Document the dashboard API Keys management page
The dashboard's API Keys page (list plus Create/Rotate/Revoke and the create dialog) had no design-doc coverage even though Authorization.md already documents the constraint model it exposes. Add an "API keys page" section to GatewayDashboardDesign.md describing the table columns, the LDAP-group-gated management actions, the one-time secret reveal, and audit logging. Cross-link it from the constraint-enforcement section of Authorization.md and the CLI section of Authentication.md so the two key-management surfaces reference each other. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Joseph Doherty
@@ -161,6 +161,12 @@ Glob matching is anchored, case-insensitive, and supports `*` and `?`.
|
||||
Subtree and tag glob lists are alternatives: matching either list allows that
|
||||
scope dimension. Empty lists mean unconstrained for that dimension.
|
||||
|
||||
Constraints are set when a key is created — through the `apikey create-key`
|
||||
flags (see [Authentication](./Authentication.md)) or the dashboard API Keys
|
||||
page create dialog (see
|
||||
[Gateway Dashboard Design](./GatewayDashboardDesign.md#api-keys-page)). The
|
||||
dashboard API Keys page also renders each key's effective constraints.
|
||||
|
||||
The service checks read constraints for `AddItem`, `AddItem2`, `AddItemBulk`,
|
||||
`SubscribeBulk`, and `AdviseItemBulk`. It checks write constraints for
|
||||
`Write`, `Write2`, `WriteSecured`, and `WriteSecured2`. Successful item
|
||||
@@ -252,6 +258,7 @@ Singleton lifetimes are appropriate because none of the three classes hold per-r
|
||||
## Related Documentation
|
||||
|
||||
- [Authentication](./Authentication.md)
|
||||
- [Gateway Dashboard Design](./GatewayDashboardDesign.md)
|
||||
- [Grpc](./Grpc.md)
|
||||
- [GatewayConfiguration](./GatewayConfiguration.md)
|
||||
- [Galaxy Repository Browse](./GalaxyRepository.md)
|
||||
|
||||
Reference in New Issue
Block a user