This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What are adhoc functions in workflows?

Go to solution
henk_stobbe
DynaMight Leader
DynaMight Leader

‎13 Jun 2024 06:07 AM - edited ‎13 Jun 2024 06:09 AM

Good morning,

 

Getting confused by below options, I assume, reading the documentation

You add a code section in your Notebook and add custom code, which we refer to as an "Ad-hoc function.

This is in workflows also a task with JS code? And does below mean I have enabled "ad hoc" for workflows and not for notebooks.

And for now I assume ad hoc function are the only way to connect to the vault?

And I hope the user is still validated to have access?

KR Henk

 

henk_stobbe_0-1718254350156.png

 

Labels:
0 Kudos
Reply
3 REPLIES 3

Go to solution
christian_kreuz
Dynatrace Helper
Dynatrace Helper

‎17 Jun 2024 10:24 AM

Hi! Ad-hoc function is a very generic term for describing "a function that is written ad-hoc" - vs. a function that is part of an (existing) App.

In Notebooks you implicitly create an Ad-hoc function by writing Code in a Code-tile. In Workflows, this is the "Run JavaScript" action.

 

@henk_stobbe wrote:

And for now I assume ad hoc function are the only way to connect to the vault?

In the future, a deeper integration between Vault and "some" Workflow Action is planned. For now, the "Run JavaScript" action is the only way to access secrets stored in Vault.

 

And I hope the user is still validated to have access?

If you restrict the access in Vault to certain users, only those users can access the secret. In Workflows, the user is whoever is set as the actor of a Workflow (not necessarily the user that clicks "Run").

Based on your screenshot, you seem to have already performed the first step and selected AppEngine as a scope. In addition, you allowed access without an app context (for ad-hoc functions like the Run JavaScript action).

You can furthermore enable "Owner access only" below, or specify a list of "Users with access".

 

Reply

Go to solution
henk_stobbe
DynaMight Leader
DynaMight Leader
In response to christian_kreuz

‎17 Jun 2024 11:05 AM

Hello Christian,

Thanks again for your long and detailed answer. One small extra question from my side.

henk_stobbe_0-1718618335195.png

So if I understand correctly, above selection has no real implication at this moment?

And the ad hoc function also runs in the actor context, who needs vault access.

If both are yes, then I got it!

KR Henk

0 Kudos
Reply

Go to solution
christian_kreuz
Dynatrace Helper
Dynatrace Helper
In response to henk_stobbe

‎17 Jun 2024 12:09 PM

Hi,

you have to set "Dynatrace apps with access" when selecting the AppEngine scope. By default it is set to "all applications".

While this does not have an immediate implication on your Workflow and the ad-hoc function used, I would still recommend to set it to "Workflows" for two reasons:

  1. It's easier identifiable where you use the secrets afterwards
  2. By setting it to "All applications" you are theoretically giving every app access to your secret (while, of course, still adhering to the "Owner access only" or "Users with access" configuration)

 

Reply
Ask a question

Featured Posts