Extract resolve/update credentials into methods

ManageIQ · Jan 2, 2024 · 40eb537 · 40eb537
1 parent b9c76da
commit 40eb537
Showing 1 changed file with 33 additions and 23 deletions.
diff --git a/app/models/manageiq/providers/workflows/automation_manager/workflow_instance.rb b/app/models/manageiq/providers/workflows/automation_manager/workflow_instance.rb
@@ -58,7 +58,34 @@ def run(args = {})
     object = object_type.constantize.find_by(:id => object_id) if object_type && object_id
     object.before_ae_starts({}) if object.present? && object.respond_to?(:before_ae_starts)
 
-    creds = credentials&.to_h do |key, val|
+    creds = resolved_credentials
+    wf = Floe::Workflow.new(payload, context, creds)
+    wf.run_nonblock
+    update_credentials!(wf.credentials)
+
+    update!(:context => wf.context.to_h, :status => wf.status, :output => wf.output, :credentials => credentials)
+
+    if object.present? && object.respond_to?(:after_ae_delivery)
+      ae_result =
+        case status
+        when "running"
+          "retry"
+        when "success"
+          "ok"
+        else
+          status
+        end
+
+      object.after_ae_delivery(ae_result)
+    end
+
+    run_queue(:zone => zone, :role => role, :object => object, :deliver_on => 10.seconds.from_now.utc, :server_guid => MiqServer.my_server.guid) unless wf.end?
+  end
+
+  private
+
+  def resolved_credentials
+    credentials&.to_h do |key, val|
       if key.end_with?(".$")
         credential_ref, credential_field = val.values_at("credential_ref", "credential_field")
 
@@ -70,11 +97,12 @@ def run(args = {})
         [key, ManageIQ::Password.try_decrypt(val)]
       end
     end
+  end
 
-    wf = Floe::Workflow.new(payload, context, creds)
-    wf.run_nonblock
-
-    wf.credentials.each do |key, val|
+  def update_credentials!(workflow_credentials)
+    workflow_credentials.each do |key, val|
+      # If the workflow has changed a credential that is mapped to an Authentication record
+      # drop the mapping and replace it with an in-line encrypted value
       if credentials.key?("#{key}.$")
         credential_ref, credential_field = credentials["#{key}.$"].values_at("credential_ref", "credential_field")
         authentication = parent.authentications.find_by(:ems_ref => credential_ref)
@@ -86,23 +114,5 @@ def run(args = {})
 
       credentials[key] = ManageIQ::Password.encrypt(val)
     end
-
-    update!(:context => wf.context.to_h, :status => wf.status, :output => wf.output, :credentials => credentials)
-
-    if object.present? && object.respond_to?(:after_ae_delivery)
-      ae_result =
-        case status
-        when "running"
-          "retry"
-        when "success"
-          "ok"
-        else
-          status
-        end
-
-      object.after_ae_delivery(ae_result)
-    end
-
-    run_queue(:zone => zone, :role => role, :object => object, :deliver_on => 10.seconds.from_now.utc, :server_guid => MiqServer.my_server.guid) unless wf.end?
   end
 end