From 1c3113f8ab4c0cfe00195ae278cbbc8af479b75d Mon Sep 17 00:00:00 2001 From: Renato Burton Date: Mon, 2 Jan 2023 18:35:00 -0300 Subject: [PATCH 1/6] First commit Signed-off-by: Renato Burton --- hooks/generic-webhook/docs/README.ArtifactHub.md | 3 +++ hooks/generic-webhook/hook/hook.js | 6 +++++- hooks/generic-webhook/templates/webhook-hook.yaml | 12 ++++++++++++ hooks/generic-webhook/values.yaml | 8 +++++++- 4 files changed, 27 insertions(+), 2 deletions(-) diff --git a/hooks/generic-webhook/docs/README.ArtifactHub.md b/hooks/generic-webhook/docs/README.ArtifactHub.md index e725da018d..e5e41b5bbc 100644 --- a/hooks/generic-webhook/docs/README.ArtifactHub.md +++ b/hooks/generic-webhook/docs/README.ArtifactHub.md @@ -68,6 +68,9 @@ Kubernetes: `>=v1.11.0-0` | hook.authentication.basic.passwordKey | string | `"password"` | Name of the password key in the `userSecret` secret. Use this if you already have a secret with different key / value pairs | | hook.authentication.basic.userSecret | string | `"generic-webhook-credentials"` | Link a pre-existing generic secret with `usernameKey` and `passwordKey` key / value pairs | | hook.authentication.basic.usernameKey | string | `"username"` | Name of the username key in the `userSecret` secret. Use this if you already have a secret with different key / value pairs | +| hook.authentication.apikey.userSecret | string | `"generic-webhook-credentials"` | Link a pre-existing generic secret with `usernameKey` and `passwordKey` key / value pairs | +| hook.authentication.apikey.key | string | `"X-api-key"` | Customize header name as per your needs | +| hook.authentication.apikey.secret | string | `"26ea529e517748baa6d87ebfe5781475"` | Use your API key | | hook.image.repository | string | `"docker.io/securecodebox/hook-generic-webhook"` | Hook image repository | | hook.image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. | | hook.labels | object | `{}` | Add Kubernetes Labels to the hook definition | diff --git a/hooks/generic-webhook/hook/hook.js b/hooks/generic-webhook/hook/hook.js index d03be2b6f9..20a5add25f 100644 --- a/hooks/generic-webhook/hook/hook.js +++ b/hooks/generic-webhook/hook/hook.js @@ -8,13 +8,17 @@ async function handle({ webhookUrl = process.env["WEBHOOK_URL"], webhookUser = process.env["WEBHOOK_USER"], webhookPassword = process.env["WEBHOOK_PASSWORD"], + webhookApikey = process.env["WEBHOOK_APIKEY"], + webhookApikeySecret = process.env["WEBHOOK_APIKEY_SECRET"], axios = require('axios') }) { const findings = await getFindings(); console.log(`Sending ${findings.length} findings to ${webhookUrl}`); - if (webhookUser && webhookPassword){ + if (webhookApikey && webhookApikeySecret){ + await axios.post(webhookUrl, {scan, findings }, {headers: { webhookApikey: webhookApikeySecret}}); + }else if (webhookUser && webhookPassword){ await axios.post(webhookUrl, {scan, findings }, {auth: {username: webhookUser, password: webhookPassword}}); }else{ await axios.post(webhookUrl, {scan, findings }); diff --git a/hooks/generic-webhook/templates/webhook-hook.yaml b/hooks/generic-webhook/templates/webhook-hook.yaml index d650bc5faa..c2e532a2a9 100644 --- a/hooks/generic-webhook/templates/webhook-hook.yaml +++ b/hooks/generic-webhook/templates/webhook-hook.yaml @@ -31,6 +31,18 @@ spec: name: {{ .Values.hook.authentication.basic.userSecret }} key: {{ .Values.hook.authentication.basic.passwordKey }} optional: true + - name: WEBHOOK_APIKEY + valueFrom: + secretKeyRef: + name: {{ .Values.hook.authentication.apikey.userSecret }} + key: {{ .Values.hook.authentication.apikey.key }} + optional: true + - name: WEBHOOK_APIKEY_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.hook.authentication.apikey.userSecret }} + key: {{ .Values.hook.authentication.apikey.secret }} + optional: true affinity: {{- toYaml .Values.hook.affinity | nindent 4 }} tolerations: diff --git a/hooks/generic-webhook/values.yaml b/hooks/generic-webhook/values.yaml index 97fd95b37c..173e98ad35 100644 --- a/hooks/generic-webhook/values.yaml +++ b/hooks/generic-webhook/values.yaml @@ -35,8 +35,14 @@ hook: # hook.tolerations -- Optional tolerations settings that control how the hook job is scheduled (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) tolerations: [] - # hook.authentication -- Optional basic authentication credentials + # hook.authentication -- Optional basic authentication credentials or apikey authentication: + apikey: + # -- Link a pre-existing generic secret with `usernameKey` and `passwordKey` key / value pairs + userSecret: generic-webhook-credentials + # -- Customize header name as per your needs + key: X-api-key + secret: 26ea529e517748baa6d87ebfe5781475 basic: # -- Link a pre-existing generic secret with `usernameKey` and `passwordKey` key / value pairs userSecret: generic-webhook-credentials From 4f5c9fa670ced470af418bd6a1fd6e029bbd1c36 Mon Sep 17 00:00:00 2001 From: Renato Burton Date: Wed, 4 Jan 2023 21:54:12 -0300 Subject: [PATCH 2/6] Update hooks/generic-webhook/hook/hook.js Co-authored-by: Jannik Hollenbach Signed-off-by: Renato Burton --- hooks/generic-webhook/hook/hook.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hooks/generic-webhook/hook/hook.js b/hooks/generic-webhook/hook/hook.js index 20a5add25f..eef5a33368 100644 --- a/hooks/generic-webhook/hook/hook.js +++ b/hooks/generic-webhook/hook/hook.js @@ -17,7 +17,7 @@ async function handle({ console.log(`Sending ${findings.length} findings to ${webhookUrl}`); if (webhookApikey && webhookApikeySecret){ - await axios.post(webhookUrl, {scan, findings }, {headers: { webhookApikey: webhookApikeySecret}}); + await axios.post(webhookUrl, {scan, findings }, {headers: { [webhookApikey]: webhookApikeySecret}}); }else if (webhookUser && webhookPassword){ await axios.post(webhookUrl, {scan, findings }, {auth: {username: webhookUser, password: webhookPassword}}); }else{ From aac2aabb0fbbaf8544c9b80f5afd88975859e032 Mon Sep 17 00:00:00 2001 From: Renato Burton Date: Wed, 4 Jan 2023 21:54:24 -0300 Subject: [PATCH 3/6] Update hooks/generic-webhook/templates/webhook-hook.yaml Co-authored-by: Jannik Hollenbach Signed-off-by: Renato Burton --- hooks/generic-webhook/templates/webhook-hook.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hooks/generic-webhook/templates/webhook-hook.yaml b/hooks/generic-webhook/templates/webhook-hook.yaml index c2e532a2a9..0de2d117b9 100644 --- a/hooks/generic-webhook/templates/webhook-hook.yaml +++ b/hooks/generic-webhook/templates/webhook-hook.yaml @@ -35,7 +35,7 @@ spec: valueFrom: secretKeyRef: name: {{ .Values.hook.authentication.apikey.userSecret }} - key: {{ .Values.hook.authentication.apikey.key }} + key: header-name optional: true - name: WEBHOOK_APIKEY_SECRET valueFrom: From 775183fb2f69bdbcf2bf3eb0f77a2d2722718b67 Mon Sep 17 00:00:00 2001 From: Renato Burton Date: Wed, 4 Jan 2023 21:54:30 -0300 Subject: [PATCH 4/6] Update hooks/generic-webhook/templates/webhook-hook.yaml Co-authored-by: Jannik Hollenbach Signed-off-by: Renato Burton --- hooks/generic-webhook/templates/webhook-hook.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hooks/generic-webhook/templates/webhook-hook.yaml b/hooks/generic-webhook/templates/webhook-hook.yaml index 0de2d117b9..48f9e17f7d 100644 --- a/hooks/generic-webhook/templates/webhook-hook.yaml +++ b/hooks/generic-webhook/templates/webhook-hook.yaml @@ -41,7 +41,7 @@ spec: valueFrom: secretKeyRef: name: {{ .Values.hook.authentication.apikey.userSecret }} - key: {{ .Values.hook.authentication.apikey.secret }} + key: header-value optional: true affinity: {{- toYaml .Values.hook.affinity | nindent 4 }} From b7489fdb0a54f7c2a506ae329f7584c4ccfecc7b Mon Sep 17 00:00:00 2001 From: Renato Burton Date: Wed, 4 Jan 2023 23:15:54 -0300 Subject: [PATCH 5/6] Add suggestion by @j12934 Signed-off-by: Renato Burton --- hooks/generic-webhook/README.md | 3 +++ hooks/generic-webhook/docs/README.ArtifactHub.md | 4 ++-- hooks/generic-webhook/templates/webhook-hook.yaml | 4 ++-- hooks/generic-webhook/values.yaml | 6 +++--- 4 files changed, 10 insertions(+), 7 deletions(-) diff --git a/hooks/generic-webhook/README.md b/hooks/generic-webhook/README.md index d72946a9c2..2014cc41a4 100644 --- a/hooks/generic-webhook/README.md +++ b/hooks/generic-webhook/README.md @@ -60,6 +60,9 @@ Kubernetes: `>=v1.11.0-0` | hook.authentication.basic.passwordKey | string | `"password"` | Name of the password key in the `userSecret` secret. Use this if you already have a secret with different key / value pairs | | hook.authentication.basic.userSecret | string | `"generic-webhook-credentials"` | Link a pre-existing generic secret with `usernameKey` and `passwordKey` key / value pairs | | hook.authentication.basic.usernameKey | string | `"username"` | Name of the username key in the `userSecret` secret. Use this if you already have a secret with different key / value pairs | +| hook.authentication.apikey.userSecret | string | `"generic-webhook-credentials"` | Link a pre-existing generic secret with `usernameKey` and `passwordKey` key / value pairs | +| hook.authentication.apikey.headerName | string | `"X-api-key"` | Customize header name as per your needs | +| hook.authentication.apikey.headerValue | string | `"26ea529e517748baa6d87ebfe5781475"` | Use your API key | | hook.image.repository | string | `"docker.io/securecodebox/hook-generic-webhook"` | Hook image repository | | hook.image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. | | hook.labels | object | `{}` | Add Kubernetes Labels to the hook definition | diff --git a/hooks/generic-webhook/docs/README.ArtifactHub.md b/hooks/generic-webhook/docs/README.ArtifactHub.md index e5e41b5bbc..98235d8d95 100644 --- a/hooks/generic-webhook/docs/README.ArtifactHub.md +++ b/hooks/generic-webhook/docs/README.ArtifactHub.md @@ -69,8 +69,8 @@ Kubernetes: `>=v1.11.0-0` | hook.authentication.basic.userSecret | string | `"generic-webhook-credentials"` | Link a pre-existing generic secret with `usernameKey` and `passwordKey` key / value pairs | | hook.authentication.basic.usernameKey | string | `"username"` | Name of the username key in the `userSecret` secret. Use this if you already have a secret with different key / value pairs | | hook.authentication.apikey.userSecret | string | `"generic-webhook-credentials"` | Link a pre-existing generic secret with `usernameKey` and `passwordKey` key / value pairs | -| hook.authentication.apikey.key | string | `"X-api-key"` | Customize header name as per your needs | -| hook.authentication.apikey.secret | string | `"26ea529e517748baa6d87ebfe5781475"` | Use your API key | +| hook.authentication.apikey.headerName | string | `"X-api-key"` | Customize header name as per your needs | +| hook.authentication.apikey.headerValue | string | `"26ea529e517748baa6d87ebfe5781475"` | Use your API key | | hook.image.repository | string | `"docker.io/securecodebox/hook-generic-webhook"` | Hook image repository | | hook.image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. | | hook.labels | object | `{}` | Add Kubernetes Labels to the hook definition | diff --git a/hooks/generic-webhook/templates/webhook-hook.yaml b/hooks/generic-webhook/templates/webhook-hook.yaml index 48f9e17f7d..49624c9556 100644 --- a/hooks/generic-webhook/templates/webhook-hook.yaml +++ b/hooks/generic-webhook/templates/webhook-hook.yaml @@ -35,13 +35,13 @@ spec: valueFrom: secretKeyRef: name: {{ .Values.hook.authentication.apikey.userSecret }} - key: header-name + key: {{ .Values.hook.authentication.apikey.headerName }} optional: true - name: WEBHOOK_APIKEY_SECRET valueFrom: secretKeyRef: name: {{ .Values.hook.authentication.apikey.userSecret }} - key: header-value + key: {{ .Values.hook.authentication.apikey.headerValue }} optional: true affinity: {{- toYaml .Values.hook.affinity | nindent 4 }} diff --git a/hooks/generic-webhook/values.yaml b/hooks/generic-webhook/values.yaml index 173e98ad35..c394f8e7b7 100644 --- a/hooks/generic-webhook/values.yaml +++ b/hooks/generic-webhook/values.yaml @@ -40,9 +40,9 @@ hook: apikey: # -- Link a pre-existing generic secret with `usernameKey` and `passwordKey` key / value pairs userSecret: generic-webhook-credentials - # -- Customize header name as per your needs - key: X-api-key - secret: 26ea529e517748baa6d87ebfe5781475 + # -- Customize header name as per your needs ex: X-Api-Key + headerName: X-Example-Header + headerValue: example basic: # -- Link a pre-existing generic secret with `usernameKey` and `passwordKey` key / value pairs userSecret: generic-webhook-credentials From c7dfaf3495bf2f4e56fb1085bb1976a6ba15c3c9 Mon Sep 17 00:00:00 2001 From: Renato Burton Date: Wed, 4 Jan 2023 23:29:06 -0300 Subject: [PATCH 6/6] Adding me as a contributor Signed-off-by: Renato Burton --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 65d24ad68a..ad275c6d2e 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -43,3 +43,4 @@ Committing with `git commit -s` will add the sign-off at the end of the commit m - Felix Hörsting - Matthew Cascio - Patryk Miłek +- Renato Burton