You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* feat(credentials): add PATCH /credentials/{id} in-place update
Adds a true partial-update endpoint for SSH credentials, replacing the
frontend's create-then-delete workaround. Omitted secret fields keep the
stored ciphertext (no re-entry needed); narrowing auth_method nulls the
now-unused secret and revalidates the required secret set. Setting
is_default=true on a system credential atomically demotes the prior
default. scope/scope_id remain immutable.
- credential.Update service method (single-tx, FOR UPDATE, auto-demote)
- PatchCredentialByID handler (credential:write, CredentialUpdated audit)
- openapi CredentialUpdateRequest + regenerated Go/TS stubs
- credential.updated audit event
- api-credentials spec v1.2.0: C-06..C-08, AC-16..AC-21 (+6 passing tests)
- fix post-promotion .gitignore: *credential* caught internal/credential/
* feat(settings): in-place Edit credential via PATCH
Replaces the create-then-delete Replace workaround with a real in-place
edit against PATCH /credentials/{id}. The 'no PATCH endpoint' warning
banner and the orphan/two-phase logic are gone. Secret fields left blank
keep the stored ciphertext (labelled 'leave blank to keep current'), so
editing name/username/auth_method no longer forces re-entry of the key
or password.
- ReplaceCredentialModal -> EditCredentialModal (single PATCH call)
- credentialEditSchema makes secrets optional (blank = keep)
- CredentialsPage: Edit labels, EditCredentialModal wiring
- frontend-settings spec v1.9.0 scope bullets
* feat(host-detail): per-host credential management + live Reconnect
Wires the three deferred host-page controls onto the new credential and
discovery endpoints.
- HostCredentialModal: shared per-host credential surface. Reads the
resolved source (POST /credentials:resolve) and switches a host between
the system default and a host-specific override using the tier model:
clone the default (keeps the secret), set a different host credential,
edit the override in place (PATCH), or revert (DELETE). Mutations gated
on credential:write; viewers see the source read-only.
- Connectivity card: Auth row now shows the resolved credential name +
source tag (was a hardcoded 'system_default'); 'Edit credentials' opens
the modal; 'Reconnect' calls POST /hosts/{id}/discovery:run (synchronous
OS discovery, bypasses the scan queue, validates the SSH credential; 502
surfaces a credential failure).
- EditHostModal: adds a 'Manage SSH credential' link into the same modal.
- export shared form pieces from CredentialMutations for reuse.
- frontend-host-detail spec v1.6.0: C-11, C-12, AC-40..AC-42 (+3 tests).
* docs(changelog): note credential editing + host credential management + Reconnect
* style(host-detail): apply prettier formatting
Copy file name to clipboardExpand all lines: frontend/src/api/schema.d.ts
+73-1Lines changed: 73 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -518,7 +518,11 @@ export interface paths {
518
518
delete: operations["deleteCredentialByID"];
519
519
options?: never;
520
520
head?: never;
521
-
patch?: never;
521
+
/**
522
+
* Update a credential in place
523
+
* @description Partial update of an existing active credential. Only the fields present in the body change; omitted fields are left untouched. Secret material (password, private_key, private_key_passphrase) is re-encrypted only when a non-empty value is supplied — omitting a secret keeps the stored ciphertext, so metadata can be edited without re-entering the key or password. scope and scope_id are immutable. Setting is_default=true on a system credential atomically demotes the previous system default.
0 commit comments