feat(key-auth) add endpoint to list all key-auths #2955
Conversation
There was a problem hiding this comment.
Hi,
Thank you for giving this a try! This is a feature we are very interested in. If you are willing to work this us on updating this PR, we would gladly accept it.
I gave some suggestions on the endpoints themselves. We will also require of you that you write tests for these new endpoints. Those tests will have to belong to the key-auth plugin test suite.
Thank you!
kong/plugins/key-auth/api.lua
Outdated
| @@ -52,5 +52,10 @@ return { | |||
| DELETE = function(self, dao_factory) | |||
| crud.delete(self.keyauth_credential, dao_factory.keyauth_credentials) | |||
| end | |||
| }, | |||
| ["/plugins/key-auth/consumers"] = { | |||
There was a problem hiding this comment.
It seems to me like the intent of such an endpoint is to retrieve a paginated list key-auth credentials. One of the use-cases that this solves is "retrieving a particular key-auth in order to read it's consumer_id and retrieve the Consumer associated with a key-auth credential" (as the title of this PR suggests). I think this would mean that users need to make the following request:
/plugins/key-auth/consumers?id=...
or
/plugins/key-auth/consumers?key=...
However, such a request could only return a single result, as a key-auth credential can only be associated with a single Consumer. Additionally, the current implementation seems to return key-auth credential, and makes forces the client to make a subsequent request to retrieve the full Consumer entity. Finally, the URL of this request is confusing in the sense that user isn't sure if the response will be a list of Plugins, key-auth, or Consumers...
If we want to add both a paginated set of all key-auth credentials, and the ability to retrieve the Consumer associated with a credential, it might be friendlier and more appropriate (RESTful) to solve those two requirements with two endpoints:
/key-auth/
/consumers/key-auth/:credential_key_or_id
The reasoning is that in our RESTful interface, we try to prefix a resource's endpoint with the type of entities the endpoint will return. The first endpoint returns a list of key-auth credentials. The second one directly returns a single Consumer associated with this credential (or 404 Not Found) without the need for the client to send 2 requests (the first one for the key-auth credential, and the next one to finally request the Consumer from the retrieved consumer_id).
What do you think?
That'd be great too! The endpoint could relate to the one I suggested in my review, which would get us 2 new endpoints:
We are also interested similar endpoints for the ACL, basic-auth, hmac and JWT plugins if they do not exist yet! But let's process step-by-step. We should keep the scope of this PR limited to the key-auth plugin only :) We will gladly accept more contributions for other credentials-based plugins once we're square on this first plugin.
Great! |
|
@thibaultcha Thanks a lot for the feedback.
Thoughts? I'll try to get this into a good shape and once we're done here, we can take on other plugins as well. |
|
@hbagdi Yes, sorry, I meant
Am I missing anything? |
|
Sounds good to me. So, this PR will add the following:
I'm done with 2 and half of 1 (need filtering). Thanks for being prompt! |
hbagdi
force-pushed
the
list-consumer-keys
branch
2 times, most recently
from
3b198a1 to
bd3d64e
Compare
|
@thibaultcha I've updated the PR to reflect our discussion. |
| @@ -310,4 +311,117 @@ describe("Plugin: key-auth (API)", function() | |||
| assert.equal(key_name, body.config.key_names[1]) | |||
| end) | |||
| end) | |||
| describe("/Key-auth", function() | |||
There was a problem hiding this comment.
Please name this test suite as per the endpoint (not capitalized): /key-auth
| method = "GET", | ||
| path = "/key-auth", | ||
| body = { | ||
| consumer_id = consumer.id |
There was a problem hiding this comment.
I think this might be the same test case as above ("/key-auth?consumer_id=" .. consumer.id) with a different syntax allowed by lua-resty-http/our spec helpers? If not, then GET requests shouldn't contain a body anyways. Better remove this test-case regardless: it's either a duplicate of the above one, or a use-case we don't wish to support (and that should be fixed and tested in lua-resty-http or our helpers functions)
| method = "GET", | ||
| path = "/key-auth", | ||
| body = { | ||
| consumer_id = utils.uuid() |
There was a problem hiding this comment.
ditto, please specify URI arguments with the following syntax to avoid confusion:
path = "/key-auth?consumer_id=" .. utils.uuid()| end) | ||
| describe("/key-auth/:credential_key_or_id/consumer", function() | ||
| describe("GET", function() | ||
| local credential; |
There was a problem hiding this comment.
style: please remove this semicolon
| it("retrieve all the key-auths", function() | ||
| local res = assert(admin_client:send { | ||
| method = "GET", | ||
| path = "/key-auth" |
There was a problem hiding this comment.
Could we add a test case with a URI containing a trailing slash (/key-auth/)? We've had issues with our Lapis routes and trailing slashes in the last few months and we want to avoid it from happening again. A test will help prevent that :) Thanks!
kong/plugins/key-auth/api.lua
Outdated
| self.params.username_or_id = credentials[1].consumer_id | ||
| crud.find_consumer_by_username_or_id(self, dao_factory, helpers) | ||
| end, | ||
| GET = function(self, dao_factory,helpers) |
There was a problem hiding this comment.
style: we are missing a single line jump above this handler declaration (see other handlers in this file)
| it("returns 404 for a random id", function() | ||
| local res = assert(admin_client:send { | ||
| method = "GET", | ||
| path = "/key-auth/" .. utils.uuid() .. "/consumer" |
There was a problem hiding this comment.
Could we also add a test case with some non-UUID garbage? The reason is that if the value is not recognized as a valid UUID, then the admin API will treat it as the credential key. We need to make sure a non-existing key also returns HTTP 404. Thanks!
| local json = cjson.decode(body) | ||
| assert.same(consumer,json) | ||
| end) | ||
| it("retrieve consumer from a keyid", function() |
There was a problem hiding this comment.
It seems this test should rather be named: "retrieves a Consumer from a credential's 'key'"
hbagdi
force-pushed
the
list-consumer-keys
branch
2 times, most recently
from
7b902aa to
e9e6bc1
Compare
|
@thibaultcha I've added and corrected the tests. |
| it("retrieve all the key-auths", function() | ||
| local res = assert(admin_client:send { | ||
| method = "GET", | ||
| path = "/key-auth/" |
There was a problem hiding this comment.
We should test with, and without the trailing slash here is what I meant :) Sorry if it wasn't clear in my previous comment!
There was a problem hiding this comment.
@thibaultcha Sorry, my bad. I intended to do what you suggested but it somehow ended up being something else; fixed it.
hbagdi
force-pushed
the
list-consumer-keys
branch
from
e9e6bc1 to
4eceb7e
Compare
|
@thibaultcha having the endpoint as |
hbagdi
changed the title
hbagdi
changed the title
hbagdi
changed the title
Hmmm yeah, probably. This would stay consistent with the If you update this PR to use the plural form you suggested, I don't see any further blockers to merge it. Thanks! |
thibaultcha
added
the
pr/changes requested
|
@thibaultcha I'll send PRs for similar endpoints for JWT and hmac soon then. |
* `/key-auths/` to paginate through key-auth credentials * `/key-auths/:credential_key_or_id/consumer` to retrieve the Consumer associated with a credential From #2955 Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
|
Manually merged to master with an updated commit message and some minor edits, including a new test ensuring the This is awesome, thank you very much for giving a stab at those! Onwards to JWT, basic-auth, and acls 😉 |
|
@hbagdi Oh, I was almost forgetting: will you also contribute the appropriate documentation on our open source docs repository: https://github.com/Kong/getkong.org/ ? Would be greatly appreciated! You can find the key-auth plugin documentation here: https://getkong.org/plugins/key-authentication/ with, in the sidebar, some anchors that lead to various sections of the page describing the additional endpoints provided by this plugin. Maybe 2 more sections would be appropriate here:
We do value complete contributions including code, tests and documentation :) |
|
@thibaultcha I did have documentation on mind. I'll send out a PR soon. |
Two new endpoints have been added to the key-auth plugin: * `/key-auths/` to paginate through key-auth credentials * `/key-auths/:credential_key_or_id/consumer` to retrieve the Consumer associated with a credential See: Kong/kong#2955
Two new endpoints have been added to the key-auth plugin: * `/key-auths/` to paginate through key-auth credentials * `/key-auths/:credential_key_or_id/consumer` to retrieve the Consumer associated with a credential See: Kong/kong#2955
Two new endpoints have been added to the key-auth plugin: * `/key-auths/` to paginate through key-auth credentials * `/key-auths/:credential_key_or_id/consumer` to retrieve the Consumer associated with a credential See: Kong/kong#2955
Two new endpoints have been added to the key-auth plugin: * `/key-auths/` to paginate through key-auth credentials * `/key-auths/:credential_key_or_id/consumer` to retrieve the Consumer associated with a credential See: Kong/kong#2955
Two new endpoints have been added to the key-auth plugin: * `/key-auths/` to paginate through key-auth credentials * `/key-auths/:credential_key_or_id/consumer` to retrieve the Consumer associated with a credential See: Kong/kong#2955
Two new endpoints have been added to the key-auth plugin: * `/key-auths/` to paginate through key-auth credentials * `/key-auths/:credential_key_or_id/consumer` to retrieve the Consumer associated with a credential See: Kong/kong#2955
Two new endpoints have been added to the key-auth plugin: * `/key-auths/` to paginate through key-auth credentials * `/key-auths/:credential_key_or_id/consumer` to retrieve the Consumer associated with a credential See: Kong/kong#2955
Two new endpoints have been added to the key-auth plugin: * `/key-auths/` to paginate through key-auth credentials * `/key-auths/:credential_key_or_id/consumer` to retrieve the Consumer associated with a credential See: Kong/kong#2955
Two new endpoints have been added to the key-auth plugin: * `/key-auths/` to paginate through key-auth credentials * `/key-auths/:credential_key_or_id/consumer` to retrieve the Consumer associated with a credential See: Kong/kong#2955
Two new endpoints have been added to the key-auth plugin: * `/key-auths/` to paginate through key-auth credentials * `/key-auths/:credential_key_or_id/consumer` to retrieve the Consumer associated with a credential See: Kong/kong#2955
Two new endpoints have been added to the key-auth plugin: * `/key-auths/` to paginate through key-auth credentials * `/key-auths/:credential_key_or_id/consumer` to retrieve the Consumer associated with a credential See: Kong/kong#2955
Two new endpoints have been added to the key-auth plugin: * `/key-auths/` to paginate through key-auth credentials * `/key-auths/:credential_key_or_id/consumer` to retrieve the Consumer associated with a credential See: Kong/kong#2955 From: #546 Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
Two new endpoints have been added to the key-auth plugin: * `/key-auths/` to paginate through key-auth credentials * `/key-auths/:credential_key_or_id/consumer` to retrieve the Consumer associated with a credential See: Kong/kong#2955 From: #546 Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
Two new endpoints have been added to the key-auth plugin: * `/key-auths/` to paginate through key-auth credentials * `/key-auths/:credential_key_or_id/consumer` to retrieve the Consumer associated with a credential See: Kong/kong#2955 From: #546 Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
Summary
Adding an endpoint to list all the keys of all consumers.
This is an initial commit to get better feedback from the community.
Tests are missing right now.
Full changelog