-
Notifications
You must be signed in to change notification settings - Fork 8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UI only allows creating Cross Cluster API keys with access.search.names #183682
Comments
Pinging @elastic/kibana-security (Team:Security) |
@jakelandis Does your example contain the full list of possible fields?
Should FYI I noticed that I was able to enter random string into the query field without any rejection, e.g. The query seems to always get captured as a string: |
yup.
only "names" are allowed for replication.
yeah, "query" is a weird one. we support either an object or a string as the value. Typically, I use cURL and define it like |
closes #183682 ## Summary The validation schema in Kibana's API key endpoints for cross cluster API keys was missing the optional query, field_security, and allow_restricted_indices fields. These have been added, and the schemas have been unified between the create and update endpoints. ### Testing Updated API integration tests to include checking create and update for cross cluster API keys that contain all search options. - x-pack/test/api_integration/apis/security/api_keys.ts ## Release note Fixes an issue in Kibana cross cluster API key endpoints which kept users from creating cross cluster API keys with all possible search options.
…ic#183704) closes elastic#183682 ## Summary The validation schema in Kibana's API key endpoints for cross cluster API keys was missing the optional query, field_security, and allow_restricted_indices fields. These have been added, and the schemas have been unified between the create and update endpoints. ### Testing Updated API integration tests to include checking create and update for cross cluster API keys that contain all search options. - x-pack/test/api_integration/apis/security/api_keys.ts ## Release note Fixes an issue in Kibana cross cluster API key endpoints which kept users from creating cross cluster API keys with all possible search options. (cherry picked from commit 685aadc)
…#183704) (#183998) # Backport This will backport the following commits from `main` to `8.14`: - [Amends the Kibana validation schema for cross cluster API keys (#183704)](#183704) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Jeramy Soucy","email":"jeramy.soucy@elastic.co"},"sourceCommit":{"committedDate":"2024-05-22T10:08:49Z","message":"Amends the Kibana validation schema for cross cluster API keys (#183704)\n\ncloses #183682\r\n\r\n## Summary\r\n\r\nThe validation schema in Kibana's API key endpoints for cross cluster\r\nAPI keys was missing the optional query, field_security, and\r\nallow_restricted_indices fields. These have been added, and the schemas\r\nhave been unified between the create and update endpoints.\r\n\r\n### Testing\r\nUpdated API integration tests to include checking create and update for\r\ncross cluster API keys that contain all search options.\r\n- x-pack/test/api_integration/apis/security/api_keys.ts\r\n\r\n## Release note\r\nFixes an issue in Kibana cross cluster API key endpoints which kept\r\nusers from creating cross cluster API keys with all possible search\r\noptions.","sha":"685aadcc5155fa33656fc1f1e0699399c78169e5","branchLabelMapping":{"^v8.15.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:Security","backport:prev-minor","v8.15.0"],"title":"Amends the Kibana validation schema for cross cluster API keys","number":183704,"url":"#183704 the Kibana validation schema for cross cluster API keys (#183704)\n\ncloses #183682\r\n\r\n## Summary\r\n\r\nThe validation schema in Kibana's API key endpoints for cross cluster\r\nAPI keys was missing the optional query, field_security, and\r\nallow_restricted_indices fields. These have been added, and the schemas\r\nhave been unified between the create and update endpoints.\r\n\r\n### Testing\r\nUpdated API integration tests to include checking create and update for\r\ncross cluster API keys that contain all search options.\r\n- x-pack/test/api_integration/apis/security/api_keys.ts\r\n\r\n## Release note\r\nFixes an issue in Kibana cross cluster API key endpoints which kept\r\nusers from creating cross cluster API keys with all possible search\r\noptions.","sha":"685aadcc5155fa33656fc1f1e0699399c78169e5"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.15.0","branchLabelMappingKey":"^v8.15.0$","isSourceBranch":true,"state":"MERGED","url":"#183704 the Kibana validation schema for cross cluster API keys (#183704)\n\ncloses #183682\r\n\r\n## Summary\r\n\r\nThe validation schema in Kibana's API key endpoints for cross cluster\r\nAPI keys was missing the optional query, field_security, and\r\nallow_restricted_indices fields. These have been added, and the schemas\r\nhave been unified between the create and update endpoints.\r\n\r\n### Testing\r\nUpdated API integration tests to include checking create and update for\r\ncross cluster API keys that contain all search options.\r\n- x-pack/test/api_integration/apis/security/api_keys.ts\r\n\r\n## Release note\r\nFixes an issue in Kibana cross cluster API key endpoints which kept\r\nusers from creating cross cluster API keys with all possible search\r\noptions.","sha":"685aadcc5155fa33656fc1f1e0699399c78169e5"}}]}] BACKPORT--> Co-authored-by: Jeramy Soucy <jeramy.soucy@elastic.co>
Cross Cluster API keys allow the following options for search :
Describe the bug:
The UI prevents creating the API when anything but "names" is present under search.
Steps to reproduce:
Navigate to Stack Management -> API keys -> Create API key -> choose Cross Cluster API key -> fill out a name -> add any one (or more) of the following : query, field_security, allow_restricted_indices -> Create API key
Screenshots (if relevant):
Any additional context:
8.14+ will prevent users from creating a single API key that has access.search.query AND a replication. See elastic/elasticsearch#108600. I don't think there are any changes needed from Kibana since ES will prevent that scenario, just FYI.
The text was updated successfully, but these errors were encountered: