Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support updates of API key attributes [REST and transport layer] #88186

Merged
merged 192 commits into from
Jul 7, 2022
Merged

Support updates of API key attributes [REST and transport layer] #88186

merged 192 commits into from
Jul 7, 2022

Conversation

n1v0lg
Copy link
Contributor

@n1v0lg n1v0lg commented Jun 29, 2022
edited
Loading

REST and transport layer implementation to add support for updating
attributes of existing API keys. This allows end-users to modify
privileges and metadata associated with API keys dynamically, without
requiring rolling out new API keys every time there is a change.

The new route supports updates to one API key, given its ID:

PUT /_security/api_key/{id}

The request body consists of optional fields role_descriptors and
metadata. If a request field is absent, the existing value of the
field on the given API key is retained. If a request field is set to
{} it replaces the existing value with {}. Explicit null-values for
request fields are not allowed and will produce a 400.
limited_by_role_descriptors, creator, and version are
automatically updated on every call. Attributes a replaced, not merged.

Only the owner user of an API key can update it. API keys cannot update
themselves, nor can other users (even users with all or
manage_security cluster privileges).

Relates: #87870

@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@elasticsearchmachine
Copy link
Collaborator

Hi @n1v0lg, I've updated the changelog YAML for you.

@n1v0lg n1v0lg mentioned this pull request Jul 5, 2022
Merged
@n1v0lg
Copy link
Contributor Author

n1v0lg commented Jul 5, 2022

@elasticmachine run elasticsearch-ci/part-2-fips plz

@n1v0lg n1v0lg mentioned this pull request Jul 5, 2022
Merged
ywangd
ywangd approved these changes Jul 7, 2022
View reviewed changes
Copy link
Member

@ywangd ywangd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

No major comments. But I appreciate if you could address them before merging. Thanks!

...a/org/elasticsearch/xpack/core/security/authz/privilege/ManageOwnApiKeyClusterPrivilege.java Outdated Show resolved Hide resolved
.../test/java/org/elasticsearch/xpack/core/security/action/apikey/UpdateApiKeyRequestTests.java Outdated Show resolved Hide resolved
.../elasticsearch/xpack/core/security/authz/privilege/ManageOwnApiKeyClusterPrivilegeTests.java Outdated Show resolved Hide resolved
.../elasticsearch/xpack/core/security/authz/privilege/ManageOwnApiKeyClusterPrivilegeTests.java Show resolved Hide resolved
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java Show resolved Hide resolved
...rc/main/java/org/elasticsearch/xpack/security/rest/action/apikey/RestUpdateApiKeyAction.java Show resolved Hide resolved
...st/java/org/elasticsearch/xpack/security/rest/action/apikey/RestUpdateApiKeyActionTests.java Outdated Show resolved Hide resolved
...rc/main/java/org/elasticsearch/xpack/security/rest/action/apikey/RestUpdateApiKeyAction.java Outdated Show resolved Hide resolved
...ty/src/internalClusterTest/java/org/elasticsearch/xpack/security/authc/ApiKeyIntegTests.java Show resolved Hide resolved
...ty/src/internalClusterTest/java/org/elasticsearch/xpack/security/authc/ApiKeyIntegTests.java Outdated Show resolved Hide resolved
@n1v0lg n1v0lg changed the title Support updates of API key attributes [REST and transport layers] Support updates of API key attributes [REST and transport layer] Jul 7, 2022
@elasticsearchmachine
Copy link
Collaborator

Hi @n1v0lg, I've updated the changelog YAML for you.

@n1v0lg n1v0lg merged commit 12bf451 into elastic:master Jul 7, 2022
@n1v0lg n1v0lg deleted the update-api-keys-rest-transport-layers branch July 7, 2022 09:46
@ywangd ywangd mentioned this pull request Aug 3, 2022
Closed
5 tasks
@ylasri
Copy link

ylasri commented Nov 1, 2022

We got this error when using this API, on version 7.17.6

{
  "error" : {
    "root_cause" : [
      {
        "type" : "illegal_argument_exception",
        "reason" : "request [/_security/api_key/yAlcM4QBdS8O9IF71bZo] contains unrecognized parameter: [ids] -> did you mean [id]?"
      }
    ],
    "type" : "illegal_argument_exception",
    "reason" : "request [/_security/api_key/yAlcM4QBdS8O9IF71bZo] contains unrecognized parameter: [ids] -> did you mean [id]?"
  },
  "status" : 400
}

@ywangd
Copy link
Member

ywangd commented Nov 2, 2022

We got this error when using this API, on version 7.17.6

This API is for version 8.4.0 and later. You must have confused it with some other APIs.

Also, this appears to be a user question, and we'd like to direct these kinds of things to the Elasticsearch forum. If you can stop by there, we'd appreciate it. This allows us to use GitHub for verified bug reports, feature requests, and pull requests. There's an active community in the forum that should be able to help get an answer to your question.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ywangd ywangd ywangd approved these changes

Assignees

@n1v0lg n1v0lg

Labels
>feature :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Security Meta label for security team v8.4.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@n1v0lg @elasticsearchmachine @elasticmachine @ylasri @ywangd