New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New type of API key: read-only, but returns check and channel UUIDs #986
Comments
Hello Thomas, can you describe a little more what issue you are hitting with the read-only/full API key schema differences? The idea with the read-only keys is to not return any data that would allow altering the state of the checks. It is meant to be used in low-trust and no-trust environments, for example, for building status dashboards for unauthenticated users. The read-only responses must not contain check UUIDs, because with the knowledge of the UUID anybody could construct the full ping URL and mess with your monitoring. |
Sure, As I mention before, we are using terraform with kristofferahl/healthchecksio for healthchecks.io iac which is suggest by healthchecks.io In our use case, my company will run some custom pipeline for plan and apply terraform. Now only approved engineer can trigger those pipeline since it involve productoin env read-write api key and we dont want other engineer can use this key. However, it make approved engineer always need support other engineer to run the To solve this problem, we hope to allow other engineer use the read-only api key for terraform plan, because they cannot modify any healthchecks.io resource by using read-only api key. By studying the terraform provider and healthchecks.io doc, I found it is impossible. because It missing two information, uuid and channels. So we hope to have a new type of api key, that is read-only but have the same schema with read-write api key, so we can just easily to apply the new type api key to terraform and the problem solve. some poc by using this terraform provider Before test Run terraform plan with read-write api key
Run terraform plan with read-only api key
|
Thanks for the explanation, I think I understand the issue you are facing now. And indeed it looks like a new type of API key would be required here. It's not just a matter of making the schemas of read-write and read-only API responses match. I'm currently not planning to work on this. I will reconsider if I see ongoing interest from multiple paying or would-be-paying users. |
Hi, I am using kristofferahl/healthchecksio with terraform to create healthcheck by terraform. I want engineer can self-plan with read-only api key (giving full permission api key is danger), but the read only api key just give limited information. Can healthchecks have a new feature that provide a read-only api key that have a same schema with full permission api key?
Remark
From the response of “List existing checks”, here are the different between both response
The text was updated successfully, but these errors were encountered: