Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet] Use UUID to Ensure Unique Service Token for Fleet Server #193596

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

[Fleet] Use UUID to Ensure Unique Service Token for Fleet Server #193596

wants to merge 4 commits into from

Conversation

swapanmandi
Copy link

fix #193537

Description:
This PR fixes the issue of potential conflicts when generating service tokens for the Fleet server by using the uuid library to ensure unique token names. Previously, there was a risk of token name collisions due to timestamp-based token names, which could cause conflicts during token creation.

Key changes:

Implemented uuidv4() to generate unique service token names.
Updated service token creation logic to use the unique identifier in the token path.uses a timestamp for the token name, which is not guaranteed to be unique.

@swapanmandi swapanmandi requested a review from a team as a code owner September 20, 2024 14:30
@botelastic botelastic bot added the Team:Fleet Team label for Observability Data Collection Fleet team label Sep 20, 2024
@cla-checker-service CLA Checker Service
Copy link

cla-checker-service bot commented Sep 20, 2024
edited
Loading

💚 CLA has been signed

@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

nchaulet
nchaulet reviewed Sep 20, 2024
View reviewed changes
x-pack/plugins/fleet/server/routes/app/index.ts
@@ -133,7 +134,7 @@ export const generateServiceTokenHandler: RequestHandler<
token?: GenerateServiceTokenResponse;
}>({
method: 'POST',
path: `_security/service/elastic/${serviceAccount}/credential/token/token-${Date.now()}`,
path: `_security/service/elastic/${serviceAccount}/credential/token/token-${uuidv4()}`,
Copy link
Member

@nchaulet nchaulet Sep 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for the contribution. @swapanmandi it seems elasticsearch is already generating a uuid if the name is not passed, so I think we can use that behaviour and directly call /credential/token without a name

nchaulet
nchaulet requested changes Sep 23, 2024
View reviewed changes
Copy link
Member

@nchaulet nchaulet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it seems elasticsearch is already generating a uuid if the name is not passed, so I think we can use that behaviour and directly call /credential/token without a name

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nchaulet nchaulet nchaulet requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
💝community Team:Fleet Team label for Observability Data Collection Fleet team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Fleet] Create unique service token for fleet server
4 participants
@swapanmandi @elasticmachine @nchaulet @kibanamachine