Send SSL client certs on webhook notifications

This allows clients that provide a HTTPS webook endpoint a way to verify
that the source of the notification came from quay.io. Needed for the
kubernetes auto deployer so it can verify the request. And apparently
others have also wanted this.

endpoints/notificationmethod.py

@@ -4,8 +4,9 @@ import requests
 import re
 
 from flask.ext.mail import Message
-from app import mail, app
+from app import mail, app, OVERRIDE_CONFIG_DIRECTORY
 from data import model
+from util.config.validator import SSL_FILENAMES
 from workers.queueworker import JobException
 
 logger = logging.getLogger(__name__)
@@ -20,6 +21,11 @@ class NotificationMethodPerformException(JobException):
   pass
 
 
+SSLClientCert = None
+if app.config['PREFERRED_URL_SCHEME'] == 'https':
+  # TODO(jschorr): move this into the config provider library
+  SSLClientCert = [OVERRIDE_CONFIG_DIRECTORY + f for f in SSL_FILENAMES]
+
 class NotificationMethod(object):
   def __init__(self):
     pass
@@ -177,7 +183,7 @@ class WebhookMethod(NotificationMethod):
     headers = {'Content-type': 'application/json'}
 
     try:
-      resp = requests.post(url, data=json.dumps(payload), headers=headers)
+      resp = requests.post(url, data=json.dumps(payload), headers=headers, cert=SSLClientCert)
       if resp.status_code/100 != 2:
         error_message = '%s response for webhook to url: %s' % (resp.status_code, url)
         logger.error(error_message)