/me/tokens -> /me/device-tokens

david-crespo · david-crespo · commit 263ecb0a5377 · 2025-06-02T16:25:14.000-05:00
diff --git a/nexus/external-api/output/nexus_tags.txt b/nexus/external-api/output/nexus_tags.txt
@@ -289,8 +289,8 @@ ping                                     GET      /v1/ping
 
 API operations found with tag "tokens"
 OPERATION ID                             METHOD   URL PATH
-current_user_token_delete                DELETE   /v1/me/tokens/{token_id}
-current_user_token_list                  GET      /v1/me/tokens
+current_user_device_token_delete         DELETE   /v1/me/device-tokens/{token_id}
+current_user_device_token_list           GET      /v1/me/device-tokens
 
 API operations found with tag "vpcs"
 OPERATION ID                             METHOD   URL PATH
diff --git a/nexus/external-api/src/lib.rs b/nexus/external-api/src/lib.rs
@@ -3152,28 +3152,28 @@ pub trait NexusExternalApi {
         path_params: Path<params::SshKeyPath>,
     ) -> Result<HttpResponseDeleted, HttpError>;
 
-    /// List device access tokens
+    /// List device tokens
     ///
     /// List device access tokens for the currently authenticated user.
     #[endpoint {
         method = GET,
-        path = "/v1/me/tokens",
+        path = "/v1/me/device-tokens",
         tags = ["tokens"],
     }]
-    async fn current_user_token_list(
+    async fn current_user_device_token_list(
         rqctx: RequestContext<Self::Context>,
         query_params: Query<PaginatedById>,
     ) -> Result<HttpResponseOk<ResultsPage<views::DeviceAccessToken>>, HttpError>;
 
-    /// Delete device access token
+    /// Delete device token
     ///
     /// Delete a device access token for the currently authenticated user.
     #[endpoint {
         method = DELETE,
-        path = "/v1/me/tokens/{token_id}",
+        path = "/v1/me/device-tokens/{token_id}",
         tags = ["tokens"],
     }]
-    async fn current_user_token_delete(
+    async fn current_user_device_token_delete(
         rqctx: RequestContext<Self::Context>,
         path_params: Path<params::TokenPath>,
     ) -> Result<HttpResponseDeleted, HttpError>;
diff --git a/nexus/src/external_api/http_entrypoints.rs b/nexus/src/external_api/http_entrypoints.rs
@@ -7066,7 +7066,7 @@ impl NexusExternalApi for NexusExternalApiImpl {
             .await
     }
 
-    async fn current_user_token_list(
+    async fn current_user_device_token_list(
         rqctx: RequestContext<Self::Context>,
         query_params: Query<PaginatedById>,
     ) -> Result<HttpResponseOk<ResultsPage<views::DeviceAccessToken>>, HttpError>
@@ -7097,7 +7097,7 @@ impl NexusExternalApi for NexusExternalApiImpl {
             .await
     }
 
-    async fn current_user_token_delete(
+    async fn current_user_device_token_delete(
         rqctx: RequestContext<Self::Context>,
         path_params: Path<params::TokenPath>,
     ) -> Result<HttpResponseDeleted, HttpError> {
diff --git a/nexus/tests/integration_tests/device_auth.rs b/nexus/tests/integration_tests/device_auth.rs
@@ -203,7 +203,7 @@ async fn test_device_auth_flow(cptestctx: &ControlPlaneTestContext) {
 
     // Test that privileged user cannot delete unpriv's token through this
     // endpoint, though it will probably be able to do it via a different one
-    let token_url = format!("/v1/me/tokens/{}", token_id);
+    let token_url = format!("/v1/me/device-tokens/{}", token_id);
     NexusRequest::new(
         RequestBuilder::new(testctx, Method::DELETE, &token_url)
             .expect_status(Some(StatusCode::NOT_FOUND)),
@@ -432,7 +432,7 @@ async fn test_device_token_expiration(cptestctx: &ControlPlaneTestContext) {
 async fn get_tokens_priv(
     testctx: &ClientTestContext,
 ) -> Vec<views::DeviceAccessToken> {
-    NexusRequest::object_get(testctx, "/v1/me/tokens")
+    NexusRequest::object_get(testctx, "/v1/me/device-tokens")
         .authn_as(AuthnMode::PrivilegedUser)
         .execute_and_parse_unwrap::<ResultsPage<views::DeviceAccessToken>>()
         .await
@@ -442,7 +442,7 @@ async fn get_tokens_priv(
 async fn get_tokens_unpriv(
     testctx: &ClientTestContext,
 ) -> Vec<views::DeviceAccessToken> {
-    NexusRequest::object_get(testctx, "/v1/me/tokens")
+    NexusRequest::object_get(testctx, "/v1/me/device-tokens")
         .authn_as(AuthnMode::UnprivilegedUser)
         .execute_and_parse_unwrap::<ResultsPage<views::DeviceAccessToken>>()
         .await
diff --git a/nexus/tests/integration_tests/endpoints.rs b/nexus/tests/integration_tests/endpoints.rs
@@ -2599,7 +2599,7 @@ pub static VERIFY_ENDPOINTS: LazyLock<Vec<VerifyEndpoint>> =
             },
             /* Tokens */
             VerifyEndpoint {
-                url: "/v1/me/tokens",
+                url: "/v1/me/device-tokens",
                 visibility: Visibility::Public,
                 unprivileged_access: UnprivilegedAccess::ReadOnly,
                 allowed_methods: vec![AllowedMethod::Get],
@@ -2610,7 +2610,7 @@ pub static VERIFY_ENDPOINTS: LazyLock<Vec<VerifyEndpoint>> =
             // and opt out.
 
             // VerifyEndpoint {
-            //     url: "/v1/me/tokens/token-id",
+            //     url: "/v1/me/device-tokens/token-id",
             //     visibility: Visibility::Public,
             //     unprivileged_access: UnprivilegedAccess::None,
             //     allowed_methods: vec![AllowedMethod::Delete],
diff --git a/nexus/tests/output/uncovered-authz-endpoints.txt b/nexus/tests/output/uncovered-authz-endpoints.txt
@@ -1,6 +1,6 @@
 API endpoints with no coverage in authz tests:
 probe_delete                             (delete "/experimental/v1/probes/{probe}")
-current_user_token_delete                (delete "/v1/me/tokens/{token_id}")
+current_user_token_delete                (delete "/v1/me/device-tokens/{token_id}")
 probe_list                               (get    "/experimental/v1/probes")
 probe_view                               (get    "/experimental/v1/probes/{probe}")
 support_bundle_download                  (get    "/experimental/v1/system/support-bundles/{bundle_id}/download")
diff --git a/openapi/nexus.json b/openapi/nexus.json
@@ -5512,6 +5512,99 @@
         }
       }
     },
+    "/v1/me/device-tokens": {
+      "get": {
+        "tags": [
+          "tokens"
+        ],
+        "summary": "List device tokens",
+        "description": "List device access tokens for the currently authenticated user.",
+        "operationId": "current_user_device_token_list",
+        "parameters": [
+          {
+            "in": "query",
+            "name": "limit",
+            "description": "Maximum number of items returned by a single call",
+            "schema": {
+              "nullable": true,
+              "type": "integer",
+              "format": "uint32",
+              "minimum": 1
+            }
+          },
+          {
+            "in": "query",
+            "name": "page_token",
+            "description": "Token returned by previous call to retrieve the subsequent page",
+            "schema": {
+              "nullable": true,
+              "type": "string"
+            }
+          },
+          {
+            "in": "query",
+            "name": "sort_by",
+            "schema": {
+              "$ref": "#/components/schemas/IdSortMode"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "successful operation",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/DeviceAccessTokenResultsPage"
+                }
+              }
+            }
+          },
+          "4XX": {
+            "$ref": "#/components/responses/Error"
+          },
+          "5XX": {
+            "$ref": "#/components/responses/Error"
+          }
+        },
+        "x-dropshot-pagination": {
+          "required": []
+        }
+      }
+    },
+    "/v1/me/device-tokens/{token_id}": {
+      "delete": {
+        "tags": [
+          "tokens"
+        ],
+        "summary": "Delete device token",
+        "description": "Delete a device access token for the currently authenticated user.",
+        "operationId": "current_user_device_token_delete",
+        "parameters": [
+          {
+            "in": "path",
+            "name": "token_id",
+            "description": "ID of the token",
+            "required": true,
+            "schema": {
+              "type": "string",
+              "format": "uuid"
+            }
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "successful deletion"
+          },
+          "4XX": {
+            "$ref": "#/components/responses/Error"
+          },
+          "5XX": {
+            "$ref": "#/components/responses/Error"
+          }
+        }
+      }
+    },
     "/v1/me/groups": {
       "get": {
         "tags": [
@@ -5736,99 +5829,6 @@
         }
       }
     },
-    "/v1/me/tokens": {
-      "get": {
-        "tags": [
-          "tokens"
-        ],
-        "summary": "List device access tokens",
-        "description": "List device access tokens for the currently authenticated user.",
-        "operationId": "current_user_token_list",
-        "parameters": [
-          {
-            "in": "query",
-            "name": "limit",
-            "description": "Maximum number of items returned by a single call",
-            "schema": {
-              "nullable": true,
-              "type": "integer",
-              "format": "uint32",
-              "minimum": 1
-            }
-          },
-          {
-            "in": "query",
-            "name": "page_token",
-            "description": "Token returned by previous call to retrieve the subsequent page",
-            "schema": {
-              "nullable": true,
-              "type": "string"
-            }
-          },
-          {
-            "in": "query",
-            "name": "sort_by",
-            "schema": {
-              "$ref": "#/components/schemas/IdSortMode"
-            }
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "successful operation",
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/DeviceAccessTokenResultsPage"
-                }
-              }
-            }
-          },
-          "4XX": {
-            "$ref": "#/components/responses/Error"
-          },
-          "5XX": {
-            "$ref": "#/components/responses/Error"
-          }
-        },
-        "x-dropshot-pagination": {
-          "required": []
-        }
-      }
-    },
-    "/v1/me/tokens/{token_id}": {
-      "delete": {
-        "tags": [
-          "tokens"
-        ],
-        "summary": "Delete device access token",
-        "description": "Delete a device access token for the currently authenticated user.",
-        "operationId": "current_user_token_delete",
-        "parameters": [
-          {
-            "in": "path",
-            "name": "token_id",
-            "description": "ID of the token",
-            "required": true,
-            "schema": {
-              "type": "string",
-              "format": "uuid"
-            }
-          }
-        ],
-        "responses": {
-          "204": {
-            "description": "successful deletion"
-          },
-          "4XX": {
-            "$ref": "#/components/responses/Error"
-          },
-          "5XX": {
-            "$ref": "#/components/responses/Error"
-          }
-        }
-      }
-    },
     "/v1/metrics/{metric_name}": {
       "get": {
         "tags": [
