API Keys: Removal & Redirect of Create endpoint (#92144)

* API keys: redirecting of create endpont * update naming and using admonition * fmt * Apply suggestions from code review Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> --------- Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2025-02-25 18:55:37 -06:00 · 2024-08-28 12:20:36 +01:00
parent 909d0fac35
commit 6a19278f23
5 changed files with 52 additions and 116 deletions
--- a/pkg/api/apikey.go
+++ b/pkg/api/apikey.go
@@ -8,7 +8,6 @@ import (

 	"github.com/grafana/grafana/pkg/api/dtos"
 	"github.com/grafana/grafana/pkg/api/response"
-	"github.com/grafana/grafana/pkg/components/apikeygen"
 	"github.com/grafana/grafana/pkg/services/apikey"
 	contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
 	"github.com/grafana/grafana/pkg/web"
@@ -114,59 +113,15 @@ func (hs *HTTPServer) DeleteAPIKey(c *contextmodel.ReqContext) response.Response
 // see: https://grafana.com/docs/grafana/next/administration/api-keys/#migrate-api-keys-to-grafana-service-accounts-using-the-api.
 //
 // Responses:
-// 200: postAPIkeyResponse
-// 400: badRequestError
-// 401: unauthorisedError
-// 403: forbiddenError
-// 409: conflictError
-// 500: internalServerError
+// 301: statusMovedPermanently
 func (hs *HTTPServer) AddAPIKey(c *contextmodel.ReqContext) response.Response {
-	cmd := apikey.AddCommand{}
-	if err := web.Bind(c.Req, &cmd); err != nil {
-		return response.Error(http.StatusBadRequest, "bad request data", err)
-	}
-	if !cmd.Role.IsValid() {
-		return response.Error(http.StatusBadRequest, "Invalid role specified", nil)
-	}
-	if !c.SignedInUser.GetOrgRole().Includes(cmd.Role) {
-		return response.Error(http.StatusForbidden, "Cannot assign a role higher than user's role", nil)
-	}
+	// Set the Location header to the new URL
+	hs.log.Warn("Obsolete and Permanently moved API endpoint called", "path", c.Req.URL.Path)
+	c.Context.Resp.Header().Set("Location", "/api/serviceaccounts/tokens")

-	if hs.Cfg.ApiKeyMaxSecondsToLive != -1 {
-		if cmd.SecondsToLive == 0 {
-			return response.Error(http.StatusBadRequest, "Number of seconds before expiration should be set", nil)
-		}
-		if cmd.SecondsToLive > hs.Cfg.ApiKeyMaxSecondsToLive {
-			return response.Error(http.StatusBadRequest, "Number of seconds before expiration is greater than the global limit", nil)
-		}
-	}
-
-	cmd.OrgID = c.SignedInUser.GetOrgID()
-
-	newKeyInfo, err := apikeygen.New(cmd.OrgID, cmd.Name)
-	if err != nil {
-		return response.Error(http.StatusInternalServerError, "Generating API key failed", err)
-	}
-
-	cmd.Key = newKeyInfo.HashedKey
-	key, err := hs.apiKeyService.AddAPIKey(c.Req.Context(), &cmd)
-	if err != nil {
-		if errors.Is(err, apikey.ErrInvalidExpiration) {
-			return response.Error(http.StatusBadRequest, err.Error(), nil)
-		}
-		if errors.Is(err, apikey.ErrDuplicate) {
-			return response.Error(http.StatusConflict, err.Error(), nil)
-		}
-		return response.Error(http.StatusInternalServerError, "Failed to add API Key", err)
-	}
-
-	result := &dtos.NewApiKeyResult{
-		ID:   key.ID,
-		Name: key.Name,
-		Key:  newKeyInfo.ClientSecret,
-	}
-
-	return response.JSON(http.StatusOK, result)
+	// Respond with a 301 Moved Permanently status code
+	// the Location header is enough for clients to know where to go next.
+	return response.JSON(http.StatusMovedPermanently, nil)
 }

 // swagger:parameters getAPIkeys
@@ -178,13 +133,6 @@ type GetAPIkeysParams struct {
 	IncludeExpired bool `json:"includeExpired"`
 }

-// swagger:parameters addAPIkey
-type AddAPIkeyParams struct {
-	// in:body
-	// required:true
-	Body apikey.AddCommand
-}
-
 // swagger:parameters deleteAPIkey
 type DeleteAPIkeyParams struct {
 	// in:path