[MGNLHOOK-181] Make REST client to use a proxy on SaaS, always Created: 20/Jul/22  Updated: 18/Oct/22  Resolved: 18/Oct/22

Status: Closed
Project: Magnolia Webhooks
Component/s: None
Affects Version/s: None
Fix Version/s: 2.0.0

Type: Story Priority: Neutral
Reporter: Javier Benito Assignee: Javier Benito
Resolution: Fixed Votes: 0
Labels: None
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: 0.75d Time Spent: 0.5d
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Attachments: PNG File micro-profile-proxy.png     PNG File publish.png     PNG File un-publish.png    
Issue Links:
Issue split
split from MGNLHOOK-25 Take back REST client to SaaS Closed
dependency
depends upon MGNLRESTCL-14 Using the restclient with a proxy server Closed
is depended upon by MGNLHOOK-190 Merge Webhooks integration on SaaS wh... Closed
duplicate
duplicates MGNLHOOK-190 Merge Webhooks integration on SaaS wh... Closed
supersession
supersedes MGNLHOOK-189 Upgrade Rest Client version to 3.0 Closed
Sub-Tasks:
Key
Summary
Type
Status
Assignee
MGNLHOOK-200 Implement proxy usage on SaaS for Res... Technical task Completed Javier Benito  
MGNLHOOK-201 Review Technical task Completed Robert Šiška  
MGNLHOOK-202 piQA Technical task Completed Dai Ha  
MGNLHOOK-203 QA Technical task Completed Oanh Thai Hoang  
MGNLHOOK-241 Testing on SaaS staging with Norsu Technical task Completed Javier Benito  
MGNLHOOK-247 2nd round review Technical task Completed Canh Nguyen  
Team: DeveloperX
Documentation update required:
Yes
Date of First Response:
Epic Link: Webhook on SaaS
Sprint: DevX 18, DevX 21
Story Points: 3

 Description   

On SaaS, all the access from Magnolia instances to external URLs, will be done using a proxy, to enforce security.

That's the reason why two things must be accomplished here:

  • MGNLRESTCL-14
  • Retrieve the proxy to be used from configuration, as it is currently being done from microprofile file for other services.

To sum up, this story must ensure that REST client uses the SaaS deployed proxy. For that, it must:

  • Check if the Rest Client is running on a SaaS instance.
  • Read the configuration using microprofile (as for example, it's being done with info.magnolia.config.subscriptionService.endpoint), if we are on SaaS.
  • Automatically add that proxy to each RestClientDefinition configured.

The estimation here only refers to the configuration part, not the support for proxies on REST client (that will be managed in MGNLRESTCL-14)

Also, upgrade REST client dependency on Webhooks module to 3.0 version.



 Comments   
Comment by Christopher Zimmermann [ 27/Jul/22 ]

Is the proxy already setup - is there an SRE ticket for that?

Comment by Christopher Zimmermann [ 27/Jul/22 ]

is the proxy configuration allready i the microprofile? If not who is responsible for putting it there?

Comment by Javier Benito [ 27/Jul/22 ]

czimmermann yes, there is an SRE ticket for the proxy: https://jira.magnolia-cms.com/browse/SRE-3375

As far as I know, the proxy configuration is not in the microprofile, I guess it must be done in this story, I'll update the description to state it clearer.

Comment by Javier Benito [ 26/Aug/22 ]

Details provided by rmartinr about the proxy deployment on staging/production:

Related PR for the forward proxy (to be reviewed by SRE teammates):

https://git.magnolia-cms.com/projects/CLOUD/repos/magnolia-cloud/pull-requests/610/overview

Once merged and deployed in both SaaS clusters (staging and prod), you will be able to go through the proxy adding the URL nginx-forward-proxy.forward-proxy:80 to the request’s proxy settings.

Based on the current config, the proxy will be only accesible within the cluster ( nginx-forward-proxy.forward-proxy is an internal domain managed by k8s), so in order to test it, you will need to do it from some other container/service deployed in the cluster.

Comment by Oanh Thai Hoang [ 18/Oct/22 ]

QA has been done on staging. Publish and unpublish norsu node receive evens via https://webhook.site/#!/83c72129-8157-4be6-940c-af04ee97e714/e9dd5aac-807d-4e9c-af5a-e7f01cebe5d9/1

Publish event

Unpublish event

 

Check proxy configured in microprofile in staging.

 

Generated at Mon Feb 12 10:01:51 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.