yugabyte · bhupendray-yb · Jan 20, 2025 · Jan 15, 2025 · Jan 20, 2025 · Jan 20, 2025
@@ -98,22 +98,19 @@ func addAllowListNameToApiKeyData(apiKeys *[]ybmclient.ApiKeyData, authApi *ybmA
 	apiKeyOutputList := make([]formatter.ApiKeyDataAllowListInfo, 0)
 
 	// For each API key, fetch the allow list(s) associated with it
-	isApiKeyAllowListEnabled := util.IsFeatureFlagEnabled(util.API_KEY_ALLOW_LIST)
 	for _, apiKey := range *apiKeys {
 		apiKeyId := apiKey.GetInfo().Id
 		allowListsNames := make([]string, 0)
 
-		if isApiKeyAllowListEnabled {
-			allowListIds := apiKey.GetSpec().AllowListInfo
-			if allowListIds != nil && len(*allowListIds) > 0 {
-				apiKeyAllowLists, resp, err := authApi.ListApiKeyNetworkAllowLists(apiKeyId).Execute()
-				if err != nil {
-					logrus.Debugf("Full HTTP response: %v", resp)
-					logrus.Fatalf(ybmAuthClient.GetApiErrorDetails(err))
-				}
-				for _, allowList := range apiKeyAllowLists.GetData() {
-					allowListsNames = append(allowListsNames, allowList.GetSpec().Name)
-				}
+		allowListIds := apiKey.GetSpec().AllowListInfo
+		if allowListIds != nil && len(*allowListIds) > 0 {
+			apiKeyAllowLists, resp, err := authApi.ListApiKeyNetworkAllowLists(apiKeyId).Execute()
+			if err != nil {
+				logrus.Debugf("Full HTTP response: %v", resp)
+				logrus.Fatalf(ybmAuthClient.GetApiErrorDetails(err))
+			}
+			for _, allowList := range apiKeyAllowLists.GetData() {
+				allowListsNames = append(allowListsNames, allowList.GetSpec().Name)
 			}
 		}
 
@@ -197,7 +194,7 @@ var createApiKeyCmd = &cobra.Command{
 			apiKeySpec.SetRoleId(roleId)
 		}
 
-		if util.IsFeatureFlagEnabled(util.API_KEY_ALLOW_LIST) && cmd.Flags().Changed("network-allow-lists") {
+		if cmd.Flags().Changed("network-allow-lists") {
 			allowLists, _ := cmd.Flags().GetString("network-allow-lists")
 
 			allowListNames := strings.Split(allowLists, ",")
@@ -284,9 +281,7 @@ func init() {
 	createApiKeyCmd.MarkFlagRequired("unit")
 	createApiKeyCmd.Flags().String("description", "", "[OPTIONAL] Description of the API Key to be created.")
 
-	if util.IsFeatureFlagEnabled(util.API_KEY_ALLOW_LIST) {
-		createApiKeyCmd.Flags().String("network-allow-lists", "", "[OPTIONAL] The network allow lists(comma separated names) to assign to the API key.")
-	}
+	createApiKeyCmd.Flags().String("network-allow-lists", "", "[OPTIONAL] The network allow lists(comma separated names) to assign to the API key.")
 	createApiKeyCmd.Flags().String("role-name", "", "[OPTIONAL] The name of the role to be assigned to the API Key. If not provided, an Admin API Key will be generated.")
 	createApiKeyCmd.Flags().BoolP("force", "f", false, "Bypass the prompt for non-interactive usage")
 

@@ -43,137 +43,70 @@ var _ = Describe("API Key Management", func() {
 		server.Close()
 	})
 
-	Describe("When listing API keys with allow list FF disabled", func() {
-		It("should hide allow list column", func() {
-			err := loadJson("./test/fixtures/list-api-keys.json", &apiKeyListResponse)
+	Describe("When listing API keys", func() {
+		It("should list api keys", func() {
+			err := loadJson("./test/fixtures/list-api-keys-with-allow-list.json", &apiKeyListResponse)
+			Expect(err).ToNot(HaveOccurred())
+			err = loadJson("./test/fixtures/allow-list.json", &responseNetworkAllowList)
 			Expect(err).ToNot(HaveOccurred())
 
 			server.AppendHandlers(
 				ghttp.CombineHandlers(
 					ghttp.VerifyRequest(http.MethodGet, "/api/public/v1/accounts/340af43a-8a7c-4659-9258-4876fd6a207b/api-keys"),
 					ghttp.RespondWithJSONEncodedPtr(&statusCode, apiKeyListResponse),
 				),
+				ghttp.CombineHandlers(
+					ghttp.VerifyRequest(http.MethodGet, "/api/public/v1/accounts/340af43a-8a7c-4659-9258-4876fd6a207b/projects/78d4459c-0f45-47a5-899a-45ddf43eba6e/allow-lists"),
+					ghttp.RespondWithJSONEncodedPtr(&statusCode, responseNetworkAllowList),
+				),
 			)
-			os.Setenv("YBM_FF_API_KEY_ALLOW_LIST", "false")
+
 			cmd := exec.Command(compiledCLIPath, "api-key", "list")
 			session, err := gexec.Start(cmd, GinkgoWriter, GinkgoWriter)
 
 			Expect(err).NotTo(HaveOccurred())
 			session.Wait(2)
-			Expect(session.Out).Should(gbytes.Say(`Name       Role      Status    Created By    Date Created               Last Used                     Expiration
-apikey-1   Admin     ACTIVE    user@yb.com   2025-01-13T13:55:14.024Z   2025-01-13T14:21:40.713599Z   2099-12-31T00:00Z
-apikey-2   Admin     ACTIVE    user@yb.com   2025-01-08T09:06:35.077Z   Not yet used                  2025-02-07T09:06:35.077071Z`))
+			Expect(session.Out).Should(gbytes.Say(`Name       Role      Status    Created By    Date Created               Last Used                     Expiration                    Allow List
+apikey-1   Admin     ACTIVE    user@yb.com   2025-01-13T13:55:14.024Z   2025-01-13T14:21:40.713599Z   2099-12-31T00:00Z             device-ip-gween
+apikey-2   Admin     ACTIVE    user@yb.com   2025-01-08T09:06:35.077Z   Not yet used                  2025-02-07T09:06:35.077071Z   N/A`))
 			session.Kill()
 		})
+
 	})
 
-	Describe("When listing API keys with allow list FF enabled", func() {
-		It("should show allow list column", func() {
-			err := loadJson("./test/fixtures/list-api-keys-with-allow-list.json", &apiKeyListResponse)
+	Describe("When creating an API key", func() {
+		It("should create API key", func() {
+			err := loadJson("./test/fixtures/get-or-create-api-key.json", &apiKeyResponse)
 			Expect(err).ToNot(HaveOccurred())
 			err = loadJson("./test/fixtures/allow-list.json", &responseNetworkAllowList)
 			Expect(err).ToNot(HaveOccurred())
 
 			server.AppendHandlers(
 				ghttp.CombineHandlers(
-					ghttp.VerifyRequest(http.MethodGet, "/api/public/v1/accounts/340af43a-8a7c-4659-9258-4876fd6a207b/api-keys"),
-					ghttp.RespondWithJSONEncodedPtr(&statusCode, apiKeyListResponse),
+					ghttp.VerifyRequest(http.MethodGet, "/api/public/v1/accounts/340af43a-8a7c-4659-9258-4876fd6a207b/projects/78d4459c-0f45-47a5-899a-45ddf43eba6e/allow-lists"),
+					ghttp.RespondWithJSONEncodedPtr(&statusCode, responseNetworkAllowList),
+				),
+				ghttp.CombineHandlers(
+					ghttp.VerifyRequest(http.MethodPost, "/api/public/v1/accounts/340af43a-8a7c-4659-9258-4876fd6a207b/api-keys"),
+					ghttp.RespondWithJSONEncodedPtr(&statusCode, apiKeyResponse),
 				),
 				ghttp.CombineHandlers(
 					ghttp.VerifyRequest(http.MethodGet, "/api/public/v1/accounts/340af43a-8a7c-4659-9258-4876fd6a207b/projects/78d4459c-0f45-47a5-899a-45ddf43eba6e/allow-lists"),
 					ghttp.RespondWithJSONEncodedPtr(&statusCode, responseNetworkAllowList),
 				),
 			)
 
-			os.Setenv("YBM_FF_API_KEY_ALLOW_LIST", "true")
-			cmd := exec.Command(compiledCLIPath, "api-key", "list")
+			cmd := exec.Command(compiledCLIPath, "api-key", "create", "--name", "apikey-1", "--duration", "30", "--unit", "DAYS", "--network-allow-lists", "device-ip-gween")
 			session, err := gexec.Start(cmd, GinkgoWriter, GinkgoWriter)
 
 			Expect(err).NotTo(HaveOccurred())
 			session.Wait(2)
-			Expect(session.Out).Should(gbytes.Say(`Name       Role      Status    Created By    Date Created               Last Used                     Expiration                    Allow List
-apikey-1   Admin     ACTIVE    user@yb.com   2025-01-13T13:55:14.024Z   2025-01-13T14:21:40.713599Z   2099-12-31T00:00Z             device-ip-gween
-apikey-2   Admin     ACTIVE    user@yb.com   2025-01-08T09:06:35.077Z   Not yet used                  2025-02-07T09:06:35.077071Z   N/A`))
-			session.Kill()
-		})
-
-	})
-
-	Describe("When creating an API key", func() {
-		Context("with allow list feature flag disabled", func() {
-			os.Setenv("YBM_FF_API_KEY_ALLOW_LIST", "false")
-
-			It("should error when passing allow list flag", func() {
-				os.Setenv("YBM_FF_API_KEY_ALLOW_LIST", "false")
-				cmd := exec.Command(compiledCLIPath, "api-key", "create", "--name", "apikey-1", "--duration", "30", "--unit", "DAYS", "--network-allow-lists", "device-ip")
-				session, err := gexec.Start(cmd, GinkgoWriter, GinkgoWriter)
-
-				Expect(err).NotTo(HaveOccurred())
-				session.Wait(2)
-				Expect(session.Err).Should(gbytes.Say(`\bError: unknown flag: --network-allow-lists\b`))
-				session.Kill()
-			})
-
-			It("should create API key", func() {
-				err := loadJson("./test/fixtures/get-or-create-api-key.json", &apiKeyResponse)
-				Expect(err).ToNot(HaveOccurred())
-
-				server.AppendHandlers(
-					ghttp.CombineHandlers(
-						ghttp.VerifyRequest(http.MethodPost, "/api/public/v1/accounts/340af43a-8a7c-4659-9258-4876fd6a207b/api-keys"),
-						ghttp.RespondWithJSONEncodedPtr(&statusCode, apiKeyResponse),
-					),
-				)
-
-				cmd := exec.Command(compiledCLIPath, "api-key", "create", "--name", "apikey-1", "--duration", "30", "--unit", "DAYS")
-				session, err := gexec.Start(cmd, GinkgoWriter, GinkgoWriter)
-
-				Expect(err).NotTo(HaveOccurred())
-				session.Wait(2)
-				Expect(session.Out).Should(gbytes.Say(`Name       Role      Status    Created By   Date Created               Last Used      Expiration
-apikey-1   Admin     ACTIVE    admin        2025-01-13T15:55:55.825Z   Not yet used   2025-02-12T15:55:55.824833Z
-
-API Key: test-jwt`))
-				session.Kill()
-			})
-		})
-
-		Context("with allow list feature flag enabled", func() {
-			It("should create API key", func() {
-				err := loadJson("./test/fixtures/get-or-create-api-key.json", &apiKeyResponse)
-				Expect(err).ToNot(HaveOccurred())
-				err = loadJson("./test/fixtures/allow-list.json", &responseNetworkAllowList)
-				Expect(err).ToNot(HaveOccurred())
-
-				server.AppendHandlers(
-					ghttp.CombineHandlers(
-						ghttp.VerifyRequest(http.MethodGet, "/api/public/v1/accounts/340af43a-8a7c-4659-9258-4876fd6a207b/projects/78d4459c-0f45-47a5-899a-45ddf43eba6e/allow-lists"),
-						ghttp.RespondWithJSONEncodedPtr(&statusCode, responseNetworkAllowList),
-					),
-					ghttp.CombineHandlers(
-						ghttp.VerifyRequest(http.MethodPost, "/api/public/v1/accounts/340af43a-8a7c-4659-9258-4876fd6a207b/api-keys"),
-						ghttp.RespondWithJSONEncodedPtr(&statusCode, apiKeyResponse),
-					),
-					ghttp.CombineHandlers(
-						ghttp.VerifyRequest(http.MethodGet, "/api/public/v1/accounts/340af43a-8a7c-4659-9258-4876fd6a207b/projects/78d4459c-0f45-47a5-899a-45ddf43eba6e/allow-lists"),
-						ghttp.RespondWithJSONEncodedPtr(&statusCode, responseNetworkAllowList),
-					),
-				)
-
-				os.Setenv("YBM_FF_API_KEY_ALLOW_LIST", "true")
-				cmd := exec.Command(compiledCLIPath, "api-key", "create", "--name", "apikey-1", "--duration", "30", "--unit", "DAYS", "--network-allow-lists", "device-ip-gween")
-				session, err := gexec.Start(cmd, GinkgoWriter, GinkgoWriter)
-
-				Expect(err).NotTo(HaveOccurred())
-				session.Wait(2)
-				Expect(session.Out).Should(gbytes.Say(`Name       Role      Status    Created By   Date Created               Last Used      Expiration                    Allow List
+			Expect(session.Out).Should(gbytes.Say(`Name       Role      Status    Created By   Date Created               Last Used      Expiration                    Allow List
 apikey-1   Admin     ACTIVE    admin        2025-01-13T15:55:55.825Z   Not yet used   2025-02-12T15:55:55.824833Z   device-ip-gween
 
 API Key: test-jwt`))
-				session.Kill()
-			})
+			session.Kill()
 		})
-
 	})
 
 	Describe("When revoking an API key", func() {

@@ -35,7 +35,6 @@ const (
 	PITR_RESTORE        FeatureFlag = "PITR_RESTORE"
 	CONNECTION_POOLING  FeatureFlag = "CONNECTION_POOLING"
 	DR                  FeatureFlag = "DR"
-	API_KEY_ALLOW_LIST  FeatureFlag = "API_KEY_ALLOW_LIST"
 )
 
 func (f FeatureFlag) String() string {

@@ -20,13 +20,11 @@ import (
 	"strings"
 
 	"github.com/sirupsen/logrus"
-	"github.com/yugabyte/ybm-cli/cmd/util"
 	ybmclient "github.com/yugabyte/yugabytedb-managed-go-client-internal"
 )
 
 const (
-	defaultApiKeyListing = "table {{.ApiKeyName}}\t{{.ApiKeyRole}}\t{{.ApiKeyStatus}}\t{{.Issuer}}\t{{.CreatedAt}}\t{{.LastUsed}}\t{{.ExpiryTime}}"
-	apiKeyListingV2      = "table {{.ApiKeyName}}\t{{.ApiKeyRole}}\t{{.ApiKeyStatus}}\t{{.Issuer}}\t{{.CreatedAt}}\t{{.LastUsed}}\t{{.ExpiryTime}}\t{{.AllowList}}"
+	defaultApiKeyListing = "table {{.ApiKeyName}}\t{{.ApiKeyRole}}\t{{.ApiKeyStatus}}\t{{.Issuer}}\t{{.CreatedAt}}\t{{.LastUsed}}\t{{.ExpiryTime}}\t{{.AllowList}}"
 	createdAtHeader      = "Date Created"
 	expiryTimeHeader     = "Expiration"
 	apiKeyRoleHeader     = "Role"
@@ -49,9 +47,6 @@ func NewApiKeyFormat(source string) Format {
 	switch source {
 	case "table", "":
 		format := defaultApiKeyListing
-		if util.IsFeatureFlagEnabled(util.API_KEY_ALLOW_LIST) {
-			format = apiKeyListingV2
-		}
 		return Format(format)
 	default: // custom format or json or pretty
 		return Format(source)

@@ -24,7 +24,7 @@ import (
 )
 
 const (
-	defaultNalListing      = "table {{.Name}}\t{{.Desc}}\t{{.AllowedList}}\t{{.Clusters}}"
+	defaultNalListing      = "table {{.Name}}\t{{.Desc}}\t{{.AllowedList}}\t{{.Clusters}}\t{{.ApiKeys}}"
 	networkAllowListHeader = "Allow List"
 )
 
@@ -67,6 +67,7 @@ func NewNetworkAllowListContext() *NetworkAllowListContext {
 		"Clusters":    clustersHeader,
 		"Desc":        descriptionHeader,
 		"Name":        nameHeader,
+		"ApiKeys":     "API keys",
 	}
 	return &nalCtx
 }
@@ -89,6 +90,17 @@ func (c *NetworkAllowListContext) Clusters() string {
 	}
 	return strings.Join(clusterNameList, ",")
 }
+
+func (c *NetworkAllowListContext) ApiKeys() string {
+	var apiKeyNames []string
+	for _, apiKey := range c.c.GetInfo().ApiKeyList {
+		if apiKey.Status != nil && *apiKey.Status == ybmclient.APIKEYSTATUSENUM_ACTIVE {
+			apiKeyNames = append(apiKeyNames, apiKey.Name)
+		}
+	}
+	return strings.Join(apiKeyNames, ",")
+}
+
 func (c *NetworkAllowListContext) MarshalJSON() ([]byte, error) {
 	return json.Marshal(c.c)
 }