Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Feature webhook #163
Addresses issue #331
The resource DSL has been updated to include a
The webhook would be
There is also a convenience method to generate a token value
A separate pull request would need to be submitted to pull in the dependency on https://github.com/satori/go.uuid
We use Pivotal Tracker to provide visibility into what our team is working on. A story for this issue has been automatically created.
The current status is as follows:
This comment, as well as the labels on the issue, will be automatically updated as the status in Tracker changes.
vito left a comment
Thanks a bunch for taking this on! Lots of people have wanted this.
I think we can do without the token generation endpoint. I'm not sure how a user would invoke it, and it's easy enough to just put an arbitrary string in the pipeline .yml. Having it be simple static config in the pipeline means you can just mash on the keyboard to make one, and rotate it by just reconfiguring the pipeline.
I also think we should move away from the generic
So, I think it's better to special-case this endpoint's auth rules and not make it look generic. The severity of a leak is very low, so using query params is still fine with me, I just don't want it to look like a general API. Sorry for not going back to the original issue and updating it with our thoughts on this.
Also, given that this is a single string value that we're just checking for a match on, it's more of a password. So maybe we should either use basic auth in some way, or just call the query param and config value in the pipeline
: All they can do is resource check immediately rather than 1 minute from now, and they can't even inject anything for the check.
Is this a change I should commit or leave it alone?