credential handling & UI

ansibleguy · Feb 11, 2024 · 32491ad · 32491ad
1 parent a0a13be
commit 32491ad
Show file tree

Hide file tree

Showing 32 changed files with 1,075 additions and 245 deletions.
diff --git a/docs/source/_static/img/credentials_job.png b/docs/source/_static/img/credentials_job.png
diff --git a/docs/source/_static/img/credentials_permission.png b/docs/source/_static/img/credentials_permission.png
diff --git a/docs/source/_static/img/credentials_ui.png b/docs/source/_static/img/credentials_ui.png
diff --git a/docs/source/_static/img/permission_overview.svg b/docs/source/_static/img/permission_overview.svg
diff --git a/docs/source/usage/2_config.rst b/docs/source/usage/2_config.rst
@@ -7,9 +7,6 @@
 .. |cnf_admin| image:: ../_static/img/config_admin.png
    :class: wiki-img
 
-.. |cnf_jobs| image:: ../_static/img/config_jobs.png
-   :class: wiki-img
-
 
 ==========
 2 - Config

diff --git a/docs/source/usage/credentials.rst b/docs/source/usage/credentials.rst
@@ -0,0 +1,55 @@
+.. _usage_credentials:
+
+.. include:: ../_include/head.rst
+
+.. include:: ../_include/warn_develop.rst
+
+.. |creds_ui| image:: ../_static/img/credentials_ui.png
+   :class: wiki-img
+
+.. |creds_job| image:: ../_static/img/credentials_job.png
+   :class: wiki-img
+
+.. |creds_perm| image:: ../_static/img/credentials_permission.png
+   :class: wiki-img
+
+===========
+Credentials
+===========
+
+You can define :code:`global` and :code:`user` credentials.
+
+The saved credential secrets are returned to the user/Web-UI! They are saved encrypted to the database!
+
+The UI at :code:`Jobs - Credentials` allows you to manage them.
+
+|creds_ui|
+
+Global Credentials
+******************
+
+Global credentials can be used for scheduled job executions.
+
+Only users marked as :code:`Staff` are able to create and manage global credentials.
+
+Access to global credentials can be controlled using :ref:`permissions <usage_permission>`.
+
+|creds_perm|
+
+----
+
+User Credentials
+****************
+
+User credential can only be used and accessed by the user that created them.
+
+Jobs that are executed by an user will use the first user-credentials found as a fallback in case no other credentials were provided/configured (*but the job is set to need credentials*)!
+
+----
+
+Jobs
+****
+
+You can define if a job needs credentials to run in its settings:
+
+|creds_job|
diff --git a/src/ansible-webui/aw/api.py b/src/ansible-webui/aw/api.py
@@ -5,6 +5,7 @@
 from aw.api_endpoints.job import APIJob, APIJobItem, APIJobExecutionItem, APIJobExecutionLogs, \
     APIJobExecutionLogFile, APIJobExecution
 from aw.api_endpoints.permission import APIPermission, APIPermissionItem
+from aw.api_endpoints.credentials import APIJobCredentials, APIJobCredentialsItem
 from aw.api_endpoints.filesystem import APIFsBrowse
 
 urlpatterns_api = [
@@ -18,6 +19,8 @@
     path('api/job', APIJob.as_view()),
     path('api/permission/<int:perm_id>', APIPermissionItem.as_view()),
     path('api/permission', APIPermission.as_view()),
+    path('api/credentials/<int:credentials_id>', APIJobCredentialsItem.as_view()),
+    path('api/credentials', APIJobCredentials.as_view()),
     path('api/fs/browse/<str:selector>', APIFsBrowse.as_view()),
     path('api/_schema/', SpectacularAPIView.as_view(), name='_schema'),
     path('api/_docs', SpectacularSwaggerView.as_view(url_name='_schema'), name='swagger-ui'),