Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BACKPORT] Fix so non super users can also create API keys (#40028) #40287

Merged
merged 1 commit into from
Mar 21, 2019
Merged

[BACKPORT] Fix so non super users can also create API keys (#40028) #40287

merged 1 commit into from
Mar 21, 2019

Conversation

bizybot
Copy link
Contributor

@bizybot bizybot commented Mar 21, 2019

When creating API keys we check for if API key with
the same key name already exists and fail the request if it does.
The check should have been performed with XPackSecurityUser
instead of the authenticated user. This caused the request to fail
in case of the non-super user trying to create an API key.
This commit fixes by executing search action with SECURITY_ORIGIN
so it can be executed with XPackSecurityUser.
Also fixed the Rest test to avoid using a user with super_user role.

Closes #40029

@bizybot
Fix so non super users can also create API keys (elastic#40028)
81165a9 
When creating API keys we check for if API key with
the same key name already exists and fail the request if it does.
The check should have been performed with XPackSecurityUser
instead of the authenticated user. This caused the request to fail
in case of the non-super user trying to create an API key.
This commit fixes by executing search action with SECURITY_ORIGIN
so it can be executed with XPackSecurityUser.
Also fixed the Rest test to avoid using a user with `super_user` role.

Closes elastic#40029
@bizybot bizybot added >bug v7.0.0 :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) backport labels Mar 21, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security

@bizybot bizybot merged commit 34c939e into elastic:7.0 Mar 21, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
backport >bug :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) v7.0.0-rc1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bizybot @elasticmachine @michaelbaamonde