Skip to content

Commit

Permalink
address review feedback
Browse files Browse the repository at this point in the history
  • Loading branch information
alisonelizabeth committed Sep 13, 2021
1 parent e8b6f0f commit 1b2bd05
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 12 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -153,5 +153,23 @@ describe('credentialStore', () => {

expect(securityStartMock.authc.apiKeys.invalidateAsInternalUser).toHaveBeenCalled();
});

it('falls back to user credentials when error granting API key', async () => {
const credStore = credentialStoreFactory(logMock);

securityStartMock.authc.apiKeys.grantAsInternalUser.mockRejectedValue(
new Error('Error granting API key')
);

await credStore.set({
request: requestMock,
reindexOp: reindexOpMock,
security: securityStartMock,
});

expect(credStore.get(reindexOpMock)).toEqual({
authorization: basicAuthHeader,
});
});
});
});
Original file line number Diff line number Diff line change
Expand Up @@ -56,18 +56,28 @@ export const credentialStoreFactory = (logger: Logger): CredentialStore => {
security?: SecurityPluginStart;
reindexOpId: string;
}): Promise<string | undefined> => {
const apiKeyResult = await security?.authc.apiKeys.grantAsInternalUser(request, {
name: `ua_reindex_${reindexOpId}`,
role_descriptors: {},
});

if (apiKeyResult) {
const { api_key: apiKey, id } = apiKeyResult;
// Store each API key per reindex operation so that we can later invalidate it when the reindex operation is complete
apiKeysMap.set(reindexOpId, id);
// Returns the base64 encoding of `id:api_key`
// This can be used when sending a request with an "Authorization: ApiKey xxx" header
return Buffer.from(`${id}:${apiKey}`).toString('base64');
try {
const apiKeyResult = await security?.authc.apiKeys.grantAsInternalUser(request, {
name: `ua_reindex_${reindexOpId}`,
role_descriptors: {},
metadata: {
description:
'Created by the Upgrade Assistant for a reindex operation; this can be safely deleted after Kibana is upgraded.',
},
});

if (apiKeyResult) {
const { api_key: apiKey, id } = apiKeyResult;
// Store each API key per reindex operation so that we can later invalidate it when the reindex operation is complete
apiKeysMap.set(reindexOpId, id);
// Returns the base64 encoding of `id:api_key`
// This can be used when sending a request with an "Authorization: ApiKey xxx" header
return Buffer.from(`${id}:${apiKey}`).toString('base64');
}
} catch (error) {
// There are a few edge cases were granting an API key could fail,
// in which case we fall back to using the requestor's credentials in memory
return undefined;
}
};

Expand Down

0 comments on commit 1b2bd05

Please sign in to comment.