This message was deleted.
# opals
Slackbot
02/23/2023, 3:42 PMThis message was deleted.
o
Oded Bd
02/23/2023, 3:50 PMHi @arun Dsouza great question, I will check this out with my team and get back to you
o
Or Weis
02/23/2023, 4:12 PMYou can control how the webhook OPAL expects would look like via
OPAL_POLICY_REPO_WEBHOOK_PARAMSevent_header_nameOPAL_POLICY_REPO_WEBHOOK_PARAMSOPAL_POLICY_REPO_WEBHOOK_SECRETOr Weis
02/23/2023, 4:14 PMPlease read the docs here:
https://docs.opal.ac/tutorials/track_a_git_repo#working-with-different-git-services
and you can see the schema for the config here:
https://github.com/permitio/opal/blob/master/packages/opal-common/opal_common/schemas/webhook.py
And the actual code validating the incoming webhook here:
• https://github.com/permitio/opal/blob/master/packages/opal-server/opal_server/policy/webhook/api.py
• opal_server/policy/webhook/deps.py
a
arun Dsouza
02/27/2023, 4:24 PMI tried sending post request but getting error status :ignored , event ; git.push so not sure what is wrong
o
Or Weis
02/27/2023, 4:36 PM@arun Dsouza can you share the full log you got, the post body and headers you’re sending ?
a
arun Dsouza
02/27/2023, 5:51 PMheaders = {"Content-Type": "application/json",
"Accept": "application/json",
"x-api-key" : "xxxxxxx"}
o
Or Weis
02/27/2023, 6:57 PMAnd the error log?
Or Weis
02/27/2023, 6:58 PMAlso the config for webhook params and secrets, and the configured repo url
Or Weis
02/27/2023, 6:59 PMWe need to see that those match the webhook you're sending here.
Or Weis
02/27/2023, 7:00 PMFor example the repository.url in the body needs to match the repo url you configured for opal
a
arun Dsouza
02/27/2023, 7:12 PMIam not sure if this is coming from my call as I don't see the source address to really confirm
arun Dsouza
02/27/2023, 7:12 PMPlease make sure you have the correct access rights
and the repository exists.
'←[0m
←[32m2023-02-27T191034.443859+0000←[0m | 8 | ←[34mopal_common.git.repo_cloner ←[0m|←[31m←[1mERROR | cannot clone policy repo: Cmd('git') failed due to: exit code(128)
cmdline: git clone -v --branch=master -- git@ssh.dev.azure.com:v3/Alegeus-Technologies/ArchitectureCouncil/OPAL-Policy-Repo /opal/regoclone/opal_repo_clone
stderr: '190825.163408 git.c:444 trace: built-in: git clone -v --branch=master -- git@ssh.dev.azure.com:v3/Alegeus-Technologies/ArchitectureCouncil/OPAL-Policy-Repo /opal/regoclone/opal_repo_clone
Cloning into '/opal/regoclone/opal_repo_clone'...
190825.165271 run-command.c:664 trace: run_command: unset GIT_DIR; GIT_PROTOCOL=version=2 'ssh -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -i //opal/.ssh/opal_repo_ssh_key' -o SendEnv=GIT_PROTOCOL git@ssh.dev.azure.com 'git-upload-pack '\''v3/Alegeus-Technologies/ArchitectureCouncil/OPAL-Policy-Repo'\'''
ssh: connect to host ssh.dev.azure.com port 22: Connection timed out
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
'←[0m
arun Dsouza
02/27/2023, 7:13 PMcan direct me to sample configuration for azure devops how it should be
arun Dsouza
02/27/2023, 7:14 PMI thought x-api-key is the secret or token
o
Or Weis
02/27/2023, 7:17 PMHere the issue seems to be the SSH key (or otherwise repo configuration) to clone the repository for OPAL
the x-api-key is a secret to check that the webhook source can be trusted.
Or Weis
02/27/2023, 7:18 PMTo be clear: It looks like the webhook is not your problem but the basic configuration of the repository
5 Views