Handle API key type in Get/Query API key responses#96014
Handle API key type in Get/Query API key responses#96014elasticsearchmachine merged 8 commits intoelastic:mainfrom
Conversation
This PR makes the Get/Query API key APIs to return the new API key type information in their responses. For cross-cluster type API keys, the limited-by field is not shown because they do not use the limited-by model as existing API keys. Relates: elastic#95714
ywangd
added
>non-issue
:Security/Security
| if (TcpTransport.isUntrustedRemoteClusterEnabled()) { | ||
| builder.field("type", type.value()); | ||
| } |
There was a problem hiding this comment.
This PR has some unfortunate complexity in tests due to this conditional serialization logic with featureFlag checking. A simple solution could be adding assumeTrue(featureFlag) for all those tests. But it felt disabling a bit too much. So I took a more finer controlled approach.
Luckily Doc tests do not actually assert Get/Query responses and Yaml tests only assert selective fields. So they need no change in this PR.
| this.name = in.readString(); | ||
| } | ||
| this.id = in.readString(); | ||
| if (in.getTransportVersion().onOrAfter(TRANSPORT_VERSION_ADVANCED_REMOTE_CLUSTER_SECURITY_CCR)) { |
There was a problem hiding this comment.
We may need a new TransportVersion for this given the recent changes to versioning. I am reaching out to the experts for confirmation.
|
Pinging @elastic/es-security (Team:Security) |
|
@elasticmachine run elasticsearch-ci/part-1-fips |
n1v0lg
left a comment
n1v0lg
left a comment
There was a problem hiding this comment.
LGTM!
As a side note, if we ever consider filtering by type, we may be able to add validation that with_limited_by is not used with type=CROSS_CLUSTER since that's arguably an invalid request. It's not really possible to do this for general Get and Query requests though since those can apply to a mix or REST and CROSS_CLUSTER API keys.
Thanks for this idea but I prefer we don't do it. In my opinion, not showing |
|
@elasticmachine update branch |
ywangd
added
the
auto-merge-without-approval
|
@elasticmachine run elasticsearch-ci/part-1 |
|
Failure is not related. I raised #96084 |
|
@elasticmachine run elasticsearch-ci/part-1 |
4 participants
This PR makes the Get/Query API key APIs to return the new API key type information in their responses. For cross-cluster type API keys, the limited-by field is not shown because they do not use the limited-by model as existing API keys.
Relates: #95714