[openstack-dev] [keystone][monasca][congress][senlin][telemetry] authenticated webhook notifications
Thomas Herve
therve at redhat.com
Fri May 4 09:36:34 UTC 2018
On Thu, May 3, 2018 at 9:49 PM, Eric K <ekcs.openstack at gmail.com> wrote:
> Question to the projects which send or consume webhook notifications
> (telemetry, monasca, senlin, vitrage, etc.), what are your
> supported/preferred authentication mechanisms? Bearer token (e.g.
> Keystone)? Signing?
>
> Any pointers to past discussions on the topic? My interest here is having
> Congress consume and send webhook notifications.
>
> I know some people are working on adding the keystone auth option to
> Monasca's webhook framework. If there is a project that already does it,
> it could be a very helpful reference.
Hi,
I'll add a few that you didn't mention which consume such webhooks.
* Heat has been using EC2 signatures basically since forever. It
creates EC2 credentials for a Keystone user, and signs URL that way.
* Zaqar has signed URLs
(https://developer.openstack.org/api-ref/message/#pre-signed-queue)
which allows sharing queues without authentication.
* Swift temp URLs
(https://docs.openstack.org/swift/latest/middleware.html#tempurl) is a
good mechanism to share information as well.
I'd say application credentials would make those operations a bit
nicer, but they are not completely there yet. Everybody not
reinventing its own wheel would be nice too :).
--
Thomas
More information about the OpenStack-dev
mailing list