-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add task to create new public api keys #5826
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## develop #5826 +/- ##
========================================
Coverage 85.77% 85.77%
========================================
Files 81 81
Lines 8624 8624
========================================
Hits 7397 7397
Misses 1227 1227 ☔ View full report in Codecov by Sentry. |
05f43ba
to
89914d8
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Finalize FEC_EMAIL we want to use while creating a API keys. Currently we use webappalerts@fec.gov to create API keys in the umbrella.
- Use the existing
cms-creds-dev
service instead of creating a new one - Add the API key creation instructions to a wiki
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tmpayton All the key/value pairs are exposed in api logs. We should update the logger to debug or remove these two lines of code. Your thoughts?
@pkfec thank you for the review, I implemented your changes! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @tmpayton for writing up a script to create keys programmatically. API key creation script works perfect!
Summary (required)
This ticket adds a the new
update_public_api_key
task. The PMs decided that this task should only create a new API key and add it to our environment variables. After that, the developer can manually re-stage the app and disable the old key. Here is the wiki page.The new command is:
cf run-task api --command "python cli.py update_public_api_key <space> <service_instance> '$(< token.txt)' <first_rate_limit> <first_rate_limit_duration> <second_rate_limit> <second_rate_limit_duration>" --name update_public_api_key
The arguments are:
space
: [Required] the space that you want to updateservice_instance
: [Required] the user provided service you want to updatetoken
: [Required] your cf oath tokenfirst_rate_limit
: [Optional] the limit of the first rate limit on the new keyfirst_rate_limit_duration
[Optional] the duration of the first rate limit on the new keysecond_rate_limit
[Optional] the limit of the second rate limit on the new keysecond_rate_limit_duration
[Optional] the duration of the second rate limit on the new keyA typical example would be:
cf run-task api --command "python cli.py update_public_api_key dev tricia-test '$(< token.txt)' " --name update_public_api_key
I also added these new environment variables:
FEC_EMAIL
: currently set to my email for testing purposes, I'll change this once testing is completedUMBRELLA_ADMIN_AUTH_TOKEN
: Auth token to access API UmbrellaRequired reviewers 2 - 3 developers
Impacted areas of the application
General components of the application that this PR will affect:
How to test
Locally:
git checkout test-create-api-key
pyenv activate <your virtual environment>
SLACK_HOOK
,UMBRELLA_ADMIN_AUTH_TOKEN
,FEC_EMAIL
,FEC_WEB_API_KEY_PUBLIC
cf login -a api.fr.cloud.gov --sso
(space does not matter when testing locally)cf oauth-token > token.txt
python cli.py update_public_api_key dev tricia-test "$(< token.txt)"
On Dev:
cf login -a api.fr.cloud.gov --sso
cf oauth-token > token.txt
cf run-task api --command "python cli.py update_public_api_key dev tricia-test '$(< token.txt)' " --name update_public_api_key
NOTE: Cf tokens last for about 4 minutes before needing another one