get_valid_org_auth_tokens

[ykeremy]

<!-- ELLIPSIS_HIDDEN -->

🚀	This description was created by Ellipsis for commit d106a04

Summary:

Added scripts and database client functions to rotate and expire outdated API keys for all organizations.

Key points:

• Added get_all_organizations and invalidate_auth_token in cloud/db/db_client.py.
• Created scripts/rotate_apikeys.py to rotate API keys for all organizations.
  • Uses cloud_db_client.get_all_organizations to fetch organizations.
  • Calls create_org_api_token for each organization.
• Created scripts/expire_outdated_apikeys.py to expire outdated API keys for all organizations.
  • Uses cloud_db_client.get_all_organizations to fetch organizations.
  • Calls cloud_db_client.get_valid_org_auth_tokens and invalidate_auth_token for each organization.
• Modified get_valid_org_auth_token in skyvern/forge/sdk/db/client.py to order tokens by creation date.
• Added get_valid_org_auth_tokens in skyvern/forge/sdk/db/client.py to fetch valid tokens ordered by creation date.

---

Generated with ❤️ by ellipsis.dev

[ellipsis-dev]

👍 Looks good to me! Reviewed everything up to d106a04 in 22 seconds

More details

• Looked at 44 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 1 drafted comments based on config settings.

1. skyvern/forge/sdk/db/client.py:540

• Draft comment:
  The implementation of get_valid_org_auth_tokens correctly fetches and orders the tokens by creation date in descending order, which is a typical requirement for token management systems to ensure the most recent tokens are used or checked first.
• Reason this comment was not posted:
  Confidence changes required: 0%
  The PR introduces a method to fetch all valid organization authentication tokens ordered by creation date. This is a common pattern for managing API keys or tokens, especially in systems where tokens might expire or be rotated regularly. The method get_valid_org_auth_tokens retrieves all valid tokens for a given organization and token type, which is useful for identifying and managing expired tokens. The use of .order_by(OrganizationAuthTokenModel.created_at.desc()) ensures that the newest tokens are listed first, which is typically what you want when checking for the most recent, valid tokens.

Workflow ID: wflow_ql6wL1hscgBL4ITg

---

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.

[ellipsis-dev]

👍 Looks good to me! Incremental review on d106a04 in 27 seconds

More details

• Looked at 43 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 1 drafted comments based on config settings.

1. skyvern/forge/sdk/db/client.py:540

• Draft comment:
  The implementation of get_valid_org_auth_tokens correctly fetches all valid tokens for a given organization and token type, ordered by creation date. This method complements the existing get_valid_org_auth_token by providing a bulk fetch capability, which could be useful in scenarios where multiple tokens need to be managed or invalidated at once.
• Reason this comment was not posted:
  Confidence changes required: 0%
  The PR introduces a new method get_valid_org_auth_tokens which is similar to the existing get_valid_org_auth_token but returns a list of tokens instead of a single token. Both methods order the tokens by creation date in descending order, which is a logical approach to get the most recent tokens first. This is consistent with typical use cases where the most recent token is usually the most relevant. The implementation uses SQLAlchemy's scalars() method to execute the query and fetch the results, which is appropriate for this type of database operation. The error handling is consistent with the rest of the codebase, logging and re-raising exceptions as needed.

Workflow ID: wflow_9pTeqeeP2Yk5y37g

---

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.