You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/docs/Configuration/Secrets.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ Clace supports secret management when working with apps. Secrets can be passed t
8
8
9
9
## Supported Providers
10
10
11
-
Clace currently supports AWS Secrets Manager (ASM) and HashiCorp Vault as providers for secrets management. Secrets can also be read from the environment of the Clace server, which can be used in development and testing.
11
+
Clace currently supports AWS Secrets Manager (ASM) and HashiCorp Vault as providers for secrets management. Secrets can also be read from the environment of the Clace server, which can be used in development and testing. Secrets can also be read from a local properties file.
Copy file name to clipboardExpand all lines: content/docs/Configuration/Security.md
+27-7Lines changed: 27 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -72,24 +72,44 @@ See [appsecurity]({{< ref "appsecurity" >}}) for details about the application l
72
72
73
73
## Private Repository Access
74
74
75
-
The `app create` and `app reload` commands can read public GitHub repositories. If the repository is private, to be able to access the repo, the [ssh key](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account) needs to be specified. In the `clace.toml` config file, create an entry like:
75
+
The `app create` and `app reload` commands can read public GitHub repositories. If the repository is private, to be able to access the repo, the [ssh key](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account) or [personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) needs to be specified.
76
+
77
+
### SSH Keys
78
+
79
+
For SSH key, in the `clace.toml` config file, create an entry like:
`mykey` is the git auth key name, `key_file_path` points to the location of a private key file for a user with access to the repository. When running `app create`, add the `--git-auth mykey` option and use the git url instead of http url (like `git@github.com:claceio/clace.git/examples/disk_usage`). The private key specified will be used for accessing the repository. `app reload` command will automatically use the same key as specified during the create. To set the default git key to use, add in config:
87
+
`mykey` is the git auth key name, `key_file_path` points to the location of a private key file for a user with access to the repository and `password` is the passphrase if any for the file.
88
+
89
+
{{<callouttype="info" >}}
90
+
Use `ssh-keygen -l -f ~/.ssh/id_rsa.pub` (on public key) to check if the fingerprint matches the SHA256 fingerprint shown at https://github.com/settings/keys. To verify the passphrase, use `ssh-keygen -y -f ~/.ssh/id_rsa` (on the private key) and type in the passphrase to check if the passphrase is correct.
91
+
{{</callout>}}
92
+
93
+
### Personal Access Token
94
+
95
+
For personal access token, set
96
+
97
+
```toml {filename="clace.toml"}
98
+
[git_auth.mypat]
99
+
user_id = "myid"
100
+
password = "github_pat_11A7FXXXXXXX"
101
+
```
102
+
103
+
The `user_id` needs to be set to an non-empty value like the github id even though it is ignored for the auth.
104
+
105
+
When running `app create`, add `--git-auth mykey` or `--git-auth mypat` option. The private key specified will be used for accessing the repository. `app reload` command will automatically use the same key as specified during the create. To set the default git key to use, add in config:
84
106
85
107
```toml {filename="clace.toml"}
86
108
[security]
87
109
default_git_auth = "mykey"
88
110
```
89
111
90
-
If an app has no `git_auth` set and uses a repo with git url (starts with `git@github.com:`), then the default_git_auth will be used if it is specified in the config. This git key is used for `apply` files also.
91
-
92
-
To change the git auth key for an app, run:
112
+
This git key is used for `apply` and `sync` also. To change the git auth key for an app, run:
Copy file name to clipboardExpand all lines: content/docs/Plugins/Catalog.md
+4-7Lines changed: 4 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -45,6 +45,8 @@ All the API's support the following parameters:
45
45
-**form_encoding** (string, optional) : the form encoding to use, `application/x-www-form-urlencoded` (default) or `multipart/form-data`
46
46
-**json_body** (object, optional) : the object to send as json encoded body
47
47
-**auth_basic** (tuple(string, string), optional): HTTP basic auth username and password
48
+
-**auth_signature** (string, optional): Signature auth type
49
+
-**error_on_fail** (bool, optional): Whether to fail on non-2xx status code, default true
48
50
49
51
The response for all API's (`value` within `plugin_response`) contains following properties:
50
52
@@ -55,15 +57,10 @@ The response for all API's (`value` within `plugin_response`) contains following
55
57
-**body()** (string) : the response body as a string
56
58
-**json()** (object) : the response body un-marshalled as a json
57
59
58
-
If the API calls fails to go through then the plugin response `error` property will be set. If the API goes through, then the response `error` will not be set, even if API call fails with an HTTP error. The `status_code` will indicate whether the API succeeded on the server. To handle all possible error conditions, do (change to handle all 2xx codes if required)
60
+
If the API calls fails to go through then the plugin response `error` property will be set. If the API returns non 2xx status code, error is set (unless `error_on_fail` is False). The `status_code` will indicate whether the API succeeded on the server. To make an API call and parse the response as JSON, do
59
61
60
62
```python {filename="app.star"}
61
-
ret = http.get("http://localhost:9999/test")
62
-
if ret.error or ret.value.status_code !=200:
63
-
return# error handling
64
-
65
-
val = ret.value.json()
66
-
# success handling
63
+
ret = http.get("http://localhost:9999/test").value.json()
0 commit comments