API keys should throw an error, if unknown privilege gets added #67311
Labels
>bug
:Security/Authentication
Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)
Team:Security
Meta label for security team
Elasticsearch version (
bin/elasticsearch --version
): 7.10.1Description of the problem including expected versus actual behavior:
Adding an API key with a non-existing privilege returns successfully, but throws an error on the first operation that tries to get executed.
Steps to reproduce:
Note the missing
s
at the end ofmanage_index_template
- this returns a successful response with an API key.However the next request trying to create an index template returns
The text was updated successfully, but these errors were encountered: