Issue #3117: jwt_secret field in the API is confusing - Pulp

Actions

Send by e-mail Copy link

Issue #3117

closed

jwt_secret field in the API is confusing

Added by daviddavis over 6 years ago. Updated almost 5 years ago.

Status:

CLOSED - WONTFIX

Priority:

Normal

Assignee:

Category:

Sprint/Milestone:

3.0.0

Start date:

Due date:

Estimated time:

Severity:

2. Medium

Version:

Platform Release:

OS:

Triaged:

Yes

Groomed:

Sprint Candidate:

Tags:

Sprint:

Quarter:

Description

bizhang and I were a bit confused about how the jwt_secret is functioning in the API. It looks like if JWT_ALLOW_SETTING_USER_SECRET is true and DEBUG is true, I can view the field in the API for users. However, if DEBUG is false, I can never view the field. And also, if JWT_ALLOW_SETTING_USER_SECRET is true, I can write to the field regardless of what DEBUG is.

I wonder if (A) we can simplify this logic by eliminating the separate code path around DEBUG. I think this is also beneficial for testing purposes. And (B) I am wondering if the behavior around being able to write jwt_secret but not view it is intentional/correct.

I think this may be a refactor task. Feel free to set the tracker as such. Marking this as a bug because I am not entirely it's not a bug and I am hoping for some feedback.