<div dir="ltr">Hi Steve,<div><br></div><div><br></div><div>WebHook authentication is one of the unresolved issue. Right now Murano expects to have a token supplied with he API requests even for actions. In our demo environment we added a simple proxy server which accepts POST requests with HTTP basic auth or NTLM for the action URL, does the authentication in keystone by using credentials stored in barbican and then pass a request to Murano auth. We plan to come up with some more elegant solution in Kilo release. We are working with our customers to figure out what solution will satisfy their security requirements. Once we have it we can use the same approach in Heat too.</div><div><br></div><div>Thanks</div><div>Gosha</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 31, 2014 at 4:11 AM, Steven Hardy <span dir="ltr"><<a href="mailto:shardy@redhat.com" target="_blank">shardy@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Fri, Oct 31, 2014 at 03:23:20AM -0700, Georgy Okrokvertskhov wrote:<br>
> Hi,<br>
><br>
> In the Juno release Murano team added a new feature - Actions. This<br>
> feature allows to declare actions as specific application methods which<br>
> should be executed when an action is triggered. When Murano deploys an<br>
> application with actions new web hooks will be created and exposed by<br>
> Murano API.<br>
<br>
</span>Can you provide links to any documentation which describes the auth scheme<br>
used for the web hooks please?<br>
<br>
I'm interested to see how you've approached it, vs AWS pre-signed URL,<br>
Swift TempURL's etc, as Heat needs an openstack-native solution to this<br>
problem as well.<br>
<br>
Thanks,<br>
<br>
Steve<br>
<br>
_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><font color="#999999"><span style="background-color:rgb(255,255,255)">Georgy Okrokvertskhov<br>
Architect,<br><span style="font-family:arial;font-size:small">OpenStack Platform Products,</span><br>
Mirantis</span><br>
<a href="http://www.mirantis.com/" target="_blank">http://www.mirantis.com</a><br>
Tel. +1 650 963 9828<br>
Mob. +1 650 996 3284</font><br></div>
</div>