-
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat:Add /studio/v1/secrets
endpoint for managing secrets in AI21 Studio API
#78
Conversation
WalkthroughThe changes introduce a new endpoint Changes
Possibly related PRs
Suggested reviewers
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
/studio/v1/secrets
endpoint for managing secrets in AI21 Studio API
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 4
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
⛔ Files ignored due to path filters (16)
src/libs/AI21/Generated/AI21.Ai21Api.g.cs
is excluded by!**/generated/**
src/libs/AI21/Generated/AI21.IAi21Api.g.cs
is excluded by!**/generated/**
src/libs/AI21/Generated/AI21.ISecretsClient.V1SecretStorage.g.cs
is excluded by!**/generated/**
src/libs/AI21/Generated/AI21.ISecretsClient.V1SecretStorage2.g.cs
is excluded by!**/generated/**
src/libs/AI21/Generated/AI21.ISecretsClient.V1SecretStorage3.g.cs
is excluded by!**/generated/**
src/libs/AI21/Generated/AI21.ISecretsClient.g.cs
is excluded by!**/generated/**
src/libs/AI21/Generated/AI21.Models.V1SecretStorageResponse.Json.g.cs
is excluded by!**/generated/**
src/libs/AI21/Generated/AI21.Models.V1SecretStorageResponse.g.cs
is excluded by!**/generated/**
src/libs/AI21/Generated/AI21.Models.V1SecretStorageResponse2.Json.g.cs
is excluded by!**/generated/**
src/libs/AI21/Generated/AI21.Models.V1SecretStorageResponse2.g.cs
is excluded by!**/generated/**
src/libs/AI21/Generated/AI21.Models.V1SecretStorageResponse3.Json.g.cs
is excluded by!**/generated/**
src/libs/AI21/Generated/AI21.Models.V1SecretStorageResponse3.g.cs
is excluded by!**/generated/**
src/libs/AI21/Generated/AI21.SecretsClient.V1SecretStorage.g.cs
is excluded by!**/generated/**
src/libs/AI21/Generated/AI21.SecretsClient.V1SecretStorage2.g.cs
is excluded by!**/generated/**
src/libs/AI21/Generated/AI21.SecretsClient.V1SecretStorage3.g.cs
is excluded by!**/generated/**
src/libs/AI21/Generated/AI21.SecretsClient.g.cs
is excluded by!**/generated/**
📒 Files selected for processing (1)
src/libs/AI21/openapi.yaml
(1 hunks)
delete: | ||
tags: | ||
- Secrets | ||
summary: Delete Secret | ||
operationId: v1_secret_storage | ||
parameters: | ||
- name: secret_name | ||
in: query | ||
required: true | ||
schema: | ||
title: Secret Name | ||
type: string | ||
- name: request_start_time | ||
in: query | ||
schema: | ||
title: Request Start Time | ||
type: integer | ||
default: '1730898900272' | ||
responses: | ||
'200': | ||
description: Successful Response | ||
content: | ||
application/json: | ||
schema: { } | ||
'422': | ||
description: Validation Error | ||
content: | ||
application/json: | ||
schema: | ||
$ref: '#/components/schemas/HTTPValidationError' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Improve DELETE operation design
The current DELETE operation design can be improved:
- Resource identifier (secret_name) should be in the path, not query
- Missing appropriate status codes for different scenarios
Implement these improvements:
- /studio/v1/secrets:
+ /studio/v1/secrets/{secret_name}:
delete:
tags:
- Secrets
summary: Delete Secret
operationId: v1_secret_storage
parameters:
- - name: secret_name
- in: query
+ - name: secret_name
+ in: path
required: true
schema:
title: Secret Name
type: string
responses:
'200':
description: Successful Response
+ content:
+ application/json:
+ schema:
+ type: object
+ required:
+ - status
+ properties:
+ status:
+ type: string
+ enum: [success]
+ '404':
+ description: Secret not found
+ content:
+ application/json:
+ schema:
+ type: object
+ required:
+ - error
+ properties:
+ error:
+ type: string
+ enum: [secret_not_found]
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
delete: | |
tags: | |
- Secrets | |
summary: Delete Secret | |
operationId: v1_secret_storage | |
parameters: | |
- name: secret_name | |
in: query | |
required: true | |
schema: | |
title: Secret Name | |
type: string | |
- name: request_start_time | |
in: query | |
schema: | |
title: Request Start Time | |
type: integer | |
default: '1730898900272' | |
responses: | |
'200': | |
description: Successful Response | |
content: | |
application/json: | |
schema: { } | |
'422': | |
description: Validation Error | |
content: | |
application/json: | |
schema: | |
$ref: '#/components/schemas/HTTPValidationError' | |
delete: | |
tags: | |
- Secrets | |
summary: Delete Secret | |
operationId: v1_secret_storage | |
parameters: | |
- name: secret_name | |
in: path | |
required: true | |
schema: | |
title: Secret Name | |
type: string | |
- name: request_start_time | |
in: query | |
schema: | |
title: Request Start Time | |
type: integer | |
default: '1730898900272' | |
responses: | |
'200': | |
description: Successful Response | |
content: | |
application/json: | |
schema: | |
type: object | |
required: | |
- status | |
properties: | |
status: | |
type: string | |
enum: [success] | |
'404': | |
description: Secret not found | |
content: | |
application/json: | |
schema: | |
type: object | |
required: | |
- error | |
properties: | |
error: | |
type: string | |
enum: [secret_not_found] | |
'422': | |
description: Validation Error | |
content: | |
application/json: | |
schema: | |
$ref: '#/components/schemas/HTTPValidationError' |
post: | ||
tags: | ||
- Secrets | ||
summary: Save Secret | ||
operationId: v1_secret_storage | ||
parameters: | ||
- name: secret_name | ||
in: query | ||
required: true | ||
schema: | ||
title: Secret Name | ||
type: string | ||
- name: secret_value | ||
in: query | ||
required: true | ||
schema: | ||
title: Secret Value | ||
type: string | ||
- name: request_start_time | ||
in: query | ||
schema: | ||
title: Request Start Time | ||
type: integer | ||
default: '1730898900272' | ||
responses: | ||
'200': | ||
description: Successful Response | ||
content: | ||
application/json: | ||
schema: { } | ||
'422': | ||
description: Validation Error | ||
content: | ||
application/json: | ||
schema: | ||
$ref: '#/components/schemas/HTTPValidationError' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security issues in POST operation design
Critical security concerns in the secret creation endpoint:
- Secret values are exposed in query parameters, which:
- Appear in server logs
- Are visible in browser history
- May be cached by proxies
- Missing validation rules for secret names and values
Implement these security improvements:
post:
tags:
- Secrets
summary: Save Secret
operationId: v1_secret_storage
- parameters:
- - name: secret_name
- in: query
- required: true
- schema:
- title: Secret Name
- type: string
- - name: secret_value
- in: query
- required: true
- schema:
- title: Secret Value
- type: string
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ required:
+ - name
+ - value
+ properties:
+ name:
+ type: string
+ pattern: ^[a-zA-Z][a-zA-Z0-9_-]{1,64}$
+ description: Secret name must start with a letter and contain only alphanumeric characters, underscores, and hyphens
+ value:
+ type: string
+ maxLength: 4096
+ description: Secret value with maximum length of 4KB
+ description:
+ type: string
+ maxLength: 1024
+ description: Optional description of the secret
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
post: | |
tags: | |
- Secrets | |
summary: Save Secret | |
operationId: v1_secret_storage | |
parameters: | |
- name: secret_name | |
in: query | |
required: true | |
schema: | |
title: Secret Name | |
type: string | |
- name: secret_value | |
in: query | |
required: true | |
schema: | |
title: Secret Value | |
type: string | |
- name: request_start_time | |
in: query | |
schema: | |
title: Request Start Time | |
type: integer | |
default: '1730898900272' | |
responses: | |
'200': | |
description: Successful Response | |
content: | |
application/json: | |
schema: { } | |
'422': | |
description: Validation Error | |
content: | |
application/json: | |
schema: | |
$ref: '#/components/schemas/HTTPValidationError' | |
post: | |
tags: | |
- Secrets | |
summary: Save Secret | |
operationId: v1_secret_storage | |
requestBody: | |
required: true | |
content: | |
application/json: | |
schema: | |
type: object | |
required: | |
- name | |
- value | |
properties: | |
name: | |
type: string | |
pattern: ^[a-zA-Z][a-zA-Z0-9_-]{1,64}$ | |
description: Secret name must start with a letter and contain only alphanumeric characters, underscores, and hyphens | |
value: | |
type: string | |
maxLength: 4096 | |
description: Secret value with maximum length of 4KB | |
description: | |
type: string | |
maxLength: 1024 | |
description: Optional description of the secret | |
responses: | |
'200': | |
description: Successful Response | |
content: | |
application/json: | |
schema: { } | |
'422': | |
description: Validation Error | |
content: | |
application/json: | |
schema: | |
$ref: '#/components/schemas/HTTPValidationError' |
get: | ||
tags: | ||
- Secrets | ||
summary: Get Secret List | ||
operationId: v1_secret_storage | ||
parameters: | ||
- name: request_start_time | ||
in: query | ||
schema: | ||
title: Request Start Time | ||
type: integer | ||
default: '1730898900272' | ||
responses: | ||
'200': | ||
description: Successful Response | ||
content: | ||
application/json: | ||
schema: { } | ||
'422': | ||
description: Validation Error | ||
content: | ||
application/json: | ||
schema: | ||
$ref: '#/components/schemas/HTTPValidationError' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Enhance GET operation with pagination and filtering
The GET operation for listing secrets lacks essential features for managing large sets of secrets:
- No pagination support
- No filtering capabilities
- No sorting options
Add pagination and filtering parameters:
get:
tags:
- Secrets
summary: Get Secret List
operationId: v1_secret_storage
parameters:
- name: request_start_time
in: query
schema:
title: Request Start Time
type: integer
default: '1730898900272'
+ - name: limit
+ in: query
+ schema:
+ type: integer
+ minimum: 1
+ maximum: 100
+ default: 20
+ description: Maximum number of secrets to return
+ - name: offset
+ in: query
+ schema:
+ type: integer
+ minimum: 0
+ default: 0
+ description: Number of secrets to skip
+ - name: name_prefix
+ in: query
+ schema:
+ type: string
+ description: Filter secrets by name prefix
+ - name: sort
+ in: query
+ schema:
+ type: string
+ enum: [name_asc, name_desc, created_at_asc, created_at_desc]
+ default: name_asc
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
get: | |
tags: | |
- Secrets | |
summary: Get Secret List | |
operationId: v1_secret_storage | |
parameters: | |
- name: request_start_time | |
in: query | |
schema: | |
title: Request Start Time | |
type: integer | |
default: '1730898900272' | |
responses: | |
'200': | |
description: Successful Response | |
content: | |
application/json: | |
schema: { } | |
'422': | |
description: Validation Error | |
content: | |
application/json: | |
schema: | |
$ref: '#/components/schemas/HTTPValidationError' | |
get: | |
tags: | |
- Secrets | |
summary: Get Secret List | |
operationId: v1_secret_storage | |
parameters: | |
- name: request_start_time | |
in: query | |
schema: | |
title: Request Start Time | |
type: integer | |
default: '1730898900272' | |
- name: limit | |
in: query | |
schema: | |
type: integer | |
minimum: 1 | |
maximum: 100 | |
default: 20 | |
description: Maximum number of secrets to return | |
- name: offset | |
in: query | |
schema: | |
type: integer | |
minimum: 0 | |
default: 0 | |
description: Number of secrets to skip | |
- name: name_prefix | |
in: query | |
schema: | |
type: string | |
description: Filter secrets by name prefix | |
- name: sort | |
in: query | |
schema: | |
type: string | |
enum: [name_asc, name_desc, created_at_asc, created_at_desc] | |
default: name_asc | |
responses: | |
'200': | |
description: Successful Response | |
content: | |
application/json: | |
schema: { } | |
'422': | |
description: Validation Error | |
content: | |
application/json: | |
schema: | |
$ref: '#/components/schemas/HTTPValidationError' |
/studio/v1/secrets: | ||
get: | ||
tags: | ||
- Secrets | ||
summary: Get Secret List | ||
operationId: v1_secret_storage | ||
parameters: | ||
- name: request_start_time | ||
in: query | ||
schema: | ||
title: Request Start Time | ||
type: integer | ||
default: '1730898900272' | ||
responses: | ||
'200': | ||
description: Successful Response | ||
content: | ||
application/json: | ||
schema: { } | ||
'422': | ||
description: Validation Error | ||
content: | ||
application/json: | ||
schema: | ||
$ref: '#/components/schemas/HTTPValidationError' | ||
post: | ||
tags: | ||
- Secrets | ||
summary: Save Secret | ||
operationId: v1_secret_storage | ||
parameters: | ||
- name: secret_name | ||
in: query | ||
required: true | ||
schema: | ||
title: Secret Name | ||
type: string | ||
- name: secret_value | ||
in: query | ||
required: true | ||
schema: | ||
title: Secret Value | ||
type: string | ||
- name: request_start_time | ||
in: query | ||
schema: | ||
title: Request Start Time | ||
type: integer | ||
default: '1730898900272' | ||
responses: | ||
'200': | ||
description: Successful Response | ||
content: | ||
application/json: | ||
schema: { } | ||
'422': | ||
description: Validation Error | ||
content: | ||
application/json: | ||
schema: | ||
$ref: '#/components/schemas/HTTPValidationError' | ||
delete: | ||
tags: | ||
- Secrets | ||
summary: Delete Secret | ||
operationId: v1_secret_storage | ||
parameters: | ||
- name: secret_name | ||
in: query | ||
required: true | ||
schema: | ||
title: Secret Name | ||
type: string | ||
- name: request_start_time | ||
in: query | ||
schema: | ||
title: Request Start Time | ||
type: integer | ||
default: '1730898900272' | ||
responses: | ||
'200': | ||
description: Successful Response | ||
content: | ||
application/json: | ||
schema: { } | ||
'422': | ||
description: Validation Error | ||
content: | ||
application/json: | ||
schema: | ||
$ref: '#/components/schemas/HTTPValidationError' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Critical issues in the secrets management endpoint specification
Several issues need to be addressed in the secrets management endpoint:
- Using the same
operationId
('v1_secret_storage') for different operations will cause issues with code generation tools. Each operation should have a unique identifier. - Success responses are defined with empty schemas (
schema: {}
), which could lead to inconsistent implementations. - Missing operation descriptions and examples make the API harder to understand and use.
Apply these changes to improve the specification:
/studio/v1/secrets:
get:
tags:
- Secrets
summary: Get Secret List
- operationId: v1_secret_storage
+ operationId: v1_list_secrets
+ description: Retrieve a list of secret names available in the organization.
# ... parameters ...
responses:
'200':
description: Successful Response
content:
application/json:
schema:
+ type: object
+ required:
+ - secrets
+ properties:
+ secrets:
+ type: array
+ items:
+ type: string
+ description: List of secret names
post:
tags:
- Secrets
summary: Save Secret
- operationId: v1_secret_storage
+ operationId: v1_create_secret
+ description: Create or update a secret with the specified name and value.
# ... parameters ...
responses:
'200':
description: Successful Response
content:
application/json:
schema:
+ type: object
+ required:
+ - status
+ properties:
+ status:
+ type: string
+ enum: [success]
delete:
tags:
- Secrets
summary: Delete Secret
- operationId: v1_secret_storage
+ operationId: v1_delete_secret
+ description: Delete a secret by its name.
# ... parameters ...
responses:
'200':
description: Successful Response
content:
application/json:
schema:
+ type: object
+ required:
+ - status
+ properties:
+ status:
+ type: string
+ enum: [success]
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
/studio/v1/secrets: | |
get: | |
tags: | |
- Secrets | |
summary: Get Secret List | |
operationId: v1_secret_storage | |
parameters: | |
- name: request_start_time | |
in: query | |
schema: | |
title: Request Start Time | |
type: integer | |
default: '1730898900272' | |
responses: | |
'200': | |
description: Successful Response | |
content: | |
application/json: | |
schema: { } | |
'422': | |
description: Validation Error | |
content: | |
application/json: | |
schema: | |
$ref: '#/components/schemas/HTTPValidationError' | |
post: | |
tags: | |
- Secrets | |
summary: Save Secret | |
operationId: v1_secret_storage | |
parameters: | |
- name: secret_name | |
in: query | |
required: true | |
schema: | |
title: Secret Name | |
type: string | |
- name: secret_value | |
in: query | |
required: true | |
schema: | |
title: Secret Value | |
type: string | |
- name: request_start_time | |
in: query | |
schema: | |
title: Request Start Time | |
type: integer | |
default: '1730898900272' | |
responses: | |
'200': | |
description: Successful Response | |
content: | |
application/json: | |
schema: { } | |
'422': | |
description: Validation Error | |
content: | |
application/json: | |
schema: | |
$ref: '#/components/schemas/HTTPValidationError' | |
delete: | |
tags: | |
- Secrets | |
summary: Delete Secret | |
operationId: v1_secret_storage | |
parameters: | |
- name: secret_name | |
in: query | |
required: true | |
schema: | |
title: Secret Name | |
type: string | |
- name: request_start_time | |
in: query | |
schema: | |
title: Request Start Time | |
type: integer | |
default: '1730898900272' | |
responses: | |
'200': | |
description: Successful Response | |
content: | |
application/json: | |
schema: { } | |
'422': | |
description: Validation Error | |
content: | |
application/json: | |
schema: | |
$ref: '#/components/schemas/HTTPValidationError' | |
/studio/v1/secrets: | |
get: | |
tags: | |
- Secrets | |
summary: Get Secret List | |
operationId: v1_list_secrets | |
description: Retrieve a list of secret names available in the organization. | |
parameters: | |
- name: request_start_time | |
in: query | |
schema: | |
title: Request Start Time | |
type: integer | |
default: '1730898900272' | |
responses: | |
'200': | |
description: Successful Response | |
content: | |
application/json: | |
schema: | |
type: object | |
required: | |
- secrets | |
properties: | |
secrets: | |
type: array | |
items: | |
type: string | |
description: List of secret names | |
'422': | |
description: Validation Error | |
content: | |
application/json: | |
schema: | |
$ref: '#/components/schemas/HTTPValidationError' | |
post: | |
tags: | |
- Secrets | |
summary: Save Secret | |
operationId: v1_create_secret | |
description: Create or update a secret with the specified name and value. | |
parameters: | |
- name: secret_name | |
in: query | |
required: true | |
schema: | |
title: Secret Name | |
type: string | |
- name: secret_value | |
in: query | |
required: true | |
schema: | |
title: Secret Value | |
type: string | |
- name: request_start_time | |
in: query | |
schema: | |
title: Request Start Time | |
type: integer | |
default: '1730898900272' | |
responses: | |
'200': | |
description: Successful Response | |
content: | |
application/json: | |
schema: | |
type: object | |
required: | |
- status | |
properties: | |
status: | |
type: string | |
enum: [success] | |
'422': | |
description: Validation Error | |
content: | |
application/json: | |
schema: | |
$ref: '#/components/schemas/HTTPValidationError' | |
delete: | |
tags: | |
- Secrets | |
summary: Delete Secret | |
operationId: v1_delete_secret | |
description: Delete a secret by its name. | |
parameters: | |
- name: secret_name | |
in: query | |
required: true | |
schema: | |
title: Secret Name | |
type: string | |
- name: request_start_time | |
in: query | |
schema: | |
title: Request Start Time | |
type: integer | |
default: '1730898900272' | |
responses: | |
'200': | |
description: Successful Response | |
content: | |
application/json: | |
schema: | |
type: object | |
required: | |
- status | |
properties: | |
status: | |
type: string | |
enum: [success] | |
'422': | |
description: Validation Error | |
content: | |
application/json: | |
schema: | |
$ref: '#/components/schemas/HTTPValidationError' |
Summary by CodeRabbit
New Features
GET
,POST
, andDELETE
requests to handle secret management tasks effectively.Bug Fixes