Skip to content

Consider owner flag when retrieving/invalidating keys with API key service#45421

Merged
bizybot merged 4 commits intoelastic:manage-own-api-key-privilegefrom
bizybot:moap-make-owned-api-work
Aug 14, 2019
Merged

Consider owner flag when retrieving/invalidating keys with API key service#45421
bizybot merged 4 commits intoelastic:manage-own-api-key-privilegefrom
bizybot:moap-make-owned-api-work

Conversation

@bizybot
Copy link
Copy Markdown
Contributor

@bizybot bizybot commented Aug 10, 2019

Actual invocation of API key service now takes owner flag from the
request into consideration by setting the values for realm and
username as per the current authentication before invoking API key service.
This allows for retrieving or invalidating API keys owned by the current
authenticated user.

Relates: #40031

Consider owner flag when retrieving/invalidating keys with API key …
ca63f78 
…service

Actual invocation of API key service now takes `owner` flag from the
request into consideration by setting the values for `realm` and
`username` as per the current authentication. This allows for
retrieving or invalidating API keys owned by the current authenticated
user.

Relates: #
@bizybot bizybot added :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC v8.0.0 v7.4.0 labels Aug 10, 2019
@elasticmachine
Copy link
Copy Markdown
Collaborator

elasticmachine commented Aug 10, 2019

Pinging @elastic/es-security

@bizybot
Copy link
Copy Markdown
Contributor Author

bizybot commented Aug 10, 2019

Failed due to #43673
@elasticmachine run elasticsearch-ci/1

tvernum
tvernum reviewed Aug 12, 2019
View reviewed changes
tvernum
tvernum approved these changes Aug 12, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@tvernum tvernum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bizybot
Copy link
Copy Markdown
Contributor Author

bizybot commented Aug 12, 2019

existing grok test failure
@elasticmachine run elasticsearch-ci/2

@bizybot bizybot mentioned this pull request Aug 12, 2019
Merged
albertzaharovits
albertzaharovits approved these changes Aug 13, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@albertzaharovits albertzaharovits left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bizybot bizybot merged commit 1950e38 into elastic:manage-own-api-key-privilege Aug 14, 2019
@colings86 colings86 added >enhancement and removed :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) labels Aug 30, 2019
@codebrain codebrain mentioned this pull request Oct 14, 2019
Closed
56 tasks
@codebrain codebrain mentioned this pull request Oct 23, 2019
Closed
39 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tvernum tvernum tvernum approved these changes

@albertzaharovits albertzaharovits albertzaharovits approved these changes

Assignees

No one assigned

Labels

>enhancement :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC v7.4.0 v8.0.0-alpha1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@bizybot @elasticmachine @tvernum @albertzaharovits @colings86 @jakelandis