[Fleet] Create enrollment API keys as current user#96464
[Fleet] Create enrollment API keys as current user#96464nchaulet merged 6 commits intoelastic:masterfrom
Conversation
nchaulet
added
v8.0.0
release_note:skip
|
Pinging @elastic/fleet (Team:Fleet) |
nchaulet
force-pushed
the
feature-create-enrollment-keys-using-current-user
branch
from
22946bd to
e336deb
Compare
…e-enrollment-keys-using-current-user
| resources: ['*'], | ||
|
|
||
| const { body: key } = await esClient.security | ||
| .createApiKey({ |
There was a problem hiding this comment.
Should we add some metadata to these enrollment keys?
Maybe it would be nice to have this defined as a constant outside which makes it easier to document and reference.
There was a problem hiding this comment.
yes we could add some metadata, what do you have in mind here?
There was a problem hiding this comment.
In elastic/fleet-server#195 we have:
"metadata" : {
"agent_id" : "e4dede19-759e-45d5-b08f-0e78dec888e5",
"managed_by" : "fleet-server",
"managed" : true,
"type" : "output"
}
We could do something similar here:
"metadata" : {
"managed_by" : "fleet",
"managed" : true,
"type" : "enroll" (or similar)
"policy_id": "1234"
}
…e-enrollment-keys-using-current-user
ruflin
left a comment
ruflin
left a comment
There was a problem hiding this comment.
Did not test this locally but overall LGTM. Would be good if someone could do a more granular check.
| body: { | ||
| name, | ||
| // @ts-expect-error Metadata in api keys | ||
| metadata: { |
There was a problem hiding this comment.
@nchaulet Do you know if metadata is the key that has to be used here or could we just use any key?
There was a problem hiding this comment.
Looking at the doc it's the key that need to be used https://www.elastic.co/guide/en/elasticsearch/reference/master/security-api-create-api-key.html#security-api-create-api-key-request-body
|
@elasticmachine merge upstream |
💚 Build SucceededMetrics [docs]
History
To update your PR or re-run it, just comment with: cc @nchaulet |
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
…to-metrics-tab * 'master' of github.com:elastic/kibana: (44 commits) [Exploratory View]Additional metrics for kpi over time (elastic#96532) [Fleet] UI changes on hosted policy detail view (elastic#96337) Stacked line charts incorrectly shows one term as 100% (elastic#96203) [Fleet] Create enrollment API keys as current user (elastic#96464) [Lens] Make table and metric show on top Chart switcher (elastic#96601) skip flaky suite (elastic#96691) [Lens] Hide "Show more errors" once expanded (elastic#96605) [Discover] Unskip histogram hiding test (elastic#95759) skip flyout test, add linked issue elastic#96708 skip copy_to_space_flyout_internal.test.tsx elastic#96708 fix config validation (elastic#96502) Document telemetry fields for stack security features (elastic#96638) [Partial Results] Move inspector adapter integration into search source (elastic#96241) [RAC] Rule registry plugin (elastic#95903) [APM] Run precommit tasks sequentially (elastic#96551) [Maps] fix Kibana does not recognize a valid geo_shape index when attempting to create a Tracking Containment alert (elastic#96633) [Security Solution] [Cases] Small UI bugfixes (elastic#96511) [Actions UI] Changed PagerDuty action form UI to fill payload fields according to the API docs for Resolve and Acknowledge events. (elastic#96363) App Search: Result Component Updates (elastic#96184) [Alerting] Preconfigured alert history index connector (elastic#94909) ...
4 participants
Summary
As part of the move to fleet server we will remove the current
fleet_enrolluser. That user was used to create API keys.In that PR we change that to use the current user to create API keys instead.
I also removed useless argument to the invalidate calls
Also I added metatada to the enrollment API key.
How to test
This PR should not change anything.
Automated test
this part of the code is covered by the fleet api integration tests