Send SSL client certs on webhook notifications
This allows clients that provide a HTTPS webook endpoint a way to verify that the source of the notification came from quay.io. Needed for the kubernetes auto deployer so it can verify the request. And apparently others have also wanted this.
This commit is contained in:
Matt Jibson
parent
607937e683
commit
2ea784cd6d
1 changed files with 8 additions and 2 deletions
|
|
@ -4,8 +4,9 @@ import requests
|
|||
import re
|
||||
|
||||
from flask.ext.mail import Message
|
||||
from app import mail, app
|
||||
from app import mail, app, OVERRIDE_CONFIG_DIRECTORY
|
||||
from data import model
|
||||
from util.config.validator import SSL_FILENAMES
|
||||
from workers.queueworker import JobException
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
|
@ -20,6 +21,11 @@ class NotificationMethodPerformException(JobException):
|
|||
pass
|
||||
|
||||
|
||||
SSLClientCert = None
|
||||
if app.config['PREFERRED_URL_SCHEME'] == 'https':
|
||||
# TODO(jschorr): move this into the config provider library
|
||||
SSLClientCert = [OVERRIDE_CONFIG_DIRECTORY + f for f in SSL_FILENAMES]
|
||||
|
||||
class NotificationMethod(object):
|
||||
def __init__(self):
|
||||
pass
|
||||
|
|
@ -177,7 +183,7 @@ class WebhookMethod(NotificationMethod):
|
|||
headers = {'Content-type': 'application/json'}
|
||||
|
||||
try:
|
||||
resp = requests.post(url, data=json.dumps(payload), headers=headers)
|
||||
resp = requests.post(url, data=json.dumps(payload), headers=headers, cert=SSLClientCert)
|
||||
if resp.status_code/100 != 2:
|
||||
error_message = '%s response for webhook to url: %s' % (resp.status_code, url)
|
||||
logger.error(error_message)
|
||||
|
|
|
|||
Reference in a new issue