Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow API key to retrieve its own information with no API key privilege #45433

Conversation

@bizybot
Copy link
Contributor

commented Aug 12, 2019

Unless the API key has manage_api_key privilege, it cannot get its
own API key information when authenticating using an API key. There can
be a use case wherein we do not wish the user authenticating using an API
key to be able to invalidate or view any other API keys but only view information
about itself. This commit addresses this by allowing the request when
API key id from the GetApiKeyRequest matches the API key id present in the
authentication metadata.

Relates: #40031

Allow API key to retrieve its own information with no API key privilege
Unless the API key has `manage_api_key` privilege, it cannot get its
own API key information when authenticating using API key. There can
be a use case wherein we do not wish the user authenticating using API
key to be able to invalidate or view any other API keys. This commit
solves this by adding allowing the request in case the API key id from
the `GetApiKeyRequest` matches the API key id present in the
`authentication` metadata.

Relates: #40031
@elasticmachine

This comment has been minimized.

Copy link
Collaborator

commented Aug 12, 2019

@bizybot

This comment has been minimized.

Copy link
Contributor Author

commented Aug 12, 2019

build failure due to ForecastIT, the issue has already been raised.
@elasticmachine run elasticsearch-ci/1

@bizybot bizybot requested a review from tvernum Aug 12, 2019

@bizybot

This comment has been minimized.

Copy link
Contributor Author

commented Aug 12, 2019

hit a failure in MlDistributedFailureIT.testFullClusterRestart, issue already exists.
@elasticmachine run elasticsearch-ci/1

@albertzaharovits
Copy link
Contributor

left a comment

One comment, otherwise LGTM.

bizybot added some commits Aug 14, 2019

@tvernum
Copy link
Contributor

left a comment

LGTM

@bizybot bizybot merged commit 4d1bed0 into elastic:manage-own-api-key-privilege Aug 15, 2019

8 checks passed

CLA All commits in pull request signed
Details
elasticsearch-ci/1 Build finished.
Details
elasticsearch-ci/2 Build finished.
Details
elasticsearch-ci/bwc Build finished.
Details
elasticsearch-ci/default-distro Build finished.
Details
elasticsearch-ci/docs Build finished.
Details
elasticsearch-ci/oss-distro-docs Build finished.
Details
elasticsearch-ci/packaging-sample Build finished.
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.