Implement the initial version of senlin webhook
Webhook is use to trigger cluster scaling. This blueprint is for the initial version:
Some basic ideas:
1) cluster owner will trust *senlin-admin* user each time a webhook is bonded to the target cluster;
2) *senlin-admin* user will request the cluster action api to trigger the real cluster scaling operation on behalf of the webhook invoker;
3) Webhook itself can be invoked without any credential;
More detail description can be found here:
https:/
Blueprint information
- Status:
- Complete
- Approver:
- Qiming Teng
- Priority:
- High
- Drafter:
- Yanyan Hu
- Direction:
- Needs approval
- Assignee:
- Yanyan Hu
- Definition:
- Approved
- Series goal:
- None
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Qiming Teng
- Completed by
- Qiming Teng
Related branches
Related bugs
Sprints
Whiteboard
1) cluster owner will trust *senlin-admin* user each time a webhook is bonded to the target cluster;
A webhook encapsulates a tuple <user, entity, action, param>, where:
- 'user' captures the credentials that can be used for authenticating with Keystone;
- 'entity' could be a cluster, a node, or a policy
- 'action' could be any predefined action or even customized action (future extension)
- 'param' is dependent on the action specified.
So, there is no need to bind/unbind a webook to a cluster. The webhook should already contain all needed info.
I'd suggest naming the shared user as 'senlin' instead of 'senlin-admin'.
One issue to consider is whether and how 'senlin' can be granted trusts from any project. In other words, does Keystone allow us to do a cross-project trust creation?
Yes, keystone allow the cross-project trust.
2) *senlin-admin* user will request the cluster action api to trigger the real cluster scaling operation on behalf of the webhook invoker;
Can we document the workflow here: wiki.openstack.
3) Webhook itself can be invoked without any credential;
It is a pity that projects such as Ceilometer is not providing appropriate Headers when invoking the webhook alike API (i.e. alarm_url). But that is not our issue at the moment.
Gerrit topic: https:/
Addressed by: https:/
Add webhook table in Senlin DB
Addressed by: https:/
Initial version - Webhook DB APIs
Addressed by: https:/
Initial version of webhook class and middleware
Addressed by: https:/
Use openstacksdk to do authenticate in WebhookMiddleware
Addressed by: https:/
Add two webhook exceptions
Addressed by: https:/
Encrypt webhook url
Addressed by: https:/
Implement webhook services
Addressed by: https:/
Fix a little bug of webhook
Addressed by: https:/
Initial version of webhook API
Addressed by: https:/
Add force param for webhook_delete function
Addressed by: https:/
Fix two bugs in webhook
Addressed by: https:/
Implement webhook trigger