API token connection admin¶
The API token connection admin package allows you to assign an API token to a connection as a connection admin. This is a necessary step when:
- A connection is created through a workflow, run by a user
- You want to use an API token to programmatically administrate the connection or its assets (in particular, to manage policies in a persona)
More details
Since you must be a connection admin to manage policies, and the API token in such a scenario behaves as "you", the API token must be a connection admin. Yet unless the API token was used to create a connection in the first place (or run the workflow that created the connection), it will not be a connection admin.
So this package allows you to remedy that situation, by making the API token a connection admin for any such connection you choose.
Configuration¶
- Connection: the connection to which you want to add the API token as a connection admin.
- API token: name of the API token, as you see it in the Admin Center.
What it does¶
The connection will be updated to append the API token as a connection admin user. (It will not overwrite or otherwise replace the existing connection admin users, roles or groups.)
Only works if the user running the workflow is a connection admin
Be aware that this is only possible if the user running the workflow is themself a connection admin for the connection selected. If not, there will be a permission error and no change will be made to the connection. (In other words, this cannot be used to bypass security.)
How it works
- Retrieves the provided API token by its name.
- Retrieves the requested connection and its list of existing connection admins.
- Appends the API token to the list of existing connection admins, and send this updated list as an update to the connection.
If either (1) or (2) is not possible (for example, the object does not exist), the workflow will fail with an error indicating the problem.
As noted above, if the user themself does not have access to manage the connection admins, then (3) will fail the workflow with an error indicating this was the case.
On any workflow failure, no change will be made to the connection.