Add support for edit configuration_script_payloads #1231
Conversation
|
Does this allow the user to change things other than the credentials? If it's coming from git, we probably shouldn't allow it, except those specific fields/associations. |
agrare
force-pushed
the
add_edit_support_configuration_script_payloads
branch
from
b3d2542
to
158fd90
Compare
|
@Fryguy updated to only allow updates to the name, payload, and payload_type if there is no linked configuration_script_source, and only updates to the description and credentials otherwise. |
|
As discussed, I think having the API for credential mapping be a 2 step process should be simplified. That is right now a user must
Instead, in step 2 we already know, through the act of mapping, that they also want to give permission, so we can give permission implicitly under the covers. So, given a payload of {
"credentials": {
"api_user": "$.manageiq_api.userid",
"api_password": "$.manageiq_api.password"
}
}we would just give permission to manageiq_api directly if not already given (and ensure this is a credential they have access to in the first place), then update the credentials field accordingly. Separately we discussed the payload itself. A user could technically hardcode things like usernames, and then we wouldn't be able to tell apart references vs strings. Additionally parsing strings is a potential source of error. Instead a payload like the following would allow us to differentiate: {
"credentials": {
"api_user": "root",
"api_password": {
"credential_ref": "manageiq_api",
"credential_field": "password"
}
}
} |
agrare
changed the title
|
ManageIQ/manageiq-providers-workflows#40 changes the expected credential payload format |
agrare
force-pushed
the
add_edit_support_configuration_script_payloads
branch
2 times, most recently
from
e339762
to
deb22d6
Compare
agrare
force-pushed
the
add_edit_support_configuration_script_payloads
branch
from
deb22d6
to
75bbc75
Compare
agrare
force-pushed
the
add_edit_support_configuration_script_payloads
branch
from
4a1f00b
to
75bbc75
Compare
Automatically add authentications referenced in the credentials payload to the authentications_configuration_script_payload join table
agrare
force-pushed
the
add_edit_support_configuration_script_payloads
branch
from
75bbc75
to
f5de1e7
Compare
agrare
changed the title
|
Checked commits agrare/manageiq-api@3c00159~...f5de1e7 with ruby 2.6.10, rubocop 1.28.2, haml-lint 0.35.0, and yamllint |
|
Backported to |
…cript_payloads Add support for edit configuration_script_payloads (cherry picked from commit 9a77ef2)
Workflows have a credentials jsonb column which allows users to map credentials to values being requested by the workflow. This means we have to allow for a user to edit configuration_script_payloads to do this mapping.
PATCH /api/configuration_script_payloads/:id {"credentials":{"api_user":{"credential_ref": "manageiq_api", "credential_field": "userid"}, "api_password":{"credential_ref": "manageiq_api", "credential_field": "password"}}Follow-up:
TODO: