Skip to content

Feat: API Keys CRUD and use it for authentication and authorisation #1782

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 21 commits into from
Jun 7, 2022
Merged

Feat: API Keys CRUD and use it for authentication and authorisation #1782

merged 21 commits into from
Jun 7, 2022

Conversation

@manish-agrawal-ai
Copy link
Contributor

@manish-agrawal-ai manish-agrawal-ai commented May 30, 2022
edited
Loading

Description

API key authentication for Devtron APIs so that users have more flexibility in integrating and interacting with devtron APIs.

Fixes #1344

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update
  • Refactoring

How Has This Been Tested?

  1. By hitting CRUD for api-tokens
  2. API-tokens users should not get visible on users page
  3. Authentication and Authorisation should work fine

Checklist:

  • The title of the PR states what changed and the related issues number (used for the release note).
  • Does this PR require documentation updates?
  • I've updated documentation as required by this PR.
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas

@gitguardian
Copy link

gitguardian bot commented May 31, 2022
edited
Loading

⚠️ GitGuardian has uncovered 2 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request
GitGuardian id Secret Commit Filename
2647264 Generic High Entropy Secret ffb2478 charts/devtron/templates/dex.yaml View secret
141558 Generic High Entropy Secret 13b0a1d scripts/devtron-reference-helm-charts/reference-chart_3-2-0/env-values.yaml View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secrets safely. Learn here the best practices.
  3. Revoke and rotate these secrets.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Our GitHub checks need improvements? Share your feedbacks!

@manish-agrawal-ai manish-agrawal-ai changed the title Issue 1344 Feat: API Keys CRUD and use it for authentication and authorisation May 31, 2022
@manish-agrawal-ai
Merge branch 'main' into issue_1344
13b0a1d
@manish-agrawal-ai
Merge branch 'main' into issue_1344
3fc8206
@manish-agrawal-ai
renamed
7c3bb28
@manish-agrawal-ai
fix : Name should be reusable if API-token is deleted
147e18d
@manish-agrawal-ai
code comments incorporate :
a71ee49 
1) added validation : name can not have whitespace and comma while creating api-token
2) api-token email prefix capital
3) moved RBAC before validations in rest handler of api-token
4) user audit table
@manish-agrawal-ai
code comment incorporate :
cd58992 
1) using attributes table/service/repo to store secret
@manish-agrawal-ai
wiring fix
d4c93c2
@manish-agrawal-ai
fix
381324e
@manish-agrawal-ai
Merge branch 'main' into issue_1344
339a844
@manish-agrawal-ai
sql file number changed
f98d0a8
@manish-agrawal-ai
some fields added in crud apis
33beb73
@nishant-d nishant-d merged commit c45f21b into main Jun 7, 2022
@nishant-d nishant-d deleted the issue_1344 branch June 7, 2022 08:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@nishant-d nishant-d nishant-d approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BE] Devtron APIs authentication using API keys

3 participants

@manish-agrawal-ai @nishant-d