Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Query API key - Rest spec and yaml tests #76238

Merged
merged 2 commits into from
Aug 17, 2021
Merged

Query API key - Rest spec and yaml tests #76238

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
03d784d
API key query - rest spec and yaml tests
ywangd Aug 5, 2021
07f84ea
address feedback
ywangd Aug 14, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions rest-api-spec/src/main/resources/rest-api-spec/api/security.query_api_key.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"security.query_api_key":{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this API is very similar to search in that it has a top-level query object what are your thoughts on renaming to search_api_key[s]?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We discussed about the name previously and query was picked over search on purpose. This is because regular search does a lot more than just query, e.g. aggregation, highlighting etc. The name query is indicative that this API only supports the query field of the regular search API. The existing query watches API was also named "query" for the same reasons.

I am OK to use the plural form, i.e. query_api_keys, which is also more consistent with query_watches.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good to me! Thanks for making me aware of query_watches, hadn't used that API before. Will keep this prefix in mind for the future.

"documentation":{
"url":"https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-query-api-key.html",
"description":"Retrieves information for API keys using a subset of query DSL"
},
"stability":"stable",
"visibility":"public",
"headers":{
"accept": [ "application/json"],
"content_type": ["application/json"]
},
"url":{
"paths":[
{
"path":"/_security/_query/api_key",
"methods":[
"GET",
"POST"
]
}
]
},
"params":{},
"body":{
"description":"From, size, query, sort and search_after",
"required":false
}
}
}
228 changes: 228 additions & 0 deletions x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/api_key/20_query.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,228 @@
---
setup:
- skip:
features: headers

- do:
cluster.health:
wait_for_status: yellow

- do:
security.put_role:
name: "admin_role"
body: >
{
"cluster": ["manage_api_key"]
}

- do:
security.put_role:
name: "user_role"
body: >
{
"cluster": ["manage_own_api_key"]
}

- do:
security.put_user:
username: "api_key_manager"
body: >
{
"password" : "x-pack-test-password",
"roles" : [ "admin_role" ],
"full_name" : "API key manager"
}

- do:
security.put_user:
username: "api_key_user_1"
body: >
{
"password" : "x-pack-test-password",
"roles" : [ "user_role" ],
"full_name" : "API key user 1"
}

- do:
security.put_user:
username: "api_key_user_2"
body: >
{
"password" : "x-pack-test-password",
"roles" : [ "user_role" ],
"full_name" : "API key user 2"
}

---
teardown:
- do:
security.delete_role:
name: "admin_role"
ignore: 404

- do:
security.delete_role:
name: "use_role"
ignore: 404

- do:
security.delete_user:
username: "api_key_user_1"
ignore: 404

- do:
security.delete_user:
username: "api_key_user_2"
ignore: 404
- do:
security.delete_user:
username: "api_key_manager"
ignore: 404

---
"Test query api key":

- do:
headers:
Authorization: "Basic YXBpX2tleV9tYW5hZ2VyOngtcGFjay10ZXN0LXBhc3N3b3Jk" # api_key_manager
security.create_api_key:
body: >
{
"name": "manager-api-key",
"expiration": "10d",
"metadata": {
"letter": "a",
"number": 42
}
}
- match: { name: "manager-api-key" }
- set: { id: manager_key_id }

- do:
headers:
Authorization: "Basic YXBpX2tleV91c2VyXzE6eC1wYWNrLXRlc3QtcGFzc3dvcmQ=" # api_key_user_1
security.create_api_key:
body: >
{
"name": "user1-api-key",
"expiration": "1d",
"metadata": {
"letter": "a",
"number": 1
}
}
- match: { name: "user1-api-key" }
- set: { id: user1_key_id }

- do:
headers:
Authorization: "Basic YXBpX2tleV91c2VyXzI6eC1wYWNrLXRlc3QtcGFzc3dvcmQ=" # api_key_user_2
security.create_api_key:
body: >
{
"name": "user2-api-key",
"expiration": "1d",
"metadata": {
"letter": "b",
"number": 42
}
}
- match: { name: "user2-api-key" }
- set: { id: user2_key_id }

# empty body works just like match_all
- do:
headers:
Authorization: "Basic YXBpX2tleV9tYW5hZ2VyOngtcGFjay10ZXN0LXBhc3N3b3Jk" # api_key_manager
security.query_api_key:
body: {}
- match: { total: 3 }
- match: { count: 3 }

# match_all
- do:
headers:
Authorization: "Basic YXBpX2tleV91c2VyXzE6eC1wYWNrLXRlc3QtcGFzc3dvcmQ=" # api_key_user_1
security.query_api_key:
body: >
{
"query": { "match_all": {} }
}
- match: { total: 1 }
- match: { count: 1 }
- match: { api_keys.0.id: "${user1_key_id}" }

- do:
headers:
Authorization: "Basic YXBpX2tleV91c2VyXzI6eC1wYWNrLXRlc3QtcGFzc3dvcmQ=" # api_key_user_2
security.query_api_key:
body: >
{
"query": { "wildcard": {"name": "user*"} }
}
- match: { total: 1 }
- match: { count: 1 }
- match: { api_keys.0.id: "${user2_key_id}" }

- do:
headers:
Authorization: "Basic YXBpX2tleV9tYW5hZ2VyOngtcGFjay10ZXN0LXBhc3N3b3Jk" # api_key_manager
security.query_api_key:
body: >
{
"query": { "wildcard": {"name": "user*"} },
"sort": [ {"creation": {"order": "desc"}} ],
"from": 1,
"size": 1
}
- match: { total: 2 }
- match: { count: 1 }
- match: { api_keys.0.id: "${user1_key_id}" }

- do:
headers:
Authorization: "Basic YXBpX2tleV9tYW5hZ2VyOngtcGFjay10ZXN0LXBhc3N3b3Jk" # api_key_manager
security.query_api_key:
body: >
{
"query": { "wildcard": {"name": "*key"} },
"sort": [ "expiration", "username" ],
"size": 1
}
- match: { total: 3 }
- match: { count: 1 }
- match: { api_keys.0.id: "${user1_key_id}" }
- set: { api_keys.0.expiration: expiration0 }
- set: { api_keys.0.username: username0 }

- do:
headers:
Authorization: "Basic YXBpX2tleV9tYW5hZ2VyOngtcGFjay10ZXN0LXBhc3N3b3Jk" # api_key_manager
security.query_api_key:
body: >
{
"query": { "wildcard": {"name": "*key"} },
"sort": [ "expiration", "username" ],
"size": 1,
"search_after": [ "${expiration0}", "${username0}" ]
}
- match: { total: 3 }
- match: { count: 1 }
- match: { api_keys.0.id: "${user2_key_id}" }
- set: { api_keys.0.expiration: expiration1 }
- set: { api_keys.0.username: username1 }

- do:
headers:
Authorization: "Basic YXBpX2tleV9tYW5hZ2VyOngtcGFjay10ZXN0LXBhc3N3b3Jk" # api_key_manager
security.query_api_key:
body: >
{
"query": { "wildcard": {"name": "*key"} },
"sort": [ "expiration", "username" ],
"size": 1,
"search_after": [ "${expiration1}", "${username1}" ]
}
- match: { total: 3 }
- match: { count: 1 }
- match: { api_keys.0.id: "${manager_key_id}" }