Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CT-1402 fix2 token management endpoint #252

Merged
merged 3 commits into from
May 14, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion apiary.apib
Original file line number Diff line number Diff line change
Expand Up @@ -2128,12 +2128,13 @@ can be called with an application token with scope `manage:storage-tokens`.

+ description: Test Token (required) - Token description
+ canManageBuckets: true (boolean) - Token has full permissions on tabular storage
+ canManageTokens: true (boolean) - Token has permission to create tokens in project
+ canManageTokens: false (boolean) - deprecated & will be ignored - Token has permission to create tokens in project
+ canReadAllFileUploads: true (boolean) - Token has full permissions to files staging
+ canPurgeTrash: true (boolean) - Allows permanently remove deleted configurations.
+ expiresIn: 60 (number) - Token lifetime
+ bucketPermissions (object)
- in.c-main: read
+ componentAccess[] (optional) - Grants access for component configurations. Allowed values are [valid component IDs](https://components.keboola.com/components).

+ Request (application/json)
+ Headers
Expand Down
19 changes: 15 additions & 4 deletions openapi.yml
Original file line number Diff line number Diff line change
Expand Up @@ -854,7 +854,11 @@ paths:
created: '2014-11-11T08:40:51.620Z'
summary: Retrieve an organization
operationId: Retrieve an organization
description: ''
description: >-
tomasfejfar marked this conversation as resolved.
Show resolved Hide resolved
To access token needs to be superuser, member of the organization,
member of the maintainer or application token with

scope `organizations:read`.
tags:
- Organizations
parameters:
Expand Down Expand Up @@ -4248,7 +4252,7 @@ paths:
example:
description: Test Token
canManageBuckets: true
canManageTokens: true
canManageTokens: false
canReadAllFileUploads: true
canPurgeTrash: true
expiresIn: 60
Expand All @@ -4269,8 +4273,9 @@ paths:
description: Token has full permissions on tabular storage
canManageTokens:
type: boolean
example: true
description: Token has permission to create tokens in project
description: >-
deprecated & will be ignored - Token has permission to
create tokens in project
canReadAllFileUploads:
type: boolean
example: true
Expand All @@ -4289,6 +4294,12 @@ paths:
in.c:
type: string
description: 'main: read'
componentAccess[]:
type: string
description: >-
Grants access for component configurations. Allowed values
are [valid component
IDs](https://components.keboola.com/components).
/manage/projects/{project_id}/credits:
post:
responses:
Expand Down
1 change: 0 additions & 1 deletion tests/ProjectDeleteTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,6 @@ public function testPurgeExpiredProjectRemoveMetadata()
$params = [
'canManageBuckets' => true,
'canReadAllFileUploads' => true,
'canManageTokens' => true,
tomasfejfar marked this conversation as resolved.
Show resolved Hide resolved
'canPurgeTrash' => true,
'description' => $this->generateDescriptionForTestObject(),
];
Expand Down
24 changes: 23 additions & 1 deletion tests/ProjectsTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
use Keboola\ManageApi\Backend;
use Keboola\ManageApi\Client;
use Keboola\ManageApi\ClientException;
use Keboola\ManageApi\Exception;
use Keboola\ManageApi\ProjectRole;
use Keboola\StorageApi\ClientException as StorageApiClientException;
use Keboola\StorageApi\Options\ListFilesOptions;
Expand Down Expand Up @@ -1149,7 +1150,7 @@ public function testCreateProjectStorageTokenWithBucketPermissions()
$this->assertEquals([$newBucketId => 'read'], $verified['bucketPermissions']);
}

public function testCreateProjectStorageTokenWithMangeTokensPermission()
public function testCreateProjectStorageTokenWithMangeTokensPermissionAndComponentAccess()
{
$organization = $this->client->createOrganization($this->testMaintainerId, [
'name' => 'My org',
Expand Down Expand Up @@ -1178,6 +1179,27 @@ public function testCreateProjectStorageTokenWithMangeTokensPermission()
$this->assertTrue($verified['canManageBuckets']);
$this->assertTrue($verified['canManageTokens']);
$this->assertTrue($verified['canReadAllFileUploads']);

$requestedComponents = ['component1', 'component2', 'component3'];
$token2 = $this->client->createProjectStorageToken($project['id'], [
'description' => 'test',
'expiresIn' => 60,
'canManageBuckets' => true,
'canReadAllFileUploads' => true,
'componentAccess' => $requestedComponents,
]);

$client2 = $this->getStorageClient([
'url' => getenv('KBC_MANAGE_API_URL'),
'token' => $token2['token'],
]);

$verified2 = $client2->verifyToken();
$this->assertEquals($project['id'], $verified['owner']['id']);
$this->assertTrue($verified2['canManageBuckets']);
$this->assertFalse($verified2['canManageTokens']);
$this->assertTrue($verified2['canReadAllFileUploads']);
$this->assertEquals($requestedComponents, $verified2['componentAccess']);
}

public function testSuperAdminCanDisableAndEnableProject()
Expand Down
Loading