cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What are adhoc functions in workflows?

henk_stobbe
DynaMight Champion
DynaMight Champion

Good morning,

 

Getting confused by below options, I assume, reading the documentation

You add a code section in your Notebook and add custom code, which we refer to as an "Ad-hoc function.

This is in workflows also a task with JS code? And does below mean I have enabled "ad hoc" for workflows and not for notebooks.

And for now I assume ad hoc function are the only way to connect to the vault?

And I hope the user is still validated to have access?

KR Henk

 

henk_stobbe_0-1718254350156.png

 

3 REPLIES 3

christian_kreuz
Dynatrace Helper
Dynatrace Helper

Hi! Ad-hoc function is a very generic term for describing "a function that is written ad-hoc" - vs. a function that is part of an (existing) App.

In Notebooks you implicitly create an Ad-hoc function by writing Code in a Code-tile. In Workflows, this is the "Run JavaScript" action.

 


@henk_stobbe wrote:

And for now I assume ad hoc function are the only way to connect to the vault?


In the future, a deeper integration between Vault and "some" Workflow Action is planned. For now, the "Run JavaScript" action is the only way to access secrets stored in Vault.

 

And I hope the user is still validated to have access?


If you restrict the access in Vault to certain users, only those users can access the secret. In Workflows, the user is whoever is set as the actor of a Workflow (not necessarily the user that clicks "Run").

Based on your screenshot, you seem to have already performed the first step and selected AppEngine as a scope. In addition, you allowed access without an app context (for ad-hoc functions like the Run JavaScript action).

You can furthermore enable "Owner access only" below, or specify a list of "Users with access".

 

Hello Christian,

Thanks again for your long and detailed answer. One small extra question from my side.

henk_stobbe_0-1718618335195.png

So if I understand correctly, above selection has no real implication at this moment?

And the ad hoc function also runs in the actor context, who needs vault access.

If both are yes, then I got it!

KR Henk

Hi,

you have to set "Dynatrace apps with access" when selecting the AppEngine scope. By default it is set to "all applications".

While this does not have an immediate implication on your Workflow and the ad-hoc function used, I would still recommend to set it to "Workflows" for two reasons:

  1. It's easier identifiable where you use the secrets afterwards
  2. By setting it to "All applications" you are theoretically giving every app access to your secret (while, of course, still adhering to the "Owner access only" or "Users with access" configuration)

 

Featured Posts