-
Notifications
You must be signed in to change notification settings - Fork 143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for edit configuration_script_payloads #1231
Add support for edit configuration_script_payloads #1231
Conversation
Does this allow the user to change things other than the credentials? If it's coming from git, we probably shouldn't allow it, except those specific fields/associations. |
b3d2542
to
158fd90
Compare
@Fryguy updated to only allow updates to the name, payload, and payload_type if there is no linked configuration_script_source, and only updates to the description and credentials otherwise. |
As discussed, I think having the API for credential mapping be a 2 step process should be simplified. That is right now a user must
Instead, in step 2 we already know, through the act of mapping, that they also want to give permission, so we can give permission implicitly under the covers. So, given a payload of {
"credentials": {
"api_user": "$.manageiq_api.userid",
"api_password": "$.manageiq_api.password"
}
} we would just give permission to manageiq_api directly if not already given (and ensure this is a credential they have access to in the first place), then update the credentials field accordingly. Separately we discussed the payload itself. A user could technically hardcode things like usernames, and then we wouldn't be able to tell apart references vs strings. Additionally parsing strings is a potential source of error. Instead a payload like the following would allow us to differentiate: {
"credentials": {
"api_user": "root",
"api_password": {
"credential_ref": "manageiq_api",
"credential_field": "password"
}
}
} |
ManageIQ/manageiq-providers-workflows#40 changes the expected credential payload format |
e339762
to
deb22d6
Compare
deb22d6
to
75bbc75
Compare
4a1f00b
to
75bbc75
Compare
Automatically add authentications referenced in the credentials payload to the authentications_configuration_script_payload join table
75bbc75
to
f5de1e7
Compare
Checked commits agrare/manageiq-api@3c00159~...f5de1e7 with ruby 2.6.10, rubocop 1.28.2, haml-lint 0.35.0, and yamllint |
Backported to
|
…cript_payloads Add support for edit configuration_script_payloads (cherry picked from commit 9a77ef2)
Workflows have a credentials jsonb column which allows users to map credentials to values being requested by the workflow. This means we have to allow for a user to edit configuration_script_payloads to do this mapping.
PATCH /api/configuration_script_payloads/:id {"credentials":{"api_user":{"credential_ref": "manageiq_api", "credential_field": "userid"}, "api_password":{"credential_ref": "manageiq_api", "credential_field": "password"}}
Follow-up:
TODO: