search

ansible / awx

AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.
Other
14.04k stars 3.42k forks source link

Unhandled scenario for JT Schedule prompt credentials #928

Closed mabashian closed 6 years ago

mabashian commented 6 years ago
ISSUE TYPE
COMPONENT NAME
SUMMARY

When scheduling a job template run where the credentials are promptable, the current implementation requires the UI to POST to /api/v2/schedules/:id/credentials to provide a non-default credential selection. As far as I can tell this implementation is a bit restricting. Take the following example: Create a Job Template with a single default machine credential. If I then wanted to create a schedule with that Job Template but wanted to remove that default credential so that no credentials were selected I'm not sure how to represent that with the current api implementation. Its almost like we need a flag on the schedule that says the user has overwritten the default credentials so that /api/v2/schedules/:id/credentials becomes the source of truth.

Pinging @ryanpetrello but feel free to redirect if someone else has cycles.

ADDITIONAL INFORMATION

Related to work being done on https://github.com/ansible/awx/issues/169

ryanpetrello commented 6 years ago

@mabashian @matburt this seems like a duplicate (or at least the same problem, but in a different place) of https://github.com/ansible/awx/issues/932, and the solution is probably part of a larger decision we need to come to with @wenottingham and @AlanCoding regarding the "merged credentials" pattern (which I discuss here: https://github.com/ansible/awx/issues/932#issuecomment-357106574)

The more I think on this merging pattern, the more confusing I think it's going to be for implementers; we've now got two open tickets where the UI team is confused over how to interact with this API, and we have some tangible use cases that it's not serving.

Should we take part of this back to the drawing board? My understanding of the need for this change was that we didn't want to create this scenario:

  1. Make a JT with some credentials.
  2. Make a schedule/workflow node with an explicit list of credentials that's the same as the JT.
  3. Update the JT credentials.
  4. Schedule credentials are old/outdated.

Would it be simpler to have schedules and workflow credentials have some notion of "inherit everything from the parent JT or provide an different, explicit list that's always used regardless of changes on the original JT"?

ryanpetrello commented 6 years ago

Closing this, as it's a duplicate of https://github.com/ansible/awx/issues/932.

See this comment for more info: https://github.com/ansible/awx/issues/932#issuecomment-364144185