Hi Steve,
WebHook authentication is one of the unresolved issue. Right now Murano expects to have a token supplied with he API requests even for actions. In our demo environment we added a simple proxy server which accepts POST requests with HTTP basic auth or NTLM for the action URL, does the authentication in keystone by using credentials stored in barbican and then pass a request to Murano auth. We plan to come up with some more elegant solution in Kilo release. We are working with our customers to figure out what solution will satisfy their security requirements. Once we have it we can use the same approach in Heat too. Thanks Gosha On Fri, Oct 31, 2014 at 4:11 AM, Steven Hardy <[email protected]> wrote: > On Fri, Oct 31, 2014 at 03:23:20AM -0700, Georgy Okrokvertskhov wrote: > > Hi, > > > > In the Juno release Murano team added a new feature - Actions. This > > feature allows to declare actions as specific application methods > which > > should be executed when an action is triggered. When Murano deploys an > > application with actions new web hooks will be created and exposed by > > Murano API. > > Can you provide links to any documentation which describes the auth scheme > used for the web hooks please? > > I'm interested to see how you've approached it, vs AWS pre-signed URL, > Swift TempURL's etc, as Heat needs an openstack-native solution to this > problem as well. > > Thanks, > > Steve > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Georgy Okrokvertskhov Architect, OpenStack Platform Products, Mirantis http://www.mirantis.com Tel. +1 650 963 9828 Mob. +1 650 996 3284
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
