search

Kuadrant / kuadrantctl

Kuadrant configuration command line utility
Apache License 2.0
6 stars 12 forks source link

apikey secrets suggestion in stderr #51

Open eguzki opened 7 months ago

eguzki commented 7 months ago

The proposed value here is that the tools gives you the correct labels and structure of the secret data (the key of the data needs to be api_key)

❯ bin/kuadrantctl generate kuadrant authpolicy --oas examples/oas3/petstore-multiple-sec-requirements.yaml 1>/dev/null
======================================================================================================
POST /v1/cat endpoint is protected with ApiKey. Consider creating secrets with valid tokens
---
apiVersion: v1
kind: Secret
metadata:
  creationTimestamp: null
  labels:
    authorino.kuadrant.io/managed-by: authorino
    kuadrant.io/apikeys-by: cat_api_key
  name: cat_api_key
stringData:
  api_key: MY_SECRET_TOKEN_VALUE
type: Opaque

======================================================================================================
GET /v1/snake endpoint is protected with ApiKey. Consider creating secrets with valid tokens
---
apiVersion: v1
kind: Secret
metadata:
  creationTimestamp: null
  labels:
    authorino.kuadrant.io/managed-by: authorino
    kuadrant.io/apikeys-by: snakes_api_key
  name: snakes_api_key
stringData:
  api_key: MY_SECRET_TOKEN_VALUE
type: Opaque

Note: stdout has been redirected to /dev/null

codecov-commenter commented 7 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (0658b51) 0.38% compared to head (2af1922) 0.38%.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #51 +/- ## ===================================== Coverage 0.38% 0.38% ===================================== Files 17 17 Lines 783 783 ===================================== Hits 3 3 Misses 780 780 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

jasonmadigan commented 7 months ago

nice, like this and the approach

jasonmadigan commented 7 months ago

I suppose one other option could be a flag to generate a secret, (and an option to pass that secret value in). Not sure which is better really.

If this lands, will need to swallow stderr in our CI