-
Notifications
You must be signed in to change notification settings - Fork 896
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extensible attributes for Ansible Tower Credentials #13826
Conversation
@miq-bot add_labels wip, enhancement, providers/ansible_tower |
e029707
to
b6b9f74
Compare
b6b9f74
to
71aa933
Compare
Hardcoded is fine right now. Don't worry about AlignHash in this instance, but do fix the other rubocops. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall, I think this is headed in the right direction.
@@ -1,2 +1,85 @@ | |||
class ManageIQ::Providers::AnsibleTower::AutomationManager::MachineCredential < ManageIQ::Providers::AutomationManager::Authentication | |||
def self.fields | |||
return { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why return
?
@@ -0,0 +1,5 @@ | |||
class AddOptionsColumnToAuthentication < ActiveRecord::Migration[5.0] | |||
def change | |||
add_column :notifications, :options, :text |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're pointing to the wrong table...
:type => 'string', | ||
:required => false, | ||
:label => 'Description', | ||
:help_text => 'Optional description of this credential.', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These strings need I18N. @himdel is that the _N
method?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So.. depends.. it's either N_
or _
, the first if you want the string to get in the translation catalog but don't want to translate it right away (meaning you have to pass it through _
at some later point), the latter if you want it translated right away.
Right now, help_text
is never used anywhere in the UI, so .. no idea which :).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Either way, the same goes for label
76acfaf
to
dcd74ba
Compare
@Fryguy @bdunne @blomquisg I've added attribute accessor to the |
37436b7
to
1b83e6d
Compare
1b83e6d
to
f4ded8d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't agree with all of the dynamically defined stuff.
@@ -1,2 +1,5 @@ | |||
class ManageIQ::Providers::AnsibleTower::AutomationManager::AmazonCredential < ManageIQ::Providers::AnsibleTower::AutomationManager::CloudCredential | |||
ATTRIBUTES = [:description, :username, :security_token].freeze |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not crazy about calling it ATTRIBUTES
, I don't want it to be confused with #attributes
. Maybe EXTRA_ATTRIBUTES
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 for EXTRA_ATTRIBUTES
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure, will update this
module ManageIQ::Providers::AnsibleTower::AutomationManager::CredentialMixin | ||
extend ActiveSupport::Concern | ||
|
||
FIELDS = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this belongs in the mixin. Not all of these fields apply to all credential types.
options && options[attr] ? options[attr] : FIELDS[attr][:default] | ||
end | ||
|
||
define_method(:"#{attr}=") do |value| |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we even need writer methods for this? Shouldn't all of this be pulled from refresh?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how about UI?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why would the UI be writing this? Any UI changes should be an update that is pushed to Tower and the refresh should update the columns.
|
||
included do | ||
self::ATTRIBUTES.each do |attr| | ||
define_method(:"#{attr}") do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this work?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, check the spec
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess I'm just surprised at the complexity when it could just be define_method(attr) do
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On a side note, I'm kind of amazed at this:
irb(main):011:0> attr = :abc
=> :abc
irb(main):012:0> attr.object_id
=> 16075548
irb(main):013:0> (:"#{attr}").object_id
=> 16075548
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Either way, I'm still against the dynamically defined methods.
|
||
included do | ||
self::ATTRIBUTES.each do |attr| | ||
define_method(:"#{attr}") do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Dynamically defining methods makes it really hard to troubleshoot later. I don't see the methods changing often, can we just define the necessary methods on the appropriate models? Or set up a few mixins that get included?
self.options[attr] = value | ||
end | ||
|
||
define_method(:"#{attr}_meta") do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need these methods?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Welcome suggestions to remove/add these
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where is the caller?
|
||
module ClassMethods | ||
def fields | ||
self::ATTRIBUTES.each_with_object({}) do |field_key, hash| |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no need to rebuild this on every call. It should probably be in a constant.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
got it.
@@ -0,0 +1,19 @@ | |||
class DummyCredential < ::Authentication |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please don't create class constants in the test environment. They are not limited in scope to this test and have conflicted in the past and troubleshooting is painful. Instead, if needed:
let(:test_class) do
class.new(::Authentication) do
ATTRIBUTES = []
etc...
end
end
f4ded8d
to
ffcf068
Compare
@@ -0,0 +1,25 @@ | |||
describe ManageIQ::Providers::AnsibleTower::AutomationManager::CredentialMixin do | |||
let(:credential) { FactoryGirl.create(:authentication) } | |||
let(:credential_class) do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was updated during review. Pasting my original comment since it still applies...
Please don't create class constants in the test environment. They are not limited in scope to this test and have conflicted in the past and troubleshooting is painful. Instead, if needed:
let(:test_class) do
class.new(::Authentication) do
ATTRIBUTES = []
etc...
end
end
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cool, wish I had known this earlier! Thanks
:help_text => _('The hostname or IP address to use.'), | ||
:max_length => 1024, | ||
:encrypted => false, | ||
:default => '' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If every default is ''
, why have it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are all from Tower API returns (except the :encrypted
which is added by me). I think they want this to be generic so that if there is fields with different defaults.
I can remove this if we want to.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
|
||
FIELDS = { | ||
:description => { | ||
:type => 'string', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel like this should be a symbol, but not sure.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
There was a concern from @jameswnl and @bdunne how to present the "shared fields" to the UI such that they can build them dynamically, but also so that we can store them in the proper columns in the auth record. My thoughts are as follows: At the model level, I think extra attributes are a completely separate thing from regular columns, so the EXTRA_ATTRIBUTES hash would only have the extra stuff. Separately, perhaps we have a second constant that represents the "regular" columns. class ManageIQ::Providers::AnsibleTower::AutomationManager::AmazonCredential < ManageIQ::Providers::AnsibleTower::AutomationManager::CloudCredential
COMMON_ATTRIBUTES = {
:userid => {
#Might be ok to leave out type because it's column based, so just use the column type
:label => N_("Access Key"),
:help_text => N_("AWS Access Key for this credentials")
}
:password => {
:type => :password,
:label => N_("Secret Token"),
:help_text => N_("AWS Secret Token for this credentials")
}
}.freeze
EXTRA_ATTRIBUTES = {
:security_token => {
:type => :password,
:label => N_('Security Token'),
:help_text => N_('Security Token for this credential'),
:max_length => 1024
}
}.freeze
API_ATTRIBUTES = COMMON_ATTRIBUTES.merge(EXTRA_ATTRIBUTES).freeze # This also enforces that COMMON ones should be presented first
end Then,
|
178fa68
to
f480692
Compare
:label => N_('Private key'), | ||
:help_text => N_('RSA or DSA private key to be used instead of password') | ||
} | ||
}.freeze |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this not need API_ATTRIBUTES
as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, it does. Done. thanks
charting test failures ... kicking tests |
f480692
to
bbe10b3
Compare
This pull request is not mergeable. Please rebase and repush. |
59a4bce
to
aca09e2
Compare
:type => :choice, | ||
:label => N_('Privilege Escalation'), | ||
:help_text => N_('Privilege escalation method'), | ||
:choices => %w(sudo su pbrun pfexec).insert(0, '') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jameswnl What is the purpose of the insert(0, '')
. Is blank a valid choice, or is this for UI purposes? If the latter, then that's a UI concern, and should not be here in the model at all.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The API takes an empty string as choice of not having escalation privilege set.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Per offline chat with Jason, I've update this to an array
One more comment @jameswnl . The rest looks good to me.
Yeah, let's add that in the follow up PR that includes the API changes, if we think it belongs there. @jntullo Are you working on the API changes? |
@Fryguy yup I am and can add in those changes 👍 |
aca09e2
to
15a8d8c
Compare
This pull request is not mergeable. Please rebase and repush. |
15a8d8c
to
2bc24d2
Compare
Checked commit jameswnl@2bc24d2 with ruby 2.2.6, rubocop 0.47.1, and haml-lint 0.20.0 app/models/manageiq/providers/ansible_tower/shared/automation_manager/amazon_credential.rb
app/models/manageiq/providers/ansible_tower/shared/automation_manager/machine_credential.rb
app/models/manageiq/providers/ansible_tower/shared/automation_manager/scm_credential.rb
app/models/manageiq/providers/ansible_tower/shared/automation_manager/vmware_credential.rb
|
No description provided.