feat: action v2 signing (#8779)

# Which Problems Are Solved The action v2 messages were didn't contain anything providing security for the sent content. # How the Problems Are Solved Each Target now has a SigningKey, which can also be newly generated through the API and returned at creation and through the Get-Endpoints. There is now a HTTP header "Zitadel-Signature", which is generated with the SigningKey and Payload, and also contains a timestamp to check with a tolerance if the message took to long to sent. # Additional Changes The functionality to create and check the signature is provided in the pkg/actions package, and can be reused in the SDK. # Additional Context Closes #7924 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 21:37:32 +00:00 · 2024-11-28 11:06:52 +01:00
parent 8537805ea5
commit 7caa43ab23
37 changed files with 745 additions and 122 deletions
--- a/internal/query/targets_by_execution_ids.sql
+++ b/internal/query/targets_by_execution_ids.sql
@@ -38,9 +38,9 @@ WITH RECURSIVE
                          ON e.instance_id = p.instance_id
                              AND e.include IS NOT NULL
                              AND e.include = p.execution_id)
-select e.execution_id, e.instance_id, e.target_id, t.target_type, t.endpoint, t.timeout, t.interrupt_on_error
+select e.execution_id, e.instance_id, e.target_id, t.target_type, t.endpoint, t.timeout, t.interrupt_on_error, t.signing_key
 FROM dissolved_execution_targets e
-         JOIN projections.targets1 t
+         JOIN projections.targets2 t
              ON e.instance_id = t.instance_id
                  AND e.target_id = t.id
 WHERE "include" = ''