Skip to content

Commit

Permalink
Bug/calm 39137 fix variaible basic auth (nutanix#301)
Browse files Browse the repository at this point in the history 
### Summary
Added support to decompile , compile and create dynamic variables that
use http task with basic auth

### test
decompiled below runbook with dynamic http variable having basic auth

<img width="694" alt="Screenshot 2023-10-10 at 6 45 27 PM"
src="https://github.com/ideadevice/calm-dsl/assets/89129891/1ddc5893-625d-4f68-b064-7b9a341ff19a">

verified that decompile works correctly. Local file for the basic auth
is created and a reference to this is used in the runbook.
When create is used the credential is read from the file and stripped,
later on the secret is patched.

(cherry picked from commit 14424f3e201f8f49b1568755bcf6c18bfbec118c)
  • Loading branch information
@Abhishekntnx @dwivediprab
Abhishekntnx authored and dwivediprab committed Mar 15, 2024
1 parent 29ec87e commit 0b9576b
Show file tree
Hide file tree
Showing 10 changed files with 407 additions and 18 deletions.
29 changes: 29 additions & 0 deletions calm/dsl/api/util.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,35 @@ def strip_entity_secret_variables(
not_stripped_secrets.append(
(path_list + [field_name, var_idx], variable["value"])
)
# For dynamic variables having http task with auth
opts = variable.get("options", None)
auth = None
if opts:
auth = opts["attrs"].get("authentication", None)
if auth and auth.get("auth_type") == "basic":
basic_auth = auth.get("basic_auth")
username = basic_auth.get("username")
password = basic_auth.pop("password")
secret_variables.append(
(
path_list
+ [
field_name,
var_idx,
"options",
"attrs",
"authentication",
"basic_auth",
"password",
],
password.get("value", None),
username,
)
)
basic_auth["password"] = {
"value": None,
"attrs": {"is_secret_modified": False},
}

def strip_action_secret_variables(path_list, obj):

Expand Down
9 changes: 8 additions & 1 deletion calm/dsl/decompile/runbook.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,14 @@ def render_runbook_template(
)
variables = []
for variable in runbook_cls.variables:
variables.append(render_variable_template(variable, entity_context))
variables.append(
render_variable_template(
variable,
entity_context,
credentials_list=credentials_list,
rendered_credential_list=rendered_credential_list,
)
)
secret_files = get_secret_variable_files()
secret_files.extend(get_cred_files())
if not (variables or tasks):
Expand Down
8 changes: 4 additions & 4 deletions calm/dsl/decompile/schemas/task_http_delete.py.jinja2
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
{%- macro http_delete_task(obj) -%}
{%- if obj.target is not defined and obj.attrs.request_body is not defined %}
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.delete({%- if obj.relative_url %}relative_url={%- endif %}{%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}'{%- if obj.cred %}, cred={{obj.cred}}{%- endif %} {%- if obj.attrs.tunnel_reference%}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.delete({%- if obj.relative_url %}relative_url={%- endif %}{%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}'{%- if obj.cred %}, cred={{obj.cred}}{%- endif %}{% if obj.credentials_list %}, credential={{obj.credentials_list | replace("'","")}}{% endif %} {%- if obj.attrs.tunnel_reference%}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- elif obj.target is not defined %}
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.delete({%- if obj.relative_url %}relative_url={%- endif %}{%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}body=json.dumps({{obj.attrs.request_body}}), headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}'{%- if obj.cred %}, cred={{obj.cred}}{%- endif %} {%- if obj.attrs.tunnel_reference%}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.delete({%- if obj.relative_url %}relative_url={%- endif %}{%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}body=json.dumps({{obj.attrs.request_body}}), headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}'{%- if obj.cred %}, cred={{obj.cred}}{%- endif %}{% if obj.credentials_list %}, credential={{obj.credentials_list | replace("'","")}}{% endif %} {%- if obj.attrs.tunnel_reference%}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- elif obj.attrs.request_body is not defined %}
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.delete({%- if obj.relative_url %}relative_url={%- endif %}{%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}', target={{obj.target}}{%- if obj.cred %}, cred={{obj.cred}}{%- endif %} {%- if obj.attrs.tunnel_reference%}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.delete({%- if obj.relative_url %}relative_url={%- endif %}{%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}', target={{obj.target}}{%- if obj.cred %}, cred={{obj.cred}}{%- endif %}{% if obj.credentials_list %}, credential={{obj.credentials_list | replace("'","")}}{% endif %} {%- if obj.attrs.tunnel_reference%}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- else %}
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.delete({%- if obj.relative_url %}relative_url={%- endif %}{%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}body=json.dumps({{obj.attrs.request_body}}), headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}', target={{obj.target}}{%- if obj.cred %}, cred={{obj.cred}}{%- endif %} {%- if obj.attrs.tunnel_reference%}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.delete({%- if obj.relative_url %}relative_url={%- endif %}{%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}body=json.dumps({{obj.attrs.request_body}}), headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}', target={{obj.target}}{%- if obj.cred %}, cred={{obj.cred}}{%- endif %}{% if obj.credentials_list %}, credential={{obj.credentials_list | replace("'","")}}{% endif %} {%- if obj.attrs.tunnel_reference%}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- endif %}
{%- endmacro %}

Expand Down
4 changes: 2 additions & 2 deletions calm/dsl/decompile/schemas/task_http_get.py.jinja2
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
{%- macro http_get_task(obj) -%}
{%- if obj.target is not defined %}
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.get({%- if obj.relative_url %}relative_url={%- endif %}{%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}'{%- if obj.cred %}, cred={{obj.cred}}{%- endif %} {%- if obj.attrs.tunnel_reference %}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.get({%- if obj.relative_url %}relative_url={%- endif %}{%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}'{%- if obj.cred %}, cred={{obj.cred}}{%- endif %} {% if obj.credentials_list %}, credential={{obj.credentials_list | replace("'","")}}{% endif %} {%- if obj.attrs.tunnel_reference %}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- else %}
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.get({%- if obj.relative_url %}relative_url={%- endif %}{%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}', target={{obj.target}}{%- if obj.cred %}, cred={{obj.cred}}{%- endif %} {%- if obj.attrs.tunnel_reference %}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.get({%- if obj.relative_url %}relative_url={%- endif %}{%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}', target={{obj.target}}{%- if obj.cred %}, cred={{obj.cred}}{%- endif %}{% if obj.credentials_list %}, credential={{obj.credentials_list | replace("'","")}}{% endif %} {%- if obj.attrs.tunnel_reference %}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- endif %}
{%- endmacro %}

Expand Down
8 changes: 4 additions & 4 deletions calm/dsl/decompile/schemas/task_http_post.py.jinja2
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
{%- macro http_post_task(obj) -%}
{%- if obj.target is not defined and obj.attrs.request_body is not defined %}
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.post({%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}'{%- if obj.cred %}, cred={{obj.cred}}{%- endif %} {%- if obj.attrs.tunnel_reference%}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.post({%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}'{%- if obj.cred %}, cred={{obj.cred}}{%- endif %} {% if obj.credentials_list %}, credential={{obj.credentials_list | replace("'","")}}{% endif %} {%- if obj.attrs.tunnel_reference%}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- elif obj.target is not defined %}
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.post({%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}body=json.dumps({{obj.attrs.request_body}}), headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}'{%- if obj.cred %}, cred={{obj.cred}}{%- endif %} {%- if obj.attrs.tunnel_reference%}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.post({%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}body=json.dumps({{obj.attrs.request_body}}), headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}'{%- if obj.cred %}, cred={{obj.cred}}{%- endif %} {% if obj.credentials_list %}, credential={{obj.credentials_list | replace("'","")}}{% endif %} {%- if obj.attrs.tunnel_reference%}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- elif obj.attrs.request_body is not defined %}
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.post({%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}', target={{obj.target}}{%- if obj.cred %}, cred={{obj.cred}}{%- endif %} {%- if obj.attrs.tunnel_reference%}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.post({%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}', target={{obj.target}}{%- if obj.cred %}, cred={{obj.cred}}{%- endif %} {% if obj.credentials_list %}, credential={{obj.credentials_list | replace("'","")}}{% endif %} {%- if obj.attrs.tunnel_reference%}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- else %}
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.post({%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}body=json.dumps({{obj.attrs.request_body}}), headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}', target={{obj.target}}{%- if obj.cred %}, cred={{obj.cred}}{%- endif %} {%- if obj.attrs.tunnel_reference%}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- if obj.calm_var_task %}CalmVarTask{%- else %}CalmTask{%- endif %}.HTTP.post({%- if obj.attrs.url %}'{{obj.attrs.url}}', {%- endif %}body=json.dumps({{obj.attrs.request_body}}), headers={{obj.headers}}, secret_headers={{obj.secret_headers}} , content_type='{{obj.attrs.content_type}}', verify={{obj.attrs.tls_verify}}, status_mapping={{obj.status_mapping}}, response_paths={{obj.response_paths}}, name='{{obj.name}}', target={{obj.target}}{%- if obj.cred %}, cred={{obj.cred}}{%- endif %} {% if obj.credentials_list %}, credential={{obj.credentials_list | replace("'","")}}{% endif %} {%- if obj.attrs.tunnel_reference%}, tunnel=Ref.Tunnel(name="{{ obj.attrs.tunnel_reference.name }}"){%- endif %} {%- if obj.attrs.relative_url %}, relative_url='{{obj.attrs.relative_url}}'{%- endif %})
{%- endif %}
{%- endmacro %}

Expand Down
Loading

0 comments on commit 0b9576b

Please sign in to comment.