From 2ea784cd6d9daf6d8e07ad6b5bcd2ca66b9d0ed2 Mon Sep 17 00:00:00 2001 From: Matt Jibson Date: Wed, 19 Aug 2015 13:53:34 -0400 Subject: [PATCH] Send SSL client certs on webhook notifications This allows clients that provide a HTTPS webook endpoint a way to verify that the source of the notification came from quay.io. Needed for the kubernetes auto deployer so it can verify the request. And apparently others have also wanted this. --- endpoints/notificationmethod.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/endpoints/notificationmethod.py b/endpoints/notificationmethod.py index 526a25199..d3e444fc1 100644 --- a/endpoints/notificationmethod.py +++ b/endpoints/notificationmethod.py @@ -4,8 +4,9 @@ import requests import re from flask.ext.mail import Message -from app import mail, app +from app import mail, app, OVERRIDE_CONFIG_DIRECTORY from data import model +from util.config.validator import SSL_FILENAMES from workers.queueworker import JobException logger = logging.getLogger(__name__) @@ -20,6 +21,11 @@ class NotificationMethodPerformException(JobException): pass +SSLClientCert = None +if app.config['PREFERRED_URL_SCHEME'] == 'https': + # TODO(jschorr): move this into the config provider library + SSLClientCert = [OVERRIDE_CONFIG_DIRECTORY + f for f in SSL_FILENAMES] + class NotificationMethod(object): def __init__(self): pass @@ -177,7 +183,7 @@ class WebhookMethod(NotificationMethod): headers = {'Content-type': 'application/json'} try: - resp = requests.post(url, data=json.dumps(payload), headers=headers) + resp = requests.post(url, data=json.dumps(payload), headers=headers, cert=SSLClientCert) if resp.status_code/100 != 2: error_message = '%s response for webhook to url: %s' % (resp.status_code, url) logger.error(error_message)