Merging to release-5.4: TT-12347 fix management of custom keys in mdcb installations (#6353)

[buger]

User description

TT-12347 fix management of custom keys in mdcb installations (#6353)

User description

Description

Related Issue

https://tyktech.atlassian.net/browse/TT-12347

Motivation and Context

How This Has Been Tested

Screenshots (if appropriate)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing
  functionality to change)
• Refactoring or add test (improvements in base code or adds test
  coverage to functionality)

Checklist

• I ensured that the documentation is up to date
• I explained why this PR updates go.mod in detail with reasoning
  why it's required
• I would like a code coverage CI quality gate exception and have
  explained why

---

PR Type

Enhancement

---

Description

• Changed the order of key search logic in the SessionDetail method of
  DefaultSessionManager.
• Moved keyName to be appended after generating token with orgID.

---

Changes walkthrough 📝

	Relevant files
Enhancement	auth_manager.go Modify key search order in `SessionDetail` method                gateway/auth_manager.go Changed the order of key search logic in SessionDetail method. Moved keyName to be appended after generating token with orgID. +3/-1

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools
and their descriptions

---

PR Type

Enhancement, Tests

---

Description

• Modified the key search logic in SessionDetail to include custom keys.
• Implemented a fallback deletion mechanism using token ID in RPCStorageHandler.
• Added comprehensive tests for custom key processing in the edge gateway.
• Included tests for the new fallback deletion logic using token ID.

---

Changes walkthrough 📝

	Relevant files
Enhancement	auth_manager.go Modify key search logic to include custom keys.                    gateway/auth_manager.go Adjusted the order of key search logic in SessionDetail. Added custom key handling in the key search list. +2/-2      rpc_storage_handler.go Add fallback deletion using token ID in RPC storage handler. gateway/rpc_storage_handler.go Implemented deleteUsingTokenID function for fallback deletion. Updated ProcessKeySpaceChanges to use the new deletion function. +18/-1
Tests	auth_manager_test.go Add tests for custom key processing in edge gateway.          gateway/auth_manager_test.go Added TestCustomKeysEdgeGw to verify custom key processing. Included test cases for both hashed and non-hashed keys. +98/-0    rpc_storage_handler_test.go Add tests for fallback deletion using token ID.                    gateway/rpc_storage_handler_test.go Added TestDeleteUsingTokenID to test fallback deletion logic. Included scenarios for both successful and unsuccessful deletions. +63/-0

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[github-actions]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review [1-5]	3
🧪 Relevant tests	Yes
🔒 Security concerns	No
⚡ Key issues to review	Possible Bug: The logic in gateway/auth_manager.go where toSearchList is modified might introduce a bug. The original keyName is now added after potentially generating a token, which could affect the order of operations and the intended logic.
	Code Clarity: In gateway/rpc_storage_handler.go, the method deleteUsingTokenID could be better documented to explain its purpose and the conditions under which it operates.

[github-actions]

API Changes

no api changes detected

[github-actions]

PR Code Suggestions ✨

Category	Suggestion	Score
Best practice	Use a constant for repeated string literals to improve code maintainability Use a constant for the repeated string "apikey-" to avoid potential typos and improve maintainability. gateway/auth_manager_test.go [666] -val, err := ts.Gw.GlobalSessionManager.Store().GetRawKey("apikey-" + keyResp.Key) +const apiKeyPrefix = "apikey-" +val, err := ts.Gw.GlobalSessionManager.Store().GetRawKey(apiKeyPrefix + keyResp.Key) Suggestion importance[1-10]: 9 Why: The suggestion enhances code maintainability and reduces the risk of typos by using a constant for the repeated string literal, which is a best practice in coding.	9
Enhancement	Simplify error handling by checking for an error first Refactor the error handling in deleteUsingTokenID to consolidate error checks and simplify the function logic. gateway/rpc_storage_handler.go [1156-1158] -if err == nil { - _, status = r.Gw.handleDeleteKey(id, orgId, "-1", resetQuota) +if err != nil { + return status, err } +_, status = r.Gw.handleDeleteKey(id, orgId, "-1", resetQuota) Suggestion importance[1-10]: 8 Why: The suggestion improves the readability and maintainability of the code by simplifying the error handling logic, making it easier to understand and reducing the chance of errors.	8
Possible bug	Ensure slice is initialized before use to prevent runtime panics To avoid potential nil pointer dereference, ensure jsonKeyValList is initialized properly before use. gateway/auth_manager.go [167] +if toSearchList == nil { + return errors.New("toSearchList is nil") +} jsonKeyValList, err = b.store.GetMultiKey(toSearchList) Suggestion importance[1-10]: 7 Why: The suggestion correctly identifies a potential issue with toSearchList being nil. However, the likelihood of toSearchList being nil is low given the context, making this a minor improvement rather than a critical fix.	7

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
92.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud