id'] = ::Logging.mdc['request'] || SecureRandom.uuid
       request['X-Session-Id'] = ::Logging.mdc['session'] || SecureRandom.uuid
-      headers.each_pair do |key, value|
-        request[key.to_s] = value.to_s
+      headers.each_pair do |hkey, value|
+        request[hkey.to_s] = value.to_s
       end
       request.body = payload
 
@@ -86,6 +116,9 @@ module ForemanWebhooks
         http.use_ssl = true
         http.verify_mode = ca_verify ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
         http.cert_store = ca_string if ca_string
+        http.ca_file = ca_file if ca_file
+        http.cert = cert if cert
+        http.key = key if key
       end
       http.request(request) do |response|
         case response

data/app/views/webhooks/_form.html.erb

@@ -28,6 +28,7 @@
   <%= textarea_f f, :ssl_ca_certs, label: _('X509 Certification Authorities'),
     size: 'col-md-8', rows: 10,
     placeholder: _("Optional CAs in PEM format concatenated to verify the receiver's SSL certificate.") %>
+  <%= checkbox_f f, :proxy_authorization, help_inline: _("Authorize with Foreman client certificate and validate smart-proxy CA from Settings.") %>
 
   <%= textarea_f f, :http_headers, label: _('Optional HTTP headers as JSON (ERB allowed)'),
     size: 'col-md-8', rows: 6,

data/db/migrate/20210322144728_add_proxy_authorization_to_webhook.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class AddProxyAuthorizationToWebhook < ActiveRecord::Migration[6.0]
+  def change
+    add_column :webhooks, :proxy_authorization, :boolean, null: false, default: false
+  end
+end

data/lib/foreman_webhooks/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ForemanWebhooks
-  VERSION = '0.0.2'
+  VERSION = '0.0.3'
 end

data/lib/tasks/foreman_webhooks_tasks.rake

@@ -44,6 +44,4 @@ end
 Rake::Task[:test].enhance ['test:foreman_webhooks']
 
 load 'tasks/jenkins.rake'
-if Rake::Task.task_defined?(:'jenkins:unit')
-  Rake::Task['jenkins:unit'].enhance ['test:foreman_webhooks', 'foreman_webhooks:rubocop']
-end
+Rake::Task['jenkins:unit'].enhance ['test:foreman_webhooks', 'foreman_webhooks:rubocop'] if Rake::Task.task_defined?(:'jenkins:unit')

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_webhooks
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - Timo Goebel
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-03-08 00:00:00.000000000 Z
+date: 2021-03-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rdoc
@@ -94,6 +94,7 @@ files:
 - db/migrate/20200908004234_add_columns_to_webhooks.rb
 - db/migrate/20201014115147_rename_ca_file_column.rb
 - db/migrate/20201109135301_add_http_headers.rb
+- db/migrate/20210322144728_add_proxy_authorization_to_webhook.rb
 - db/seeds.d/62_shellhooks_proxy_feature.rb
 - db/seeds.d/95_webhook_templates.rb
 - lib/foreman_webhooks.rb
@@ -155,7 +156,7 @@ files:
 - webpack/__mocks__/foremanReact/routes/common/PageLayout/PageLayout.js
 - webpack/index.js
 - webpack/routes_index.js
-homepage: https://github.com/timogoebel/foreman_webhooks
+homepage: https://github.com/theforeman/foreman_webhooks
 licenses:
 - GPL-3.0
 metadata: {}