WIP: Extend WebHooks to support HTTP Negotiate/SPNEGO (Kerberos)
What does this MR do?
Extend WebHooks to support HTTP Negotiate/SPNEGO (Kerberos) -- fixes #31078 (moved).
This required replacing HTTParty with HTTPI.
This is a WIP MR because I haven't yet tested it against an actual Kerberized webserver. But I want to post it so folks know that this is in-progress.
Why was this MR needed?
We need Kerberos authentication so that our webhook receiver can tell that a webhook call in fact came from Gitlab (and thus that the information therein is trustworthy). Because the webhook is installed on user-owned repositories, there is no way to use a shared secret for authentication.
Does this MR meet the acceptance criteria?
- [/] Changelog entry added, if necessary
- [/] Documentation created/updated
- [/] API support added
- Tests
- [/] Added for this feature/bug
- [/] All builds are passing
- Review
-
Has been reviewed by UX -
Has been reviewed by Frontend -
Has been reviewed by Backend -
Has been reviewed by Database
-
-
Conform by the merge request performance guides -
Conform by the style guides -
Branch has no merge conflicts with master(if it does - rebase it please) -
Squashed related commits together