Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow a State to set a value in Credentials for subsequent states #145

Merged
merged 4 commits into from
Dec 18, 2023
Merged

Allow a State to set a value in Credentials for subsequent states #145

merged 4 commits into from
Dec 18, 2023

Conversation

agrare
Copy link
Member

@agrare agrare commented Dec 4, 2023
edited by Fryguy
Loading

the ResultPath parameter controls where the output of a state is stored. This adds the option to store the results in the workflow Credentials hash allowing the value to be referenced by future states.

This can be used by the Task and Pass states.

Examples:

Say we have a task which logs into a service with a username/password and returns the bearer token:

{
  "StartAt": "Login",
  "States": {
    "Login": {
      "Type": "Task",
      "Resource": "docker://login:latest",
      "Credentials": {
        "username.$": "$.username",
        "password.$": "$.password"
      },
      "ResultPath": "$.Credentials",
      "Next": "NextState"
    },
    "NextState": {
      "Type": "Task",
      "Resource": "docker://do-something:latest",
      "Credentials": {
        "bearer_token.$": "$.bearer_token"
      }
    }
  }
}

floe --credentials '{"username": "foo", "password": "bar"}' ...

You can also use ResultPath to set nested values, e.g.:

"Login": {
  "Type": "Task",
  "Resource": "docker://login:latest",
  "Credentials": {
    "username.$": "$.username",
    "password.$": "$.password"
  },
  "ResultPath": "$.Credentials.vmware",
  "Next": "NextState"
}

And then access it like:

"NextState": {
  "Type": "Task",
  "Resource": "docker://do-something:latest",
  "Credentials": {
    "bearer_token.$": "$.vmware.bearer_token"
  }
}

If the output of the container doesn't match exactly what you want to set in the Credentials payload you can use the ResultSelector to manipulate it, say the output is in '{"results": "token"}':

"Login": {
  "Type": "Task",
  "Resource": "docker://login:latest",
  "Credentials": {
    "username.$": "$.username",
    "password.$": "$.password"
  },
  "ResultSelector": {
    "bearer_token.$": "$.result"
  },
  "ResultPath": "$.Credentials",
  "Next": "NextState"
}

You can also use Pass states to manipulate the output and set a credential value

"Pass": {
  "Type": "Pass",
  "Result": {
    "vcenter_user": "root",
    "vcenter_password": "vmware"
  },
  "ResultPath": "$.Credentials"
  "Next": "NextState"
}

If you don't have a static Result the Pass state works on Input so you could use Pass to send Input to Credentials. I don't think this is going to be particularly useful but I wanted to keep the behavior of ResultPath consistent across states.

@agrare agrare added the enhancement New feature or request label Dec 4, 2023
@agrare agrare requested a review from Fryguy as a code owner December 4, 2023 20:16
@agrare agrare force-pushed the set_credential branch 3 times, most recently from 2f11e28 to 0bb77ee Compare December 4, 2023 20:34
@agrare agrare force-pushed the set_credential branch 4 times, most recently from 4b2e0b8 to db9aece Compare December 6, 2023 18:23
@miq-bot
Copy link
Member

miq-bot commented Dec 6, 2023

Checked commits agrare/floe@673377a~...af9936c with ruby 2.7.8, rubocop 1.56.3, haml-lint 0.51.0, and yamllint
7 files checked, 0 offenses detected
Everything looks fine. ⭐

kbrock
kbrock reviewed Dec 6, 2023
View reviewed changes
README.md
"username.$": "$.username",
"password.$": "$.password"
},
"ResultPath": "$.Credentials",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you want to state where in the credentials hash this will go?

Copy link
Member Author

@agrare agrare Dec 7, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not necessary since the ResultSelector has "bearer_token.$": "$.echo" which means that bearer_token will be set to Credentials.

If I did "ResultPath": "$Credentials.bearer_token" this would end up looking like "Credentials": {"bearer_token": {"bearer_token": "abcd"}}

(and if I didn't have the ResultSelector it would look like "Credentials": {"bearer_token": {"echo": "abcd"}})

@agrare agrare removed the unmergeable label Dec 7, 2023
Fryguy
Fryguy reviewed Dec 11, 2023
View reviewed changes
README.md
bundle exec ruby exe/floe --workflow my-workflow.asl --credentials='{"username": "user", "password": "pass"}'
```

```json
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can use asl here

Suggested change
```json
asl

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I get it, but I actually think the json markup actually renders nicer

{
  "StartAt": "Login",
  "States": {
    "Login": {
      "Type": "Task",
      "Resource": "docker://login:latest",
      "Credentials": {
        "username.$": "$.username",
        "password.$": "$.password"
      },
      "ResultPath": "$.Credentials",
      "Next": "DoSomething"
    },
    "DoSomething": {
      "Type": "Task",
      "Resource": "docker://do-something:latest",
      "Credentials": {
        "token.$": "$.bearer_token"
      },
      "End": true
    }
  }
}
{
  "StartAt": "Login",
  "States": {
    "Login": {
      "Type": "Task",
      "Resource": "docker://login:latest",
      "Credentials": {
        "username.$": "$.username",
        "password.$": "$.password"
      },
      "ResultPath": "$.Credentials",
      "Next": "DoSomething"
    },
    "DoSomething": {
      "Type": "Task",
      "Resource": "docker://do-something:latest",
      "Credentials": {
        "token.$": "$.bearer_token"
      },
      "End": true
    }
  }
}

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

asl doesn't differentiate between keys and values, and doesn't even markup the boolean

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Fryguy do you still want to do the asl tag even though I think it is objectively worse?

@kbrock kbrock assigned kbrock and unassigned Fryguy Dec 18, 2023
@kbrock kbrock merged commit 0794970 into ManageIQ:master Dec 18, 2023
5 checks passed
agrare added a commit that referenced this pull request Dec 18, 2023
@agrare
Release v0.7.0
7e7330a 
Changed
- Remove the dependency on more_core_extensions in ReferencePath (#144)

Added
- Implement `ReferencePath#get` (#144)
- Allow a State to set a value in Credentials for subsequent states (#145)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kbrock kbrock kbrock left review comments

@Fryguy Fryguy Fryguy approved these changes

Assignees

@kbrock kbrock

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@agrare @miq-bot @kbrock @Fryguy