[forward] Azure Webhook Support [SURE-7047]

[manno]

forwardport of https://github.com/rancher/fleet/issues/1997

[manno]

/forwardport v2.9.0 release/v0.9

[manno]

/backport v2.9.0 release/v0.9

[raulcabello]

QA Template

Solution

Add webhook support for Azure Webhooks. It works the same way as existing webhooks for GitHub, Gitlab and BitBucket

Testing

• Verify webhook in azure are working when no basic authentication is provided
• Wrong basic auth credentials should show an error, and it should not update the Bundle
• Valid auth credentials should work fine
• Webhooks for other providers (GitHub, Gitlab and BitBucket) should keep working

Additional notes

• How to create Azure Devops Webhooks https://learn.microsoft.com/en-us/azure/devops/service-hooks/services/webhooks?view=azure-devops-2020
• How to configure webhooks in fleet https://fleet.rancher.io/webhook
• Make sure the syncInterval is set to something very high (e.g 10000), so it does not interfere with the webhook tests

[thehejik]

Seems this is working with private Azure HTTPS repo but there are two issues:

• 2352

• 2345

[thehejik]

Test report

I successfully re-validated Azure devops Webhook support on rancher:v2.9-head with fleet:104.0.0+up0.10.0-rc.15. Tested were

• private HTTP repo
• private SSH repo

both were deployed on fleet-default namespace with and without webhook BASIC auth enabled. For testing I used new gitrepo flag spec.disablePolling: true.

For enabling webhook payload visibility in gitjob logs I created fleet entry in rancher-config configmap with multi-line entry:

debug: true
debugLevel: 1

Only know problem I spotted is not so nice stacktrace when webhook credentials doesn't match with those defined in webhook secret defined by kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=azure-username=user --from-literal=azure-password=password:

2024-06-17T12:31:02Z    DEBUG   webhook Webhook payload {"payload": null}
2024-06-17T12:31:02Z    ERROR   webhook Webhook processing failed   {"error": "basic auth verification failed"}
github.com/rancher/fleet/pkg/webhook.(*Webhook).logAndReturn
    /home/runner/work/fleet/fleet/pkg/webhook/webhook.go:301
github.com/rancher/fleet/pkg/webhook.(*Webhook).ServeHTTP
    /home/runner/work/fleet/fleet/pkg/webhook/webhook.go:183
github.com/gorilla/mux.(*Router).ServeHTTP
    /home/runner/go/pkg/mod/github.com/gorilla/mux@v1.8.1/mux.go:212
net/http.serverHandler.ServeHTTP
    /opt/hostedtoolcache/go/1.22.4/x64/src/net/http/server.go:3137
net/http.(*conn).serve
    /opt/hostedtoolcache/go/1.22.4/x64/src/net/http/server.go:2039

Closing as we know how to enabled verbose logs for webhook payloads in gitjob pod in rancher and the issue for the stacktrace is reported.