Problem
The instance_query_endpoint_upsert API endpoint is an upsert — calling cloud service query-endpoint create --open-api-key K2 on a service that already has K1 authorized replaces the config, so K1 loses access.
Discovered while working on #115 (the new cloud service query command). A user adding a second key expects to keep the first.
Proposed behaviour
cloud service query-endpoint create should:
- First fetch the existing endpoint (if any).
- Union the provided
--open-api-key, --role and --allowed-origins values with what's already there.
- Upsert the merged config.
Add a --replace flag for the current clobber behaviour. Alternatively rename `create` to `upsert` or add a sibling `update` that is explicitly additive.
Related
Problem
The
instance_query_endpoint_upsertAPI endpoint is an upsert — callingcloud service query-endpoint create --open-api-key K2on a service that already has K1 authorized replaces the config, so K1 loses access.Discovered while working on #115 (the new
cloud service querycommand). A user adding a second key expects to keep the first.Proposed behaviour
cloud service query-endpoint createshould:--open-api-key,--roleand--allowed-originsvalues with what's already there.Add a
--replaceflag for the current clobber behaviour. Alternatively rename `create` to `upsert` or add a sibling `update` that is explicitly additive.Related