rename access-key to admin-secret (close #1347) #1540
Conversation
…ers for access key in the server 2) Change X-Hasura-Access-Key to X-Hasura-Admin-Secret everywhere else
1) Change EnvVar HASURA_GRAPHQL_ACCESS_KEY to HASURA_GRAPHQL_ADMIN_SECRET 2) Change flag --access-key to --admin-secret
|
Review app for commit ede9ff4 deployed to Heroku: https://hge-ci-pull-1540.herokuapp.com |
|
Review app for commit 614219e deployed to Heroku: https://hge-ci-pull-1540.herokuapp.com |
ed4fa6b to
9bb863d
Compare
|
Review app for commit 9bb863d deployed to Heroku: https://hge-ci-pull-1540.herokuapp.com |
1) Flags --access-key and --admin-secret 2) EnvVars HASURA_GRAPHQL_ACCESS_KEY and HASURA_GRAPHQL_ADMIN_SECRET
2) Support both --access-key and --admin-secret key flags for admin secret in cli commands
|
Review app for commit 443eae0 deployed to Heroku: https://hge-ci-pull-1540.herokuapp.com |
|
Reviews required from @0x777 @shahidhk @rikinsk and @praveenweb before merging. |
|
@nizar-m - console has to be backwards compatible. Global replace of |
|
Review app for commit 5467900 deployed to Heroku: https://hge-ci-pull-1540.herokuapp.com |
|
Review app for commit 877bd98 deployed to Heroku: https://hge-ci-pull-1540.herokuapp.com |
|
Review app for commit 4af3059 deployed to Heroku: https://hge-ci-pull-1540.herokuapp.com |
|
@shahidhk @praveenweb Are CLI/Console reviews needed? If yes, please do so? |
praveenweb
left a comment
There was a problem hiding this comment.
LGTM.
Sidenote - Existing users who are logged in might be logged out, because of the change in localstorage variables.
|
Review app for commit d2d2fa1 deployed to Heroku: https://hge-ci-pull-1540.herokuapp.com |
|
Review app for commit 1f656e0 deployed to Heroku: https://hge-ci-pull-1540.herokuapp.com |
shahidhk
left a comment
There was a problem hiding this comment.
LGTM on the CLI changes.
Ran a basic sanity check with server, console, and cli to check backwards compatibility.
|
Review app https://hge-ci-pull-1540.herokuapp.com is deleted |
|
Does this means we should add X-Hasura-Admin-Secret to our graphql queries on each client ? I am asking because currently we need to provide X-Hasura-Access-Key on each query headers to make it work, I think it would make sense if we should not provide this at all when querying, as admin-secret is used to access hasura console. Pardon me if it were suggested before. |
|
@rizkyramadhan You should not use AccessKey/AdminSecret to query data from client side. It is your super-admin-master-password. Anyone can wipe out your database if they have access to this key/secret. Setup authentication/access control: https://docs.hasura.io/1.0/graphql/manual/auth/index.html |
Running `build_serialize_roundtrip` on chinook locally I see 181ms -> 54ms which tracks with https://psychic-doodle-372212k.pages.github.io/dev/bench/ so this should be good <!-- The PR description should answer 2 important questions: --> ### What <!-- What is this PR trying to accomplish (and why, if it's not obvious)? --> <!-- Consider: do we need to add a changelog entry? --> <!-- Does this PR introduce new validation that might break old builds? --> <!-- Consider: do we need to put new checks behind a flag? --> ### How <!-- How is it trying to accomplish it (what are the implementation steps)? --> V3_GIT_ORIGIN_REV_ID: 47fba2c5db7dcb0da42ab17132c18ce7f798bebc
<!-- The PR description should answer 2 important questions: --> ### What This was added in #1540 by accident, Cargo ignores it, removing. V3_GIT_ORIGIN_REV_ID: 06546990dc8fd72c57c4700b9d874cc3787c71c4
Description
Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret
What component does this PR affect?
Requires changes from other components? If yes, please mark the components:
Related Issue
#1347
Solution and Design
dev-mode-role-header-access-key.pngandaccess-key-console.pngType
Checklist: