Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-06-04 01:18:20 +02:00
Code Issues Projects Releases Wiki Activity

feat: Remove create admin token from API (#9090)

Browse Source 
Admin tokens have been [deprecated in previous
versions](https://docs.getunleash.io/reference/api-tokens-and-client-keys#admin-tokens)
encouraging the usage of personal access tokens for better traceability
of changes within Unleash.

This removes the ability of creating them from the API
This commit is contained in:
Gastón Fournier 2025-01-13 14:49:56 +01:00 committed by GitHub
parent ce73190241
commit fea3d89fca
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 5 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/lib/types/experimental.ts
View File

@ -156,7 +156,7 @@ const flags: IFlags = {
), ),
adminTokenKillSwitch: parseEnvVarBoolean( adminTokenKillSwitch: parseEnvVarBoolean(
process.env.UNLEASH_EXPERIMENTAL_ADMIN_TOKEN_KILL_SWITCH, process.env.UNLEASH_EXPERIMENTAL_ADMIN_TOKEN_KILL_SWITCH,
false, true,
), ),
outdatedSdksBanner: parseEnvVarBoolean( outdatedSdksBanner: parseEnvVarBoolean(
process.env.UNLEASH_EXPERIMENTAL_OUTDATED_SDKS_BANNER, process.env.UNLEASH_EXPERIMENTAL_OUTDATED_SDKS_BANNER,

15
src/test/e2e/api/admin/api-token.auth.e2e.test.ts
View File

@ -7,7 +7,6 @@ import getLogger from '../../../fixtures/no-logger';
import { ApiTokenType } from '../../../../lib/types/models/api-token'; import { ApiTokenType } from '../../../../lib/types/models/api-token';
import { RoleName } from '../../../../lib/types/model'; import { RoleName } from '../../../../lib/types/model';
import { import {
ADMIN_TOKEN_USER,
CREATE_CLIENT_API_TOKEN, CREATE_CLIENT_API_TOKEN,
CREATE_PROJECT_API_TOKEN, CREATE_PROJECT_API_TOKEN,
DELETE_CLIENT_API_TOKEN, DELETE_CLIENT_API_TOKEN,
@ -195,7 +194,7 @@ test('Only token-admins should be allowed to create token', async () => {
await destroy(); await destroy();
}); });
test('Token-admin should be allowed to create token', async () => { test('Token-admin should not be allowed to create token', async () => {
expect.assertions(0); expect.assertions(0);
const preHook = (app, config, { userService, accessService }) => { const preHook = (app, config, { userService, accessService }) => {
@ -223,14 +222,12 @@ test('Token-admin should be allowed to create token', async () => {
type: 'admin', type: 'admin',
}) })
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.expect(201); .expect(403);
await destroy(); await destroy();
}); });
test('An admin token should be allowed to create a token', async () => { test('An admin should be forbidden to create an admin token', async () => {
expect.assertions(2);
const { request, destroy, services } = await setupAppWithAuth( const { request, destroy, services } = await setupAppWithAuth(
stores, stores,
undefined, undefined,
@ -256,11 +253,7 @@ test('An admin token should be allowed to create a token', async () => {
}) })
.set('Authorization', secret) .set('Authorization', secret)
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.expect(201); .expect(403);
const event = await getLastEvent();
expect(event.createdBy).toBe('default-admin');
expect(event.createdByUserId).toBe(ADMIN_TOKEN_USER.id);
await destroy(); await destroy();
}); });

113
src/test/e2e/api/admin/api-token.e2e.test.ts
View File

@ -65,62 +65,6 @@ test('creates new client token', async () => {
}); });
}); });
test('creates new admin token', async () => {
return app.request
.post('/api/admin/api-tokens')
.send({
username: 'default-admin',
type: 'admin',
})
.set('Content-Type', 'application/json')
.expect(201)
.expect((res) => {
expect(res.body.username).toBe('default-admin');
expect(res.body.tokenName).toBe(res.body.username);
expect(res.body.type).toBe('admin');
expect(res.body.environment).toBe(ALL);
expect(res.body.createdAt).toBeTruthy();
expect(res.body.expiresAt).toBeFalsy();
expect(res.body.secret.length > 16).toBe(true);
});
});
test('creates new ADMIN token should fix casing', async () => {
return app.request
.post('/api/admin/api-tokens')
.send({
username: 'default-admin',
type: 'ADMIN',
})
.set('Content-Type', 'application/json')
.expect(201)
.expect((res) => {
expect(res.body.username).toBe('default-admin');
expect(res.body.tokenName).toBe(res.body.username);
expect(res.body.type).toBe('admin');
expect(res.body.createdAt).toBeTruthy();
expect(res.body.expiresAt).toBeFalsy();
expect(res.body.secret.length > 16).toBe(true);
});
});
test('creates new admin token with expiry', async () => {
const expiresAt = new Date();
const expiresAtAsISOStr = JSON.parse(JSON.stringify(expiresAt));
return app.request
.post('/api/admin/api-tokens')
.send({
username: 'default-admin',
type: 'admin',
expiresAt,
})
.set('Content-Type', 'application/json')
.expect(201)
.expect((res) => {
expect(res.body.expiresAt).toBe(expiresAtAsISOStr);
});
});
test('update client token with expiry', async () => { test('update client token with expiry', async () => {
const tokenSecret = '*:environment.random-secret-update'; const tokenSecret = '*:environment.random-secret-update';
@ -312,32 +256,6 @@ test('should not create token for invalid environment', async () => {
}); });
}); });
test('should not create token for invalid project & environment', async () => {
return app.request
.post('/api/admin/api-tokens')
.send({
username: 'default-admin',
type: 'admin',
project: 'bogus-project-something',
environment: 'bogus-environment-something',
})
.set('Content-Type', 'application/json')
.expect(400);
});
test('admin token only supports ALL projects', async () => {
return app.request
.post('/api/admin/api-tokens')
.send({
username: 'default-admin',
type: 'admin',
project: 'default',
environment: '*',
})
.set('Content-Type', 'application/json')
.expect(400);
});
test('needs one of the username and tokenName properties set', async () => { test('needs one of the username and tokenName properties set', async () => {
return app.request return app.request
.post('/api/admin/api-tokens') .post('/api/admin/api-tokens')
@ -349,24 +267,6 @@ test('needs one of the username and tokenName properties set', async () => {
.expect(400); .expect(400);
}); });
test('can create with tokenName only', async () => {
return app.request
.post('/api/admin/api-tokens')
.send({
tokenName: 'default-admin',
type: 'admin',
environment: '*',
})
.set('Content-Type', 'application/json')
.expect(201)
.expect((res) => {
expect(res.body.type).toBe('admin');
expect(res.body.secret.length > 16).toBe(true);
expect(res.body.username).toBe('default-admin');
expect(res.body.tokenName).toBe('default-admin');
});
});
test('only one of tokenName and username can be set', async () => { test('only one of tokenName and username can be set', async () => {
return app.request return app.request
.post('/api/admin/api-tokens') .post('/api/admin/api-tokens')
@ -380,19 +280,6 @@ test('only one of tokenName and username can be set', async () => {
.expect(400); .expect(400);
}); });
test('admin token only supports ALL environments', async () => {
return app.request
.post('/api/admin/api-tokens')
.send({
username: 'default-admin',
type: 'admin',
project: '*',
environment: DEFAULT_ENV,
})
.set('Content-Type', 'application/json')
.expect(400);
});
test('client tokens cannot span all environments', async () => { test('client tokens cannot span all environments', async () => {
return app.request return app.request
.post('/api/admin/api-tokens') .post('/api/admin/api-tokens')