Multi profiles

[pdenning]

As discussed in https://forum.stackstorm.com/t/pack-configs-different-hosts-credentials/398

This adds multi profile support to the jira pack actions.
Sensor is not changed.

[blag]

This is coming along nicely, but it can be simplified quite a bit.

[blag]

Using an array of profile dictionaries:

profiles:
- name: profile_one
  # ...
- name: profile_two
  # ...

is kind of clunky. Using a dictionary of profile dictionaries would be cleaner:

profiles:
  profile_one:
    # ...
  profile_two:
    # ...

Using a dictionary also means that you don't have to specify a default_profile - the inline values function as the default profile values.

[pdenning]

Agreed, I looked into this, but i wasn't sure how to define a dynamic key within the config schema file.
Could you point me in the right direction on how to define that and i'll look into changing it

[blag]

Oh gotcha. Dictionaries are called "objects" in JSONSchema.

My review comment later on contains a good example of what you can/should do. All you should need to do is:

1. add the <<: &root_anchor after the --- line, before all of the existing keys
2. indent the existing keys
3. copy the profiles key from my example into config.schema.yaml

Let me know if you have any further questions - this is easily the most confusing part of a pack.

[pdenning]

I saw your example below, i did implement it. However it appears there is a bug.

If i try and use an encrypted key store, it ignores the secret value and doesn't decrypt the password.
This happens when using anchors or not.

[pdenning]

I have merged my changes. However there still appears to be a bug with secret key values. Maybe i am missing something you'll noticed

[blag]

Does st2kv.system.jira_prod_pass get decrypted?

[pdenning]

@blag
Yes the jira_prod_pass gets decrypted, however jira_dev_pass doesnt.

[blag]

@pdenning Sorry I don't have more to update, but at this point I believe this isn't working due to an undiscovered bug in StackStorm. I haven't had time to reproduce the issue or add a similar config to StackStorm's test fixtures yet, but I haven't forgotten about it.

If you managed to get it working, then please resolve this conversation, but if not I'd like to fix the bug in StackStorm itself (st2 repo) before we merge this PR.

[cognifloyd]

I found the bug. In order to decrypt the key, the schema needs to declare secret: true, BUT, the config loader does not look at any schemas under additionalProperties, so the profiles object is effectively schema-less:
https://github.com/StackStorm/st2/blob/8496bb2407b969f0937431992172b98b545f6756/st2common/st2common/util/config_loader.py#L133-L137

[cognifloyd]

I'm working on a fix for this here: StackStorm/st2#5225

[arm4b]

To close the loop on this. @pdenning @blag are we good to merge it? Are there any blockers or everything works as expected?

[blag]

@armab No, this isn't working as expected and I still need to get to the bottom of it.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
0 out of 3 committers have signed the CLA.

❌ Ragnra
❌ paul-denning
❌ pdenning
_{You have signed the CLA already but the status is still pending? Let us recheck it.}