Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kibana should not grant API Keys without a name #71620

Closed
legrego opened this issue Jul 14, 2020 · 1 comment · Fixed by #71623
Closed

Kibana should not grant API Keys without a name #71620

legrego opened this issue Jul 14, 2020 · 1 comment · Fixed by #71623
Assignees
@legrego
Labels
bug Fixes for quality problems that affect the customer experience Feature:Users/Roles/API Keys Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@legrego
Copy link
Member

legrego commented Jul 14, 2020

A regression in Elasticsearch (#71558) exposed the fact that Kibana was creating API Keys without a valid name. It was an accident that Elasticsearch allowed this to happen, and now that they've fixed this, we need to update our key creation accordingly to require a name whenever we generate an API Key on behalf of the currently authenticated user.
@legrego legrego added bug Fixes for quality problems that affect the customer experience Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! Feature:Users/Roles/API Keys labels Jul 14, 2020
@legrego legrego self-assigned this Jul 14, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@legrego legrego mentioned this issue Jul 14, 2020
Merged
@FrankHassanabad FrankHassanabad mentioned this issue Aug 26, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@legrego legrego

Labels
bug Fixes for quality problems that affect the customer experience Feature:Users/Roles/API Keys Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Require granted API Keys to have a name legrego/kibana
2 participants
@legrego @elasticmachine