Add Credential selection

agrare · agrare · commit 66a319b4ffd7 · 2026-03-26T14:12:15.000-04:00
diff --git a/app/models/manageiq/providers/embedded_ansible/automation_manager/provision_workflow.rb b/app/models/manageiq/providers/embedded_ansible/automation_manager/provision_workflow.rb
@@ -13,4 +13,22 @@ def allowed_configuration_scripts(*_args)
       build_ci_hash_struct(cs, %w[name description manager_name])
     end
   end
+
+  def allowed_machine_credentials(*_args)
+    self.class.module_parent::MachineCredential.all.each_with_object({}) do |mc, h|
+      h[mc.id] = mc.name
+    end
+  end
+
+  def allowed_vault_credentials(*_args)
+    self.class.module_parent::VaultCredential.all.each_with_object({}) do |vc, h|
+      h[vc.id] = vc.name
+    end
+  end
+
+  def allowed_cloud_credentials(*args)
+    self.class.module_parent::CloudCredential.all.each_with_object({}) do |cc, h|
+      h[cc.id] = "#{cc.name} - #{cc.type}"
+    end
+  end
 end
diff --git a/product/dialogs/miq_dialogs/miq_provision_configuration_script_embedded_ansible_dialogs.yaml b/product/dialogs/miq_dialogs/miq_provision_configuration_script_embedded_ansible_dialogs.yaml
@@ -121,27 +121,9 @@
           :data_type: :integer
       :display: :show
       :field_order:
-    :customize:
-      :description: Customize
+    :provision:
+      :description: Provision
       :fields:
-        :root_password:
-          :description: Root Password
-          :required: false
-          :display: :edit
-          :data_type: :string
-          :notes: Minimum 8 characters or blank
-        :hostname:
-          :description: Host Name
-          :required: false
-          :display: :edit
-          :data_type: :string
-        :ip_addr:
-          :description: IP Address
-          :required: false
-          :notes: (Enter starting IP address)
-          :display: :edit
-          :data_type: :string
-          :notes_display: :hide
         :verbosity:
           :description: Verbosity
           :values:
@@ -173,6 +155,27 @@
           :required: false
           :display: :edit
           :data_type: :integer
+        :machine_credential_id:
+          :values_from:
+            :method: :allowed_machine_credentials
+          :description: Machine Credential
+          :required: true
+          :display: :edit
+          :data_type: :integer
+        :vault_credential_id:
+          :values_from:
+            :method: :allowed_vault_credentials
+          :description: Vault Credential
+          :required: false
+          :display: :edit
+          :data_type: :integer
+        :cloud_credential_id:
+          :values_from:
+            :method: :allowed_cloud_credentials
+          :description: Cloud Credential
+          :required: false
+          :display: :edit
+          :data_type: :string
       :display: :show
     :service:
       :description: Catalog
@@ -213,5 +216,5 @@
   - :requester
   - :purpose
   - :service
-  - :customize
+  - :provision
   - :schedule
diff --git a/spec/models/manageiq/providers/embedded_ansible/automation_manager/provision_workflow_spec.rb b/spec/models/manageiq/providers/embedded_ansible/automation_manager/provision_workflow_spec.rb
@@ -0,0 +1,75 @@
+describe ManageIQ::Providers::EmbeddedAnsible::AutomationManager::ProvisionWorkflow do
+  let(:admin) { FactoryBot.create(:user_with_group) }
+  let(:manager) { FactoryBot.create(:provider_embedded_ansible, :default_organization => 1).managers.first }
+  let(:workflow) { described_class.new({}, admin.userid) }
+
+  before do
+    EvmSpecHelper.assign_embedded_ansible_role
+    MiqDialog.seed_dialog(Rails.root.join("product/dialogs/miq_dialogs/miq_provision_configuration_script_embedded_ansible_dialogs.yaml"))
+  end
+
+  describe "#allowed_configuration_scripts" do
+    let!(:config_script1) { FactoryBot.create(:embedded_ansible_configuration_script, :manager => manager) }
+    let!(:config_script2) { FactoryBot.create(:embedded_ansible_configuration_script, :manager => manager) }
+
+    it "returns all configuration scripts" do
+      scripts = workflow.allowed_configuration_scripts
+      expect(scripts.count).to eq(2)
+      expect(scripts.map { |s| s[:id] }).to match_array([config_script1.id, config_script2.id])
+    end
+  end
+
+  describe "#allowed_machine_credentials" do
+    let!(:machine_cred1) { FactoryBot.create(:embedded_ansible_machine_credential, :manager => manager) }
+    let!(:machine_cred2) { FactoryBot.create(:embedded_ansible_machine_credential, :manager => manager) }
+
+    it "returns all machine credentials" do
+      credentials = workflow.allowed_machine_credentials
+      expect(credentials).to be_a(Hash)
+      expect(credentials.count).to eq(2)
+      expect(credentials.keys).to match_array([machine_cred1.id, machine_cred2.id])
+      expect(credentials.values).to match_array([machine_cred1.name, machine_cred2.name])
+    end
+  end
+
+  describe "#allowed_vault_credentials" do
+    let!(:vault_cred1) { FactoryBot.create(:embedded_ansible_vault_credential, :manager => manager) }
+    let!(:vault_cred2) { FactoryBot.create(:embedded_ansible_vault_credential, :manager => manager) }
+
+    it "returns all vault credentials" do
+      credentials = workflow.allowed_vault_credentials
+      expect(credentials).to be_a(Hash)
+      expect(credentials.count).to eq(2)
+      expect(credentials.keys).to match_array([vault_cred1.id, vault_cred2.id])
+      expect(credentials.values).to match_array([vault_cred1.name, vault_cred2.name])
+    end
+  end
+
+  describe "#allowed_cloud_credentials" do
+    let!(:amazon_cred1) { FactoryBot.create(:embedded_ansible_amazon_credential, :manager => manager) }
+    let!(:amazon_cred2) { FactoryBot.create(:embedded_ansible_amazon_credential, :manager => manager) }
+    let!(:azure_cred)   { FactoryBot.create(:embedded_ansible_azure_credential,  :manager => manager) }
+
+    context "when cloud_credential_type is specified" do
+      it "returns credentials of the specified type" do
+        workflow.values[:cloud_credential_type] = "Amazon"
+        credentials = workflow.allowed_cloud_credentials
+
+        expect(credentials).to be_a(Hash)
+        expect(credentials.count).to eq(2)
+        expect(credentials.keys).to match_array([amazon_cred1.id, amazon_cred2.id])
+        expect(credentials.values).to match_array([amazon_cred1.name, amazon_cred2.name])
+      end
+    end
+
+    context "when cloud_credential_type is not specified" do
+      it "returns all cloud credentials" do
+        credentials = workflow.allowed_cloud_credentials
+
+        expect(credentials).to be_a(Hash)
+        expect(credentials.count).to eq(3)
+        expect(credentials.keys).to match_array([amazon_cred1.id, amazon_cred2.id, azure_cred.id])
+      end
+    end
+  end
+end
