-
Notifications
You must be signed in to change notification settings - Fork 143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow configuration_script_payloads#credentials to be shown #1239
Allow configuration_script_payloads#credentials to be shown #1239
Conversation
def api_resource_action_options | ||
if @req.action == "read" && @req.collection_id && @req.subcollection.blank? | ||
%w[include_encrypted_attributes] | ||
else | ||
super | ||
end | ||
end | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NOTE this is overly broad as it disables all filters, would prefer to selectively allow specific columns while still filtering out actual v2 key values.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we throw away strings (that should be encrypted) but keep hashes?
def normalize_encrypted(value)
value.kind_of?(String) ? nil : value
end
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@agrare It will not work if credentials are a mapping string
"Credentials": {
"api_user.$": "$.api_user",
"api_password.$": "$.api_password",
"vcenter_user.$": "$.vcenter_user",
"vcenter_password.$": "$.vcenter_password"
},
But if it is a hash, then it may work:
{"api_password": {"credential_ref": "manageiq_api", "credential_field": "userid"}}
cc @Fryguy this is the issue we were talking about with credentials being filtered out just for being named |
Is it possible to have a spec with a record in there? The thought is it will allow |
95eb866
to
cc40edc
Compare
👍 good idea, added |
conversation:
|
cc40edc
to
34552d2
Compare
Checked commit agrare@34552d2 with ruby 2.6.10, rubocop 1.28.2, haml-lint 0.35.0, and yamllint |
Backported to
|
…ads_credentials_to_be_shown Allow configuration_script_payloads#credentials to be shown (cherry picked from commit 39e5ed9)
The configuration_script_payloads#credentials jsonb column does not contain credentials but based on how the user names the keys (e.g.
"vcenter_password": {"credential_ref": "vcenter_credential", "credential_field": "password"}
the payload will be stripped which causes issues for the UI to display these.Problem:
With this PR: