Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug/fix credentials role ignoring update secrets #651

Merged
merged 2 commits into from
Jul 20, 2023
Merged

Bug/fix credentials role ignoring update secrets #651

merged 2 commits into from
Jul 20, 2023

Conversation

ecchong
Copy link
Contributor

@ecchong ecchong commented Jul 20, 2023
edited
Loading

What does this PR do?

Fix problem with credentials role always changing the secret even when 'update_secrets: false' is set. When evaluating the 'update_secrets' parameter, 'default' is forcing it to true when 'update_secrets' is set to false.

The normal behavior should not change the secret when user is setting 'update_secrets: false' and providing all required input matching the credential type.

The secret should only be changed when 'update_secrets' is set to true or not defined, and the credential inputs (except the secret value) are different from existing credential.

How should this be tested?

Explicitly setting controller_credentials variable like following with update_secrets as false

controller_credentials:
- name: "test-ssh-key"
  description: Testing password overwritten
  organization: "Test Org"
  credential_type: Machine
  update_secrets: true
  inputs:
    username: root
    ssh_key_data: |
      -----BEGIN OPENSSH PRIVATE KEY-----
      b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
      NhAAAAAwEAAQAAAYEAsOeWLkvhr58gJWd7n9oNBFCqVduQprjD1KhGpBLq2iPsYlOn48p4
      NCW/oYJ77HyubpzKUfwL0c8R8EnQOZVgudGonuzaINyfyK7JXbT4PAztcAxwGInK4TJPcz
      gRnAlrTLkAcCRHB9VKENmaD3RFnFRTy6lH9JcPoeYRzFpj4dziAKbHn8GdWThCp9GqxNp3
      A6zcsRpJC+sGkAAAARZWNob25nQGVjaG9uZy1tYWMBAg==
      -----END OPENSSH PRIVATE KEY-----
    become_method: ""
    become_username: ""

This always change the secret. Debugging shows the call to credential.py with update_secrets variable always set to true

Is there a relevant Issue open for this?

No

Other Relevant info, PRs, etc

djdanielsson
djdanielsson approved these changes Jul 20, 2023
View reviewed changes
Copy link
Collaborator

@djdanielsson djdanielsson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@djdanielsson djdanielsson merged commit 9f25df4 into redhat-cop:devel Jul 20, 2023
sean-m-sullivan
sean-m-sullivan reviewed Jul 21, 2023
View reviewed changes
Copy link
Collaborator

@sean-m-sullivan sean-m-sullivan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, figuring out the other issues

@ecchong ecchong deleted the bug/fix_credentials_role_ignoring_update_secrets branch March 19, 2024 18:59
przemkalit pushed a commit to przemkalit/aap_configuration that referenced this pull request Nov 22, 2024
@ecchong
Bug/fix credentials role ignoring update secrets (redhat-cop#651)
57c9124 
* should not force 'default' to true when update_secrets is fales

* should not force 'default' to true when update_secrets is fales
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sean-m-sullivan sean-m-sullivan sean-m-sullivan left review comments

@djdanielsson djdanielsson djdanielsson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ecchong @djdanielsson @sean-m-sullivan