API Keys: update JDBC API Key Store tutorial for cons…

[predic8]

…istency and clarity

• Improved Docker and PostgreSQL setup steps.
• Simplified JDBC configuration properties and corrected password values.
• Enhanced API key usage demonstration with updated testing instructions.
• Made YAML configurations more concise and aligned with global standards.
• Refined scope logic and logging messages for better readability.

Summary by CodeRabbit

• Documentation

  • Clarified JDBC API key setup steps, streamlined database startup instructions, and updated examples and wording for testing.

• Updates

  • Moved API key settings to global configuration blocks and simplified data source credentials and formatting.
  • Enhanced RBAC example with clearer scope checks and revised access-control messages.

• Tests

  • Updated example tests to match revised RBAC messages and expectations.

[coderabbitai]

📝 Walkthrough

Walkthrough

Documentation and YAML configuration updates for API-key examples: README instructions rewritten; JDBC example credentials and Docker commands simplified; API key configs moved from per-flow api.flow to a new global.apiKey block; RBAC example logging and scope checks adjusted; test assertions updated.

Changes

Cohort / File(s)	Summary
Documentation distribution/examples/security/api-key/jdbc-api-key-store/README.md	Reworded and reorganized setup steps. Docker run command simplified (POSTGRES_PASSWORD=secret, removed explicit user). PostgreSQL JDBC driver formatting updated. Test curl example and final wording adjusted.
JDBC API config distribution/examples/security/api-key/jdbc-api-key-store/apis.yaml	Replaced bean-style datasource props with key-value entries (driverClassName, url, username=postgres, password=secret). Introduced global.apiKey block and removed per-flow api.flow apiKey config.
RBAC API config & templates distribution/examples/security/api-key/rbac/apis.yaml	Moved apiKey config to global.apiKey. Added a log step to output scopes. Updated scope checks to use hasScope('finance') or hasScope('accounting'). Removed inline headerExtractor and adjusted template wording.
Tests distribution/src/test/java/com/predic8/membrane/examples/withoutinternet/test/APIKeyRBACExampleTest.java	Updated assertions to match changed RBAC responses: expectations modified to "Only finance or accounting!" and "Only admins!" with corresponding scope checks.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Migrate examples to yaml #2539 — Modifies same example files and tests; related migration/updates for API-key/RBAC examples.
• API Key YAML Example #2535 — Adds global YAML apiKey support and moves per-flow settings to registry/global blocks; directly related.
• Yaml oauth2 example readme #2561 — Updates example configurations to introduce global API key definitions; overlaps with these changes.

Suggested reviewers

• christiangoerdes
• rrayst

Poem

🐰 Keys hop into a global lair,
Nested clutter cleared with care,
Docker warms the secret chest,
Scopes now logged and put to test,
Hooray — configs tidy, snug, and fair! 🥕🔐

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title is truncated (54 characters with ellipsis) but references updating the JDBC API Key Store tutorial for consistency, which directly aligns with the main objectives and changes documented.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch api-keys-examples

---

No actionable comments were generated in the recent review. 🎉

🧹 Recent nitpick comments

distribution/src/test/java/com/predic8/membrane/examples/withoutinternet/test/APIKeyRBACExampleTest.java (1)

42-52: Consider retaining a negative assertion for the admin-only scope.

The previous version included a check that "accounting" was not present in the admin-scoped response, which provided a stronger contract guarantee. You may want to add back a negative assertion (e.g., not(containsString("accounting"))) to ensure scope isolation is still verified.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@distribution/examples/security/api-key/jdbc-api-key-store/README.md`:
- Around line 41-45: Replace the placeholder line "- test" in the README example
verification section with a descriptive label such as "Verify the inserted API
keys:" so the step clearly explains that the following psql command checks the
inserted API keys; ensure the label immediately precedes the existing code block
and matches the documentation tone used elsewhere in the file.
- Line 53: Change the sentence starting with "if the API key is valid, you will
be forwarded to ```https://api.predic8.de```." to capitalize the first word to
"If" so it reads "If the API key is valid, you will be forwarded to
```https://api.predic8.de```." Locate this sentence in README.md (the line
containing the URL ```https://api.predic8.de```) and replace the lowercase "if"
with "If".