Skip to content

Update Readme for HMAC #192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 16, 2025
Merged

Update Readme for HMAC #192

merged 2 commits into from
Jun 16, 2025

Conversation

@florian-wagner-frequenz
Copy link
Contributor

No description provided.

@github-actions github-actions bot added the part:docs Affects the documentation label Jun 16, 2025
Copilot AI reviewed Jun 16, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the README and release notes to introduce HMAC signing support, rename the key parameter to auth_key, and update documentation examples accordingly.

  • Rename client parameter key to auth_key and add a new sign_secret option for HMAC.
  • Update release notes with upgrade instructions and new feature descriptions.
  • Refresh README examples to show environment-based secret retrieval and CLI usage.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
RELEASE_NOTES.md Added upgrade note for auth_key rename and detailed the new sign_secret CLI/client flags.
README.md Imported os, updated the Python example to load sign_secret from env, and extended CLI usage.
Comments suppressed due to low confidence (3)

README.md:164

  • The CLI flag --key remains even though the client constructor parameter was renamed to auth_key. Consider renaming this flag to --auth_key (or documenting that --key maps to auth_key) for consistency.
--key=$(<api_key.txt)

README.md:164

  • The example is missing a trailing backslash (\) after this line, so the subsequent --sign_secret line won't be interpreted as part of the same command.
--key=$(<api_key.txt)

README.md:52

  • The environment variable name REPORTING_API_SIGN_SECRET differs from the shell variable SIGN_SECRET used in the CLI example; consider using the same name in both contexts or adding a note to clarify the mapping.
SIGN_SECRET= os.environ['REPORTING_API_SIGN_SECRET']

cwasicki
cwasicki reviewed Jun 16, 2025
View reviewed changes
README.md Outdated
```bash
reporting-cli \
--url localhost:4711 \
--key=$(<api_key.txt)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This has also changed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, right. I checked at the wrong place and there is actually a bug here I need to fix :)

README.md Outdated

# Change server address
SERVER_URL = "grpc://replace-this-with-your-server-url:port"
API_KEY = open('api_key.txt').read().strip()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest we also get this from the env to make it consistent with the way we pass in the the secret.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gladly

Marenz
Marenz reviewed Jun 16, 2025
View reviewed changes
RELEASE_NOTES.md Outdated
* Add HMAC generation capabilities.
* The new CLI option "key" can be used to provide the server's key.
* The client itself now has a "key" argument in the constructor.
* The new CLI option "sign_secret" can be used to provide the server's key.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's confusing to read that the key should go into "sign_secret" when there is also "auth_key" formerly key 😅

Copy link
Contributor Author

@florian-wagner-frequenz florian-wagner-frequenz Jun 16, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay, that one is definitely confusing and should be fixed in the changelog

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed it to be clear that it's the server's secret (aka API secret)

cwasicki
cwasicki previously approved these changes Jun 16, 2025
View reviewed changes
@florian-wagner-frequenz florian-wagner-frequenz added this pull request to the merge queue Jun 16, 2025
Merged via the queue into frequenz-floss:v0.x.x with commit 33e2353 Jun 16, 2025
5 checks passed
@florian-wagner-frequenz florian-wagner-frequenz deleted the hmac_signing branch June 16, 2025 16:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Marenz Marenz Marenz approved these changes

@cwasicki cwasicki cwasicki left review comments

Assignees

No one assigned

Labels

part:docs Affects the documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@florian-wagner-frequenz @Marenz @cwasicki