Fixes 19755: Publish app config with status

[sushi30]

Describe your changes:

Publish appConfig as part of the status for ingestion pipelines.

Delivers #19755

Type of change:

• Bug fix
• Improvement
• New feature
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation

Checklist:

• I have read the CONTRIBUTING document.
• My PR title is Fixes <issue-number>: <short explanation>
• I have commented on my code, particularly in hard-to-understand areas.
• For JSON Schema changes: I updated the migration scripts or explained why it is not needed.

[pmbrull]

will this mask all the secrets when serialized? what about when we try to create a service from a YAML?

[sushi30]

It will only marked fields marked as secret like passwords, tokens etc.. Not the whole service. We can add more complex for things like service connections if we want to handle them differently.

For example this password field.

[pmbrull]

for now i would at least keep the option to see if storeCreds: true/false in the workflow config and control the secrets. If we were to create a service from a YAML with this config, the server would just receive ****

[sushi30]

In this case we are dumping the configuration and sending it to the DB but we don't necessarily want to handle secrets. There should not be any secrets in appConfig but having this kind of functionality makes it future-proof so that if something sneaks in there it will be masked.

I don't think this functionality should be used for managing the workflow configuration.

Are you suggesting to dump everything in plaintext for this use-case?

[pmbrull]

what I'm thinking is that our model_dump_json() should accept an extra parameter to mask or not secrets on-demand. For the appConfig you mention, we can add the logic to mask=True while keeping a default mask=False for any other request so far, or at least for our POST in the ometa_api

[sushi30]

addressed here