RFC: Foreman webhooks

Nice overview, some comments regarding Netbox webhooks

we should add that too :slight_smile:

this is also nice thing, with this people can use the engine until we more request capabilities as a first class citizen

I like this behavior, it’s a combination of what we discussed in the PR.

we should also add these

Regarding the authn methods - even tower supports that even though oauth2 is recommended. I looked at icinga and it allows HTTP basic and x509 (yet another method). I’d start with HTTP basic as it’s almost everywhere. Once we have basic auth, we can add oauth2 tokens support.

Yes, but let’s make sure we store the CA data in the database and not just reference to a file on the server. This makes it easier from an operations perspective and we can actually validate if the CA data is valid.

Another great feature might be to log the hook request so you can investigate the return codes and replay a request. That pretty valuable for debugging the webhooks.

Generally speaking, let’s try this approach. I’m all for it now. After the discussion you have me almost convinced this is a good idea :wink:

I’d say: Let’s start with basic auth for now and provide a way to store the credentials for that in a safe manner. I believe we should focus on making this work well first before we make it more complicated.

Created a RM ticket: Refactor #30707: Refactor webhook model - Webhooks - Foreman

I think all of them are applicable except Secret and Object Type.

Absolutely, similarly we do for CRs.


I think secret to provide a HMAC signed delivery is actually a good feature. Github also uses this in their webhooks, without implementing any other auth.