Skip to content

Consider owner flag when retrieving/invalidating keys with API key service #45421

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 14, 2019
Merged

Consider owner flag when retrieving/invalidating keys with API key service #45421

merged 4 commits into from
Aug 14, 2019

Conversation

@bizybot
Copy link
Contributor

@bizybot bizybot commented Aug 10, 2019

Actual invocation of API key service now takes owner flag from the
request into consideration by setting the values for realm and
username as per the current authentication before invoking API key service.
This allows for retrieving or invalidating API keys owned by the current
authenticated user.

Relates: #40031

Consider owner flag when retrieving/invalidating keys with API key …
ca63f78 
…service

Actual invocation of API key service now takes `owner` flag from the
request into consideration by setting the values for `realm` and
`username` as per the current authentication. This allows for
retrieving or invalidating API keys owned by the current authenticated
user.

Relates: #
@bizybot bizybot added :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC v8.0.0 v7.4.0 labels Aug 10, 2019
@elasticmachine
Copy link
Collaborator

elasticmachine commented Aug 10, 2019

Pinging @elastic/es-security

@bizybot
Copy link
Contributor Author

bizybot commented Aug 10, 2019

Failed due to #43673
@elasticmachine run elasticsearch-ci/1

tvernum
tvernum reviewed Aug 12, 2019
View reviewed changes
tvernum
tvernum approved these changes Aug 12, 2019
View reviewed changes
Copy link
Contributor

@tvernum tvernum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bizybot
Copy link
Contributor Author

bizybot commented Aug 12, 2019

existing grok test failure
@elasticmachine run elasticsearch-ci/2

@bizybot bizybot mentioned this pull request Aug 12, 2019
Merged
albertzaharovits
albertzaharovits approved these changes Aug 13, 2019
View reviewed changes
Copy link
Contributor

@albertzaharovits albertzaharovits left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bizybot bizybot merged commit 1950e38 into elastic:manage-own-api-key-privilege Aug 14, 2019
@colings86 colings86 added >enhancement and removed :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) labels Aug 30, 2019
@codebrain codebrain mentioned this pull request Oct 14, 2019
Closed
56 tasks
@codebrain codebrain mentioned this pull request Oct 23, 2019
Closed
39 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tvernum tvernum tvernum approved these changes

@albertzaharovits albertzaharovits albertzaharovits approved these changes

Assignees

No one assigned

Labels

>enhancement :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC v7.4.0 v8.0.0-alpha1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@bizybot @elasticmachine @tvernum @albertzaharovits @colings86 @jakelandis