<@ULVA73B9P> I setup a webhook in Dbt Cloud that w...
# ask-marvin
b
@Marvin I setup a webhook in Dbt Cloud that will send event information upon Dbt Job completion. I have that webhook pointed to a Prefect Cloud webhook so that I can ingest Dbt job run information. In the Prefect Events I can see that the Prefect web hook has an event of
Copy code
prefect-cloud.webhook.failed
and the reason is
Copy code
"requires a Bearer token in the `Authorization` header"
. How can I fix this?
m
To resolve the issue with the Prefect Cloud webhook requiring a Bearer token, you need to ensure that the webhook request from Dbt Cloud includes the appropriate
Authorization
header with a Bearer token. Here's a concise approach to fixing this: 1. Generate a Bearer Token: You will need to generate or retrieve a valid Bearer token that is associated with your Prefect Cloud account. This is typically done by setting up a service account in Prefect Cloud that can authenticate webhook requests. 2. Configure the Webhook: Ensure that the Dbt Cloud webhook includes the
Authorization
header in its HTTP request. The header should look like this:
Copy code
Authorization: Bearer YOUR_TOKEN_HERE
Replace
YOUR_TOKEN_HERE
with the actual token you obtained. 3. Verify and Test: After making these changes, test the webhook to ensure that it is correctly authorized and the events are successfully processed by Prefect Cloud. For more detailed guidance, you can refer to the Prefect documentation on webhook triggers. If you need further assistance with setting up a service account or generating a token, you may need to consult the Prefect Cloud documentation specific to your account tier (Pro or Enterprise).
b
@Marvin Dbt Cloud has no way of configuring the headers for the request and thus I cannot set the Authorization header.
m
In that case, you'll need to find a way to handle the authorization requirement externally. Here are a few options you might consider: 1. Proxy Server: Set up a lightweight proxy server that sits between Dbt Cloud and Prefect Cloud. The proxy can intercept the webhook requests, add the necessary
Authorization
header, and then forward the request to Prefect Cloud. 2. Custom Webhook Handler: Create a small web service that acts as the webhook endpoint. This service would receive the webhook from Dbt Cloud, append the required
Authorization
header, and then send the request to the Prefect Cloud webhook URL. 3. Prefect Cloud Support: If you're using a Prefect Cloud Pro or Enterprise tier, consider reaching out to Prefect support to see if there are alternative solutions or configurations available for your specific use case. These approaches require some additional setup but will allow you to integrate Dbt Cloud with Prefect Cloud while satisfying the authorization requirements.
a
Pretty sure you can turn off auth for webhooks in prefect
b
Thanks for the reply @Alexander Azzam. I have more testing to do. I am unsure if the auth issue is on the Perfect or Dbt Cloud side.
@Alexander Azzam I was able to remove the Service Account from the Webhook and can see events coming in from Dbt. The downfall to this is the obvious security risks with having a Prefect Webhook wide open. In my situation when I have a webhook in Dbt Cloud sending event info to a Prefect Webhook, Dbt Cloud is sending an Authorization header which according to Dbt's docs can be used to determine authenticity. Prefect ignores that particular header so we can't leverage it for authenticity purposes. This may be ok. We are currently playing with creating a custom trigger in an automation that takes into account multiple pieces of criteria to determine if it's a legit incoming Dbt Cloud event. If someone tries to spoof it, they would need multiple pieces of information correct in order for our automation to trigger. At least that's our working theory right now.