[#432] Implement credentials deletion and generation #446
Conversation
|
What about regenerating a customer secret on an existing credential? |
Approve AppI am not sure, but I believe you may be adding "approve" into this PR which are used for API Providers to approve credentials from developers. This should not be done since the API provider may set up manual approvals on an API Product, and with this change the developer could self approve the app. Check out what the internal portal is doing. They do not let users delete or approve credentials (they use "key" instead of "credentials" for this entity):
Generate CredentialsIt seems odd to have a tab to create a new credential versus an add button. |
|
@cnovak OK so we remove approve and keep revoke or do we make revoke the delete action? |
|
@arshad here are details for you: Add Credentials
Approve
RevokeWhen a credential is revoked, it should follow the integrated portal concept of hiding the revoked credentials when you open the page. There should be a way to see revoked keys:
Delete
|
|
@cnovak Thanks. I'll make the changes. Question about the following:
OK so when a user adds new credentials, we use the API products from the app? What if we have two credentials with different products on the same app? On the portal, API products are listed separately from API keys (which makes it look like API products are tied to the app and not keys). But on both the Drupal portal and Edge UI, each key lists its own products. Integrated Portal
Drupal
Edge
|
|
@arshad I would use the API products of the first cred as the default, but let me circle back with the Apigee team to check. |
|
@arshad We should take the API products from the most recently created credential that is active (not revoked or expired), and have those as the default products for new creds. There is a |
# Conflicts: # .circleci/RoboFile.php # apigee_edge.module # modules/apigee_edge_teams/src/Entity/TeamApp.php # modules/apigee_edge_teams/src/Entity/TeamAppRouteProvider.php # src/Entity/DeveloperApp.php # src/Entity/DeveloperAppRouteProvider.php
|
All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the ℹ️ Googlers: Go here for more info. |
googlebot
added
cla: no
|
@googlebot I consent |
|
CLAs look good, thanks! ℹ️ Googlers: Go here for more info. |
googlebot
added
cla: yes
|
@arshad @arlina-espinoza I also made related fix in the Kickstarter apigee/apigee-devportal-kickstart-drupal#408 |
|
All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the ℹ️ Googlers: Go here for more info. |
googlebot
added
cla: no
|
@googlebot I consent. |
|
CLAs look good, thanks! ℹ️ Googlers: Go here for more info. |
googlebot
added
cla: yes
arlina-espinoza
force-pushed
the
432-api-keys
branch
from
378eba3 to
92ea96e
Compare
There was a problem hiding this comment.
Thanks @arshad . I've manually tested this PR and it all looks really good 💯
I only pushed an additional change after the latest conversation with the Apigee team, about the default permissions upon installing: developers should be able to add/revoke keys and edit api products in their own apps, and the same for team admins for their team apps. So the change was to add "edit_api_products developer_app" to the hook install/update.
|
@arshad I've fixed the new functional tests so that they are able to run both with mocks and as integration tests. As part of it, I removed the static app name and consumer key, so that they are able to run (possible concurrently) against the remote API. |
Fixes #432
This PR implements credential generation, status update (revoke/approve) and deletion for key rotation.
[Update: Deleted outdated screenshots]