Skip to content

CLOUDP-298177: Improve apiKey creation examples #3718

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 11, 2025
Merged

CLOUDP-298177: Improve apiKey creation examples #3718

merged 4 commits into from
Mar 11, 2025

Conversation

@cveticm
Copy link
Collaborator

@cveticm cveticm commented Mar 10, 2025

Proposed changes

Adds example to atlas projects apiKeys create outlining how to use the command with multiple lesser privilege roles.

Allowing for UI role names has not been implemented now that linked documentation explicits the mapping of role names across UI and CLI/API/etc.

Jira ticket: CLOUDP-298177

Checklist

  • I have signed the MongoDB CLA
  • I have added tests that prove my fix is effective or that my feature works
  • I have added any necessary documentation in document requirements section listed in CONTRIBUTING.md (if appropriate)
  • I have addressed the @mongodb/docs-cloud-team comments (if appropriate)
  • I have updated test/README.md (if an e2e test has been added)
  • I have run make fmt and formatted my code

@cveticm cveticm requested review from a team as code owners March 10, 2025 15:55
@github-actions github-actions bot added need-doc-review Improvements or additions to documentation, will be reviewed by the docs team atlascli labels Mar 10, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Mar 10, 2025

APIx Bot :bowtie:: a message has been sent to Docs Slack channel 🚀.

@cveticm cveticm requested review from a team and removed request for a team March 10, 2025 15:58
gssbzn
gssbzn reviewed Mar 10, 2025
View reviewed changes
gssbzn
gssbzn reviewed Mar 10, 2025
View reviewed changes
gssbzn
gssbzn reviewed Mar 11, 2025
View reviewed changes
gssbzn
gssbzn reviewed Mar 11, 2025
View reviewed changes
internal/cli/projects/apikeys/create.go Outdated
# Create an organization API key with the GROUP_SEARCH_INDEX_EDITOR and GROUP_DATABASE_ACCESS_ADMIN roles and assign it to the project with ID 5e2211c17a3e5a48f5497de3:
atlas projects apiKeys create --desc "My API key" --projectId 5e1234c17a3e5a48f5497de3 --role GROUP_SEARCH_INDEX_EDITOR,GROUP_DATABASE_ACCESS_ADMIN --output json`,
# Create an organization API key with the ORG_OWNER and GROUP_SEARCH_INDEX_EDITOR roles and assign it to the project with ID 5e2211c17a3e5a48f5497de3:
atlas projects apiKeys create --desc "My API key" --projectId 5e1234c17a3e5a48f5497de3 --role ORG_OWNER,GROUP_SEARCH_INDEX_EDITOR --output json`,
Copy link
Contributor

@gssbzn gssbzn Mar 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the problem with this example is this text

you must authenticate with a user account or an API key with the Project User Admin role.

to be able to add org roles the user needs to have Org user admin

Copy link
Collaborator Author

@cveticm cveticm Mar 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, understood. In that case I'll revert the example to only project roles and specify this requirement in the description.

gssbzn
gssbzn reviewed Mar 11, 2025
View reviewed changes
internal/cli/projects/apikeys/create.go Outdated
Use: "create",
Short: "Create an organization API key and assign it to your project.",
Long: `MongoDB returns the private API key only once. After you run this command, immediately copy, save, and secure both the public and private API keys.
By default, the specified project's parent organization will be assigned as organization member. You must authenicate with a user account or API key with the Organization User Admin role to set organization roles.
Copy link
Contributor

@gssbzn gssbzn Mar 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think for consistency

You must authenticate with a user account or API key with the Organization User Admin role to set organization roles

should go after the required role, (also typo in "authenicate"`)

gssbzn
gssbzn reviewed Mar 11, 2025
View reviewed changes
internal/cli/projects/apikeys/create.go Outdated
Comment on lines 73 to 75
By default, the specified project's parent organization will be assigned as organization member. You must authenicate with a user account or API key with the Organization User Admin role to set organization roles.
` + fmt.Sprintf(usage.RequiredRole, "Project User Admin"),
Copy link
Contributor

@gssbzn gssbzn Mar 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
By default, the specified project's parent organization will be assigned as organization member. You must authenicate with a user account or API key with the Organization User Admin role to set organization roles.
` + fmt.Sprintf(usage.RequiredRole, "Project User Admin"),
If you don't provide an organization level role the API Key defaults to organization member of the project parent organization.
To use this command, you must authenticate with a user account or an API key with the Project User Admin role or Organization User Admin to manage organization level roles.`,

Copy link
Contributor

@gssbzn gssbzn Mar 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe? this command help is hard

Copy link
Collaborator Author

@cveticm cveticm Mar 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added with small amendment to second phrase to fit in with usage.RequiredOneOfRoles phrasing.
Is now To use this command, you must authenticate with a user account or an API key with any of the following roles: Project User Admin or Organization User Admin to manage organization level roles.

@cveticm cveticm force-pushed the CLOUDP-298177_improve_api_key_roles_ux branch from b72e77e to 8c8e074 Compare March 11, 2025 14:38
gssbzn
gssbzn approved these changes Mar 11, 2025
View reviewed changes
Copy link
Contributor

@gssbzn gssbzn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thanks for iterating with me over this

@github-actions
Copy link
Contributor

github-actions bot commented Mar 11, 2025

Coverage Report 📉

Branch Commit Coverage
master 10b04b1 %
CLOUDP-298177_improve_api_key_roles_ux 8c8e074 37.9%
Difference %

@cveticm cveticm merged commit 482d470 into master Mar 11, 2025
20 of 22 checks passed
@cveticm cveticm deleted the CLOUDP-298177_improve_api_key_roles_ux branch March 11, 2025 15:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gssbzn gssbzn gssbzn approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

atlascli need-doc-review Improvements or additions to documentation, will be reviewed by the docs team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cveticm @gssbzn