feat: API key management and fixes, workload tier updates, and admin CLI improvements#555
Merged
Conversation
Support non-UUID API key identifiers (e.g. legacy sandbox keys) by changing the id column type to VARCHAR across migrations, entity, DTOs, and service layer. Adds a new migration to alter existing databases and removes the UUID-only regex filter from key lookups. Includes migration unit tests and an integration test for legacy non-UUID key authentication.
Introduce a middleware that accepts both JWT and account-admin API key authentication, rejecting global admin and non-admin API keys. Use it on the GET account endpoint so account-admin keys can retrieve account details.
Add PUT /api/v1/workload-tiers/update for admin users to modify existing tier properties (name, cpus, gpus, memory, disk, cost). Includes DTO validation, service logic with conflict detection, OpenAPI documentation, and integration tests.
Add CRUD commands for API keys (create, list, update, delete) and an update command for workload tiers. Adds a generic PUT method to the API client to support update operations.
Pin localstack image to v4.14.0 to avoid breaking changes from latest tags. Add TCP/HTTP endpoint readiness checks for all services (postgres, localstack, anvil, mock servers) before proceeding with tests, replacing time-based waits.
jcabrero
force-pushed
the
fix/api-flexibility
branch
from
c873031 to
9a2adaf
Compare
The bare `tsc` command resolves to a system-installed TypeScript on newer GitHub Actions runner images (20260323+), which errors on deprecated tsconfig options. Using `pnpm exec tsc` ensures the project-local TypeScript 5.8.3 is used instead.
jcabrero
changed the title
jcabrero
changed the title
jcabrero
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
api_keys.idfrom UUID to VARCHAR to support legacy non-UUID key identifiers (e.g. sandbox keys). Includes a new migration, updated entity/DTOs, and removal of the UUID-only regex filter from key lookups. This fixes an issue where in Sandbox, API Keys were removed when migrating forward.accountIdentityAuthenticationmiddleware that accepts both JWT and account-admin API key auth, used on the GET account endpoint.PUT /api/v1/workload-tiers/updateto allow modifying tier properties (name, cpus, gpus, memory, disk, cost). This allows us to change tiers live when workloads are running on that tier.nilcc-admin-cli.pnpm exec tscinstead of baretscto avoid picking up a system TypeScript on newer GitHub Actions runner images.