@postman-cse/onboarding-insights 2.1.1 → 2.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -5
- package/action.yml +11 -3
- package/dist/action.cjs +508 -170
- package/dist/cli.cjs +678 -346
- package/dist/index.cjs +512 -153
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -158,7 +158,7 @@ The Insights agent takes time to discover services after pods start. The action
|
|
|
158
158
|
|
|
159
159
|
### Credential preflight modes
|
|
160
160
|
|
|
161
|
-
Before any onboarding write, the action
|
|
161
|
+
Before any onboarding write, the action verifies that `postman-api-key` and `postman-access-token` resolve to the same parent organization. The default `enforce` mode fails the run fast on mismatched credentials; set `credential-preflight` to `warn` to log and continue as an explicit compatibility policy:
|
|
162
162
|
|
|
163
163
|
```yaml
|
|
164
164
|
- uses: postman-cs/postman-insights-onboarding-action@v2
|
|
@@ -171,7 +171,7 @@ Before any onboarding write, the action can verify that `postman-api-key` and `p
|
|
|
171
171
|
credential-preflight: enforce
|
|
172
172
|
```
|
|
173
173
|
|
|
174
|
-
See [Credentials and Identity](docs/credentials.md) for the full policy, API
|
|
174
|
+
See [Credentials and Identity](docs/credentials.md) for the full policy, API-key opt-in creation, and how to obtain the access token.
|
|
175
175
|
|
|
176
176
|
### Non-GitHub CI via the CLI
|
|
177
177
|
|
|
@@ -206,14 +206,16 @@ See [CLI Usage](docs/cli.md) for provider auto-detection, output formats, and Gi
|
|
|
206
206
|
| `postman-access-token` | Postman access token (x-access-token) for the Bifrost linking calls. When omitted, the action mints a service-account token from postman-api-key. The api-catalog discovery and git-link steps accept a service-account token (mint it with postman-resolve-service-token-action); the Insights (akita) acknowledgment and application-binding steps require a token carrying a Postman user identity — a service-account token answers 401 "Postman User not found" there. | No | |
|
|
207
207
|
| `postman-team-id` | Explicit Postman team ID for org-mode integration request headers. When omitted, x-entity-team-id is not sent. | No | |
|
|
208
208
|
| `github-token` | Optional GitHub token passed as git_api_key when repository auth is required by onboarding/git | No | |
|
|
209
|
-
| `postman-api-key` | Service-account Postman API key (PMAK-*) for the application binding call.
|
|
210
|
-
| `
|
|
209
|
+
| `postman-api-key` | Service-account Postman API key (PMAK-*) for the application binding call. Required unless create-api-key=true. Ordinary reruns never auto-create durable keys. | No | |
|
|
210
|
+
| `create-api-key` | Explicit opt-in to create a durable Bifrost API key when postman-api-key is omitted or invalid. Default false — never creates timestamp-named orphan keys on ordinary runs. Supported values: true, false. | No | `false` |
|
|
211
|
+
| `credential-preflight` | Credential identity preflight policy. enforce (default) fails before linking writes when postman-api-key and postman-access-token resolve to different parent orgs; warn is an explicit compatibility policy that logs and continues. Supported values are enforce and warn. | No | `enforce` |
|
|
212
|
+
| `service-not-found-policy` | Behavior when the discovered service is absent after polling. fail (default) aborts full linking; warn returns status=not-found without writes. Supported values: fail, warn. | No | `fail` |
|
|
211
213
|
| `poll-timeout-seconds` | Maximum seconds to wait for the service to appear in the discovered list | No | `120` |
|
|
212
214
|
| `poll-interval-seconds` | Seconds between discovery polling attempts | No | `10` |
|
|
213
215
|
| `postman-region` | Postman data residency region for public API calls. One of: us or eu. | No | `us` |
|
|
214
216
|
<!-- inputs-table:end -->
|
|
215
217
|
|
|
216
|
-
Supply `postman-team-id` only for org-mode tokens that require an explicit team header. For non-org tokens, leave it unset so Postman can infer team context from the access token. Credential details, the preflight policy, and API
|
|
218
|
+
Supply `postman-team-id` only for org-mode tokens that require an explicit team header. For non-org tokens, leave it unset so Postman can infer team context from the access token. Team id is never inferred from PMAK. Credential details, the preflight policy, and API-key opt-in creation are documented in [Credentials and Identity](docs/credentials.md).
|
|
217
219
|
|
|
218
220
|
## Outputs
|
|
219
221
|
|
package/action.yml
CHANGED
|
@@ -33,12 +33,20 @@ inputs:
|
|
|
33
33
|
description: 'Optional GitHub token passed as git_api_key when repository auth is required by onboarding/git'
|
|
34
34
|
required: false
|
|
35
35
|
postman-api-key:
|
|
36
|
-
description: 'Service-account Postman API key (PMAK-*) for the application binding call.
|
|
36
|
+
description: 'Service-account Postman API key (PMAK-*) for the application binding call. Required unless create-api-key=true. Ordinary reruns never auto-create durable keys.'
|
|
37
37
|
required: false
|
|
38
|
+
create-api-key:
|
|
39
|
+
description: 'Explicit opt-in to create a durable Bifrost API key when postman-api-key is omitted or invalid. Default false — never creates timestamp-named orphan keys on ordinary runs. Supported values: true, false.'
|
|
40
|
+
required: false
|
|
41
|
+
default: 'false'
|
|
38
42
|
credential-preflight:
|
|
39
|
-
description: 'Credential identity preflight policy.
|
|
43
|
+
description: 'Credential identity preflight policy. enforce (default) fails before linking writes when postman-api-key and postman-access-token resolve to different parent orgs; warn is an explicit compatibility policy that logs and continues. Supported values are enforce and warn.'
|
|
44
|
+
required: false
|
|
45
|
+
default: 'enforce'
|
|
46
|
+
service-not-found-policy:
|
|
47
|
+
description: 'Behavior when the discovered service is absent after polling. fail (default) aborts full linking; warn returns status=not-found without writes. Supported values: fail, warn.'
|
|
40
48
|
required: false
|
|
41
|
-
default: '
|
|
49
|
+
default: 'fail'
|
|
42
50
|
poll-timeout-seconds:
|
|
43
51
|
description: 'Maximum seconds to wait for the service to appear in the discovered list'
|
|
44
52
|
required: false
|