-
Notifications
You must be signed in to change notification settings - Fork 8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security in Core] Exposes apiKeys
from core.security.authc
#186910
[Security in Core] Exposes apiKeys
from core.security.authc
#186910
Conversation
/ci |
/ci |
/ci |
/ci |
packages/core/security/core-security-common/src/roles/schema.ts
Outdated
Show resolved
Hide resolved
apiKeys
from coreapiKeys
from core.security.authc
/ci |
@elasticmachine merge upstream |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 🚀
@@ -26,6 +26,26 @@ export class CoreSecurityRouteHandlerContext implements SecurityRequestHandlerCo | |||
if (this.#authc == null) { | |||
this.#authc = { | |||
getCurrentUser: () => this.securityStart.authc.getCurrentUser(this.request), | |||
apiKeys: { | |||
areAPIKeysEnabled: this.securityStart.authc.apiKeys.areAPIKeysEnabled.bind( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: we can use arrow function instead of bind, like getCurrentUser
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good idea! Addressed in 1faeaa4
💛 Build succeeded, but was flaky
Failed CI StepsThe CI Stats report is too large to be displayed here, check out the CI build annotation for this information. History
To update your PR or re-run it, just comment with: |
@elasticmachine merge upstream |
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Public APIs missing comments
Any counts in public APIs
Unknown metric groupsAPI count
History
|
…tic#186910) ## Summary Expose `apiKeys` as a service under `core.security.authc.apiKeys`. Closes elastic#184764 ### Details PR introduces a new API Keys Service which is accessible under the `authc` namespace in core.security. The service exposes the public API that was already available on the server-side in the security plugin. The service is initialized and registered with core using the `delegate_api` - allowing access to the service within the core plugin without the need for the `security` plugin. Note: I had to move quite a few types/functions around to prevent cyclical dependencies. ### Plugins and the APIs that use the current `apiKeys` function from the security plugin <details> <summary> Expand for table with details </summary> | Plugin | File | API used | Can be migrated | |--------|--------|--------|--------| | alerting | x-pack/plugins/alerting/plugin/server.ts | areApiKeysEnabled() | ✅ | | | x-pack/plugins/alerting/server/rules_client_factory.ts | grantAsInternalUser() | ❌ | | | x-pack/plugins/alerting/server/task.ts | invalidatedAsInternalUser() | ❌ | | enterprise_search | x-pack/plugins/enterprise_search/server/routes/enterprise_search/api_keys | create() | ✅ | | | x-pack/plugins/enterprise_search/server/lib/indices/create_api_key.ts | create() | ✅ | | fleet | x-pack/plugins/fleet/server/routes/setup/handlers.ts | areApiKeysEnabled() | ✅ | | | x-pack/plugins/fleet/server/services/api_keys/security | invalidateAsInternalUser() | ❌ | | | x-pack/plugins/fleet/server/services/api_keys/transform_api_keys.ts | grantAsInternalUser() | ❌ | | | x-pack/plugins/fleet/server/services/setup/fleet_server_policies_enrollment_keys.ts | areApiKeysEnabled() | ✅ | | | x-pack/plugins/fleet/server/services/setup/fleet_server_policies_enrollment_keys.ts | areAPIKeysEnabled() | ✅ | | | x-pack/plugins/observability_solution/apm/server/routes/agent_keys/get_agent_keys_privileges.ts | areAPIKeysEnabled() | ✅ | | observability_solution | x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts | areAPIKeysEnabled | ✅ | | | | validate | ✅ | | | | grantAsInternalUser | ❌ | | | x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/disable.ts | invalidateAsInternalUser | ❌ | | | x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/enable.ts | invalidateAsInternalUser | ❌ | | | x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts | create | ✅ | | | x-pack/plugins/observability_solution/synthetics/server/routes/synthetics_service/enablement.ts | invalidateAsInternalUser | ❌ | | | x-pack/plugins/observability_solution/synthetics/server/synthetics_service/get_api_key.ts | validate | ✅ | | | | areAPIKeysEnabled | ✅ | | | | grantAsInternalUser | ❌ | | | | create | ✅ | | serverless_search | x-pack/plugins/serverless_search/server/routes/api_key_routes.ts | create | ✅ | | | x-pack/plugins/transform/server/routes/api/reauthorize_transforms/route_handler_factory.ts | grantAsInternalUser | ❌ | | | x-pack/plugins/upgrade_assistant/server/lib/reindexing/credential_store.ts | grantAsInternalUser | ❌ | | | | invalidateAsInternalUser | ❌ | | | | areAPIKeysEnabled() | ✅ | </details> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Summary
Expose
apiKeys
as a service undercore.security.authc.apiKeys
.Closes #184764
Details
PR introduces a new API Keys Service which is accessible under the
authc
namespace in core.security. The service exposes the public API that was already available on the server-side in the security plugin.The service is initialized and registered with core using the
delegate_api
- allowing access to the service within the core plugin without the need for thesecurity
plugin.Note: I had to move quite a few types/functions around to prevent cyclical dependencies.
Plugins and the APIs that use the current
apiKeys
function from the security pluginExpand for table with details