Skip to content

Commit

Permalink
feat: add api key owner listing flag
Browse files Browse the repository at this point in the history
fixes #395
  • Loading branch information
gabizou committed Oct 16, 2024
1 parent 6a6af68 commit 4cc9fda
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 3 deletions.
20 changes: 20 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,13 @@ tcld apikey create --name <api-key-name> --description <api-key-description> --d
```
tcld apikey list
```

### List API keys for a specific owner (service account or user):
Note: only Global Admins may list API keys for other users/service accounts.
```
tcld apikey list --owner-id <owner-id>
```

### Delete an API Key:
```
tcld apikey delete --id <api-key-id>
Expand All @@ -75,6 +82,8 @@ tcld apikey enable --id <api-key-id>
```

### Performing an API Key rotation:

#### Current User Specific Rotation
1. Generate the new API key to rotate to.
```
tcld apikey create --name <api-key-name> --description <api-key-description> --duration <api-key-duration>
Expand All @@ -85,6 +94,17 @@ tcld apikey create --name <api-key-name> --description <api-key-description> --d
tcld apikey delete --id <api-key-id>
```

#### Service Account Specific Rotation
1. Generate the new API key to rotate to.
```
tcld apikey create --name <api-key-name> --description <api-key-description> --duration <api-key-duration> --service-account-id <service-account-id>
```
2. Update temporal clients to use the new API key and monitor deployments to make sure all old API key usage is gone.
3. Delete the old API key.
```
tcld apikey delete --id <api-key-id>
```

# Namespace Management

### List namespaces user has access to:
Expand Down
19 changes: 16 additions & 3 deletions app/apikey.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,10 @@ import (
"github.com/urfave/cli/v2"
)

const (
ownerIDFlagName = "owner-id"
)

type (
APIKeyClient struct {
client authservice.AuthServiceClient
Expand Down Expand Up @@ -85,12 +89,13 @@ func (s *APIKeyClient) createServiceAccountAPIKey(
return PrintProto(resp)
}

func (s *APIKeyClient) listAPIKey() error {
func (s *APIKeyClient) listAPIKey(ownerID string) error {

totalRes := &authservice.GetAPIKeysResponse{}
pageToken := ""
for {
resp, err := s.client.GetAPIKeys(s.ctx, &authservice.GetAPIKeysRequest{
OwnerId: ownerID,
PageToken: pageToken,
})
if err != nil {
Expand Down Expand Up @@ -258,9 +263,17 @@ func NewAPIKeyCommand(getAPIKeyClientFn GetAPIKeyClientFn) (CommandOut, error) {
Name: "list",
Usage: "List apikeys",
Aliases: []string{"l"},
Flags: []cli.Flag{},
Flags: []cli.Flag{
&cli.StringFlag{
Name: ownerIDFlagName,
Usage: "The owner id of the API Keys to list",
Aliases: []string{"oid"},
},
},
Action: func(ctx *cli.Context) error {
return c.listAPIKey()
return c.listAPIKey(
ctx.String(ownerIDFlagName),
)
},
},
{
Expand Down
8 changes: 8 additions & 0 deletions app/apikey_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,14 @@ func (s *APIKeyTestSuite) TestList() {
},
}, nil).Times(1)
s.NoError(s.RunCmd("apikey", "list"))
s.mockAuthService.EXPECT().GetAPIKeys(gomock.Any(), gomock.Any()).Return(&authservice.GetAPIKeysResponse{
ApiKeys: []*auth.APIKey{
{
Id: "test-apikey-id-1",
},
},
}, nil).Times(1)
s.NoError(s.RunCmd("apikey", "list", "--owner-id", "ownerID"))
}

func (s *APIKeyTestSuite) TestCreate() {
Expand Down

0 comments on commit 4cc9fda

Please sign in to comment.