Rake api_key:get broken

Well, an install failed (my install script gets an API key so that it can set the mailgun_api_key). I checked too on my local dev instance.

$ rake api_key:get
rake aborted!
NoMethodError: undefined method `create_master_key' for ApiKey (call 'ApiKey.connection' to establish a connection):Class
Did you mean?  create_with
/home/pfaffman/src/discourse/lib/tasks/api.rake:5:in `block in <main>'
Tasks: TOP => api_key:get
(See full trace by running task with --trace)

It’s this commit. @david

Here’s PR: FIX: create_master_key got renamed by pfaffman · Pull Request #8325 · discourse/discourse · GitHub

Thanks @pfaffman, I’ve made a comment on the PR

Just checking - this is your personal script, not the standard install script?

Yes! This didn’t break a normal install, just the piece of my post-install stuff that needs an API key to set the mailgun_api_key.

I suspect that few people use this rake task.

1 Like

:+1: out of interest, do you clear up the api key when you’re done? You may have noticed I’ve made a lot of changes recently so that we keep better track of API keys. We’re trying to reduce “unused” api keys being left as potential security holes.

If this is running on the server, maybe you could use ruby to set the site setting, rather than generating and using an api key?

Oh! I think it would be better to not change the key if it already exists or to have a create_if_not_exists task. It’s very handy to be able to get the existing key with a rake task without having to change it and break anything that uses the key.

A few places in my Ansible tooling, if I don’t have the API key, I call that rake task to get the existing one, like

- name: Get api key
  block:
    - shell: docker exec -w /var/www/discourse -i {{ discourse_yml }}  rake api_key:get
      register: get_api_key

    - set_fact:
        discourse_api_key: "{{ get_api_key.stdout }}"

  when: discourse_api_key is not defined

I guess the only time that it’s really required to get it this way is when I’m doing a clean install. (For existing sites I have the API key in the vars for that site.)

I suppose with the new way that keys are handled I could delete the key when I was done or, say, somehow change site settings by running a rails script inside the container?

One change I made is that you can now have multiple keys per user (or multiple ‘master keys’). That means that every integration can be given it’s own key, and they can be audited/revoked/deleted separately. So in your case, you could create a key with the description “pfaffman’s setup tooling”. Then site admins know what it’s for, and can revoke/delete when it’s no longer needed.

As for how that translates to a rake task… I’m not sure. Maybe we could have a task that was api:get_or_create "my key description" :thinking:

Would that work for your case @pfaffman?

3 Likes

Sure! I think that would be just great.

How’s this?

rake api_key:get_or_create_master["Onboarding Key"]

If there are no objections I’ll merge it in a few hours

2 Likes

Looks good to me! And my playbook was still up in my editor, so I’m already committed. :slight_smile:

2 Likes

Merged in

3 Likes

This topic was automatically closed after 2 days. New replies are no longer allowed.