[openstack-dev] [Autoscaling][HA][Murano] Use cases for Murano actions feature. Autoscaling, HA and operations.

Georgy Okrokvertskhov gokrokvertskhov at mirantis.com
Mon Nov 3 11:16:20 UTC 2014


Hi Steve,


WebHook authentication is one of the unresolved issue. Right now Murano
expects to have a token supplied with he API requests even for actions. In
our demo environment we added a simple proxy server which accepts POST
requests  with HTTP basic auth or NTLM for the action URL, does the
authentication in keystone by using credentials stored in barbican and then
pass a request to Murano auth. We plan to come up with some more elegant
solution in Kilo release. We are working with our customers to figure out
what solution will satisfy their security requirements. Once we have it we
can use the same approach in Heat too.

Thanks
Gosha

On Fri, Oct 31, 2014 at 4:11 AM, Steven Hardy <shardy at redhat.com> wrote:

> On Fri, Oct 31, 2014 at 03:23:20AM -0700, Georgy Okrokvertskhov wrote:
> >    Hi,
> >
> >    In the Juno release Murano team added a new feature - Actions. This
> >    feature allows to declare actions as specific application methods
> which
> >    should be executed when an action is triggered. When Murano deploys an
> >    application with actions new web hooks will be created and exposed by
> >    Murano API.
>
> Can you provide links to any documentation which describes the auth scheme
> used for the web hooks please?
>
> I'm interested to see how you've approached it, vs AWS pre-signed URL,
> Swift TempURL's etc, as Heat needs an openstack-native solution to this
> problem as well.
>
> Thanks,
>
> Steve
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
Georgy Okrokvertskhov
Architect,
OpenStack Platform Products,
Mirantis
http://www.mirantis.com
Tel. +1 650 963 9828
Mob. +1 650 996 3284
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141103/0df21e99/attachment.html>


More information about the OpenStack-dev mailing list