|
| 1 | +--- |
| 2 | +title: default-credentials |
| 3 | +authors: |
| 4 | + - "rromannissen" |
| 5 | +reviewers: |
| 6 | + - "@dymurray" |
| 7 | + - "@jortel" |
| 8 | + - "@sjd78" |
| 9 | +approvers: |
| 10 | + - "@dymurray" |
| 11 | + - "@jortel" |
| 12 | + - "@sjd78" |
| 13 | +creation-date: 2025-05-22 |
| 14 | +last-updated: 2025-05-22 |
| 15 | +status: provisional |
| 16 | +see-also: |
| 17 | + - |
| 18 | +replaces: |
| 19 | + - |
| 20 | +superseded-by: |
| 21 | + - |
| 22 | +--- |
| 23 | + |
| 24 | +# Default Credentials |
| 25 | + |
| 26 | + |
| 27 | +## Release Signoff Checklist |
| 28 | + |
| 29 | +- [ ] Enhancement is `implementable` |
| 30 | +- [ ] Design details are appropriately documented from clear requirements |
| 31 | +- [ ] Test plan is defined |
| 32 | +- [ ] User-facing documentation is created |
| 33 | + |
| 34 | +## Open Questions |
| 35 | + |
| 36 | +- How can a credential that was defined as default be explicitly defined as the credential for certain applications? |
| 37 | + |
| 38 | +## Summary |
| 39 | + |
| 40 | +This enhancement aims at enabling Konveyor to manage default credentials to streamline the language and technology discovery operations when credentials haven't been explicitly associated with applications in the portfolio. |
| 41 | + |
| 42 | + |
| 43 | +## Motivation |
| 44 | + |
| 45 | +In a common enterprise scenario, application repositories are secured. That means that in a large application import, considering that credentials can't be included in the CSV file, the first language and technology discovery operations will fail until the user manually associates credentials with each application. This introduces a manual step in a process that should be as automated as possible to tackle large application portfolios effectively and start surfacing information as early as possible. |
| 46 | + |
| 47 | +A different scenario that makes this more of a problem would be related to [application discovery](https://github.com/konveyor/enhancements/tree/master/enhancements/assets-generation#discovery), as it would be important to automate the insights collection as much as possible as soon as applications are discovered if the source platform contained information about the application repository. |
| 48 | + |
| 49 | + |
| 50 | +### Goals |
| 51 | + |
| 52 | +- Enable administrators in Konveyor to define default values for each credential type. |
| 53 | + |
| 54 | +### Non-Goals |
| 55 | + |
| 56 | +- Redefine or reimplement how credentials are managed in Konveyor. |
| 57 | +- Add a new type of credentials. |
| 58 | + |
| 59 | +## Proposal |
| 60 | + |
| 61 | +### Personas / Actors |
| 62 | + |
| 63 | +#### Administrator |
| 64 | + |
| 65 | +The administrator for the tool that has access to some application-wide configuration parameters that other users can consume but not change or browse. |
| 66 | + |
| 67 | + |
| 68 | +### User Stories |
| 69 | + |
| 70 | +##### DC001 |
| 71 | + |
| 72 | +*As an Administrator, I want to be able to define default values for each credential type* |
| 73 | + |
| 74 | +##### DC002 |
| 75 | + |
| 76 | +*As an Administrator, I want the default credential values to be associated with applications* |
| 77 | + |
| 78 | + |
| 79 | +### Functional Specification |
| 80 | + |
| 81 | +#### Credentials management view |
| 82 | + |
| 83 | +Default credentials should follow the following rules: |
| 84 | + |
| 85 | +- Default credentials will only be available for Source Control and Maven Settings file credential types, at least on this first iteration. |
| 86 | +- There can only be one default credential per credential type. |
| 87 | +- Once a credential is set as default, it will be implicitly associated to all applications that don't have a credential of that type explicitly associated. |
| 88 | +- Changing the default credential for a certain credential type **should trigger discovery for all applications that don't have a credential of that type explicitly associated**. |
| 89 | + |
| 90 | +In the credentials management view, the _Edit_ and _Delete_ buttons for each credential row on the table will be replaced with a kebab menu with the following items: |
| 91 | + |
| 92 | +- _Edit_ |
| 93 | +- _Delete_ |
| 94 | +- _Set as default_ (only if the credential is not default already) |
| 95 | +- _Remove default_ (only if the credential is default already) |
| 96 | + |
| 97 | +Clicking on _Set as default_ will set the current credential as default, which will be signaled in the credential row with the label _Default_. If there was a previously defined default credential of that credential type, a confirmation modal will be displayed with the text _This will replace the credential $CREDENTIAL as the default credential for the $CREDENTIAL_TYPE credential type_ with options _Accept_ and _Cancel_, where $CREDENTIAL is the credential that was previously defined as default and $CREDENTIAL_TYPE is the credential type for both the new and the former default credential. |
| 98 | + |
| 99 | +Once the new default credential type is set, discovery will be triggered for all applications that don't have a credential of that type explicitly associated. |
| 100 | + |
| 101 | + |
| 102 | + |
| 103 | +### Implementation Details/Notes/Constraints |
| 104 | + |
| 105 | +TBD |
| 106 | + |
| 107 | +### Security, Risks, and Mitigations |
| 108 | + |
| 109 | +TBD |
| 110 | + |
| 111 | +## Design Details |
| 112 | + |
| 113 | +### Test Plan |
| 114 | + |
| 115 | +TBD |
| 116 | + |
| 117 | +### Upgrade / Downgrade Strategy |
| 118 | + |
| 119 | +TBD |
| 120 | + |
| 121 | +## Implementation History |
| 122 | + |
| 123 | +TBD |
| 124 | + |
| 125 | +## Drawbacks |
| 126 | + |
| 127 | +TBD |
| 128 | + |
| 129 | +## Alternatives |
| 130 | + |
| 131 | +TBD |
| 132 | + |
| 133 | +## Infrastructure Needed |
| 134 | + |
| 135 | +TBD |
0 commit comments