Open Stack

Thanks a lot Witold and Thomas!

So it doesn't seem that someone is currently using a keystone token to
authenticate web hook? Is is simply because most of the use cases had
involved services which do not use keystone?

Or is it unsuitable for another reason?

On 5/4/18, 2:36 AM, "Thomas Herve" <therve at redhat.com> wrote:

>On Thu, May 3, 2018 at 9:49 PM, Eric K <ekcs.openstack at gmail.com> wrote:
>> Question to the projects which send or consume webhook notifications
>> (telemetry, monasca, senlin, vitrage, etc.), what are your
>> supported/preferred authentication mechanisms? Bearer token (e.g.
>> Keystone)? Signing?
>>
>> Any pointers to past discussions on the topic? My interest here is
>>having
>> Congress consume and send webhook notifications.
>>
>> I know some people are working on adding the keystone auth option to
>> Monasca's webhook framework. If there is a project that already does it,
>> it could be a very helpful reference.
>
>Hi,
>
>I'll add a few that you didn't mention which consume such webhooks.
>
> * Heat has been using EC2 signatures basically since forever. It
>creates EC2 credentials for a Keystone user, and signs URL that way.
> * Zaqar has signed URLs
>(https://developer.openstack.org/api-ref/message/#pre-signed-queue)
>which allows sharing queues without authentication.
> * Swift temp URLs
>(https://docs.openstack.org/swift/latest/middleware.html#tempurl) is a
>good mechanism to share information as well.
>
>I'd say application credentials would make those operations a bit
>nicer, but they are not completely there yet. Everybody not
>reinventing its own wheel would be nice too :).
>
>-- 
>Thomas
>
>__________________________________________________________________________
>OpenStack Development Mailing List (not for usage questions)
>Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev