[Backport] Create API Key on behalf of other user #53943

tvernum · 2020-03-23T03:13:32Z

This change adds a "grant API key action"

POST /_security/api_key/grant

that creates a new API key using the privileges of one user ("the
system user") to execute the action, but creates the API key with
the roles of the second user ("the end user").

This allows a system (such as Kibana) to create API keys representing
the identity and access of an authenticated user without requiring
that user to have permission to create API keys on their own.

This also creates a new QA project for security on trial licenses and runs
the API key tests there

Backport of: #52886

This change adds a "grant API key action" POST /_security/api_key/grant that creates a new API key using the privileges of one user ("the system user") to execute the action, but creates the API key with the roles of the second user ("the end user"). This allows a system (such as Kibana) to create API keys representing the identity and access of an authenticated user without requiring that user to have permission to create API keys on their own. This also creates a new QA project for security on trial licenses and runs the API key tests there Backport of: elastic#52886

tvernum added the backport label Mar 23, 2020

tvernum added 2 commits March 23, 2020 14:57

Fix QA test

306d29f

Fix QA some more

cf751ea

tvernum merged commit cde8725 into elastic:7.x Mar 23, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Backport] Create API Key on behalf of other user #53943

[Backport] Create API Key on behalf of other user #53943

Uh oh!

tvernum commented Mar 23, 2020

Uh oh!

Uh oh!

[Backport] Create API Key on behalf of other user #53943

[Backport] Create API Key on behalf of other user #53943

Uh oh!

Conversation

tvernum commented Mar 23, 2020

Uh oh!

Uh oh!