search

ManageIQ / floe

Floe is a runner for Amazon States Language workflows
Apache License 2.0
0 stars 6 forks source link

Allow a State to set a value in Credentials for subsequent states #145

Closed agrare closed 10 months ago

agrare commented 11 months ago

the ResultPath parameter controls where the output of a state is stored. This adds the option to store the results in the workflow Credentials hash allowing the value to be referenced by future states.

This can be used by the Task and Pass states.

Examples:

Say we have a task which logs into a service with a username/password and returns the bearer token:

{
  "StartAt": "Login",
  "States": {
    "Login": {
      "Type": "Task",
      "Resource": "docker://login:latest",
      "Credentials": {
        "username.$": "$.username",
        "password.$": "$.password"
      },
      "ResultPath": "$.Credentials",
      "Next": "NextState"
    },
    "NextState": {
      "Type": "Task",
      "Resource": "docker://do-something:latest",
      "Credentials": {
        "bearer_token.$": "$.bearer_token"
      }
    }
  }
}

floe --credentials '{"username": "foo", "password": "bar"}' ...

You can also use ResultPath to set nested values, e.g.:

"Login": {
  "Type": "Task",
  "Resource": "docker://login:latest",
  "Credentials": {
    "username.$": "$.username",
    "password.$": "$.password"
  },
  "ResultPath": "$.Credentials.vmware",
  "Next": "NextState"
}

And then access it like:

"NextState": {
  "Type": "Task",
  "Resource": "docker://do-something:latest",
  "Credentials": {
    "bearer_token.$": "$.vmware.bearer_token"
  }
}

If the output of the container doesn't match exactly what you want to set in the Credentials payload you can use the ResultSelector to manipulate it, say the output is in '{"results": "token"}':

"Login": {
  "Type": "Task",
  "Resource": "docker://login:latest",
  "Credentials": {
    "username.$": "$.username",
    "password.$": "$.password"
  },
  "ResultSelector": {
    "bearer_token.$": "$.result"
  },
  "ResultPath": "$.Credentials",
  "Next": "NextState"
}

You can also use Pass states to manipulate the output and set a credential value

"Pass": {
  "Type": "Pass",
  "Result": {
    "vcenter_user": "root",
    "vcenter_password": "vmware"
  },
  "ResultPath": "$.Credentials"
  "Next": "NextState"
}

If you don't have a static Result the Pass state works on Input so you could use Pass to send Input to Credentials. I don't think this is going to be particularly useful but I wanted to keep the behavior of ResultPath consistent across states.

miq-bot commented 11 months ago

Checked commits https://github.com/agrare/floe/compare/673377a643c52c2a518b2697b1cd071fa8a701a4~...af9936c3f43dbbf6a1ed91a01c65a9927cd9ba64 with ruby 2.7.8, rubocop 1.56.3, haml-lint 0.51.0, and yamllint 7 files checked, 0 offenses detected Everything looks fine. :star: