Senlin implements unauthenticated webhooks [1] that can be called by aodh. The webhook id is a uuid that is generated for each webhook. When the webhook is created, Senlin creates a keystone trust with the user to perform actions on their behalf when the webhook is received. That is probably the easiest way to implement webhooks without worrying about passing the keystone token context. [1] https://docs.openstack.org/api-ref/clustering/#trigger-webhook-action On Fri, Jan 10, 2020 at 4:48 AM info@dantalion.nl <info@dantalion.nl> wrote:
Hi Lingxian,
The information referenced comes from: https://docs.openstack.org/aodh/latest/admin/telemetry-alarms.html
Here it would be an alarm that would use the webhooks action. The endpoint in our use case would be Watcher for which we have just passed a spec: https://review.opendev.org/#/c/695646/
With these alarms that report using a webhook I am wondering how these received alarms can be authenticated and if the keystone token context is available?
Hope this makes it clearer.
Kind regards, Corne Lukken Watcher core-reviewer
On 1/10/20 11:44 AM, Lingxian Kong wrote:
Hi Corne,
I didn't fully understand your question, could you please provide the doc mentioned and if possible, an example of aodh alarm you want to create would be better.
- Best regards, Lingxian Kong Catalyst Cloud
On Fri, Jan 10, 2020 at 10:30 PM info@dantalion.nl <info@dantalion.nl> wrote:
Hello,
I was wondering how a service receiving an aodh webhook could perform authentication?
The documentation describes the webhook as a simple post-request so I was wondering if a keystone token context is available when these requests are received?
If not, I was wondering if anyone had any recommendation on how to perform authentication upon received post-requests?
So far I have come up with limiting the functionality of these webhooks such as rate-limiting and administrators having to explicitly enable these webhooks before they work.
Hope anyone else could provide further valuable information.
Kind regards, Corne Lukken Watcher core-reviewer