search

solo-io / gloo-portal-issues

Public tracker for issues related to Gloo Portal
https://docs.solo.io/gloo-portal/latest/
1 stars 3 forks source link

Removing access to Usage plan of a group does not revoke the existing API Keys #144

Open totallyGreg opened 2 years ago

totallyGreg commented 2 years ago

Describe the bug Removing access to Usage plan of a group does not revoke the existing API Keys

To Reproduce Created a Group CR with usage plans in it. Low Throughput plan --> gives access to petstore High Throughput plan --> gives access to my nodejs and httpbin apps Generated API Keys for each API Product. Modified Group CR to remove High Throughput plan. As expected, the user is no longer able to generate API Keys for nodejs and httpbin apps. The API Keys generated earlier for nodejs and httpbin API Products still work to access the API. Should not they be deleted to revoke access?

Expected behavior Access for users in group should reflect the plans that are defined.

Additional context Related to https://github.com/solo-io/gloo-portal-issues/issues/139

byrdog55 commented 2 years ago
Comment from Zendesk:
Zendesk: 458 linked successfully.
Zendesk: #458
By: Jim Hayner <jim.hayner@solo.io>
spunuru commented 2 years ago

After deleting API Key from Portal, user can still use the API Key to send requests. It should have been revoked.

soloio-bot commented 2 years ago

Zendesk ticket #458 has been linked to this issue.