Allow non super users to create API keys #40029
Assignees
Labels
Comments
bizybot
added
>bug
:Security/Authentication
|
Pinging @elastic/es-security |
bizybot
added a commit
that referenced
this issue
Mar 21, 2019
When creating API keys we check for if API key with the same key name already exists and fail the request if it does. The check should have been performed with XPackSecurityUser instead of the authenticated user. This caused the request to fail in case of the non-super user trying to create an API key. This commit fixes by executing search action with SECURITY_ORIGIN so it can be executed with XPackSecurityUser. Also fixed the Rest test to avoid using a user with `super_user` role. Closes #40029
bizybot
added a commit
to bizybot/elasticsearch
that referenced
this issue
Mar 21, 2019
When creating API keys we check for if API key with the same key name already exists and fail the request if it does. The check should have been performed with XPackSecurityUser instead of the authenticated user. This caused the request to fail in case of the non-super user trying to create an API key. This commit fixes by executing search action with SECURITY_ORIGIN so it can be executed with XPackSecurityUser. Also fixed the Rest test to avoid using a user with `super_user` role. Closes elastic#40029
bizybot
added a commit
to bizybot/elasticsearch
that referenced
this issue
Mar 21, 2019
When creating API keys we check for if API key with the same key name already exists and fail the request if it does. The check should have been performed with XPackSecurityUser instead of the authenticated user. This caused the request to fail in case of the non-super user trying to create an API key. This commit fixes by executing search action with SECURITY_ORIGIN so it can be executed with XPackSecurityUser. Also fixed the Rest test to avoid using a user with `super_user` role. Closes elastic#40029
bizybot
added a commit
to bizybot/elasticsearch
that referenced
this issue
Mar 21, 2019
When creating API keys we check for if API key with the same key name already exists and fail the request if it does. The check should have been performed with XPackSecurityUser instead of the authenticated user. This caused the request to fail in case of the non-super user trying to create an API key. This commit fixes by executing search action with SECURITY_ORIGIN so it can be executed with XPackSecurityUser. Also fixed the Rest test to avoid using a user with `super_user` role. Closes elastic#40029
bizybot
added a commit
that referenced
this issue
Mar 21, 2019
When creating API keys we check for if API key with the same key name already exists and fail the request if it does. The check should have been performed with XPackSecurityUser instead of the authenticated user. This caused the request to fail in case of the non-super user trying to create an API key. This commit fixes by executing search action with SECURITY_ORIGIN so it can be executed with XPackSecurityUser. Also fixed the Rest test to avoid using a user with `super_user` role. Closes #40029
bizybot
added a commit
that referenced
this issue
Mar 21, 2019
When creating API keys we check for if API key with the same key name already exists and fail the request if it does. The check should have been performed with XPackSecurityUser instead of the authenticated user. This caused the request to fail in case of the non-super user trying to create an API key. This commit fixes by executing search action with SECURITY_ORIGIN so it can be executed with XPackSecurityUser. Also fixed the Rest test to avoid using a user with `super_user` role. Closes #40029
bizybot
added a commit
that referenced
this issue
Mar 21, 2019
When creating API keys we check for if API key with the same key name already exists and fail the request if it does. The check should have been performed with XPackSecurityUser instead of the authenticated user. This caused the request to fail in case of the non-super user trying to create an API key. This commit fixes by executing search action with SECURITY_ORIGIN so it can be executed with XPackSecurityUser. Also fixed the Rest test to avoid using a user with `super_user` role. Closes #40029
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A non-super user cannot create API keys and fails with the following exception:
action [indices:data/read/search] is unauthorized for user [non-super-user]Expected Behavior:
The non-super user should be able to create API keys.
The text was updated successfully, but these errors were encountered: