Manage public functions
Important
This is a closed beta release program.
Beta features should be considered “in development” and may not be fully supported or complete.
Beta programs are invaluable for helping to validate the value and impact of features through feedback and insights. If you would like to participate in beta programs and access this feature, please contact your Customer Success representative.
Overview
Public functions use the same artifact definition as Skedulo functions with an unauthenticated section that defines an executionRole. This defines the permissions that the public function will possess.
When creating a public function, a user will be created and assigned this role. Any changes that the function makes will be tracked against this user.
It is important that this user is not deactivated, or the role deleted, as this will cause the public function to stop working.
It is safe to change the permissions of the execution role, or to update the function to use a different role.
Manage the execution role
The public function will run using a short-lived token that will be generated each time the function is called. The token will have the permissions defined in the execution role.
The execution role must be a custom role.
Important
Public functions must not use a standard role (Administrator, Scheduler, or Resource).We recommend the following when configuring your public function’s execution role:
-
Create a dedicated role for your function with a meaningful name and description.
-
Limit the permissions of this role to the minimum set of permissions that the function needs.
skedulo.tenant.extension.packages.view is a mandatory permission for all public functions.
In addition, for a token that needs to view and update custom objects, custom fields, or standard resources such as Jobs etc., the skedulo.tenant.data.view and skedulo.tenant.data.modify permissions will usually be enough.
Create the execution role
To create or update the role, do the following:
- Run
sked artifacts user-role upsert -f my-function-role.jsonwheremy-function-role.jsonlooks something like:
{
"metadata": {
"type": "UserRole"
},
"name": "My Function Role",
"description": "Execution role for My Function",
"custom":true,
"permissionPatterns": [
"skedulo.tenant.data.modify",
"skedulo.tenant.data.view",
"skedulo.tenant.extension.packages.view"
]
}
Create or update a public function
To create a public function, do the following steps:
- Create the initial function definition by running the following command:
sked function generate --name=my-function --outputdir=.
-
Develop the connected function.
-
Ensure the
state.jsonfile has the following elements:
{
"type": "Function",
"content": "./src",
"functionName": "my-function",
"unauthenticated": {
"executionRole": "My Function Role"
}
}
- Run the following command:
cd my-function
sked artifacts function upsert -f state.json --wait 120
List public functions
To obtain a list of all public functions in your team, run the following command:
sked artifacts function list
The authenticated and unauthenticated URLs to access each function is listed.
Delete public functions
To delete a public function, run the following command:
sked artifacts function delete --name my-function
Feedback
Was this page helpful?