Skip to content

BACKPORT 7x Fix auditing of API Key authn without the owner realm name (#59470) #59521

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 14, 2020
Merged

BACKPORT 7x Fix auditing of API Key authn without the owner realm name (#59470) #59521

merged 3 commits into from
Jul 14, 2020

Conversation

albertzaharovits
Copy link
Contributor

Backport of #59470

The Authentication object that gets built following an API Key authentication
contains the realm name of the owner user that created the key (which is audited),
but the specific field used for storing it changed in #51305 .

This PR makes it so that auditing tolerates an "unfound" realm name, so it doesn't
throw an NPE, because the owner realm name is not found in the expected field.

Closes #59425

@albertzaharovits
Fix auditing of API Key authn without the owner realm name (elastic#5…
bd7680c 
…9470)

The `Authentication` object that gets built following an API Key authentication
contains the realm name of the owner user that created the key (which is audited),
but the specific field used for storing it changed in elastic#51305 .

This PR makes it so that auditing tolerates an "unfound" realm name, so it doesn't
throw an NPE, because the owner realm name is not found in the expected field.

Closes elastic#59425
@albertzaharovits albertzaharovits self-assigned this Jul 14, 2020
@albertzaharovits
Copy link
Contributor Author

@elasticmachine run elasticsearch-ci/bwc

@albertzaharovits
Copy link
Contributor Author

Stalled by #59531 .
This PR also enables BWC tests that are now tripping on auditing of nameless API keys: https://gradle-enterprise.elastic.co/s/qsejyftepivog .

@ywangd
Copy link
Member

ywangd commented Jul 14, 2020

Stalled by #59531 .
This PR also enables BWC tests that are now tripping on auditing of nameless API keys: https://gradle-enterprise.elastic.co/s/qsejyftepivog .

Aha, the API key name was also added to authentication metadata with my PR #51305. It is not available for v6.8. Thanks for fixing it.

@albertzaharovits
Update 120_api_key_auth.yml
4405840 
remute test because bwc tests won't work
@albertzaharovits
Copy link
Contributor Author

@elasticmachine run elasticsearch-ci/packaging-sample-windows

@albertzaharovits albertzaharovits force-pushed the backport_7x_audit_log_null_realm_for_api_keys branch from f685999 to b158f7f Compare July 14, 2020 17:10
@albertzaharovits
Copy link
Contributor Author

@elasticmachine run elasticsearch-ci/packaging-sample-windows

1 similar comment
@albertzaharovits
Copy link
Contributor Author

@elasticmachine run elasticsearch-ci/packaging-sample-windows

@albertzaharovits albertzaharovits merged commit b1e4233 into elastic:7.x Jul 14, 2020
@albertzaharovits albertzaharovits deleted the backport_7x_audit_log_null_realm_for_api_keys branch July 14, 2020 18:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@albertzaharovits albertzaharovits

Labels
backport v7.9.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@albertzaharovits @ywangd