Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API Token Management #910

Closed
dabeeeenster opened this issue Apr 5, 2022 · 9 comments · Fixed by #2436
Closed

API Token Management #910

dabeeeenster opened this issue Apr 5, 2022 · 9 comments · Fixed by #2436
Assignees
@gagantrivedi @novakzaballa
Labels
api Issue related to the REST API feature New feature or request front-end Issue related to the React Front End Dashboard priority-customer Customer requests
Milestone
Larger Teams

Comments

@dabeeeenster
Copy link
Contributor

dabeeeenster commented Apr 5, 2022
edited by matthewelwell
Loading

At the moment, to use the rest API, user's must use an API token associated with a user. We should add the ability to create API tokens scoped to allow access to the relevant resources.
@dabeeeenster dabeeeenster added feature New feature or request front-end Issue related to the React Front End Dashboard api Issue related to the REST API labels Apr 5, 2022
@dabeeeenster dabeeeenster added this to the Larger Teams milestone Jan 5, 2023
@matthewelwell matthewelwell added the priority-customer Customer requests label Jan 12, 2023
@matthewelwell
Copy link
Contributor

The first step here is to create a 'Role' entity which can then be attached to a User, Group or an API token.

@matthewelwell
Copy link
Contributor

@kyle-ssg one thing that we've discussed as part of this is having a single view of the permissions across all entities for a Role (which we can extend to use for Users / Groups too). So we would need a panel for Org, Projects (with a drop down to select the project perhaps?), Environments (with a drop down to select the env perhaps?).

Does that sound feasible?

@gagantrivedi
Copy link
Member

gagantrivedi commented Apr 27, 2023
edited
Loading

Since we don't want the tokens to be associated with the user, we have ruled out using rest_framework.authtoken.models.Token
Now, the next in line is rest_framework_api_key.models.AbstractAPIKey (also used as terraform/master API key)

There are a couple of things we can do here:

  1. Keep the terraform key model as it is and create another model for the new token that we are discussing

  2. Add support for adding roles to the master API keys,
    Now, to not break the public API:

    i. create a role with terraform permissions and add that to all the existing master API keys that we have and start calling them something other than terraform API keys

    ii. Let the old key behave as they currently do, but as and when we add a new resource to our terraform provider (and if that needs new permissions) the user will need to attach the role with those permissions to access them

I am leaning more towards 2(i)

@dabeeeenster
Copy link
Contributor Author

Agree with 2

@matthewelwell
Copy link
Contributor

Yep, also agree with 2(i)

@gagantrivedi
Copy link
Member

The backed part of roles was added here: #2232

@dabeeeenster dabeeeenster linked a pull request Jul 14, 2023 that will close this issue
feat(master-api-key/roles): Add roles to master api key #2436
Merged
3 tasks
@novakzaballa
Copy link
Contributor

As per our conversation in this regard, I will first create a couple of UI/UX designs for Role management at the Organisation Management level either in a new Roles tab or under the existing Manage Users and Permissions tab

@novakzaballa
Copy link
Contributor

@matthewelwell @kyle-ssg here are the UI designs for roles management:
These screens will be displayed under Organization Management:

Roles list:
Image

Edit role:
Image

Role permissions:
Image
Image
Image

@matthewelwell
Copy link
Contributor

Needs FE work still.

@matthewelwell matthewelwell reopened this Aug 25, 2023
@matthewelwell matthewelwell mentioned this issue Nov 6, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gagantrivedi gagantrivedi

@novakzaballa novakzaballa

Labels
api Issue related to the REST API feature New feature or request front-end Issue related to the React Front End Dashboard priority-customer Customer requests
Projects
None yet
Milestone
Larger Teams
Development

Successfully merging a pull request may close this issue.

feat(master-api-key/roles): Add roles to master api key Flagsmith/flagsmith
4 participants
@dabeeeenster @matthewelwell @gagantrivedi @novakzaballa