[public-api] Validate incoming stripe webhooks

components/public-api-server/pkg/server/server.go

@@ -5,8 +5,13 @@
 package server
 
 import (
+	"encoding/json"
 	"fmt"
+	"github.com/gitpod-io/gitpod/common-go/log"
+	"net/http"
 	"net/url"
+	"os"
+	"strings"
 
 	"github.com/gitpod-io/gitpod/public-api/config"
 	"github.com/gorilla/handlers"
@@ -48,9 +53,18 @@ func Start(logger *logrus.Entry, cfg *config.Configuration) error {
 		}
 	}
 
-	srv.HTTPMux().Handle("/stripe/invoices/webhook",
-		handlers.ContentTypeHandler(webhooks.NewStripeWebhookHandler(billingService), "application/json"),
-	)
+	var stripeWebhookHandler http.Handler = webhooks.NewNoopWebhookHandler()
+	if cfg.StripeWebhookSigningSecretPath != "" {
+		stripeWebhookSecret, err := readStripeWebhookSecret(cfg.StripeWebhookSigningSecretPath)
+		if err != nil {
+			return fmt.Errorf("failed to read stripe secret: %w", err)
+		}
+		stripeWebhookHandler = webhooks.NewStripeWebhookHandler(billingService, stripeWebhookSecret)
+	} else {
+		log.Info("No stripe webhook secret is configured, endpoints will return NotImplemented")
+	}
+
+	srv.HTTPMux().Handle("/stripe/invoices/webhook", handlers.ContentTypeHandler(stripeWebhookHandler, "application/json"))
 
 	if registerErr := register(srv, gitpodAPI, registry); registerErr != nil {
 		return fmt.Errorf("failed to register services: %w", registerErr)
@@ -73,3 +87,18 @@ func register(srv *baseserver.Server, serverAPIURL *url.URL, registry *prometheu
 
 	return nil
 }
+
+func readStripeWebhookSecret(path string) (string, error) {
+	b, err := os.ReadFile(path)
+	if err != nil {
+		return config.StripeSecret{}, fmt.Errorf("failed to read stripe webhook secret: %w", err)
+	}
+
+	var stripeSecret string
+	err = json.Unmarshal(b, &stripeSecret)
+	if err != nil {
+		return config.StripeSecret{}, fmt.Errorf("failed to parse stripe webhook secret: %w", err)
+	}
+
+	return strings.TrimSpace(stripeSecret), nil
+}

components/public-api-server/pkg/webhooks/stripe.go

@@ -5,40 +5,53 @@
 package webhooks
 
 import (
-	"encoding/json"
-	"net/http"
-
 	"github.com/gitpod-io/gitpod/common-go/log"
 	"github.com/gitpod-io/gitpod/public-api-server/pkg/billingservice"
-	"github.com/stripe/stripe-go/v72"
+	"github.com/stripe/stripe-go/v72/webhook"
+	"io"
+	"net/http"
 )
 
+const maxBodyBytes = int64(65536)
+
 type webhookHandler struct {
-	billingService billingservice.Interface
+	billingService         billingservice.Interface
+	stripeWebhookSignature string
 }
 
-func NewStripeWebhookHandler(billingService billingservice.Interface) *webhookHandler {
-	return &webhookHandler{billingService: billingService}
+func NewStripeWebhookHandler(billingService billingservice.Interface, stripeWebhookSignature string) *webhookHandler {
+	return &webhookHandler{
+		billingService:         billingService,
+		stripeWebhookSignature: stripeWebhookSignature,
+	}
 }
 
 func (h *webhookHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
-	const maxBodyBytes = int64(65536)
-
 	if req.Method != http.MethodPost {
 		log.Errorf("Bad HTTP method: %s", req.Method)
-		w.WriteHeader(http.StatusBadRequest)
+		w.WriteHeader(http.StatusMethodNotAllowed)
 		return
 	}
 
-	// TODO: verify webhook signature.
-	// Conditional on there being a secret configured.
+	stripeSignature := req.Header.Get("Stripe-Signature")
+	if stripeSignature == "" {
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
 
 	req.Body = http.MaxBytesReader(w, req.Body, maxBodyBytes)
 
-	event := stripe.Event{}
-	err := json.NewDecoder(req.Body).Decode(&event)
+	payload, err := io.ReadAll(req.Body)
+	if err != nil {
+		log.WithError(err).Error("Failed to read payload body.")
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
+
+	// https://stripe.com/docs/webhooks/signatures#verify-official-libraries
+	event, err := webhook.ConstructEvent(payload, req.Header.Get("Stripe-Signature"), h.stripeWebhookSignature)
 	if err != nil {
-		log.WithError(err).Error("Stripe webhook error while parsing event payload")
+		log.WithError(err).Error("Failed to verify webhook signature.")
 		w.WriteHeader(http.StatusBadRequest)
 		return
 	}

components/public-api-server/pkg/webhooks/stripe_noop.go

@@ -0,0 +1,18 @@
+// Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+// Licensed under the GNU Affero General Public License (AGPL).
+// See License-AGPL.txt in the project root for license information.
+
+package webhooks
+
+import "net/http"
+
+func NewNoopWebhookHandler() *noopWebhookHandler {
+	return &noopWebhookHandler{}
+}
+
+type noopWebhookHandler struct{}
+
+func (h *noopWebhookHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+	w.WriteHeader(http.StatusNotImplemented)
+	return
+}

components/public-api-server/pkg/webhooks/stripe_test.go

@@ -5,11 +5,14 @@
 package webhooks
 
 import (
+	"bytes"
+	"encoding/hex"
 	"fmt"
-	"io"
+	"github.com/stripe/stripe-go/v72/webhook"
 	"net/http"
-	"strings"
+	"net/http/httputil"
 	"testing"
+	"time"
 
 	"github.com/gitpod-io/gitpod/common-go/baseserver"
 	"github.com/gitpod-io/gitpod/public-api-server/pkg/billingservice"
@@ -25,6 +28,10 @@ const (
 	customerCreatedEventType  = "customer.created"
 )
 
+const (
+	testWebhookSecret = "whsec_random_secret"
+)
+
 func TestWebhookAcceptsPostRequests(t *testing.T) {
 	scenarios := []struct {
 		HttpMethod         string
@@ -52,9 +59,11 @@ func TestWebhookAcceptsPostRequests(t *testing.T) {
 
 	for _, scenario := range scenarios {
 		t.Run(scenario.HttpMethod, func(t *testing.T) {
-			req, err := http.NewRequest(scenario.HttpMethod, url, payload)
+			req, err := http.NewRequest(scenario.HttpMethod, url, bytes.NewReader(payload))
 			require.NoError(t, err)
 
+			req.Header.Set("Stripe-Signature", generateHeader(payload, testWebhookSecret))
+
 			resp, err := http.DefaultClient.Do(req)
 			require.NoError(t, err)
 
@@ -89,9 +98,12 @@ func TestWebhookIgnoresIrrelevantEvents(t *testing.T) {
 	for _, scenario := range scenarios {
 		t.Run(scenario.EventType, func(t *testing.T) {
 			payload := payloadForStripeEvent(t, scenario.EventType)
-			req, err := http.NewRequest(http.MethodPost, url, payload)
+
+			req, err := http.NewRequest(http.MethodPost, url, bytes.NewReader(payload))
 			require.NoError(t, err)
 
+			req.Header.Set("Stripe-Signature", generateHeader(payload, testWebhookSecret))
+
 			resp, err := http.DefaultClient.Do(req)
 			require.NoError(t, err)
 
@@ -113,9 +125,14 @@ func TestWebhookInvokesFinalizeInvoiceRPC(t *testing.T) {
 	url := fmt.Sprintf("%s%s", srv.HTTPAddress(), "/webhook")
 
 	payload := payloadForStripeEvent(t, invoiceFinalizedEventType)
-	req, err := http.NewRequest(http.MethodPost, url, payload)
+	req, err := http.NewRequest(http.MethodPost, url, bytes.NewReader(payload))
 	require.NoError(t, err)
 
+	req.Header.Set("Stripe-Signature", generateHeader(payload, testWebhookSecret))
+
+	v, _ := httputil.DumpRequest(req, true)
+	fmt.Println(string(v))
+
 	resp, err := http.DefaultClient.Do(req)
 	require.NoError(t, err)
 	require.Equal(t, http.StatusOK, resp.StatusCode)
@@ -129,18 +146,18 @@ func baseServerWithStripeWebhook(t *testing.T, billingService billingservice.Int
 	)
 	baseserver.StartServerForTests(t, srv)
 
-	srv.HTTPMux().Handle("/webhook", NewStripeWebhookHandler(billingService))
+	srv.HTTPMux().Handle("/webhook", NewStripeWebhookHandler(billingService, testWebhookSecret))
 
 	return srv
 }
 
-func payloadForStripeEvent(t *testing.T, eventType string) io.Reader {
+func payloadForStripeEvent(t *testing.T, eventType string) []byte {
 	t.Helper()
 
 	if eventType != invoiceFinalizedEventType {
-		return strings.NewReader(`{}`)
+		return []byte(`{}`)
 	}
-	return strings.NewReader(`
+	return []byte(`
 {
   "data": {
     "object": {
@@ -151,3 +168,9 @@ func payloadForStripeEvent(t *testing.T, eventType string) io.Reader {
 }
 `)
 }
+
+func generateHeader(payload []byte, secret string) string {
+	now := time.Now()
+	signature := webhook.ComputeSignature(now, payload, secret)
+	return fmt.Sprintf("t=%d,%s=%s", now.Unix(), "v1", hex.EncodeToString(signature))
+}

components/public-api/go/config/config.go

@@ -16,7 +16,3 @@ type Configuration struct {
 
 	Server *baseserver.Configuration `json:"server,omitempty"`
 }
-
-type StripeSecret struct {
-	WebhookSigningKey string `json:"signingKey"`
-}

install/installer/go.sum

@@ -1192,6 +1192,7 @@ github.com/jsimonetti/rtnetlink v0.0.0-20201220180245-69540ac93943/go.mod h1:z4c
 github.com/jsimonetti/rtnetlink v0.0.0-20210122163228-8d122574c736/go.mod h1:ZXpIyOK59ZnN7J0BV99cZUPmsqDRZ3eq5X+st7u/oSA=
 github.com/jsimonetti/rtnetlink v0.0.0-20210212075122-66c871082f2b/go.mod h1:8w9Rh8m+aHZIG69YPGGem1i5VzoyRC8nw2kA8B+ik5U=
 github.com/jsimonetti/rtnetlink v0.0.0-20210525051524-4cc836578190/go.mod h1:NmKSdU4VGSiv1bMsdqNALI4RSvvjtz65tTMCnD05qLo=
+github.com/jsimonetti/rtnetlink v0.0.0-20211022192332-93da33804786 h1:N527AHMa793TP5z5GNAn/VLPzlc0ewzWdeP/25gDfgQ=
 github.com/jsimonetti/rtnetlink v0.0.0-20211022192332-93da33804786/go.mod h1:v4hqbTdfQngbVSZJVWUhGE/lbTFf9jb+ygmNUDQMuOs=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
@@ -1523,7 +1524,9 @@ github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182aff
 github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY=
 github.com/mdlayher/ethtool v0.0.0-20210210192532-2b88debcdd43/go.mod h1:+t7E0lkKfbBsebllff1xdTmyJt8lH37niI6kwFk9OTo=
+github.com/mdlayher/ethtool v0.0.0-20211028163843-288d040e9d60 h1:tHdB+hQRHU10CfcK0furo6rSNgZ38JT8uPh70c/pFD8=
 github.com/mdlayher/ethtool v0.0.0-20211028163843-288d040e9d60/go.mod h1:aYbhishWc4Ai3I2U4Gaa2n3kHWSwzme6EsG/46HRQbE=
+github.com/mdlayher/genetlink v1.0.0 h1:OoHN1OdyEIkScEmRgxLEe2M9U8ClMytqA5niynLtfj0=
 github.com/mdlayher/genetlink v1.0.0/go.mod h1:0rJ0h4itni50A86M2kHcgS85ttZazNt7a8H2a2cw0Gc=
 github.com/mdlayher/netlink v0.0.0-20190409211403-11939a169225/go.mod h1:eQB3mZE4aiYnlUsyGGCOpPETfdQq4Jhsgf1fk3cwQaA=
 github.com/mdlayher/netlink v1.0.0/go.mod h1:KxeJAFOFLG6AjpyDkQ/iIhxygIUKD+vcwqcnu43w/+M=
@@ -2301,7 +2304,6 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38=
 golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
 golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o=
 golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
@@ -2382,7 +2384,6 @@ golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211201190559-0a0e4e1bb54c/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
@@ -2673,12 +2674,7 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
-golang.org/x/tools v0.1.8-0.20211028023602-8de2a7fd1736 h1:cw6nUxdoEN5iEIWYD8aAsTZ8iYjLVNiHAb7xz/80WO4=
-golang.org/x/tools v0.1.8-0.20211028023602-8de2a7fd1736/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
-golang.org/x/tools v0.1.8 h1:P1HhGGuLW4aAclzjtmJdf0mJOjVUZUzOTqkAkWL+l6w=
-golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
 golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
 golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20=
 golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
@@ -2977,39 +2973,22 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
 honnef.co/go/tools v0.2.2 h1:MNh1AVMyVX23VUHE2O27jm6lNj3vjO5DexS4A1xvnzk=
 honnef.co/go/tools v0.2.2/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
-k8s.io/api v0.23.5 h1:zno3LUiMubxD/V1Zw3ijyKO3wxrhbUF1Ck+VjBvfaoA=
-k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8=
 k8s.io/api v0.24.4 h1:I5Y645gJ8zWKawyr78lVfDQkZrAViSbeRXsPZWTxmXk=
 k8s.io/api v0.24.4/go.mod h1:42pVfA0NRxrtJhZQOvRSyZcJihzAdU59WBtTjYcB0/M=
-k8s.io/apiextensions-apiserver v0.23.5 h1:5SKzdXyvIJKu+zbfPc3kCbWpbxi+O+zdmAJBm26UJqI=
-k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ=
 k8s.io/apiextensions-apiserver v0.24.4 h1:w53Pm4zu8fCt9WfiRgS2YI6LE6I4NJ5aUi78GElD3K8=
 k8s.io/apiextensions-apiserver v0.24.4/go.mod h1:iDK+Xb4jsPNnRGj5jU/WqqjLvt8363M7cKixKe1C9+U=
-k8s.io/apimachinery v0.23.5 h1:Va7dwhp8wgkUPWsEXk6XglXWU4IKYLKNlv8VkX7SDM0=
-k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM=
 k8s.io/apimachinery v0.24.4 h1:S0Ur3J/PbivTcL43EdSdPhqCqKla2NIuneNwZcTDeGQ=
 k8s.io/apimachinery v0.24.4/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
-k8s.io/apiserver v0.23.5 h1:2Ly8oUjz5cnZRn1YwYr+aFgDZzUmEVL9RscXbnIeDSE=
-k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw=
 k8s.io/apiserver v0.24.4 h1:ei+OunC83pVEiagBeZhTnRZvkclHgpzs/rrm7aSBDYs=
 k8s.io/apiserver v0.24.4/go.mod h1:mAuC3pZVc0IDXLx7lUHoisBOtBa1SobfLW/CI3klXQE=
-k8s.io/cli-runtime v0.23.5 h1:Z7XUpGoJZYZB2uNjQfJjMbyDKyVkoBGye62Ap0sWQHY=
-k8s.io/cli-runtime v0.23.5/go.mod h1:oY6QDF2qo9xndSq32tqcmRp2UyXssdGrLfjAVymgbx4=
 k8s.io/cli-runtime v0.24.4 h1:YCSf0dZp+pYXVR/8aZQ6MEBSiicv8rLyVsGBEbRnwfY=
 k8s.io/cli-runtime v0.24.4/go.mod h1:RF+cSLYXkPV3WyvPrX2qeRLEUJY38INWx6jLKVLFCxM=
-k8s.io/client-go v0.23.5 h1:zUXHmEuqx0RY4+CsnkOn5l0GU+skkRXKGJrhmE2SLd8=
-k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4=
 k8s.io/client-go v0.24.4 h1:hIAIJZIPyaw46AkxwyR0FRfM/pRxpUNTd3ysYu9vyRg=
 k8s.io/client-go v0.24.4/go.mod h1:+AxlPWw/H6f+EJhRSjIeALaJT4tbeB/8g9BNvXGPd0Y=
-k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk=
 k8s.io/code-generator v0.24.4/go.mod h1:dpVhs00hTuTdTY6jvVxvTFCk6gSMrtfRydbhZwHI15w=
-k8s.io/component-base v0.23.5 h1:8qgP5R6jG1BBSXmRYW+dsmitIrpk8F/fPEvgDenMCCE=
-k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0=
 k8s.io/component-base v0.24.4 h1:WEGRp06GBYVwxp5JdiRaJ1zkdOhrqucxRv/8IrABLG0=
 k8s.io/component-base v0.24.4/go.mod h1:sWxkgcMfbYHadw0OJ0N+vIscd14/nqSIM2veCdg843o=
-k8s.io/component-helpers v0.23.5/go.mod h1:5riXJgjTIs+ZB8xnf5M2anZ8iQuq37a0B/0BgoPQuSM=
 k8s.io/component-helpers v0.24.4/go.mod h1:xAHlOKU8rAjLgXWJEsueWLR1LDMThbaPf2YvgKpSyQ8=
-k8s.io/cri-api v0.23.5/go.mod h1:REJE3PSU0h/LOV1APBrupxrEJqnoxZC8KWzkBUHwrK4=
 k8s.io/cri-api v0.24.4/go.mod h1:t3tImFtGeStN+ES69bQUX9sFg67ek38BM9YIJhMmuig=
 k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=

install/installer/pkg/components/public-api-server/configmap.go

@@ -9,7 +9,6 @@ import (
 	"github.com/gitpod-io/gitpod/installer/pkg/config/v1/experimental"
 	"k8s.io/utils/pointer"
 	"net"
-	"path/filepath"
 	"strconv"
 
 	"github.com/gitpod-io/gitpod/common-go/baseserver"
@@ -81,6 +80,7 @@ func getStripeConfig(cfg *experimental.Config) (corev1.Volume, corev1.VolumeMoun
 	}
 
 	stripeSecret := cfg.WebApp.PublicAPI.StripeSecretName
+	path = stripeSecretMountPath
 
 	volume = corev1.Volume{
 		Name: "stripe-secret",
@@ -98,7 +98,5 @@ func getStripeConfig(cfg *experimental.Config) (corev1.Volume, corev1.VolumeMoun
 		ReadOnly:  true,
 	}
 
-	path = filepath.Join(secretsDirectory, stripeSecretMountPath)
-
 	return volume, mount, path, true
 }

install/installer/pkg/components/public-api-server/constants.go

@@ -14,6 +14,5 @@ const (
 	HTTPServicePort   = 9002
 	HTTPPortName      = "http"
 
-	secretsDirectory      = "secrets"
-	stripeSecretMountPath = "stripe-secret"
+	stripeSecretMountPath = "/secrets/stripe-webhook-secret"
 )