From dcda096b5d8e5a359129199a33599496339e725f Mon Sep 17 00:00:00 2001 From: Hass_SEA Date: Thu, 18 Jan 2018 12:36:16 -0800 Subject: [PATCH 1/3] Update Rules Document with scalr-signature Updated Rules Document with scalr-signature information --- docs/Hook-Rules.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docs/Hook-Rules.md b/docs/Hook-Rules.md index 32d35d3..274a0b5 100644 --- a/docs/Hook-Rules.md +++ b/docs/Hook-Rules.md @@ -198,4 +198,20 @@ The IP can be IPv4- or IPv6-formatted, using [CIDR notation](https://en.wikipedi "ip-range": "192.168.0.1/24" } } +``` + +### 5. Match scalr-signature + +The trigger rule checks the scalr signature and checks that the request was signed less than 5 minutes before it was received. +A unqiue signing key is generated for each webhook end point URL you register in Scalr +Given the time check make sure that NTP is enabled on both your Scalr and webhook server to prevent any issues + +```json +{ + "match": + { + "type": "scalr-signature", + "secret": "Scalr-provided signing key" + } +} ``` \ No newline at end of file From 3f8dbf09dcc980cc5adf8dad7ad02208dab42d41 Mon Sep 17 00:00:00 2001 From: Hass_SEA Date: Thu, 18 Jan 2018 12:40:05 -0800 Subject: [PATCH 2/3] Correct typos - Rules Document with scalr-signature Correct typos - Rules Document with scalr-signature --- docs/Hook-Rules.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/Hook-Rules.md b/docs/Hook-Rules.md index 274a0b5..52947aa 100644 --- a/docs/Hook-Rules.md +++ b/docs/Hook-Rules.md @@ -202,8 +202,8 @@ The IP can be IPv4- or IPv6-formatted, using [CIDR notation](https://en.wikipedi ### 5. Match scalr-signature -The trigger rule checks the scalr signature and checks that the request was signed less than 5 minutes before it was received. -A unqiue signing key is generated for each webhook end point URL you register in Scalr +The trigger rule checks the scalr signature and also checks that the request was signed less than 5 minutes before it was received. +A unqiue signing key is generated for each webhook endpoint URL you register in Scalr. Given the time check make sure that NTP is enabled on both your Scalr and webhook server to prevent any issues ```json From 6dc331726d24add54b30ef421d0415c8dcbdaa54 Mon Sep 17 00:00:00 2001 From: Hass_SEA Date: Thu, 18 Jan 2018 12:43:12 -0800 Subject: [PATCH 3/3] Updated Examples document with scalr-signature Updated the Examples document with an example of how you would use the scalr-signature match rule --- docs/Hook-Examples.md | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/docs/Hook-Examples.md b/docs/Hook-Examples.md index 308c8e3..aedba52 100644 --- a/docs/Hook-Examples.md +++ b/docs/Hook-Examples.md @@ -281,3 +281,44 @@ or in a single line, using https://github.com/jpmens/jo to generate the JSON cod jo binary=%filename.zip | curl -H "Content-Type:application/json" -X POST -d @- \ http://localhost:9000/hooks/test-file-webhook + + +## Incoming Scalr Webhook +[Guide by @hassanbabaie] +Scalr makes webhook calls based on an event to a configured webhook endpoint (for example Host Down, Host Up). Webhook endpoints are URLs where Scalr will deliver Webhook notifications. +Scalr assigns a unique signing key for every configured webhook endpoint. +Refer to this URL for information on how to setup the webhook call on the Scalr side: [Scalr Wiki Webhooks](https://scalr-wiki.atlassian.net/wiki/spaces/docs/pages/6193173/Webhooks) +In order to leverage the Signing Key for addtional authentication/security you must configure the trigger rule with a match type of "scalr-signature". + +```json +[ + { + "id": "redeploy-webhook", + "execute-command": "/home/adnan/redeploy-go-webhook.sh", + "command-working-directory": "/home/adnan/go", + "include-command-output-in-response": true, + "trigger-rule": + { + "match": + { + "type": "scalr-signature", + "secret": "Scalr-provided signing key" + } + }, + "pass-environment-to-command": + [ + { + "envname": "EVENT_NAME", + "source": "payload", + "name": "eventName" + }, + { + "envname": "SERVER_HOSTNAME", + "source": "payload", + "name": "data.SCALR_SERVER_HOSTNAME" + } + ] + } +] + +``` \ No newline at end of file