Skip to content

WIP: Extend WebHooks to support HTTP Negotiate/SPNEGO (Kerberos)

username-removed-1230272 requested to merge dturner_ts/gitlab-ce:httpi into master

What does this MR do?

Extend WebHooks to support HTTP Negotiate/SPNEGO (Kerberos) -- fixes #31078 (moved).

This required replacing HTTParty with HTTPI.

This is a WIP MR because I haven't yet tested it against an actual Kerberized webserver. But I want to post it so folks know that this is in-progress.

Why was this MR needed?

We need Kerberos authentication so that our webhook receiver can tell that a webhook call in fact came from Gitlab (and thus that the information therein is trustworthy). Because the webhook is installed on user-owned repositories, there is no way to use a shared secret for authentication.

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

#31078 (moved)

Merge request reports

Loading