Merge pull request #6708 from devtron-labs/api-token-hide-via-flag

chore: Api token hide via flag

Author: prakash100198

cmd/external-app/wire_gen.go

@@ -206,6 +206,7 @@
  | GRAFANA_PORT | string |8090 | Port for grafana micro-service |  | false |
  | GRAFANA_URL | string | | Host URL for the grafana dashboard |  | false |
  | GRAFANA_USERNAME | string |admin | Username for grafana  |  | false |
+ | HIDE_API_TOKENS | bool |false | Boolean flag for should the api tokens generated be hidden from the UI |  | false |
  | HIDE_IMAGE_TAGGING_HARD_DELETE | bool |false | Flag to hide the hard delete option in the image tagging service |  | false |
  | IGNORE_AUTOCOMPLETE_AUTH_CHECK | bool |false | flag for ignoring auth check in autocomplete apis. |  | false |
  | INSTALLED_MODULES |  | | List of installed modules given in helm values/yaml are written in cm and used by devtron to know which modules are given | security.trivy,security.clair | false |

env_gen.json

@@ -19,6 +19,7 @@ package apiToken
 import (
 	"errors"
 	"fmt"
+	"github.com/caarlos0/env"
 	userBean "github.com/devtron-labs/devtron/pkg/auth/user/bean"
 	"regexp"
 	"strconv"
@@ -48,17 +49,41 @@ type ApiTokenServiceImpl struct {
 	userService           user2.UserService
 	userAuditService      user2.UserAuditService
 	apiTokenRepository    ApiTokenRepository
+	TokenVariableConfig   *TokenVariableConfig
 }
 
-func NewApiTokenServiceImpl(logger *zap.SugaredLogger, apiTokenSecretService ApiTokenSecretService, userService user2.UserService, userAuditService user2.UserAuditService,
-	apiTokenRepository ApiTokenRepository) *ApiTokenServiceImpl {
-	return &ApiTokenServiceImpl{
+func NewApiTokenServiceImpl(logger *zap.SugaredLogger,
+	apiTokenSecretService ApiTokenSecretService,
+	userService user2.UserService,
+	userAuditService user2.UserAuditService,
+	apiTokenRepository ApiTokenRepository,
+) (*ApiTokenServiceImpl, error) {
+	apiTokenService := &ApiTokenServiceImpl{
 		logger:                logger,
 		apiTokenSecretService: apiTokenSecretService,
 		userService:           userService,
 		userAuditService:      userAuditService,
 		apiTokenRepository:    apiTokenRepository,
 	}
+
+	cfg, err := GetTokenConfig()
+	if err != nil {
+		apiTokenService.logger.Errorw("error while getting token config ", "error", err)
+		return nil, err
+	}
+	apiTokenService.TokenVariableConfig = cfg
+
+	return apiTokenService, nil
+}
+
+func GetTokenConfig() (*TokenVariableConfig, error) {
+	cfg := &TokenVariableConfig{}
+	err := env.Parse(cfg)
+	return cfg, err
+}
+
+type TokenVariableConfig struct {
+	HideApiTokens bool `env:"HIDE_API_TOKENS" envDefault:"false" description:"Boolean flag for should the api tokens generated be hidden from the UI"`
 }
 
 var invalidCharsInApiTokenName = regexp.MustCompile("[,\\s]")
@@ -104,9 +129,11 @@ func (impl ApiTokenServiceImpl) GetAllApiTokensForWebhook(projectName string, en
 				Name:           &apiTokenFromDb.Name,
 				Description:    &apiTokenFromDb.Description,
 				ExpireAtInMs:   &apiTokenFromDb.ExpireAtInMs,
-				Token:          &apiTokenFromDb.Token,
 				UpdatedAt:      &updatedAtStr,
 			}
+			if !impl.TokenVariableConfig.HideApiTokens {
+				apiToken.Token = &apiTokenFromDb.Token
+			}
 			apiTokens = append(apiTokens, apiToken)
 		}
 	}
@@ -140,9 +167,11 @@ func (impl ApiTokenServiceImpl) GetAllActiveApiTokens() ([]*openapi.ApiToken, er
 			Name:           &apiTokenFromDb.Name,
 			Description:    &apiTokenFromDb.Description,
 			ExpireAtInMs:   &apiTokenFromDb.ExpireAtInMs,
-			Token:          &apiTokenFromDb.Token,
 			UpdatedAt:      &updatedAtStr,
 		}
+		if !impl.TokenVariableConfig.HideApiTokens {
+			apiToken.Token = &apiTokenFromDb.Token
+		}
 		if latestAuditLog != nil {
 			lastUsedAtStr := latestAuditLog.CreatedOn.String()
 			apiToken.LastUsedAt = &lastUsedAtStr