Support mTLS Authentication in Webhooks (#9777)

2025-11-09 05:34:56 -05:00 · 2020-06-08 18:25:44 +05:30
parent c7599d323b
commit 2ce2e88adf
7 changed files with 84 additions and 6 deletions
--- a/cmd/config/notify/help.go
+++ b/cmd/config/notify/help.go
@@ -59,6 +59,18 @@ var (
 			Optional:    true,
 			Type:        "sentence",
 		},
+		config.HelpKV{
+			Key:         target.WebhookClientCert,
+			Description: "client cert for Webhook mTLS auth",
+			Optional:    true,
+			Type:        "string",
+		},
+		config.HelpKV{
+			Key:         target.WebhookClientKey,
+			Description: "client cert key for Webhook mTLS auth",
+			Optional:    true,
+			Type:        "string",
+		},
 	}

 	HelpAMQP = config.HelpKVS{
--- a/cmd/config/notify/legacy.go
+++ b/cmd/config/notify/legacy.go
@@ -281,6 +281,14 @@ func SetNotifyWebhook(s config.Config, whName string, cfg target.WebhookArgs) er
 			Key:   target.WebhookQueueLimit,
 			Value: strconv.Itoa(int(cfg.QueueLimit)),
 		},
+		config.KV{
+			Key:   target.WebhookClientCert,
+			Value: cfg.ClientCert,
+		},
+		config.KV{
+			Key:   target.WebhookClientKey,
+			Value: cfg.ClientKey,
+		},
 	}

 	return nil
--- a/cmd/config/notify/parse.go
+++ b/cmd/config/notify/parse.go
@@ -1428,6 +1428,14 @@ var (
 			Key:   target.WebhookQueueDir,
 			Value: "",
 		},
+		config.KV{
+			Key:   target.WebhookClientCert,
+			Value: "",
+		},
+		config.KV{
+			Key:   target.WebhookClientKey,
+			Value: "",
+		},
 	}
 )

@@ -1471,6 +1479,15 @@ func GetNotifyWebhook(webhookKVS map[string]config.KVS, transport *http.Transpor
 		if k != config.Default {
 			authEnv = authEnv + config.Default + k
 		}
+		clientCertEnv := target.EnvWebhookClientCert
+		if k != config.Default {
+			clientCertEnv = clientCertEnv + config.Default + k
+		}
+
+		clientKeyEnv := target.EnvWebhookClientKey
+		if k != config.Default {
+			clientKeyEnv = clientKeyEnv + config.Default + k
+		}

 		webhookArgs := target.WebhookArgs{
 			Enable:     enabled,
@@ -1479,6 +1496,8 @@ func GetNotifyWebhook(webhookKVS map[string]config.KVS, transport *http.Transpor
 			AuthToken:  env.Get(authEnv, kv.Get(target.WebhookAuthToken)),
 			QueueDir:   env.Get(queueDirEnv, kv.Get(target.WebhookQueueDir)),
 			QueueLimit: uint64(queueLimit),
+			ClientCert: env.Get(clientCertEnv, kv.Get(target.WebhookClientCert)),
+			ClientKey:  env.Get(clientKeyEnv, kv.Get(target.WebhookClientKey)),
 		}
 		if err = webhookArgs.Validate(); err != nil {
 			return nil, err