From f6e7061fe93ede97458fff87145a7f636404598c Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Mon, 16 Sep 2024 08:39:04 -0700 Subject: [PATCH 1/7] docs: DOC-1362 --- .../automation/palette-sdk/palette-sdk.md | 4 + .../authentication/api-key/delete-api-key.md | 224 +++++++++++++++++- 2 files changed, 225 insertions(+), 3 deletions(-) diff --git a/docs/docs-content/automation/palette-sdk/palette-sdk.md b/docs/docs-content/automation/palette-sdk/palette-sdk.md index 72530b07e6..3a94e7eed2 100644 --- a/docs/docs-content/automation/palette-sdk/palette-sdk.md +++ b/docs/docs-content/automation/palette-sdk/palette-sdk.md @@ -23,6 +23,10 @@ The snippet below showcases an example of how to initialize the Palette client u methods. ```go + import ( + "github.com/spectrocloud/palette-sdk-go/client" + ) + pc := client.New( client.WithPaletteURI(host), client.WithAPIKey(apiKey), diff --git a/docs/docs-content/user-management/authentication/api-key/delete-api-key.md b/docs/docs-content/user-management/authentication/api-key/delete-api-key.md index 803ed68639..adbeafb372 100644 --- a/docs/docs-content/user-management/authentication/api-key/delete-api-key.md +++ b/docs/docs-content/user-management/authentication/api-key/delete-api-key.md @@ -14,7 +14,9 @@ tenant. Use the following steps to delete an API key. Tenant administrators can delete an API key on behalf of any user within the tenant. Select the Tenant tab below to learn more about deleting an API key as a tenant admin. -## Prerequisites +## UI + +### Prerequisites @@ -35,7 +37,7 @@ learn more about deleting an API key as a tenant admin. -## Delete API Key +### Delete API Key in Palette UI @@ -66,7 +68,7 @@ learn more about deleting an API key as a tenant admin. -## Validate +### Validate @@ -92,3 +94,219 @@ learn more about deleting an API key as a tenant admin. + +## API + +You can use the Palette API to delete an API key programmatically. Use the +`https://api.spectrocloud.com/v1/apiKeys/:uid`[endpoint](https://docs.spectrocloud.com/api/v1/v-1-api-keys-uid-delete) +to delete an API key. + +To delete an API key, you first must have the API key's unique identifier. Use the following steps to learn how to +delete an API key programmatically. + +### Prerequisites + +- You must have a valid Palette API key. Refer to the [Create API Key](create-api-key.md) section for more information. + +- A terminal or command prompt to execute the `curl` command. Alternatively, you can use a REST client like + [Postman](https://www.postman.com/). + +### Delete API Key With API + +1. Open a terminal or command prompt. + +2. Issue the following command to retrieve your API key's unique identifier. Replace `API_KEY_VALUE` with your API key. + + ```shell + curl --location 'https://api.spectrocloud.com/v1/apiKeys' \ + --header 'Accept: application/json' \ + --header 'apiKey: API_KEY_VALUE' + ``` + + ```json {17} hideClipboard + { + "items": [ + { + "metadata": { + "annotations": { + "description": "", + "ownerUid": "****************", + "permissions": "apiKey.create,apiKey.delete,apiKey.get,apiKey.list,apiKey.update,tag.update", + "scope": "tenant", + "scopeVisibility": "20", + "tenantUid": "*************************" + }, + "creationTimestamp": "2024-09-16T14:46:28.677Z", + "deletionTimestamp": "0001-01-01T00:00:00.000Z", + "lastModifiedTimestamp": "2024-09-16T14:46:29.079Z", + "name": "remove-me-test", + "uid": "66e844c44bab2337f20c7471" + }, + "spec": { + "expiry": "2024-09-23T14:46:28.164Z", + "user": { + "firstName": "example", + "lastName": "example", + "uid": "*****************" + } + }, + "status": { + "isActive": true + } + } + ] + } + ``` + +3. Once you have the API key's unique identifier, issue the following command to delete the API key. Replace `uid` with + the API key's unique identifier. Specify a valid API key in the `ApiKey` header. + + ```shell + curl -L -X DELETE 'https://api.spectrocloud.com/v1/apiKeys/:uid' \ + -H 'ApiKey: ' + ``` + +4. No output is expected if the API key is successfully deleted. + +### Validate + +1. Verify the API key is no longer available in the Palette by issuing the following command. Replace `API_KEY_VALUE` + with your API key. + + ```shell + curl --location 'https://api.spectrocloud.com/v1/apiKeys' \ + --header 'Accept: application/json' \ + --header 'apiKey: API_KEY_VALUE' + ``` + +2. The API key should not be listed in the response. If the API key is still available, verify the API key's unique + identifier and reissue the delete command. You can also validate the deletion by checking the Palette UI. + +## SDK + +You can use the [Palette SDK](../../../automation/palette-sdk/palette-sdk.md) to delete an API key programmatically. + +### Prerequisites + +- You must have a valid Palette API key. Refer to the [Create API Key](create-api-key.md) section for more information. + +- [Go version](https://go.dev/doc/install) 1.22 or later. + +- A text editor or an IDE to write and execute the Go code. + +- A valid Palette API key to delete. In this example, the fictional API key named `delete-test-key` is used. + +### Delete API Key With Go SDK + +1. Create a new directory for your Go project and navigate to the directory. + + ```shell + mkdir delete-api-key && cd delete-api-key + ``` + +2. Create a new Go file, for example, **main.go**. + + ```shell + touch main.go + ``` + +3. Initialize the Go module. Use the following command to initialize the Go module. + + ```shell + go mod init example/delete-api-key + ``` + +4. Open the **main.go** file in your text editor or IDE. + +5. Copy and paste the following code snippet into the **main.go** file. + + ```go + package main + + import ( + "fmt" + "log" + "log/slog" + "os" + + "github.com/spectrocloud/palette-sdk-go/client" + ) + + func main() { + + host := os.Getenv("PALETTE_HOST") // "api.spectrocloud.com" + apiKey := os.Getenv("PALETTE_API_KEY") // "your api key" + + keyName := "delete-test-key" // "name of the key to delete. Replace as needed" + + pc := client.New( + client.WithPaletteURI(host), + client.WithAPIKey(apiKey), + ) + + keys, err := pc.GetAPIKeys() + if err != nil { + log.Fatal("Error getting API keys: ", err) + } + + for _, key := range keys.Items { + if key.Metadata.Name == keyName { + slog.Info(fmt.Sprintf("API key found. Deleting API key: %s", key.Metadata.Name)) + err := pc.DeleteAPIKey(key.Metadata.UID) + if err != nil { + log.Fatal("Error deleting API key: ", err) + } + slog.Info("API key deleted successfully") + } + + } + } + ``` + +6. Set the environment variables for the Palette host and API key. Replace `api.spectrocloud.com` with your Palette host + URL if you are using a self-hosted Palette or VerteX instance. + + ```shell + export PALETTE_HOST="api.spectrocloud.com" + export PALETTE_API_KEY="your api key" + ``` + +7. Start the Go program. + + ```shell + go run main.go + ``` + + ```shell + 2024/09/16 08:27:12 INFO API key found. Deleting API key: delete-test-key + 2024/09/16 08:27:12 INFO API key deleted successfully + ``` + +### Validate + +You can validate the deletion by checking the Palette UI or by querying the API with the `GetAPIKeys()` method to list +the API keys again and verifying the API key is no longer available. + +You can create a function to list the API keys and verify the API key is no longer available. Use the following code +snippet to list the API keys. + +```go +// validateKeyIsRemoved checks if the key is removed +// returns true if the key is removed, false otherwise +func validateKeyIsRemoved(keyName string, pc *client.V1Client) (bool, error) { + + keys, err := pc.GetAPIKeys() + if err != nil { + log.Fatal("Error getting API keys: ", err) + } + + for _, key := range keys.Items { + if key.Metadata.Name == keyName { + return false, nil + } + } + + return true, nil + +} +``` From 4081ccd5f9c496d54ae6da5ca297ebed936e9745 Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Mon, 16 Sep 2024 09:07:17 -0700 Subject: [PATCH 2/7] docs: more updates --- .../authentication/api-key/api-key.md | 29 ++++++++ .../authentication/api-key/delete-api-key.md | 73 +++++++++++++------ 2 files changed, 81 insertions(+), 21 deletions(-) diff --git a/docs/docs-content/user-management/authentication/api-key/api-key.md b/docs/docs-content/user-management/authentication/api-key/api-key.md index c7703f9472..2b14437ea0 100644 --- a/docs/docs-content/user-management/authentication/api-key/api-key.md +++ b/docs/docs-content/user-management/authentication/api-key/api-key.md @@ -17,6 +17,35 @@ revoke, and delete API keys for any user within the tenant. Each of these action following resources. Refer to the [Tenant Admin API Key Management](../../../tenant-settings/api-key-management.md) section for more information. +## Permissions + +API keys are associated with the user who creates them. The permissions associated with the API key are the same as +those of the user who created the key. If the user has the necessary permissions to perform an action, then the user's +API key can be used to perform the same action programmatically. + +The API key permissions automatically reflect any changes to the user's permissions. If the user belongs to an OIDC/SAML +group, any changes to the external user's group membership are reflected the next time the user logs in. + +## Limitations + +- API keys that belong to Palette users removed from the organization through OIDC/SAML are not automatically removed. + We recommend that you remove these keys to ensure that they are no longer used. You can programmatically remove the + API keys using the REST API or the Palette SDK. Check out the [Delete API Key](./delete-api-key.md) page for more + information on how to delete an API key programmatically. + +## Best Practices + +The following best practices we recommend for managing Palette API keys: + +- Set an expiration date for API keys to ensure that they are not used indefinitely. Preferably, set the expiration date + to a short duration, such as 30 days, and renew the key as needed. + +- Store API keys securely. Do not expose API keys in public repositories or share them with unauthorized users. Use + secure storage mechanisms, such as a password manager, to store API keys. + +- Regularly review and audit API keys to ensure that they are still required. Remove any API keys that are no longer + needed. + ## Resources - [Tenant Admin API Key Management](../../../tenant-settings/api-key-management.md) diff --git a/docs/docs-content/user-management/authentication/api-key/delete-api-key.md b/docs/docs-content/user-management/authentication/api-key/delete-api-key.md index adbeafb372..f94f71f652 100644 --- a/docs/docs-content/user-management/authentication/api-key/delete-api-key.md +++ b/docs/docs-content/user-management/authentication/api-key/delete-api-key.md @@ -11,11 +11,13 @@ tags: ["user-management", "authentication", "api-key"] You can delete an API key from Palette. A tenant admin can also delete an API key created by another user within the tenant. Use the following steps to delete an API key. -Tenant administrators can delete an API key on behalf of any user within the tenant. Select the Tenant tab below to -learn more about deleting an API key as a tenant admin. +The following sections provide information on how to delete an API key in Palette through the UI, API, and SDK. ## UI +Tenant administrators can delete an API key on behalf of any user within the tenant. Select the Tenant tab below to +learn more about deleting an API key as a tenant admin. + ### Prerequisites @@ -196,6 +198,8 @@ You can use the [Palette SDK](../../../automation/palette-sdk/palette-sdk.md) to - A valid Palette API key to delete. In this example, the fictional API key named `delete-test-key` is used. +- An internet connection to download the Palette SDK and its dependencies. + ### Delete API Key With Go SDK 1. Create a new directory for your Go project and navigate to the directory. @@ -274,7 +278,7 @@ You can use the [Palette SDK](../../../automation/palette-sdk/palette-sdk.md) to 7. Start the Go program. ```shell - go run main.go + go run . ``` ```shell @@ -287,26 +291,53 @@ You can use the [Palette SDK](../../../automation/palette-sdk/palette-sdk.md) to You can validate the deletion by checking the Palette UI or by querying the API with the `GetAPIKeys()` method to list the API keys again and verifying the API key is no longer available. -You can create a function to list the API keys and verify the API key is no longer available. Use the following code -snippet to list the API keys. +1. Ceate a function to list the API keys and verify the API key is no longer available. Use the following code snippet + to validate the deletion. -```go -// validateKeyIsRemoved checks if the key is removed -// returns true if the key is removed, false otherwise -func validateKeyIsRemoved(keyName string, pc *client.V1Client) (bool, error) { + ```go + // validateKeyIsRemoved checks if the key is removed + // returns true if the key is removed, false otherwise + func validateKeyIsRemoved(keyName string, pc *client.V1Client) (bool, error) { + + keys, err := pc.GetAPIKeys() + if err != nil { + log.Fatal("Error getting API keys: ", err) + } + + for _, key := range keys.Items { + if key.Metadata.Name == keyName { + return false, nil + } + } - keys, err := pc.GetAPIKeys() - if err != nil { - log.Fatal("Error getting API keys: ", err) - } + return true, nil - for _, key := range keys.Items { - if key.Metadata.Name == keyName { - return false, nil - } - } + } + ``` + +2. Add the function to **main.go** file. Add the code snippet after the initial loop that removes the APII key, line 40. - return true, nil + ```go + ok, err := validateKeyIsRemoved(keyName, pc) + if err != nil { + log.Fatal("Unable to gather API keys: ", err) + } + + if !ok { + log.Fatal("API key is not removed") + } + + slog.Info("Validation ensured the API key is removed successfully") + ``` + +3. Start the Go program. + + ```shell + go run . + ``` + + ```shell + 2024/09/16 08:35:07 INFO Validation ensured the API key is removed successfully + ``` -} -``` +4. The output confirms the API key is successfully deleted. From db55a0e84b70e6fee63b435c99a6d92172c27569 Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Mon, 16 Sep 2024 09:20:18 -0700 Subject: [PATCH 3/7] docs: vale fix --- .../user-management/authentication/api-key/delete-api-key.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs-content/user-management/authentication/api-key/delete-api-key.md b/docs/docs-content/user-management/authentication/api-key/delete-api-key.md index f94f71f652..c0e96a2bca 100644 --- a/docs/docs-content/user-management/authentication/api-key/delete-api-key.md +++ b/docs/docs-content/user-management/authentication/api-key/delete-api-key.md @@ -291,7 +291,7 @@ You can use the [Palette SDK](../../../automation/palette-sdk/palette-sdk.md) to You can validate the deletion by checking the Palette UI or by querying the API with the `GetAPIKeys()` method to list the API keys again and verifying the API key is no longer available. -1. Ceate a function to list the API keys and verify the API key is no longer available. Use the following code snippet +1. Create a function to list the API keys and verify the API key is no longer available. Use the following code snippet to validate the deletion. ```go From 9127ad3940308937a95ea7bc35ca714a766d6f3f Mon Sep 17 00:00:00 2001 From: Karl Cardenas <29551334+karl-cardenas-coding@users.noreply.github.com> Date: Tue, 17 Sep 2024 13:40:23 -0700 Subject: [PATCH 4/7] docs: feedback apply suggestions from code review Co-authored-by: caroldelwing --- .../authentication/api-key/api-key.md | 2 +- .../authentication/api-key/delete-api-key.md | 13 +++++-------- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/docs/docs-content/user-management/authentication/api-key/api-key.md b/docs/docs-content/user-management/authentication/api-key/api-key.md index 2b14437ea0..3de3a7283d 100644 --- a/docs/docs-content/user-management/authentication/api-key/api-key.md +++ b/docs/docs-content/user-management/authentication/api-key/api-key.md @@ -35,7 +35,7 @@ group, any changes to the external user's group membership are reflected the nex ## Best Practices -The following best practices we recommend for managing Palette API keys: +The following are best practices we recommend for managing Palette API keys: - Set an expiration date for API keys to ensure that they are not used indefinitely. Preferably, set the expiration date to a short duration, such as 30 days, and renew the key as needed. diff --git a/docs/docs-content/user-management/authentication/api-key/delete-api-key.md b/docs/docs-content/user-management/authentication/api-key/delete-api-key.md index c0e96a2bca..d43c059c92 100644 --- a/docs/docs-content/user-management/authentication/api-key/delete-api-key.md +++ b/docs/docs-content/user-management/authentication/api-key/delete-api-key.md @@ -99,12 +99,9 @@ learn more about deleting an API key as a tenant admin. ## API -You can use the Palette API to delete an API key programmatically. Use the -`https://api.spectrocloud.com/v1/apiKeys/:uid`[endpoint](https://docs.spectrocloud.com/api/v1/v-1-api-keys-uid-delete) -to delete an API key. +You can use the Palette API with the `https://api.spectrocloud.com/v1/apiKeys/:uid` [endpoint](https://docs.spectrocloud.com/api/v1/v-1-api-keys-uid-delete) and the API key's unique identifier to delete an API key programmatically. -To delete an API key, you first must have the API key's unique identifier. Use the following steps to learn how to -delete an API key programmatically. +Use the following steps to learn how to delete an API key. ### Prerequisites @@ -113,7 +110,7 @@ delete an API key programmatically. - A terminal or command prompt to execute the `curl` command. Alternatively, you can use a REST client like [Postman](https://www.postman.com/). -### Delete API Key With API +### Delete API Key with API 1. Open a terminal or command prompt. @@ -172,7 +169,7 @@ delete an API key programmatically. ### Validate -1. Verify the API key is no longer available in the Palette by issuing the following command. Replace `API_KEY_VALUE` +1. Verify the API key is no longer available in Palette by issuing the following command. Replace `API_KEY_VALUE` with your API key. ```shell @@ -315,7 +312,7 @@ the API keys again and verifying the API key is no longer available. } ``` -2. Add the function to **main.go** file. Add the code snippet after the initial loop that removes the APII key, line 40. +2. Add the function to the **main.go** file. Add the code snippet after the initial loop that removes the API key on line 40. ```go ok, err := validateKeyIsRemoved(keyName, pc) From f443597ea713c8488654bbe234dd78735aef5b7f Mon Sep 17 00:00:00 2001 From: karl-cardenas-coding Date: Tue, 17 Sep 2024 20:42:57 +0000 Subject: [PATCH 5/7] ci: auto-formatting prettier issues --- .../authentication/api-key/delete-api-key.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/docs/docs-content/user-management/authentication/api-key/delete-api-key.md b/docs/docs-content/user-management/authentication/api-key/delete-api-key.md index d43c059c92..fe73522fd7 100644 --- a/docs/docs-content/user-management/authentication/api-key/delete-api-key.md +++ b/docs/docs-content/user-management/authentication/api-key/delete-api-key.md @@ -99,7 +99,9 @@ learn more about deleting an API key as a tenant admin. ## API -You can use the Palette API with the `https://api.spectrocloud.com/v1/apiKeys/:uid` [endpoint](https://docs.spectrocloud.com/api/v1/v-1-api-keys-uid-delete) and the API key's unique identifier to delete an API key programmatically. +You can use the Palette API with the `https://api.spectrocloud.com/v1/apiKeys/:uid` +[endpoint](https://docs.spectrocloud.com/api/v1/v-1-api-keys-uid-delete) and the API key's unique identifier to delete +an API key programmatically. Use the following steps to learn how to delete an API key. @@ -169,8 +171,8 @@ Use the following steps to learn how to delete an API key. ### Validate -1. Verify the API key is no longer available in Palette by issuing the following command. Replace `API_KEY_VALUE` - with your API key. +1. Verify the API key is no longer available in Palette by issuing the following command. Replace `API_KEY_VALUE` with + your API key. ```shell curl --location 'https://api.spectrocloud.com/v1/apiKeys' \ @@ -312,7 +314,8 @@ the API keys again and verifying the API key is no longer available. } ``` -2. Add the function to the **main.go** file. Add the code snippet after the initial loop that removes the API key on line 40. +2. Add the function to the **main.go** file. Add the code snippet after the initial loop that removes the API key on + line 40. ```go ok, err := validateKeyIsRemoved(keyName, pc) From 72f28fae19798663e25e042572ef57c911d3a209 Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Tue, 17 Sep 2024 13:52:49 -0700 Subject: [PATCH 6/7] docs: feedback --- .../authentication/api-key/delete-api-key.md | 104 +++++++++++++++--- .../user-management/saml-sso/saml-sso.md | 8 ++ 2 files changed, 96 insertions(+), 16 deletions(-) diff --git a/docs/docs-content/user-management/authentication/api-key/delete-api-key.md b/docs/docs-content/user-management/authentication/api-key/delete-api-key.md index d43c059c92..14b477de6c 100644 --- a/docs/docs-content/user-management/authentication/api-key/delete-api-key.md +++ b/docs/docs-content/user-management/authentication/api-key/delete-api-key.md @@ -99,7 +99,9 @@ learn more about deleting an API key as a tenant admin. ## API -You can use the Palette API with the `https://api.spectrocloud.com/v1/apiKeys/:uid` [endpoint](https://docs.spectrocloud.com/api/v1/v-1-api-keys-uid-delete) and the API key's unique identifier to delete an API key programmatically. +You can use the Palette API with the `https://api.spectrocloud.com/v1/apiKeys/:uid` +[endpoint](https://docs.spectrocloud.com/api/v1/v-1-api-keys-uid-delete) and the API key's unique identifier to delete +an API key programmatically. Use the following steps to learn how to delete an API key. @@ -169,8 +171,8 @@ Use the following steps to learn how to delete an API key. ### Validate -1. Verify the API key is no longer available in Palette by issuing the following command. Replace `API_KEY_VALUE` - with your API key. +1. Verify the API key is no longer available in Palette by issuing the following command. Replace `API_KEY_VALUE` with + your API key. ```shell curl --location 'https://api.spectrocloud.com/v1/apiKeys' \ @@ -219,9 +221,10 @@ You can use the [Palette SDK](../../../automation/palette-sdk/palette-sdk.md) to 4. Open the **main.go** file in your text editor or IDE. -5. Copy and paste the following code snippet into the **main.go** file. +5. Copy and paste the following code snippet into the **main.go** file. Replace the variable `keyName` with the key name + you want to delete. - ```go + ```go {17} package main import ( @@ -238,6 +241,10 @@ You can use the [Palette SDK](../../../automation/palette-sdk/palette-sdk.md) to host := os.Getenv("PALETTE_HOST") // "api.spectrocloud.com" apiKey := os.Getenv("PALETTE_API_KEY") // "your api key" + if host == "" || apiKey == "" { + log.Fatal("Please set PALETTE_HOST and PALETTE_API_KEY environment variables") + } + keyName := "delete-test-key" // "name of the key to delete. Replace as needed" pc := client.New( @@ -275,7 +282,7 @@ You can use the [Palette SDK](../../../automation/palette-sdk/palette-sdk.md) to 7. Start the Go program. ```shell - go run . + go get ./... && go run . ``` ```shell @@ -312,25 +319,90 @@ the API keys again and verifying the API key is no longer available. } ``` -2. Add the function to the **main.go** file. Add the code snippet after the initial loop that removes the API key on line 40. +2. Replace the entire content of the **main.go** file with the following code snippet to include the validation check. ```go - ok, err := validateKeyIsRemoved(keyName, pc) - if err != nil { - log.Fatal("Unable to gather API keys: ", err) - } + package main - if !ok { - log.Fatal("API key is not removed") - } + import ( + "fmt" + "log" + "log/slog" + "os" + + "github.com/spectrocloud/palette-sdk-go/client" + ) + + func main() { + + host := os.Getenv("PALETTE_HOST") // "api.spectrocloud.com" + apiKey := os.Getenv("PALETTE_API_KEY") // "your api key" + + if host == "" || apiKey == "" { + log.Fatal("Please set PALETTE_HOST and PALETTE_API_KEY environment variables") + } + + keyName := "delete-test-key" // "name of the key to delete" + + pc := client.New( + client.WithPaletteURI(host), + client.WithAPIKey(apiKey), + ) + + keys, err := pc.GetAPIKeys() + if err != nil { + log.Fatal("Error getting API keys: ", err) + } - slog.Info("Validation ensured the API key is removed successfully") + for _, key := range keys.Items { + if key.Metadata.Name == keyName { + slog.Info(fmt.Sprintf("API key found. Deleting API key: %s", key.Metadata.Name)) + err := pc.DeleteAPIKey(key.Metadata.UID) + if err != nil { + log.Fatal("Error deleting API key: ", err) + } + slog.Info("API key deleted successfully") + } + + } + + ok, err := validateKeyIsRemoved(keyName, pc) + if err != nil { + log.Fatal("Error validating key is removed: ", err) + } + + if !ok { + log.Fatal("API key is not removed") + } + + slog.Info("Validation ensured the key is removed successfully") + + } + + // validateKeyIsRemoved checks if the key is removed + // returns true if the key is removed, false otherwise + func validateKeyIsRemoved(keyName string, pc *client.V1Client) (bool, error) { + + keys, err := pc.GetAPIKeys() + if err != nil { + log.Fatal("Error getting API keys: ", err) + } + + for _, key := range keys.Items { + if key.Metadata.Name == keyName { + return false, nil + } + } + + return true, nil + + } ``` 3. Start the Go program. ```shell - go run . + go get ./... && go run . ``` ```shell diff --git a/docs/docs-content/user-management/saml-sso/saml-sso.md b/docs/docs-content/user-management/saml-sso/saml-sso.md index 3a4fdcb032..c83c47673e 100644 --- a/docs/docs-content/user-management/saml-sso/saml-sso.md +++ b/docs/docs-content/user-management/saml-sso/saml-sso.md @@ -18,6 +18,14 @@ the following protocols for authentication and authorization. [OAuth 2.0](https://www.rfc-editor.org/rfc/rfc6749), a widely used authorization framework. OIDC supports distributed identity providers and supports social login providers such as Google or GitHub. +## Limitations + +- Palette [API keys](../authentication/api-key/api-key.md) that belong to Palette users removed from the organization + through OIDC/SAML are not automatically removed. We recommend that you remove these keys to ensure that they are no + longer used. You can programmatically remove the API keys using the REST API or the Palette SDK. Check out the + [Delete API Key](../authentication/api-key/delete-api-key.md) page for more information on how to delete an API key + programmatically. + Check out the following resources to enable SSO in Palette with the supported Identity Providers (IDP). ## Resources From 3e2039d103cb369eb31d0045ec990b6cae337b61 Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Tue, 17 Sep 2024 14:07:55 -0700 Subject: [PATCH 7/7] docs: feedback changes --- .../authentication/api-key/api-key.md | 16 ++++++++++++---- .../user-management/saml-sso/saml-sso.md | 18 +++++++++++++----- 2 files changed, 25 insertions(+), 9 deletions(-) diff --git a/docs/docs-content/user-management/authentication/api-key/api-key.md b/docs/docs-content/user-management/authentication/api-key/api-key.md index 3de3a7283d..090a3eaf94 100644 --- a/docs/docs-content/user-management/authentication/api-key/api-key.md +++ b/docs/docs-content/user-management/authentication/api-key/api-key.md @@ -28,10 +28,18 @@ group, any changes to the external user's group membership are reflected the nex ## Limitations -- API keys that belong to Palette users removed from the organization through OIDC/SAML are not automatically removed. - We recommend that you remove these keys to ensure that they are no longer used. You can programmatically remove the - API keys using the REST API or the Palette SDK. Check out the [Delete API Key](./delete-api-key.md) page for more - information on how to delete an API key programmatically. +Palette API keys that belong to Palette users removed from the organization through OIDC/SAML are not automatically +removed. We recommend that you remove these keys to ensure that they are no longer used. You can programmatically remove +the API keys using the REST API or the Palette SDK. Check out the [Delete API Key](./delete-api-key.md) page for more +information on how to delete an API key programmatically. + +:::tip + +Tenant administrators can view all API keys created for the tenant. Users are limited to actions for their own API keys. +To learn more about the API key management tasks you can perform as a tenant administrator, refer to the +[Tenant API Key Management](../../../tenant-settings/api-key-management.md) page. + +::: ## Best Practices diff --git a/docs/docs-content/user-management/saml-sso/saml-sso.md b/docs/docs-content/user-management/saml-sso/saml-sso.md index c83c47673e..f922400fcf 100644 --- a/docs/docs-content/user-management/saml-sso/saml-sso.md +++ b/docs/docs-content/user-management/saml-sso/saml-sso.md @@ -20,11 +20,19 @@ the following protocols for authentication and authorization. ## Limitations -- Palette [API keys](../authentication/api-key/api-key.md) that belong to Palette users removed from the organization - through OIDC/SAML are not automatically removed. We recommend that you remove these keys to ensure that they are no - longer used. You can programmatically remove the API keys using the REST API or the Palette SDK. Check out the - [Delete API Key](../authentication/api-key/delete-api-key.md) page for more information on how to delete an API key - programmatically. +Palette [API keys](../authentication/api-key/api-key.md) that belong to Palette users removed from the organization +through OIDC/SAML are not automatically removed. We recommend that you remove these keys to ensure that they are no +longer used. You can programmatically remove the API keys using the REST API or the Palette SDK. Check out the +[Delete API Key](../authentication/api-key/delete-api-key.md) page for more information on how to delete an API key +programmatically. + +:::tip + +Tenant administrators can view all API keys created for the tenant. Users are limited to actions for their own API keys. +To learn more about the API key management tasks you can perform as a tenant administrator, refer to the +[Tenant API Key Management](../../tenant-settings/api-key-management.md) page. + +::: Check out the following resources to enable SSO in Palette with the supported Identity Providers (IDP).