From bb1727093f2c5d0465cf187f7323b58ee54957b1 Mon Sep 17 00:00:00 2001 From: Ilia Medvedev Date: Mon, 8 Sep 2025 18:19:05 +0300 Subject: [PATCH 1/2] fix: api key read errors out when getting keys for other users --- codefresh/cfclient/api_key.go | 74 +++++++++++++++-------------------- codefresh/resource_api_key.go | 13 ++++-- 2 files changed, 41 insertions(+), 46 deletions(-) diff --git a/codefresh/cfclient/api_key.go b/codefresh/cfclient/api_key.go index 465445c..d88bd23 100644 --- a/codefresh/cfclient/api_key.go +++ b/codefresh/cfclient/api_key.go @@ -4,8 +4,6 @@ import ( "errors" "fmt" "log" - - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" ) type ApiKeySubject struct { @@ -38,14 +36,21 @@ type TokenResponse struct { } `json:"user"` } -func (client *Client) GetAPIKey(keyID string) (*ApiKey, error) { +func (client *Client) GetAPIKey(userID string, accountId string, keyID string) (*ApiKey, error) { + + xAccessToken, err := client.GetXAccessToken(userID, accountId) + + if err != nil { + return nil, err + } opts := RequestOptions{ Path: fmt.Sprintf("/auth/key/%s", keyID), + XAccessToken: xAccessToken, Method: "GET", } - resp, err := client.RequestAPI(&opts) + resp, err := client.RequestApiXAccessToken(&opts) if err != nil { return nil, err @@ -61,14 +66,21 @@ func (client *Client) GetAPIKey(keyID string) (*ApiKey, error) { return &apiKey, nil } -func (client *Client) DeleteAPIKey(keyID string) error { +func (client *Client) DeleteAPIKey(userID string, accountId string, keyID string) error { + // login as user + xAccessToken, err := client.GetXAccessToken(userID, accountId) + + if err != nil { + return err + } opts := RequestOptions{ Path: fmt.Sprintf("/auth/key/%s", keyID), Method: "DELETE", + XAccessToken: xAccessToken, } - resp, err := client.RequestAPI(&opts) + resp, err := client.RequestApiXAccessToken(&opts) if err != nil { fmt.Println(string(resp)) return err @@ -77,7 +89,7 @@ func (client *Client) DeleteAPIKey(keyID string) error { return nil } -func (client *Client) UpdateAPIKey(key *ApiKey) error { +func (client *Client) UpdateAPIKey(userID string, accountId string,key *ApiKey) error { keyID := key.ID if keyID == "" { @@ -89,13 +101,23 @@ func (client *Client) UpdateAPIKey(key *ApiKey) error { return err } + var xAccessToken string + + // login as user + xAccessToken, err = client.GetXAccessToken(userID, accountId) + + if err != nil { + return err + } + opts := RequestOptions{ Path: fmt.Sprintf("/auth/key/%s", keyID), Method: "PATCH", + XAccessToken: xAccessToken, Body: body, } - resp, err := client.RequestAPI(&opts) + resp, err := client.RequestApiXAccessToken(&opts) if err != nil { fmt.Println(string(resp)) @@ -110,6 +132,7 @@ func (client *Client) CreateApiKey(userID string, accountId string, apiKey *ApiK // Check collaborataros account, err := client.GetAccountByID(accountId) + if err != nil { return "", err } @@ -118,12 +141,7 @@ func (client *Client) CreateApiKey(userID string, accountId string, apiKey *ApiK } var xAccessToken string - if userID == "" { - userID, err = client.createRandomUser(accountId) - if err != nil { - return "", err - } - } + // login as user xAccessToken, err = client.GetXAccessToken(userID, accountId) if err != nil { @@ -333,31 +351,3 @@ func (client *Client) CreateApiKeyServiceUser(serviceUserId string, apiKey *ApiK return string(resp), nil } - -func (client *Client) createRandomUser(accountId string) (string, error) { - // add user - userPrefix := acctest.RandString(10) - userName := "tfuser" + userPrefix - userEmail := userName + "@codefresh.io" - - user, err := client.AddNewUserToAccount(accountId, userName, userEmail) - if err != nil { - return "", err - } - userID := user.ID - - // activate - err = client.ActivateUser(userID) - - if err != nil { - return "", err - } - - // set user as account admin - err = client.SetUserAsAccountAdmin(accountId, userID) - if err != nil { - return "", nil - } - return userID, nil - -} diff --git a/codefresh/resource_api_key.go b/codefresh/resource_api_key.go index 79c06a6..99b73c1 100644 --- a/codefresh/resource_api_key.go +++ b/codefresh/resource_api_key.go @@ -148,7 +148,9 @@ func resourceApiKeyRead(d *schema.ResourceData, meta interface{}) error { if serviceAccountId := d.Get("service_account_id").(string); serviceAccountId != "" { apiKey, err = client.GetAPIKeyServiceUser(keyID, serviceAccountId) } else { - apiKey, err = client.GetAPIKey(keyID) + accountID := d.Get("account_id").(string) + userID := d.Get("user_id").(string) + apiKey, err = client.GetAPIKey(userID, accountID, keyID) } if err != nil { @@ -178,8 +180,9 @@ func resourceApiKeyUpdate(d *schema.ResourceData, meta interface{}) error { if serviceAccountId := d.Get("service_account_id").(string); serviceAccountId != "" { err = client.UpdateAPIKeyServiceUser(&apiKey, serviceAccountId) } else { - err = client.UpdateAPIKey(&apiKey) - + accountID := d.Get("account_id").(string) + userID := d.Get("user_id").(string) + err = client.UpdateAPIKey(userID, accountID, &apiKey) } if err != nil { @@ -201,7 +204,9 @@ func resourceApiKeyDelete(d *schema.ResourceData, meta interface{}) error { if serviceAccountId := d.Get("service_account_id").(string); serviceAccountId != "" { err = client.DeleteAPIKeyServiceUser(d.Id(), serviceAccountId) } else { - err = client.DeleteAPIKey(d.Id()) + accountID := d.Get("account_id").(string) + userID := d.Get("user_id").(string) + err = client.DeleteAPIKey(userID, accountID, d.Id()) } if err != nil { From 6a098d87d5fd62003e5ec1a03f4e4d29d522787c Mon Sep 17 00:00:00 2001 From: Ilia Medvedev Date: Mon, 8 Sep 2025 19:25:30 +0300 Subject: [PATCH 2/2] fmt --- codefresh/cfclient/api_key.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/codefresh/cfclient/api_key.go b/codefresh/cfclient/api_key.go index d88bd23..b701aeb 100644 --- a/codefresh/cfclient/api_key.go +++ b/codefresh/cfclient/api_key.go @@ -45,9 +45,9 @@ func (client *Client) GetAPIKey(userID string, accountId string, keyID string) ( } opts := RequestOptions{ - Path: fmt.Sprintf("/auth/key/%s", keyID), + Path: fmt.Sprintf("/auth/key/%s", keyID), XAccessToken: xAccessToken, - Method: "GET", + Method: "GET", } resp, err := client.RequestApiXAccessToken(&opts) @@ -75,8 +75,8 @@ func (client *Client) DeleteAPIKey(userID string, accountId string, keyID string return err } opts := RequestOptions{ - Path: fmt.Sprintf("/auth/key/%s", keyID), - Method: "DELETE", + Path: fmt.Sprintf("/auth/key/%s", keyID), + Method: "DELETE", XAccessToken: xAccessToken, } @@ -89,7 +89,7 @@ func (client *Client) DeleteAPIKey(userID string, accountId string, keyID string return nil } -func (client *Client) UpdateAPIKey(userID string, accountId string,key *ApiKey) error { +func (client *Client) UpdateAPIKey(userID string, accountId string, key *ApiKey) error { keyID := key.ID if keyID == "" { @@ -111,10 +111,10 @@ func (client *Client) UpdateAPIKey(userID string, accountId string,key *ApiKey) } opts := RequestOptions{ - Path: fmt.Sprintf("/auth/key/%s", keyID), - Method: "PATCH", + Path: fmt.Sprintf("/auth/key/%s", keyID), + Method: "PATCH", XAccessToken: xAccessToken, - Body: body, + Body: body, } resp, err := client.RequestApiXAccessToken(&opts)