-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support secrets in tool requirements #19084
base: dev
Are you sure you want to change the base?
Conversation
lib/galaxy/tool_util/xsd/galaxy.xsd
Outdated
|
||
```xml | ||
<requirements> | ||
<secret type="vault" user_preferences_key="some_tool|api_key" inject_as_env="some_tool_api_key" label="API Key" required="true"/> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do any of the use cases involve multiple tools with different IDs requesting the same secret? If not - I would make the tool id (without a version) an implicit prefix here and just attach some similar field as the suffix. This isolation feels more secure-ish to me - we wouldn't risk tools picking up other keys accidentally.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, in some use cases, maybe in the future, it will be good to access an api_key or a token for multiple tools.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi John, Arash, with @Marie59 and @jeremyfix we have such use case (if I well understand) where separate tools need the same credential (here this is Copernicus marine system credentials), so I confirm that this is already a reality ;) It appears to me, at least for ecology and related environmental sciences, that it will be the case for many data providers as Copernicus for satellites remote sensing data and others.
f14c777
to
bdf8667
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice to see this feature coming in. One thing I was wondering about though, should this be a requirement or be injected through the <environment_variables> section following the precedent here?
#15300
seperated_key = user_preferences_key.split("/") | ||
if len(seperated_key) != 2 or not seperated_key[0] or not seperated_key[1]: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
seperated_key = user_preferences_key.split("/") | |
if len(seperated_key) != 2 or not seperated_key[0] or not seperated_key[1]: | |
separated_key = user_preferences_key.split("/") | |
if len(separated_key) != 2 or not separated_key[0] or not separated_key[1]: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the suggestion, but they will all change.
the new discussed plan is in #19196
I am not sure if this should go into environment_variables or not.
dedb684
to
ff3ee10
Compare
ab6f860
to
7c8b58f
Compare
971fa21
to
64d382c
Compare
4323218
to
79bad3a
Compare
…entials store When saving the secrets, the placeholders will be replaced by null, and so, ignored and considered those secrets as unchanged.
…ing user credential management
…hods for simplification
Ensures default group handling and validation in credential deletion
…n part Simplifies and modularizes methods for adding user credentials, groups, variables, and secrets Improves code clarity and maintainability by breaking down complex methods into smaller, focused functions
Moves access checks to CredentialsService for better separation of concerns Refactoring to get the CredentialsManager ready for unit test
3530c3c
to
18282cc
Compare
Renames variables for clarity and consistency
Related to #19196
Closes #17511
Work in progress...
I will add a full description when it is done.
Adding secrets to tool requirements like this:
This will make use of the vault key that has been added in user_preferences_extra:
And inject it as an environmental variable that could be accessed within tools.
How to test the changes?
(Select all options that apply)
License