add userlog_global_notifications_secret

[case0sh]

Description

expose USERLOG_GLOBAL_NOTIFICATIONS_SECRET option for userlog deployment

Related Issue

• Fixes support USERLOG_GLOBAL_NOTIFICATIONS_SECRET #381

How Has This Been Tested?

• test environment: k8s, helm charts

1. Need to change this options form false to true

features:
  basicAuthentication: true
  demoUsers: true

2. Add your secret to k8s:

apiVersion: v1
kind: Secret
metadata:
  namespace: ocis
  name: foo
type: Opaque
data:
  notifications-secret: dmFsdWUtMg0KDQo=

kubectl get -n ocis secret foo -o jsonpath='{.data.notifications-secret}' | base64 --decode
echo dmFsdWUtMg0KDQo= | base64 --decode # value-2

3. Add name of you secret globalNotificationsSecretRef: "foo"

4. test case 1: Test directly

curl --insecure -X POST -H secret:dmFsdWUtMg0KDQo= -v -d '{"type":"deprovision", "data":{"deprovision_date": "2023-07-04T17:12:03Z"}}'http://localhost:8080/ocs/v2.php/apps/notifications/api/v1/notifications/global

• test case 2: Test via proxy

# trigger global notification(admin)
curl --insecure -X POST  -u admin:password  -v -d '{"type":"deprovision", "data":{"deprovision_date": "2023-07-04T17:12:03Z"}}' https://ocis.kube.owncloud.test/ocs/v2.php/apps/notifications/api/v1/notifications/global

# delete global notification
curl --insecure -X DELETE  -u admin:password   -v -d '{"ids":["deprovision"]}' https://ocis.kube.owncloud.test/ocs/v2.php/apps/notifications/api/v1/notifications/global

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Technical debt
• Tests only (no source changes)

Checklist:

• Code changes
• Unit tests added
• Acceptance tests added
• Documentation generated (make docs) and committed
• Documentation ticket raised:
• Documentation PR created: Helmchart notification secrets docs-ocis#645

[wkloucek]

can we get this from a Secret please? See eg. here:

ocis-charts/charts/ocis/templates/authmachine/deployment.yaml

Lines 59 to 63 in 5c854bc

	- name: AUTH_MACHINE_API_KEY
	valueFrom:
	secretKeyRef:
	name: {{ include "secrets.machineAuthAPIKeySecret" . }}
	key: machine-auth-api-key

[wkloucek]

notification as admin user

add notification

curl --insecure -X POST -u admin:<password> -v -d '{"type":"deprovision", "data":{"deprovision_date": "2023-07-04T17:12:03Z"}}' https://ocis.kube.owncloud.test/ocs/v2.php/apps/notifications/api/v1/notifications/global

-> works

remove notification

curl --insecure -X DELETE -u admin:<password> -v -d '{"ids":["deprovision"]}' https://ocis.kube.owncloud.test/ocs/v2.php/apps/notifications/api/v1/notifications/global

-> works

notification with secret

add notification

kubectl -n ocis exec deployment/userlog -- curl --insecure -X POST -H secret:<secret> -v -d '{"type":"deprovision", "data":{"deprovision_date": "2023-07-04T17:12:03Z"}}' http://localhost:8080/ocs/v2.php/apps/notifications/api/v1/notifications/global

-> this does not work for me

@case0sh could you please check if it works on your side and provide more information how you did it? I assumed that it needs to use the localhost:8080 from the userlog container, right? Did you really use the base64 encoded secret or the plaintext secret?

documentation

please also link the docs-ocis PR where you add information about the secret referenced in globalNotificationsSecretRef

[wkloucek]

Actually -u secret:<secret> needs to be -H secret:<secret>

kubectl -n ocis exec deployment/userlog -- curl --insecure -X POST -H secret:<secret> -v -d '{"type":"deprovision", "data":{"deprovision_date": "2023-07-04T17:12:03Z"}}' http://localhost:8080/ocs/v2.php/apps/notifications/api/v1/notifications/global is working, as well as deleting the notification.