Webhook source SSL unable to load local certs

Question

Webhook source SSL unable to load local certs

Bri2785 opened this issue a year ago · 2 comments

I'm attempting to use the webhook source in my rulebook using an SSL cert that is local in the same repo. I'm getting a File not found error when trying to leverage a relative path. When I provide the full path to the cert, it works as expected but this is only on my local development machine but only because I know the full path. When deployed to the EDA server, that full path is no longer valid inside the Decision Environment. I haven't been able to determine what path exists in the DE and I'm afraid it's dynamic and changes each time the project is synced. I haven't been able to find and environment variable I could leverage either that would tell me where the rulebooks are (and relatively the cert files).

2023-08-10 17:52:19,713 - ansible_rulebook.engine - INFO - Calling main in ansible.eda.webhook

2023-08-10 17:52:19,714 - <run_path> - ERROR - Failed to load certificates. Check they are valid

2023-08-10 17:52:19,714 - ansible_rulebook.engine - ERROR - Source error [Errno 2] No such file or directory

2023-08-10 17:52:19,714 - ansible_rulebook.engine - ERROR - Shutting down source: ansible.eda.webhook error : [Errno 2] No such file or directory

Rulebook

  sources:
    - ansible.eda.webhook:
        host: 0.0.0.0
        port: 5000
        token: MySecretToken
        certfile: tower.cert
        keyfile: tower.key
  rules:

Is there a better approach to using SSL with the webhook plugin?

Answer 1 · 2023-08-21T11:17:24.000Z

Hi @Bri2785 What do you mean with "When deployed to the EDA server, that full path is no longer valid inside the Decision Environment."
If you move your cert file to a known location in the decision environment and define that same location in your rulebook it should work. Please, try that and let us know any issue.

Note that EDA server doesn't support volume mounting at the creation of the activation, so for now the only way is to create your own Decision Environment image containing your files. Be sure that owner/perms are correct inside the image.

Answer 2 · 2023-08-21T11:43:03.000Z

@Alex-Izquierdo Building the cert into the decision environment itself was the piece I was missing. I was trying to include the cert within my rulebook repo (which I now realize is a security hole) so I didn't know the projects cloned path within the DE ahead of time. I tried your suggestion and it does work, thanks for the info!