Skip to content

Require granted API Keys to have a name #71623

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 14, 2020
Merged

Require granted API Keys to have a name #71623

merged 2 commits into from
Jul 14, 2020

Conversation

@legrego
Copy link
Member

@legrego legrego commented Jul 14, 2020

Summary

Resolves #71620

@legrego legrego added release_note:skip Skip the PR/issue when compiling release notes Team:Security Platform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t// v7.9.0 v8.0.0 labels Jul 14, 2020
@legrego legrego marked this pull request as ready for review July 14, 2020 12:10
@legrego legrego requested review from a team as code owners July 14, 2020 12:10
@elasticmachine
Copy link
Contributor

elasticmachine commented Jul 14, 2020

Pinging @elastic/kibana-security (Team:Security)

@legrego legrego requested a review from azasypkin July 14, 2020 12:11
mikecote
mikecote approved these changes Jul 14, 2020
View reviewed changes
Copy link
Contributor

@mikecote mikecote left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alerting code LGTM

@azasypkin
Copy link
Member

azasypkin commented Jul 14, 2020

ACK: reviewing...

@tylersmalley tylersmalley mentioned this pull request Jul 14, 2020
Merged
azasypkin
azasypkin approved these changes Jul 14, 2020
View reviewed changes
Copy link
Member

@azasypkin azasypkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

x-pack/plugins/alerts/server/alerts_client.ts
}

private generateAPIKeyName(alertTypeId: string, alertName: string) {
return _.truncate(`Alerting: ${alertTypeId}/${alertName}`, { length: 256 });
Copy link
Member

@azasypkin azasypkin Jul 14, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: is this 256 limit documented anywhere? Just curious.

Copy link
Member Author

@legrego legrego Jul 14, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope, I found this by testing API keys with very long names. Also tested a bunch of "special" characters, and there doesn't seem to be a restriction on what you're allowed to put here

x-pack/plugins/security/server/authentication/api_keys.ts
* @param request Request instance.
*/
async grantAsInternalUser(request: KibanaRequest) {
async grantAsInternalUser(request: KibanaRequest, createParams: CreateAPIKeyParams) {
Copy link
Member

@azasypkin azasypkin Jul 14, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

optional nit: missing JSDoc for createParams (I admit these JSDocs are useless most of the time, so feel free to ignore to not wait for CI run once again).

Copy link
Member Author

@legrego legrego Jul 14, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am going to merge w/o the JSDoc comment, just in the interest of time given our tight schedule today. I'll try to be more diligent about this going forward though!

@kibanamachine
Copy link
Contributor

kibanamachine commented Jul 14, 2020

💚 Build Succeeded

Build metrics

✅ unchanged

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@legrego legrego merged commit 9356966 into elastic:master Jul 14, 2020
@legrego legrego deleted the security/api-key-name-reqd branch July 14, 2020 13:58
@legrego legrego mentioned this pull request Jul 14, 2020
Merged
legrego added a commit to legrego/kibana that referenced this pull request Jul 14, 2020
@legrego
Require granted API Keys to have a name (elastic#71623)
4c440d6
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jul 14, 2020
@gmmorris
Merge branch 'master' into alerting/consumer-based-rbac
97b4262 
* master: (21 commits)
  [Maps] 7.9 design improvements (elastic#71563)
  [ML] Changing all calls to ML endpoints to use internal user (elastic#70487)
  [eventLog] prevent log writing when initialization fails (elastic#71339)
  [Observability] landing page always being displayed (elastic#71494)
  [IM] Address data stream copy feedback (elastic#71615)
  [Logs UI] Anomalies page dataset filtering (elastic#71110)
  [data.search.aggs] Remove `use_field_mapping` from top hits agg (elastic#71168)
  [ML] Anomaly swim lane embeddable navigation and filter actions (elastic#71082)
  Fixes typo in siem_cloudtrail job description (elastic#71569)
  Require granted API Keys to have a name (elastic#71623)
  Update  getUsageForCollection (elastic#71609)
  Only fetch saved elements once (elastic#71310)
  [SecuritySolution][Resolver] Adding siem index and guarding process ancestry (elastic#71570)
  [APM] Additional data telemetry changes (elastic#71112)
  [Visualize] Fix export table for table export links (elastic#71249)
  [Search] Server side search API (elastic#70446)
  use inclusive language (elastic#71607)
  [Security Solution] Hide timeline footer when Resolver is open (elastic#71516)
  [Index template wizard] Remove shadow and use border for components panels (elastic#71606)
  [ML] Kibana API endpoint for histogram chart data (elastic#70976)
  ...
legrego added a commit that referenced this pull request Jul 14, 2020
@legrego @elasticmachine
[7.x] Require granted API Keys to have a name (#71623) (#71646)
3f06562 
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
@FrankHassanabad FrankHassanabad mentioned this pull request Aug 26, 2020
Closed
@mikecote mikecote mentioned this pull request Aug 27, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@azasypkin azasypkin azasypkin approved these changes

@mikecote mikecote mikecote approved these changes

Assignees

No one assigned

Labels

release_note:skip Skip the PR/issue when compiling release notes Team:Security Platform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t// v7.9.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Kibana should not grant API Keys without a name

5 participants

@legrego @elasticmachine @azasypkin @kibanamachine @mikecote