fix(docs): fix schema and add documentation for rules prefixes in scenario settings (#669)

Author: Guts

docs/reference/qdt_profile.md

@@ -70,6 +70,23 @@ You can also deploy profiles based on environment variables. In the following ex
 }
 ```
 
+By default, only prefixed variables can be used in rules. Default prefixes are `QDT_` and `QGIS_`. You can use your own prefixes in scenario settings:
+
+```json
+[...]
+
+settings:
+  RULES_VARIABLES_PREFIX: "QDT_,QGIS_,MYPREFIX_,MYOTHERPREFIX_"
+
+[...]
+```
+
+You can by-pass prefix check by setting `RULES_ONLY_PREFIXED_VARIABLES` to `false` in scenario settings.
+
+:::{warning}
+Be careful if you allow all variables, as it could cause security issues.
+:::
+
 ### Conditions and rules context
 
 Rules is a set of conditions that use logical operators to compare values with context (a set of facts) which is exposed as a JSON object. Here comes the context for a Linux environment:

docs/schemas/scenario/settings.json

@@ -88,15 +88,13 @@
       "type": "boolean"
     },
     "RULES_VARIABLES_PREFIX": {
-      "default": [
-        "QDT_,QGIS_"
+      "default": "QDT_,QGIS_",
+      "description": "List of prefixes of environment variables considered in rules. Only relevant if RULES_ONLY_PREFIXED_VARIABLES is set to `true`. The list is comma-separated. For example: `QDT_,QGIS_,MYPREFIX_`. The default value is `QDT_,QGIS_`.",
+      "examples": [
+        "QGIS_,QDT_,MYPREFIX_,MYOTHERPREFIX_"
       ],
-      "description": "List of prefixes of environment variables considered in rules. Only relevant if RULES_ONLY_PREFIXED_VARIABLES is set to `true`.",
       "title": "Variables prefixes",
-      "type": "array",
-      "items": {
-        "type": "string"
-      }
+      "type": "string"
     },
     "SCENARIO_VALIDATION": {
       "default": false,

docs/usage/scenario.md

@@ -23,7 +23,7 @@ A step consists of 3 elements:
 
 - `name`: the name of the step
 - `uses` : the job identifier to use
-- with` : the parameters to pass to the Job
+- `with` : the parameters to pass to the Job
 
 ```{button-link} ../jobs/index.html
 :color: primary

docs/usage/settings.md

@@ -25,6 +25,8 @@ Some others parameters can be set using environment variables.
 | `QDT_LOGS_DIR` | Folder where QDT writes the log files, which are automatically rotated. | `~/.cache/qgis-deployment-toolbelt/logs/` |
 | `QDT_OSGEO4W_INSTALL_DIR` | Path to the OSGEO4W install directory. Used to search for installed QGIS and shortcuts creation. | `C:\\OSGeo4W`. |
 | `QDT_QGIS_EXE_PATH` | Path to the QGIS executable to use. Used in shortcuts. | `/usr/bin/qgis` on Linux and MacOS, `%PROGRAMFILES%/QGIS 3.28/bin/qgis-ltr-bin.exe` on Windows. |
+| `QDT_RULES_ONLY_PREFIXED_VARIABLES` | If set to `true`, only environment variables prefixed with prefixes listed in RULES_VARIABLES_PREFIX are considered in rules for security concerns. If set to `false`, all environment variables are considered in rules. | `true` |
+| `QDT_RULES_VARIABLES_PREFIX` | List of prefixes of environment variables considered in rules. Only relevant if RULES_ONLY_PREFIXED_VARIABLES is set to `true`. The list is comma-separated. For example: `QDT_,QGIS_,MYPREFIX_`. | `QDT_,QGIS_` |
 | `QDT_STREAMED_DOWNLOADS` | If set to `false`, the content of remote files is fully downloaded before being written locally. | `true` |
 | `QDT_SSL_USE_SYSTEM_STORES` | By default, a bundle of SSL certificates is used, through [certifi](https://pypi.org/project/certifi/). If this environment variable is set to `true`, QDT tries to uses the system certificates store. Based on [truststore](https://truststore.readthedocs.io/). See also [How to use custom SSL certificates](../guides/howto_use_custom_ssl_certs.md).  | `False` |
 | `QDT_SSL_VERIFY` | Enables/disables SSL certificate verification. Useful for environments where the proxy is unreliable with HTTPS connections. Boolean: `true` or `false`. | `True` |