From 3bad0187948b7544795763d7f197544367be9ba3 Mon Sep 17 00:00:00 2001 From: Qasim Ahmed Date: Fri, 12 Jan 2024 12:42:46 -0500 Subject: [PATCH 1/2] Create encrypted-parameters.md --- encrypted-parameters.md | 50 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 encrypted-parameters.md diff --git a/encrypted-parameters.md b/encrypted-parameters.md new file mode 100644 index 000000000..f4013a1a2 --- /dev/null +++ b/encrypted-parameters.md @@ -0,0 +1,50 @@ +--- +--- + +# Encrypted Input Parameters + +The parameters passed to a playbook method are often encrypted, either by definition as a “password” data type in the list of input parameters, or by being encrypted elsewhere in a workflow. + +## Encrypted Input Parameters + +An input parameter can be defined as being of type “password”, for example: + +Input Parameters + +| | | | +| ------------------------- | ------------------------- |----------------------------- | +| **Input Name** | **Data Type** | **Default value** | +| this | string | that | +| manageiq_validate_certs | boolean | false | +| scrambled_this | password | ******** | + +{: caption="Table. Input Paramaters" caption-side="bottom"} + + +A parameter of this type is decrypted automatically and is available to the playbook as the named extra variable, for example *{{ scrambled_this }}*. Note that an input parameter that has the text string “password” anywhere in the name cannot be passed as a method parameter, and hence cannot appear in the list of method parameters that are returned by the `get_method_parameters` function. The variable will however be available as an extra_var with the password value decrypted correctly. + +## Password Defined Earlier in Workflow + +A variable encrypted earlier in the workflow (for example when input into a service dialog) can generally be identified as a name prefixed by the string “password::”. This signifies that the object is of type *MiqPassword*. + +A password object of this type can be used as an input parameter if it is passed as a *string* data type, also prefixed by the string “password::”. The encrypted value is automatically decrypted and is usable by the playbook as the named extra variable. + +For example, to inject the *root_password* value from the previous service dialog by using substitution syntax, an input parameter must be defined with a *string* data type and the following input parameter value: + +``` sh +password::${/#miq_provision.miq_provision_request.get_option(:dialog).fetch(password::dialog_option_0_root_password)} +``` + + +See the following table for the illustration of input parameters: + +Input Parameters + +| | | | +| ------------------------- | ------------------------- |------------------------------------------------------------------------------------------------------------------------------- | +| **Input Name** | **Data Type** | **Default value** | +| manageiq_validate_certs | boolean | false | +| cores_per_socket | string | ${/#miq_provision.miq_provision_request.get_option(:dialog).fetch(dialog_option_0_cores_per_socket)} | +| root_password | string | password::${/#miq_provision.miq_provision_request.get_option(:dialog).fetch(password::dialog_option_0_root_password)} | + +{: caption="Table. Input Paramaters" caption-side="bottom"} \ No newline at end of file From b2fc25674f1367ffd4279845eb671d5bec736577 Mon Sep 17 00:00:00 2001 From: Qasim Ahmed Date: Fri, 12 Jan 2024 13:24:33 -0500 Subject: [PATCH 2/2] Update encrypted-parameters.md --- encrypted-parameters.md | 36 ++++-------------------------------- 1 file changed, 4 insertions(+), 32 deletions(-) diff --git a/encrypted-parameters.md b/encrypted-parameters.md index f4013a1a2..498e50963 100644 --- a/encrypted-parameters.md +++ b/encrypted-parameters.md @@ -3,48 +3,20 @@ # Encrypted Input Parameters -The parameters passed to a playbook method are often encrypted, either by definition as a “password” data type in the list of input parameters, or by being encrypted elsewhere in a workflow. +The parameters passed to a playbook method are often encrypted, either by definition as a "password" data type in the list of input parameters, or by being encrypted elsewhere in a workflow. ## Encrypted Input Parameters -An input parameter can be defined as being of type “password”, for example: +An input parameter can be defined as being of type "password", for example: Input Parameters -| | | | +| **Input Name** | **Data Type** | **Default value** | | ------------------------- | ------------------------- |----------------------------- | -| **Input Name** | **Data Type** | **Default value** | | this | string | that | | manageiq_validate_certs | boolean | false | | scrambled_this | password | ******** | -{: caption="Table. Input Paramaters" caption-side="bottom"} -A parameter of this type is decrypted automatically and is available to the playbook as the named extra variable, for example *{{ scrambled_this }}*. Note that an input parameter that has the text string “password” anywhere in the name cannot be passed as a method parameter, and hence cannot appear in the list of method parameters that are returned by the `get_method_parameters` function. The variable will however be available as an extra_var with the password value decrypted correctly. - -## Password Defined Earlier in Workflow - -A variable encrypted earlier in the workflow (for example when input into a service dialog) can generally be identified as a name prefixed by the string “password::”. This signifies that the object is of type *MiqPassword*. - -A password object of this type can be used as an input parameter if it is passed as a *string* data type, also prefixed by the string “password::”. The encrypted value is automatically decrypted and is usable by the playbook as the named extra variable. - -For example, to inject the *root_password* value from the previous service dialog by using substitution syntax, an input parameter must be defined with a *string* data type and the following input parameter value: - -``` sh -password::${/#miq_provision.miq_provision_request.get_option(:dialog).fetch(password::dialog_option_0_root_password)} -``` - - -See the following table for the illustration of input parameters: - -Input Parameters - -| | | | -| ------------------------- | ------------------------- |------------------------------------------------------------------------------------------------------------------------------- | -| **Input Name** | **Data Type** | **Default value** | -| manageiq_validate_certs | boolean | false | -| cores_per_socket | string | ${/#miq_provision.miq_provision_request.get_option(:dialog).fetch(dialog_option_0_cores_per_socket)} | -| root_password | string | password::${/#miq_provision.miq_provision_request.get_option(:dialog).fetch(password::dialog_option_0_root_password)} | - -{: caption="Table. Input Paramaters" caption-side="bottom"} \ No newline at end of file +A parameter of this type is decrypted automatically and is available to the playbook as the named extra variable, for example *{{ scrambled_this }}*. Note that an input parameter that has the text string "password" anywhere in the name cannot be passed as a method parameter, and hence cannot appear in the list of method parameters that are returned by the `get_method_parameters` function. The variable is available as an extra_var with the password value decrypted correctly.