Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Logs onboarding] Use ApiKey metadata or name #159381

Closed
yngrdyn opened this issue Jun 9, 2023 · 1 comment · Fixed by #159535
Closed

[Logs onboarding] Use ApiKey metadata or name #159381

yngrdyn opened this issue Jun 9, 2023 · 1 comment · Fixed by #159535
Assignees
@ogupte
Labels
apm:test-plan-done Pull request that was successfully tested during the test plan Feature:Logs Onboarding Logs Onboarding feature Team:obs-ux-logs Observability Logs User Experience Team

Comments

@yngrdyn
Copy link
Contributor

yngrdyn commented Jun 9, 2023
edited
Loading

At the moment we are using ApiKeyId as Id for the saved object involved in the current onboarding flow. This have been helpful since when running the script we don't need to send any extra params (e.g. savedObjectId)

image

but pose a security threat since we are basically exposing a part of the credential (ApiKey being a credential like username:password).

Explore apiKey metadata or name as options to hold the SO id.
@yngrdyn yngrdyn added Team:APM All issues that need APM UI Team support apm:logs-onboarding labels Jun 9, 2023
@gbamparop gbamparop removed the Team:APM All issues that need APM UI Team support label Jun 9, 2023
@botelastic botelastic bot added the needs-team Issues missing a team label label Jun 9, 2023
@gbamparop gbamparop added the Team:APM All issues that need APM UI Team support label Jun 9, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/apm-ui (Team:APM)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Jun 9, 2023
@ogupte ogupte self-assigned this Jun 12, 2023
@ogupte ogupte mentioned this issue Jun 13, 2023
Merged
ogupte added a commit that referenced this issue Jun 14, 2023
@ogupte
[Logs onboarding] Removes dependency on apikey id in saved objects (#…
2bab34a 
…159535)

Closes #159381

Makes use of the auto-generated saved object ID to identify
observability onboarding state saved objects, so the API key id is never
persisted. In this change, the generated API key never has an explicit
association with the saved object for the onboarding flow.
@yngrdyn yngrdyn added apm:test-plan-8.10.0 apm:test-plan-done Pull request that was successfully tested during the test plan labels Aug 16, 2023
@gbamparop gbamparop added Team:obs-ux-logs Observability Logs User Experience Team Feature:Logs Onboarding Logs Onboarding feature and removed Team:APM All issues that need APM UI Team support apm:logs-onboarding labels Oct 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ogupte ogupte

Labels
apm:test-plan-done Pull request that was successfully tested during the test plan Feature:Logs Onboarding Logs Onboarding feature Team:obs-ux-logs Observability Logs User Experience Team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Logs onboarding] Removes dependency on apikey id in saved objects ogupte/kibana
4 participants
@yngrdyn @ogupte @gbamparop @elasticmachine