Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Search][Onboarding] api-key plugin #191926

Merged
merged 48 commits into from
Oct 2, 2024
Merged
Show file tree
Hide file tree
Changes from 43 commits
Commits
Show all changes
48 commits
Select commit Hold shift + click to select a range
1f7e40b
Prepare api-key plugin configuration
yansavitski Sep 2, 2024
345225a
Merge remote-tracking branch 'upstream/main' into onboarding-api-plugin
joemcelroy Sep 2, 2024
e4b19ba
Merge remote-tracking branch 'upstream/main' into onboarding-api-plugin
joemcelroy Sep 2, 2024
7e33030
WIP
joemcelroy Sep 2, 2024
b1a8356
api keys plugin working
joemcelroy Sep 2, 2024
df937a1
WIP
joemcelroy Sep 2, 2024
67b8364
implement API for API Key generation
joemcelroy Sep 3, 2024
245d4cb
fix privilege
joemcelroy Sep 3, 2024
9f256cd
Merge remote-tracking branch 'upstream/main' into onboarding-api-plugin
joemcelroy Sep 5, 2024
25c3260
Add get api route
yansavitski Sep 8, 2024
e2024d7
Update validity route
yansavitski Sep 16, 2024
07c80e7
Add apikeyfrom component and api search hook
yansavitski Sep 16, 2024
9734255
Use dispatch for state and apiKey
yansavitski Sep 17, 2024
69792d1
Merge branch 'main' of github.com:elastic/kibana into onboarding-api-…
yansavitski Sep 17, 2024
703261c
Use plugin
yansavitski Sep 17, 2024
53f6263
Fix PR comments
yansavitski Sep 23, 2024
ecb4ea2
Merge branch 'main' of github.com:elastic/kibana into onboarding-api-…
yansavitski Sep 23, 2024
fedef8b
[CI] Auto-commit changed files from 'node scripts/lint_packages --fix'
kibanamachine Sep 23, 2024
46d30a3
[CI] Auto-commit changed files from 'node scripts/yarn_deduplicate'
kibanamachine Sep 23, 2024
20db7e8
Merge remote-tracking branch 'upstream/main' into onboarding-api-plugin
joemcelroy Sep 23, 2024
07661b2
add visibility for api key
joemcelroy Sep 23, 2024
677a365
added FTRs + fixes to flows
joemcelroy Sep 24, 2024
129b383
Merge remote-tracking branch 'upstream/main' into onboarding-api-plugin
joemcelroy Sep 26, 2024
e942537
update to package
joemcelroy Sep 26, 2024
40e9973
moving to a package
joemcelroy Sep 27, 2024
4d962fe
updates to package move
joemcelroy Sep 27, 2024
7ea3563
fix prettier
joemcelroy Sep 27, 2024
8c4e331
Merge remote-tracking branch 'upstream/main' into onboarding-api-plugin
joemcelroy Sep 27, 2024
3c25c83
update api form design
joemcelroy Sep 27, 2024
65a8d4e
add form field
joemcelroy Sep 27, 2024
9e31a77
[CI] Auto-commit changed files from 'node scripts/generate codeowners'
kibanamachine Sep 27, 2024
074e9a1
[CI] Auto-commit changed files from 'node scripts/notice'
kibanamachine Sep 27, 2024
e281ce3
fix ts issues
joemcelroy Sep 30, 2024
4a2da8f
fix i18n issues
joemcelroy Sep 30, 2024
6b4f4ee
Merge remote-tracking branch 'upstream/main' into onboarding-api-plugin
joemcelroy Sep 30, 2024
f1680c2
Merge branch 'onboarding-api-plugin' of github.com:yansavitski/kibana…
joemcelroy Sep 30, 2024
c93db2d
[CI] Auto-commit changed files from 'node scripts/notice'
kibanamachine Sep 30, 2024
265379c
[CI] Auto-commit changed files from 'node scripts/lint_ts_projects --…
kibanamachine Sep 30, 2024
bb5fa80
fix jest configs
joemcelroy Sep 30, 2024
dc203dd
update ftrs
joemcelroy Sep 30, 2024
aedde54
update readme
joemcelroy Sep 30, 2024
740a89b
resolve conflicts
joemcelroy Sep 30, 2024
fcf24f3
fix typo
joemcelroy Sep 30, 2024
c0a950d
Merge remote-tracking branch 'upstream/main' into onboarding-api-plugin
joemcelroy Oct 1, 2024
3ce5e0b
added provider; toggle visibility of apiKey; implement code sample up…
joemcelroy Oct 1, 2024
f25dcec
updates based on feedback
joemcelroy Oct 1, 2024
cd87f44
[CI] Auto-commit changed files from 'node scripts/generate codeowners'
kibanamachine Oct 1, 2024
b7029a8
[CI] Auto-commit changed files from 'node scripts/lint_ts_projects --…
kibanamachine Oct 1, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .github/CODEOWNERS
Original file line number Diff line number Diff line change
Expand Up @@ -752,6 +752,8 @@ src/plugins/screenshot_mode @elastic/appex-sharedux
x-pack/examples/screenshotting_example @elastic/appex-sharedux
x-pack/plugins/screenshotting @elastic/kibana-reporting-services
packages/kbn-screenshotting-server @elastic/appex-sharedux
packages/kbn-search-api-keys-api @elastic/search-kibana
packages/kbn-search-api-keys-components @elastic/search-kibana
packages/kbn-search-api-panels @elastic/search-kibana
x-pack/plugins/search_assistant @elastic/search-kibana
packages/kbn-search-connectors @elastic/search-kibana
Expand All @@ -765,6 +767,7 @@ x-pack/plugins/search_inference_endpoints @elastic/search-kibana
x-pack/plugins/search_notebooks @elastic/search-kibana
x-pack/plugins/search_playground @elastic/search-kibana
packages/kbn-search-response-warnings @elastic/kibana-data-discovery
x-pack/packages/search/shared_ui @elastic/search-kibana
packages/kbn-search-types @elastic/kibana-data-discovery
x-pack/plugins/searchprofiler @elastic/kibana-management
x-pack/test/security_api_integration/packages/helpers @elastic/kibana-security
Expand Down
1 change: 1 addition & 0 deletions .i18nrc.json
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,7 @@
"server": "src/legacy/server",
"share": ["src/plugins/share", "packages/kbn-reporting-share"],
"sharedUXPackages": "packages/shared-ux",
"searchApiKeysComponents": "packages/kbn-search-api-keys-components",
"searchApiPanels": "packages/kbn-search-api-panels/",
"searchErrors": "packages/kbn-search-errors",
"searchIndexDocuments": "packages/kbn-search-index-documents",
Expand Down
3 changes: 3 additions & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -769,6 +769,8 @@
"@kbn/screenshotting-example-plugin": "link:x-pack/examples/screenshotting_example",
"@kbn/screenshotting-plugin": "link:x-pack/plugins/screenshotting",
"@kbn/screenshotting-server": "link:packages/kbn-screenshotting-server",
"@kbn/search-api-keys-api": "link:packages/kbn-search-api-keys-api",
"@kbn/search-api-keys-components": "link:packages/kbn-search-api-keys-components",
"@kbn/search-api-panels": "link:packages/kbn-search-api-panels",
"@kbn/search-assistant": "link:x-pack/plugins/search_assistant",
"@kbn/search-connectors": "link:packages/kbn-search-connectors",
Expand All @@ -782,6 +784,7 @@
"@kbn/search-notebooks": "link:x-pack/plugins/search_notebooks",
"@kbn/search-playground": "link:x-pack/plugins/search_playground",
"@kbn/search-response-warnings": "link:packages/kbn-search-response-warnings",
"@kbn/search-shared-ui": "link:x-pack/packages/search/shared_ui",
"@kbn/search-types": "link:packages/kbn-search-types",
"@kbn/searchprofiler-plugin": "link:x-pack/plugins/searchprofiler",
"@kbn/security-api-key-management": "link:x-pack/packages/security/api_key_management",
Expand Down
3 changes: 3 additions & 0 deletions packages/kbn-search-api-keys-api/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# Search API Keys

The Search API Keys package is a shared components and utilities to simplify managing the API Keys experience for elasticsearch users across stack and serverless search solutions.
17 changes: 17 additions & 0 deletions packages/kbn-search-api-keys-api/jest.config.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the "Elastic License
* 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
* Public License v 1"; you may not use this file except in compliance with, at
* your election, the "Elastic License 2.0", the "GNU Affero General Public
* License v3.0 only", or the "Server Side Public License, v 1".
*/

module.exports = {
preset: '@kbn/test/jest_node',
rootDir: '../..',
roots: ['<rootDir>/packages/kbn-search-api-keys-api'],
coverageDirectory: '<rootDir>/target/kibana-coverage/jest/packages/kbn-search-api-keys-api',
coverageReporters: ['text', 'html'],
collectCoverageFrom: ['<rootDir>/packages/kbn-search-api-keys-api/**/*.{ts,tsx}'],
};
5 changes: 5 additions & 0 deletions packages/kbn-search-api-keys-api/kibana.jsonc
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
{
"type": "shared-server",
"id": "@kbn/search-api-keys-api",
"owner": "@elastic/search-kibana"
}
6 changes: 6 additions & 0 deletions packages/kbn-search-api-keys-api/package.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{
"name": "@kbn/search-api-keys-api",
"private": true,
"version": "1.0.0",
"license": "Elastic License 2.0 OR AGPL-3.0-only OR SSPL-1.0"
}
10 changes: 10 additions & 0 deletions packages/kbn-search-api-keys-api/server/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the "Elastic License
* 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
* Public License v 1"; you may not use this file except in compliance with, at
* your election, the "Elastic License 2.0", the "GNU Affero General Public
* License v3.0 only", or the "Server Side Public License, v 1".
*/

export * from './routes/routes';
31 changes: 31 additions & 0 deletions packages/kbn-search-api-keys-api/server/lib/create_key.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the "Elastic License
* 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
* Public License v 1"; you may not use this file except in compliance with, at
* your election, the "Elastic License 2.0", the "GNU Affero General Public
* License v3.0 only", or the "Server Side Public License, v 1".
*/

import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
import type { Logger } from '@kbn/logging';
import type { APIKeyCreationResponse } from '../types';

export async function createAPIKey(
name: string,
client: ElasticsearchClient,
logger: Logger
): Promise<APIKeyCreationResponse> {
try {
const apiKey = await client.security.createApiKey({
name,
role_descriptors: {},
});

return apiKey;
} catch (e) {
logger.error(`Search API Keys: Error during creating API Key`);
logger.error(e);
throw e;
}
}
30 changes: 30 additions & 0 deletions packages/kbn-search-api-keys-api/server/lib/get_key_by_id.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the "Elastic License
* 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
* Public License v 1"; you may not use this file except in compliance with, at
* your election, the "Elastic License 2.0", the "GNU Affero General Public
* License v3.0 only", or the "Server Side Public License, v 1".
*/

import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
import type { Logger } from '@kbn/logging';
import type { GetApiKeyResponse } from '../types';

export async function getAPIKeyById(
id: string,
client: ElasticsearchClient,
logger: Logger
): Promise<GetApiKeyResponse> {
try {
const apiKey = await client.security.getApiKey({
id,
});

return apiKey.api_keys?.[0];
} catch (e) {
logger.error(`Search API Keys: Error on getting API Key`);
logger.error(e);
throw e;
}
}
50 changes: 50 additions & 0 deletions packages/kbn-search-api-keys-api/server/lib/privileges.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the "Elastic License
* 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
* Public License v 1"; you may not use this file except in compliance with, at
* your election, the "Elastic License 2.0", the "GNU Affero General Public
* License v3.0 only", or the "Server Side Public License, v 1".
*/

import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
import type { Logger } from '@kbn/logging';

export async function fetchUserStartPrivileges(
client: ElasticsearchClient,
logger: Logger
): Promise<boolean> {
try {
// relying on manage cluster privilege to check if user can create API keys
// and can also have permissions for index monitoring
const securityCheck = await client.security.hasPrivileges({
cluster: ['manage'],
});

return securityCheck?.cluster?.manage ?? false;
} catch (e) {
logger.error(`Error checking user privileges for search API Keys`);
logger.error(e);
return false;
}
}

export async function fetchClusterHasApiKeys(
client: ElasticsearchClient,
logger: Logger
): Promise<boolean> {
try {
const clusterApiKeys = await client.security.queryApiKeys({
query: {
term: {
invalidated: false,
},
},
});
return clusterApiKeys.api_keys.length > 0;
} catch (e) {
logger.error(`Error checking cluster for existing valid API keys`);
logger.error(e);
return true;
}
}
108 changes: 108 additions & 0 deletions packages/kbn-search-api-keys-api/server/routes/routes.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the "Elastic License
* 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
* Public License v 1"; you may not use this file except in compliance with, at
* your election, the "Elastic License 2.0", the "GNU Affero General Public
* License v3.0 only", or the "Server Side Public License, v 1".
*/

import type { IRouter } from '@kbn/core/server';
import type { Logger } from '@kbn/logging';

import { schema } from '@kbn/config-schema';
import { APIRoutes } from '../types';
import { getAPIKeyById } from '../lib/get_key_by_id';
import { createAPIKey } from '../lib/create_key';
import { fetchClusterHasApiKeys, fetchUserStartPrivileges } from '../lib/privileges';

const API_KEY_NAME = 'Unrestricted API Key';

export function registerSearchApiKeysRoutes(router: IRouter, logger: Logger) {
router.post(
{
path: APIRoutes.API_KEY_VALIDITY,
validate: {
body: schema.object({
id: schema.string(),
}),
},
options: {
access: 'internal',
},
},
async (context, request, response) => {
try {
const core = await context.core;
const client = core.elasticsearch.client.asCurrentUser;
const apiKey = await getAPIKeyById(request.body.id, client, logger);

if (!apiKey) {
return response.customError({
body: { message: 'API key is not found.' },
statusCode: 404,
});
}

return response.ok({
body: { isValid: !apiKey.invalidated },
headers: { 'content-type': 'application/json' },
});
} catch (e) {
logger.error(`Error fetching API Key`);
logger.error(e);
return response.customError({
body: { message: e.message },
statusCode: 500,
});
}
}
);

router.post(
{
path: APIRoutes.API_KEYS,
validate: {},
options: {
access: 'internal',
},
},
async (context, _request, response) => {
try {
const core = await context.core;
const client = core.elasticsearch.client.asCurrentUser;
const clusterHasApiKeys = await fetchClusterHasApiKeys(client, logger);

if (clusterHasApiKeys) {
return response.customError({
body: { message: 'Project already has API keys' },
statusCode: 400,
});
}

const canCreateApiKeys = await fetchUserStartPrivileges(client, logger);

if (!canCreateApiKeys) {
return response.customError({
body: { message: 'User does not have required privileges' },
statusCode: 403,
});
}

const apiKey = await createAPIKey(API_KEY_NAME, client, logger);

return response.ok({
body: apiKey,
headers: { 'content-type': 'application/json' },
});
} catch (e) {
logger.error(`Error creating API Key`);
logger.error(e);
return response.customError({
body: { message: e.message },
statusCode: 500,
});
}
}
);
}
27 changes: 27 additions & 0 deletions packages/kbn-search-api-keys-api/server/types.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the "Elastic License
* 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
* Public License v 1"; you may not use this file except in compliance with, at
* your election, the "Elastic License 2.0", the "GNU Affero General Public
* License v3.0 only", or the "Server Side Public License, v 1".
*/

export enum APIRoutes {
API_KEYS = '/internal/search_api_keys',
API_KEY_VALIDITY = '/internal/search_api_keys/validity',
}

export interface APIKey {
id: string;
name: string;
expiration?: number;
invalidated?: boolean;
}

export interface APIKeyCreationResponse extends Pick<APIKey, 'id' | 'name' | 'expiration'> {
api_key: string;
encoded: string;
}

export type GetApiKeyResponse = APIKey;
18 changes: 18 additions & 0 deletions packages/kbn-search-api-keys-api/tsconfig.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{
"extends": "../../tsconfig.base.json",
"compilerOptions": {
"outDir": "target/types",
},
"include": [
"server/**/*"
],
"kbn_references": [
"@kbn/core-elasticsearch-server",
"@kbn/logging",
"@kbn/core",
"@kbn/config-schema",
],
"exclude": [
"target/**/*",
]
}
3 changes: 3 additions & 0 deletions packages/kbn-search-api-keys-components/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# Search API Key Components

The Search API Keys components package is a shared components and utilities to simplify managing the API Keys experience for elasticsearch users across stack and serverless search solutions.
20 changes: 20 additions & 0 deletions packages/kbn-search-api-keys-components/jest.config.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the "Elastic License
* 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
* Public License v 1"; you may not use this file except in compliance with, at
* your election, the "Elastic License 2.0", the "GNU Affero General Public
* License v3.0 only", or the "Server Side Public License, v 1".
*/

module.exports = {
preset: '@kbn/test',
rootDir: '../..',
roots: ['<rootDir>/packages/kbn-search-api-keys-components'],
coverageDirectory:
'<rootDir>/target/kibana-coverage/jest/packages/kbn-search-api-keys-components',
coverageReporters: ['text', 'html'],
collectCoverageFrom: [
'<rootDir>/packages/kbn-search-api-keys-components/public/{components,hooks}/**/*.{ts,tsx}',
],
};
5 changes: 5 additions & 0 deletions packages/kbn-search-api-keys-components/kibana.jsonc
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
{
"type": "shared-browser",
"id": "@kbn/search-api-keys-components",
"owner": "@elastic/search-kibana"
}
Loading