-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support secrets in tool requirements #19084
base: dev
Are you sure you want to change the base?
Conversation
lib/galaxy/tool_util/xsd/galaxy.xsd
Outdated
|
||
```xml | ||
<requirements> | ||
<secret type="vault" user_preferences_key="some_tool|api_key" inject_as_env="some_tool_api_key" label="API Key" required="true"/> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do any of the use cases involve multiple tools with different IDs requesting the same secret? If not - I would make the tool id (without a version) an implicit prefix here and just attach some similar field as the suffix. This isolation feels more secure-ish to me - we wouldn't risk tools picking up other keys accidentally.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, in some use cases, maybe in the future, it will be good to access an api_key or a token for multiple tools.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi John, Arash, with @Marie59 and @jeremyfix we have such use case (if I well understand) where separate tools need the same credential (here this is Copernicus marine system credentials), so I confirm that this is already a reality ;) It appears to me, at least for ecology and related environmental sciences, that it will be the case for many data providers as Copernicus for satellites remote sensing data and others.
f14c777
to
bdf8667
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice to see this feature coming in. One thing I was wondering about though, should this be a requirement or be injected through the <environment_variables> section following the precedent here?
#15300
seperated_key = user_preferences_key.split("/") | ||
if len(seperated_key) != 2 or not seperated_key[0] or not seperated_key[1]: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
seperated_key = user_preferences_key.split("/") | |
if len(seperated_key) != 2 or not seperated_key[0] or not seperated_key[1]: | |
separated_key = user_preferences_key.split("/") | |
if len(separated_key) != 2 or not separated_key[0] or not separated_key[1]: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the suggestion, but they will all change.
the new discussed plan is in #19196
I am not sure if this should go into environment_variables or not.
f2a773c
to
7792a52
Compare
and related methods and use the discussed XML format galaxyproject#19196
3d5b798
to
a6b4da5
Compare
…s class and add credentials parsing test
446e685
to
f13b77d
Compare
to inherit from BaseCredential class
dedb684
to
ff3ee10
Compare
…ng tool credentials
To improve loading state management and user feedback
…lsInput component
Add UI for Tool secrets
… user credentials
Related to #19196
Closes #17511
Work in progress...
I will add a full description when it is done.
Adding secrets to tool requirements like this:
This will make use of the vault key that has been added in user_preferences_extra:
And inject it as an environmental variable that could be accessed within tools.
How to test the changes?
(Select all options that apply)
License