Pavol, A bit clarification: Does the UI prevent you from submitting the form if you don't fill in the access/secret fields? Or just that you expect the access/secret fields to have indications that they have existing values e.g. showing '*'? James
Milan is on PTO for at least a week. I am unsure whether this is a bug. I remember a discussion on this where it was said that we (ManageIQ) don't have the credentials, don't want to store those also don't have any way to get the credentials. I don't know it the Ansible API allows to change just a name of the credentials w/o sumbitting the whole thing. Because unless it allows that we have no way of implementing the behavior that Pavol expects here. So I am unsure if this can be "fixed". I'd say that it works as designed. Surely this does not look like a "blocker" to me. At most it's a small inconvenience. Chris, can we remove the blocker flag from this and have Milan evaluate if this even is a bug when he's back from PTO?
Martin, thanks for this new angle. I just tested the API with the tower UI and it seems, that submitting `$encrypted$` in the PUT request let's us change other parts of the credential. As a last resort, we could disable editing of credentials and make them editable in a point release.
Martin, For these `password` type fields, Tower will return `$encrypted$` and refresh is already storing them the `options` hash (Except the case of `username` and `password` which we are discussing in https://github.com/ManageIQ/manageiq/issues/14900). So UI can just render whatever `options` provide and send it verbatim (Thanks to Marcel's testing). If user never enter values for these `secrets`, Tower will return empty string and so it is stored in hash as empty. See my dump from vmdb showing 2 sets (Machine and Amzaon) ==================================== id | type | options -----+----------------------------------------------------------------------------+-------------------------------- 110 | ManageIQ::Providers::EmbeddedAnsible::AutomationManager::MachineCredential | --- + | | :ssh_key_data: '' + | | :ssh_key_unlock: '' + | | :become_method: '' + | | :become_username: '' + | | :become_password: '' + | | :vault_password: '' + | | 145 | ManageIQ::Providers::AnsibleTower::AutomationManager::MachineCredential | --- + | | :ssh_key_data: "$encrypted$" + | | :ssh_key_unlock: "$encrypted$"+ | | :become_method: '' + | | :become_username: '' + | | :become_password: '' + | | :vault_password: '' + | | 112 | ManageIQ::Providers::AnsibleTower::AutomationManager::AmazonCredential | --- + | | :security_token: "$encrypted$"+ | | 113 | ManageIQ::Providers::AnsibleTower::AutomationManager::AmazonCredential | --- + | | :security_token: '' + | |
https://github.com/ManageIQ/manageiq-ui-classic/pull/1227
Dmitry, can you help out here since Pavol is on pto this week.
New commit detected on ManageIQ/manageiq-ui-classic/master: https://github.com/ManageIQ/manageiq-ui-classic/commit/bb0f563138f2d4922646ac9461307ada58bda71c commit bb0f563138f2d4922646ac9461307ada58bda71c Author: Aparna Karve <akarve> AuthorDate: Wed May 3 08:37:43 2017 -0700 Commit: Aparna Karve <akarve> CommitDate: Wed May 3 09:24:03 2017 -0700 Introduce stored password placeholder to the component https://bugzilla.redhat.com/show_bug.cgi?id=1446033 app/assets/javascripts/components/ansible-credential-options.js | 1 + .../ansible_credentials/ansible_credentials_form_controller.js | 2 ++ app/views/ansible_credential/_credential_form.html.haml | 7 ++++--- 3 files changed, 7 insertions(+), 3 deletions(-)