This message was deleted.

Image :

Hi @Jack Geek, Did you follow the instructions for GITLAB here? https://docs.opal.ac/tutorials/track_a_git_repo#working-with-different-git-services

Hi @Or Weis, yes I followed that instructions, I have a second problem, after I trigger the push, I have this 401 error on OPAL server side :

Seems that your webhook is malformed or doesn’t match what OPAL expects.

here is my K8S containers config :

containers:

- name: opal-server

image: permitio/opal-server:0.4.0

ports:

- name: http

containerPort: 7002

env:

- name: OPAL_POLICY_REPO_URL

valueFrom:

secretKeyRef:

name: opal-server-secret

key: OPAL_POLICY_REPO_URL

- name: OPAL_POLICY_REPO_SSH_KEY

valueFrom:

secretKeyRef:

name: opal-server-secret

key: OPAL_POLICY_REPO_SSH_KEY

- name: OPAL_POLICY_REPO_WEBHOOK_SECRET

valueFrom:

secretKeyRef:

name: opal-server-secret

key: OPAL_POLICY_REPO_WEBHOOK_SECRET

- name: OPAL_POLICY_REPO_WEBHOOK_PARAMS

value: "{\"secret_header_name\":\"X-Gitlab-Token\",\"secret_type\":\"token\",\"secret_parsing_regex\":\"(.*)\",\"event_header_name\":\"X-Gitlab-Event\",\"push_event_value\":\"Push Hook\"}"

- name: OPAL_LOG_FORMAT_INCLUDE_PID

value: "true"

- name: OPAL_DATA_CONFIG_SOURCES

value: "{\"config\":{\"entries\":[]}}"

- name: OPAL_POLICY_REPO_MAIN_BRANCH

value: develop

Can you share the body and header of the incoming webhook ?

@Or Weis not really, as you see Gitlab senfs the secret

@Raz Co is taking a deeper look.

Hi @Or Weis, but the

git_http_url

is the HTTP url and I configure the repo URL with the SSH url, should I change it ?

The feature to ignore the schema (HTTPs/ SSH) in the webhook URL check was added in OPAL 0.5.0

So I think I'm blocked 😞 OPAL 0.5.0 does not work for me on K8S : https://permit-io.slack.com/archives/C01RUUYV3TP/p1677596037607489 Same deployment file works on 0.4.0 but not 0.5.0

Yeah, I’ve seen that thread. 😞 Something is very odd here indeed