Configure Room AuthToken at Instance Level

hbakkum / rundeck-hipchat-plugin

Sends rundeck notification messages to a HipChat room

Apache License 2.0

15 stars 15 forks source link

Configure Room AuthToken at Instance Level #13

Closed kilianw closed 7 years ago

kilianw commented 7 years ago

Hi,

I am wondering if it is possible to change the scope of the apiAuthToken attribute in class HipChatNotificationPlugin to PropertyScope.Instance?

What do you think?

Kind Regards, Kilian.

hbakkum commented 7 years ago

Hi Kilian,

Thanks for your message.

Hmmm, I'm not sure this would be a good idea for the following reasons:

Rather than having the auth tokens managed in a central location (either framework or project property file) it could lead to users adding the same room token multiple times in the UI (each time a notification is configured for a particular room which could be within the same job and/or across multiple jobs/projects).
Also would mean the auth token(s) gets displayed in clear text in the UI (if it has been configured there rather than the property files) which could have some security implications

What was the reasoning behind wanting this as an instance level property?

Cheers, Hayden

kilianw commented 7 years ago

Hey Hayden,

The reasons in wanting the change are these:

I have a lot of rooms; more that makes it practical to create a token for each and configure them in rundeck.
The rooms can be short lived so keeping them all in framework.properties would be a lot of on going overhead.

I was thinking the tokens being displayed in clear text wasn't as big of an since they are displayed in the same way in hipchat.

Agreed it is more configuration and could lead other users to configure unnecessary details in the job definition. But perhaps could be mitigated with further description?

Kilian.

hbakkum commented 7 years ago

Hey Kilian,

Mmmk, sounds like you have a valid case there. Having a read through the latest plugin doco suggests I may be able to hide the auth token in the UI by flagging it as a password in the rendering options for the field. I'll take a closer look at this tomorrow and will let you know once done.

Cheers, Hayden

hbakkum commented 7 years ago

Hi Kilian,

Ok so I've added another (instance scope only) property that can be used to override the auth token used in the framework/project property (I ran into some issues trying to use the same property). So you should be able to use this to configure the auth token in the GUI. This has been released and should be synced out to maven central soon. Please let me know if this solves your problem.

Cheers, Hayden

kilianw commented 7 years ago

Happy days Hayden, I tested it out and v1.7.0 is looking good. Thanks, Kilian.

hbakkum commented 7 years ago

That's great - thanks for the confirmation. I'll close this issue off then. Please let me know if you have any further issues/feedback.

Cheers, Hayden