From 46d3c3cab4210439d13fcfe6044cb3019497adc2 Mon Sep 17 00:00:00 2001
From: David Leek <david@getunleash.io>
Date: Wed, 7 May 2025 15:12:33 +0200
Subject: [PATCH] chore: clean up tests, fix admin type validation, projects*
 tests

---
 .../openapi/spec/create-api-token-schema.ts   | 17 +----------------
 src/lib/routes/admin-api/api-token.ts         |  5 -----
 src/lib/schema/api-token-schema.test.ts       |  4 ++--
 src/lib/schema/api-token-schema.ts            |  7 +------
 .../e2e/api/admin/api-token.auth.e2e.test.ts  |  3 ---
 src/test/e2e/api/admin/api-token.e2e.test.ts  | 19 ++++++-------------
 6 files changed, 10 insertions(+), 45 deletions(-)

diff --git a/src/lib/openapi/spec/create-api-token-schema.ts b/src/lib/openapi/spec/create-api-token-schema.ts
index 05fa3f13bc..9f7542e209 100644
--- a/src/lib/openapi/spec/create-api-token-schema.ts
+++ b/src/lib/openapi/spec/create-api-token-schema.ts
@@ -1,17 +1,5 @@
 import type { FromSchema } from 'json-schema-to-ts';
 import { mergeAllOfs } from '../util/all-of';
-const adminSchema = {
-    required: ['type'],
-    type: 'object',
-    properties: {
-        type: {
-            type: 'string',
-            pattern: '^[Aa][Dd][Mm][Ii][Nn]$',
-            description: `An admin token. Must be the string "admin" (not case sensitive).`,
-            example: 'admin',
-        },
-    },
-} as const;
 
 const tokenNameSchema = {
     type: 'object',
@@ -86,10 +74,7 @@ export const createApiTokenSchema = {
     type: 'object',
     description:
         'The data required to create an [Unleash API token](https://docs.getunleash.io/reference/api-tokens-and-client-keys).',
-    oneOf: [
-        mergeAllOfs([expireSchema, adminSchema, tokenNameSchema]),
-        mergeAllOfs([expireSchema, clientFrontendSchema, tokenNameSchema]),
-    ],
+    oneOf: [mergeAllOfs([expireSchema, clientFrontendSchema, tokenNameSchema])],
     components: {},
 } as const;
 
diff --git a/src/lib/routes/admin-api/api-token.ts b/src/lib/routes/admin-api/api-token.ts
index d5714bbccb..7ac4f8fb5b 100644
--- a/src/lib/routes/admin-api/api-token.ts
+++ b/src/lib/routes/admin-api/api-token.ts
@@ -307,11 +307,6 @@ export class ApiTokenController extends Controller {
         const permissionRequired = tokenTypeToCreatePermission(
             createToken.type,
         );
-        if (createToken.type.toUpperCase() === 'ADMIN') {
-            throw new OperationDeniedError(
-                `Admin tokens are disabled in this instance. Use a Service account or a PAT to access admin operations instead`,
-            );
-        }
         const hasPermission = await this.accessService.hasPermission(
             req.user,
             permissionRequired,
diff --git a/src/lib/schema/api-token-schema.test.ts b/src/lib/schema/api-token-schema.test.ts
index 57d9c3d00f..00115b06c7 100644
--- a/src/lib/schema/api-token-schema.test.ts
+++ b/src/lib/schema/api-token-schema.test.ts
@@ -24,7 +24,7 @@ test('should not have default project set if projects is present', async () => {
     expect(token.project).not.toBeDefined();
 });
 
-test('should have project set to default if projects is missing', async () => {
+test('should have a projects entry consisting of ALL if projects is missing', async () => {
     const token = await createApiToken.validateAsync({
         tokenName: 'test',
         type: 'client',
@@ -32,7 +32,7 @@ test('should have project set to default if projects is missing', async () => {
     expect(token.projects).toMatchObject([ALL]);
 });
 
-test('should not have project set if project is present', async () => {
+test('should not have project set after validation if project is present', async () => {
     const token = await createApiToken.validateAsync({
         tokenName: 'test',
         type: 'client',
diff --git a/src/lib/schema/api-token-schema.ts b/src/lib/schema/api-token-schema.ts
index 7a70965a28..77f9337c8a 100644
--- a/src/lib/schema/api-token-schema.ts
+++ b/src/lib/schema/api-token-schema.ts
@@ -12,16 +12,11 @@ export const createApiToken = joi
             .required()
             .valid(ApiTokenType.CLIENT, ApiTokenType.FRONTEND),
         expiresAt: joi.date().optional(),
-        project: joi.when('projects', {
-            not: joi.required(),
-            then: joi.string().optional().default(ALL),
-        }),
-        projects: joi.array().min(0).optional(),
+        projects: joi.array().min(0).optional().default([ALL]),
         environment: joi.when('type', {
             is: joi.string().valid(ApiTokenType.CLIENT, ApiTokenType.FRONTEND),
             then: joi.string().optional().default(DEFAULT_ENV),
             otherwise: joi.string().optional().default(ALL),
         }),
     })
-    .nand('project', 'projects')
     .options({ stripUnknown: true, allowUnknown: false, abortEarly: false });
diff --git a/src/test/e2e/api/admin/api-token.auth.e2e.test.ts b/src/test/e2e/api/admin/api-token.auth.e2e.test.ts
index 33bf4cea43..61b04cd9f6 100644
--- a/src/test/e2e/api/admin/api-token.auth.e2e.test.ts
+++ b/src/test/e2e/api/admin/api-token.auth.e2e.test.ts
@@ -241,9 +241,6 @@ test('A role with only CREATE_PROJECT_API_TOKEN can create project tokens', asyn
             type: 'client',
         })
         .set('Content-Type', 'application/json')
-        .expect((res) => {
-            console.log(res.body);
-        })
         .expect(201);
     await destroy();
 });
diff --git a/src/test/e2e/api/admin/api-token.e2e.test.ts b/src/test/e2e/api/admin/api-token.e2e.test.ts
index 4c549a2592..88dc57adfa 100644
--- a/src/test/e2e/api/admin/api-token.e2e.test.ts
+++ b/src/test/e2e/api/admin/api-token.e2e.test.ts
@@ -176,7 +176,7 @@ test('creates new client token with project & environment set', async () => {
         .send({
             tokenName: 'default-client',
             type: 'client',
-            project: 'default',
+            projects: ['default'],
             environment: DEFAULT_ENV,
         })
         .set('Content-Type', 'application/json')
@@ -209,7 +209,7 @@ test('should prefix token with "project:environment."', async () => {
         .send({
             tokenName: 'default-client',
             type: 'client',
-            project: 'default',
+            projects: ['default'],
             environment: DEFAULT_ENV,
         })
         .set('Content-Type', 'application/json')
@@ -225,7 +225,7 @@ test('should not create token for invalid projectId', async () => {
         .send({
             tokenName: 'default-client',
             type: 'client',
-            project: 'bogus-project-something',
+            projects: ['bogus-project-something'],
         })
         .set('Content-Type', 'application/json')
         .expect(400)
@@ -264,19 +264,15 @@ test('needs tokenName property set', async () => {
         .expect(400);
 });
 
-test('username can not be set', async () => {
+test('can not create token with admin type', async () => {
     return app.request
         .post('/api/admin/api-tokens')
         .send({
-            username: 'default-client-name',
-            tokenName: 'default-token-name',
-            type: 'client',
+            tokenName: 'default-client',
+            type: 'admin',
             environment: '*',
         })
         .set('Content-Type', 'application/json')
-        .expect((res) => {
-            console.log(res.body);
-        })
         .expect(400);
 });
 
@@ -307,9 +303,6 @@ test('should create token for disabled environment', async () => {
             environment: 'disabledEnvironment',
         })
         .set('Content-Type', 'application/json')
-        .expect((res) => {
-            console.log(res.body);
-        })
         .expect(201);
 });