Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

APP-7002: Implement “DeleteOAuthApplication” CLI command #4648

Open
wants to merge 9 commits into
base: main
Choose a base branch
from

Conversation

gloriacai01
Copy link
Member

@gloriacai01 gloriacai01 commented Dec 19, 2024

Ticket

CLI run with deletion confirmation message:
Screenshot 2024-12-19 at 5 37 32 PM

@viambot viambot added the safe to test This pull request is marked safe to test from a trusted zone label Dec 19, 2024
@viambot viambot added safe to test This pull request is marked safe to test from a trusted zone and removed safe to test This pull request is marked safe to test from a trusted zone labels Dec 19, 2024
@viambot viambot added safe to test This pull request is marked safe to test from a trusted zone and removed safe to test This pull request is marked safe to test from a trusted zone labels Dec 19, 2024
@gloriacai01 gloriacai01 marked this pull request as ready for review December 19, 2024 18:05
@gloriacai01 gloriacai01 requested a review from a team as a code owner December 19, 2024 18:05
cli/app.go Outdated
&cli.StringFlag{
Name: authApplicationFlagClientID,
Required: true,
Usage: "ID of the application to delete",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Usage: "ID of the application to delete",
Usage: "client ID of the OAuth application to delete",

cli/client.go Outdated
ClientID string
}

// DeleteOAuthAppAction is the corresponding action for 'auth-service update'.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// DeleteOAuthAppAction is the corresponding action for 'auth-service update'.
// DeleteOAuthAppAction is the corresponding action for 'auth-service delete'.

cli/client.go Outdated
return err
}

printf(cCtx.App.Writer, "Successfully deleted oauth application")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
printf(cCtx.App.Writer, "Successfully deleted oauth application")
printf(cCtx.App.Writer, "Successfully deleted OAuth application")

Copy link
Member

@maxhorowitz maxhorowitz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey, sorry that this wasn't documented on the ticket, but I was hoping for a CLI user to need to "confirm" their decision to delete an OAuth app. The reason is that once an OAuth application is deleted, any web apps / mobile apps with the client ID and client secret hardcoded in their middleware will no longer be able to authenticate users.

@stuqdog is there an easy way for us to provide a NOTE: Deleting an OAuth application that is in use will ... _(explaining what the possible repercussions could be)_ to the user as an extra safety layer? I think this is essential to the PR.

@viambot viambot added safe to test This pull request is marked safe to test from a trusted zone and removed safe to test This pull request is marked safe to test from a trusted zone labels Dec 19, 2024
@viambot viambot added safe to test This pull request is marked safe to test from a trusted zone and removed safe to test This pull request is marked safe to test from a trusted zone labels Dec 19, 2024
@viambot viambot added safe to test This pull request is marked safe to test from a trusted zone and removed safe to test This pull request is marked safe to test from a trusted zone labels Dec 19, 2024
@viambot viambot added safe to test This pull request is marked safe to test from a trusted zone and removed safe to test This pull request is marked safe to test from a trusted zone labels Dec 20, 2024
Copy link
Member

@purplenicole730 purplenicole730 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Everything looks good, just want to confirm what the users will see

{
Name: "delete",
Usage: "delete an OAuth application",
UsageText: createUsageText("delete", []string{generalFlagOrgID, authApplicationFlagClientID}, true),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please provide an image in the description of what this looks like so that it's easy for us to check what this looks like in the end

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, never mind! I didn't know what UsageText was and thought this was Usage. Looks good!

@stuqdog
Copy link
Member

stuqdog commented Dec 23, 2024

Hey, sorry that this wasn't documented on the ticket, but I was hoping for a CLI user to need to "confirm" their decision to delete an OAuth app. The reason is that once an OAuth application is deleted, any web apps / mobile apps with the client ID and client secret hardcoded in their middleware will no longer be able to authenticate users.

@stuqdog is there an easy way for us to provide a NOTE: Deleting an OAuth application that is in use will ... _(explaining what the possible repercussions could be)_ to the user as an extra safety layer? I think this is essential to the PR.

Hey sorry, missed this somehow! But I think the solution y'all landed on looks good.

@jr22 jr22 removed the request for review from maxhorowitz December 30, 2024 16:28
@jr22 jr22 dismissed maxhorowitz’s stale review December 30, 2024 16:29

max is OOO so dismissing the rereq to keep this ticket moving

@jr22 jr22 self-requested a review December 30, 2024 16:29
cli/client.go Outdated
printf(c.App.Writer, yellow, fmt.Sprintf("You are trying to delete an OAuth application with client ID %s. "+
"Once deleted, any existing apps that rely on this OAuth application will no longer be able to authenticate users.\n", args.ClientID))
printf(c.App.Writer, yellow, "Do you want to continue?")
printf(c.App.Writer, "Continue: y/n")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instead of y/n can we make the user type out delete or confirm the client id? sorry to be pedantic but i worry a one key deletion is too easy and i want to be super sure the user doesnt do this by accident

@viambot viambot added safe to test This pull request is marked safe to test from a trusted zone and removed safe to test This pull request is marked safe to test from a trusted zone labels Dec 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
safe to test This pull request is marked safe to test from a trusted zone
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants