Bug 1446033
| Summary: | [Ansible Embedded] - Editing Embedded Ansible Credentials form is not possible without filling credentials again | |||
|---|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Pavol Kotvan <pakotvan> | |
| Component: | UI - OPS | Assignee: | Aparna Karve <akarve> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Pavol Kotvan <pakotvan> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 5.8.0 | CC: | cpelland, dajohnso, dclarizi, dmisharo, hkataria, jhardy, jwong, mhild, mpovolny, obarenbo, pakotvan, simaishi | |
| Target Milestone: | GA | Keywords: | TestOnly | |
| Target Release: | 5.9.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ansible_embed:ui | |||
| Fixed In Version: | 5.9.0.1 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1448917 (view as bug list) | Environment: | ||
| Last Closed: | 2018-03-06 15:26:21 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | Bug | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | Ansible | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1448917 | |||
|
Comment 2
James Wong
2017-04-27 20:06:38 UTC
Milan is on PTO for at least a week. I am unsure whether this is a bug. I remember a discussion on this where it was said that we (ManageIQ) don't have the credentials, don't want to store those also don't have any way to get the credentials. I don't know it the Ansible API allows to change just a name of the credentials w/o sumbitting the whole thing. Because unless it allows that we have no way of implementing the behavior that Pavol expects here. So I am unsure if this can be "fixed". I'd say that it works as designed. Surely this does not look like a "blocker" to me. At most it's a small inconvenience. Chris, can we remove the blocker flag from this and have Milan evaluate if this even is a bug when he's back from PTO? Martin, thanks for this new angle. I just tested the API with the tower UI and it seems, that submitting `$encrypted$` in the PUT request let's us change other parts of the credential. As a last resort, we could disable editing of credentials and make them editable in a point release. Martin, For these `password` type fields, Tower will return `$encrypted$` and refresh is already storing them the `options` hash (Except the case of `username` and `password` which we are discussing in https://github.com/ManageIQ/manageiq/issues/14900). So UI can just render whatever `options` provide and send it verbatim (Thanks to Marcel's testing). If user never enter values for these `secrets`, Tower will return empty string and so it is stored in hash as empty. See my dump from vmdb showing 2 sets (Machine and Amzaon) ==================================== id | type | options -----+----------------------------------------------------------------------------+-------------------------------- 110 | ManageIQ::Providers::EmbeddedAnsible::AutomationManager::MachineCredential | --- + | | :ssh_key_data: '' + | | :ssh_key_unlock: '' + | | :become_method: '' + | | :become_username: '' + | | :become_password: '' + | | :vault_password: '' + | | 145 | ManageIQ::Providers::AnsibleTower::AutomationManager::MachineCredential | --- + | | :ssh_key_data: "$encrypted$" + | | :ssh_key_unlock: "$encrypted$"+ | | :become_method: '' + | | :become_username: '' + | | :become_password: '' + | | :vault_password: '' + | | 112 | ManageIQ::Providers::AnsibleTower::AutomationManager::AmazonCredential | --- + | | :security_token: "$encrypted$"+ | | 113 | ManageIQ::Providers::AnsibleTower::AutomationManager::AmazonCredential | --- + | | :security_token: '' + | | Dmitry, can you help out here since Pavol is on pto this week. New commit detected on ManageIQ/manageiq-ui-classic/master: https://github.com/ManageIQ/manageiq-ui-classic/commit/bb0f563138f2d4922646ac9461307ada58bda71c commit bb0f563138f2d4922646ac9461307ada58bda71c Author: Aparna Karve <akarve> AuthorDate: Wed May 3 08:37:43 2017 -0700 Commit: Aparna Karve <akarve> CommitDate: Wed May 3 09:24:03 2017 -0700 Introduce stored password placeholder to the component https://bugzilla.redhat.com/show_bug.cgi?id=1446033 app/assets/javascripts/components/ansible-credential-options.js | 1 + .../ansible_credentials/ansible_credentials_form_controller.js | 2 ++ app/views/ansible_credential/_credential_form.html.haml | 7 ++++--- 3 files changed, 7 insertions(+), 3 deletions(-) |