Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Connection Details] Check if user has permissions to manage own API keys #183286
base: main
Are you sure you want to change the base?
[Connection Details] Check if user has permissions to manage own API keys #183286
Changes from all commits
7c80f73
0051b6b
04d5865
e491f22
d95075d
2f163c1
ee4258c
63aa379
b8303ab
e9e4942
a54b758
114db76
e99527b
5fb7a0d
9b66af5
e9a7b1d
7141325
da49c22
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please do not import from core's "plugin entry point" from package code. Imports from
@kbn/core/server|public
should be replaced with imports from core's corresponding domain packages instead.Looking at the changes in this package, it seems this was added because of this import:
used for
Please use
instead
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can't we use
GetAPIKeysResult
interface here?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This code is in a package, but
GetAPIKeysResult
is the server-side plugin. I'm thinking this would create a circular dependency problem, no?The
GetAPIKeysResult
would need to be moved to shared package to be reused? Happy to move it somewhere, if you could please tell me what is the right place in the security code.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have
plugin_types_common
, but I would probably ask for second opinion also before moving things around.cc @jeramysoucy
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the ping! I added my feedback here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
GET /internal/security/api_key
returns all API keys, which if there are many could make this slow. Additionally, this endpoint is being dropped and replaced with a query endpoint. See #168970I'd suggest instead augmenting our authentication service to include the functionality that you want. This is where we already expose API key functions. See
kibana/x-pack/plugins/security/public/authentication/authentication_service.ts
Line 44 in bcbd550
You could add a
getCurrentUserApiKeyPrivileges
function in the authentication service that calls a new internal endpoint that ONLY returns the three flags you are looking for (canManageApiKeys, canManageCrossClusterApiKeys, canManageOwnApiKeys), e.g.GET /internal/security/api_key/_check_privileges
Additionally, this would be exposed on the server side as well here:
kibana/x-pack/plugins/security/server/authentication/authentication_service.ts
Line 387 in ba8234e