From 005653b3563b81f8edb7e6a2c1e3f898f5beb1de Mon Sep 17 00:00:00 2001 From: Louis Westerheide Date: Mon, 4 May 2026 07:56:19 +0200 Subject: [PATCH 1/4] update docu for custom extra hedaers in cmemc --- .../configuration/file-based-configuration/index.md | 9 +++++++++ .../getting-credentials-from-external-processes/index.md | 2 ++ 2 files changed, 11 insertions(+) diff --git a/docs/automate/cmemc-command-line-interface/configuration/file-based-configuration/index.md b/docs/automate/cmemc-command-line-interface/configuration/file-based-configuration/index.md index 6f4eb533..b1544b69 100644 --- a/docs/automate/cmemc-command-line-interface/configuration/file-based-configuration/index.md +++ b/docs/automate/cmemc-command-line-interface/configuration/file-based-configuration/index.md @@ -269,3 +269,12 @@ Setting this to a PEM file allows for using private Certificate Authorities for Please refer to [Certificate handling and SSL verification](../certificate-handling-and-ssl-verification/index.md) for more information. This variable defaults to `$PYTHON_HOME/site-packages/certifi/cacert.pem`. + + +#### CMEMC_CUSTOM_HEADER_* + +Setting this allows all http requests cmemc does to use the specified custom headers as well. + +The `CMEMC_CUSTOM_HEADER_` prefix gets stripped from the header, so only `*` will remain. + +This variable defaults to `none` diff --git a/docs/automate/cmemc-command-line-interface/configuration/getting-credentials-from-external-processes/index.md b/docs/automate/cmemc-command-line-interface/configuration/getting-credentials-from-external-processes/index.md index 1995b8b9..f6fc4a03 100644 --- a/docs/automate/cmemc-command-line-interface/configuration/getting-credentials-from-external-processes/index.md +++ b/docs/automate/cmemc-command-line-interface/configuration/getting-credentials-from-external-processes/index.md @@ -60,6 +60,7 @@ In order to get credential information from an external process you need to use - `OAUTH_PASSWORD_PROCESS`, to set up the process to get the user password when using the `password` grant type. - `OAUTH_CLIENT_SECRET_PROCESS`, to set up the process to get the client secret when using `client_credentials` grant type . - `OAUTH_ACCESS_TOKEN_PROCESS`, to set up the process to get the direct access token (`prefetched_token`). +- `CMEMC_CUSTOM_HEADER_*_PROCESS` to set up the process to get custom http headers if needed (the `*` needs to be replaced with the correct header name using all uppercase and `_` instead of `-`, e.g. `CMEMC_CUSTOM_HEADER_CF_ACCESS_TOKEN_PROCESS` for the `cf-access-token` header variable) The credential executable can use the other cmemc environment keys of the configuration block for fetching the credentials (e.g. `CMEM_BASE_URI` and `OAUTH_USER`). @@ -87,6 +88,7 @@ OAUTH_CLIENT_ID=cmem-service-account OAUTH_CLIENT_SECRET_PROCESS=["getpass.sh", "parameter1", "parameter2"] ``` +Note: You need to define a named connection for this to take effect. Using the `[DEFAULT]` section fallback will not execute the process. ### Example: MacOS Keychain Here is a working example with the MacOS Keychain, which can be queried with the command line tool `security`. From 4e68e4ac4f069c04a898ec6d7963378cce448404 Mon Sep 17 00:00:00 2001 From: Louis Westerheide Date: Wed, 6 May 2026 09:23:35 +0200 Subject: [PATCH 2/4] fix up documentation of header processes --- .../configuration/file-based-configuration/index.md | 6 +++--- .../getting-credentials-from-external-processes/index.md | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/automate/cmemc-command-line-interface/configuration/file-based-configuration/index.md b/docs/automate/cmemc-command-line-interface/configuration/file-based-configuration/index.md index b1544b69..ee34fa3c 100644 --- a/docs/automate/cmemc-command-line-interface/configuration/file-based-configuration/index.md +++ b/docs/automate/cmemc-command-line-interface/configuration/file-based-configuration/index.md @@ -273,8 +273,8 @@ This variable defaults to `$PYTHON_HOME/site-packages/certifi/cacert.pem`. #### CMEMC_CUSTOM_HEADER_* -Setting this allows all http requests cmemc does to use the specified custom headers as well. +Enabling this setting ensures that all HTTP requests made by cmemc include the specified custom headers. -The `CMEMC_CUSTOM_HEADER_` prefix gets stripped from the header, so only `*` will remain. +The CMEMC_CUSTOM_HEADER_ prefix is automatically removed, so only the header name (*) is used in the request. -This variable defaults to `none` +By default, this variable is set to none. diff --git a/docs/automate/cmemc-command-line-interface/configuration/getting-credentials-from-external-processes/index.md b/docs/automate/cmemc-command-line-interface/configuration/getting-credentials-from-external-processes/index.md index f6fc4a03..59fb02ae 100644 --- a/docs/automate/cmemc-command-line-interface/configuration/getting-credentials-from-external-processes/index.md +++ b/docs/automate/cmemc-command-line-interface/configuration/getting-credentials-from-external-processes/index.md @@ -6,6 +6,7 @@ tags: - Security - cmemc --- + # Getting Credentials from External Processes ## Introduction @@ -89,6 +90,7 @@ OAUTH_CLIENT_SECRET_PROCESS=["getpass.sh", "parameter1", "parameter2"] ``` Note: You need to define a named connection for this to take effect. Using the `[DEFAULT]` section fallback will not execute the process. + ### Example: MacOS Keychain Here is a working example with the MacOS Keychain, which can be queried with the command line tool `security`. From e2a3143540fc5bea72cea9acd4a302bccfc28c01 Mon Sep 17 00:00:00 2001 From: Louis Westerheide Date: Wed, 6 May 2026 09:56:07 +0200 Subject: [PATCH 3/4] add changelog to release notes --- docs/release-notes/corporate-memory-26-1/index.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/release-notes/corporate-memory-26-1/index.md b/docs/release-notes/corporate-memory-26-1/index.md index afcca2a3..c6de3485 100644 --- a/docs/release-notes/corporate-memory-26-1/index.md +++ b/docs/release-notes/corporate-memory-26-1/index.md @@ -225,6 +225,13 @@ We are pleased to announce the release of Explore v26.1, which introduces badges We are excited to announce the release of cmemc v26.1, which expands access-condition administration, adds richer project and query catalog operations, and improves list and output consistency across the CLI. +**v26.1.2 of cmemc ships the following features:** + +- Support for arbitrary custom HTTP request headers via `CMEMC_CUSTOM_HEADER_*` environment variables and config keys (CMEM-7546) + - Header name is derived from the suffix by replacing underscores with hyphens (e.g. `CMEMC_CUSTOM_HEADER_CF_ACCESS_CLIENT_ID` → `CF-ACCESS-CLIENT-ID`) + - Protected headers (`Authorization`, `User-Agent`) cannot be overridden and raise a configuration error + - Custom headers are cleared when switching connections + **v26.1.1 of cmemc ships the following fixes:** - `workflow status` command From 2d563fe91cfbb5505296ac2842fbd35fd1727a14 Mon Sep 17 00:00:00 2001 From: Sebastian Tramp Date: Wed, 6 May 2026 11:26:38 +0200 Subject: [PATCH 4/4] fix release notes --- docs/release-notes/corporate-memory-26-1/index.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/release-notes/corporate-memory-26-1/index.md b/docs/release-notes/corporate-memory-26-1/index.md index c6de3485..bf2f39c0 100644 --- a/docs/release-notes/corporate-memory-26-1/index.md +++ b/docs/release-notes/corporate-memory-26-1/index.md @@ -34,7 +34,7 @@ This release delivers the following component versions: - eccenca DataIntegration v26.1.0 - eccenca Explore v26.1.1 -- eccenca Corporate Memory Control (cmemc) v26.1.1 +- eccenca Corporate Memory Control (cmemc) v26.1.2 - eccenca Graph Insights v19.2.0 We tested this release with the following dependency components: @@ -221,13 +221,13 @@ We are pleased to announce the release of Explore v26.1, which introduces badges - SPARQL Excel downloads now have clean file names. - Notifications are now more robust when given non-string input. -## eccenca Corporate Memory Control (cmemc) v26.1.0 +## eccenca Corporate Memory Control (cmemc) v26.1.2 We are excited to announce the release of cmemc v26.1, which expands access-condition administration, adds richer project and query catalog operations, and improves list and output consistency across the CLI. **v26.1.2 of cmemc ships the following features:** -- Support for arbitrary custom HTTP request headers via `CMEMC_CUSTOM_HEADER_*` environment variables and config keys (CMEM-7546) +- Support for arbitrary custom HTTP request headers via `CMEMC_CUSTOM_HEADER_*` environment variables and config keys - Header name is derived from the suffix by replacing underscores with hyphens (e.g. `CMEMC_CUSTOM_HEADER_CF_ACCESS_CLIENT_ID` → `CF-ACCESS-CLIENT-ID`) - Protected headers (`Authorization`, `User-Agent`) cannot be overridden and raise a configuration error - Custom headers are cleared when switching connections