github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Serverless] Allow authentication via the Elasticsearch JWT realm with the shared_secret client authentication type. (#161564)

Browse source
This commit is contained in:
Aleh Zasypkin 2023-07-11 15:06:34 +02:00 committed by GitHub
parent 95e50875e1
commit cdc862a618
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
config/serverless.yml
View file

@ -69,6 +69,5 @@ server.versioned.strictClientVersionCheck: false
xpack.spaces.maxSpaces: 1
xpack.spaces.allowFeatureVisibility: false
# Temporarily allow unauthenticated access to task manager utilization & status/stats APIs for autoscaling
status.allowAnonymous: true
xpack.task_manager.unsafe.authenticate_background_task_utilization: false
# Allow authentication via the Elasticsearch JWT realm with the `shared_secret` client authentication type.
elasticsearch.requestHeadersWhitelist: ["authorization", "es-client-authentication"]

4
packages/kbn-es/src/settings.test.ts
View file

@ -12,6 +12,7 @@ const mockSettings = [
'abc.def=1',
'xpack.security.authc.realms.oidc.oidc1.rp.client_secret=secret',
'xpack.security.authc.realms.oidc.oidc1.rp.client_id=client id',
'xpack.security.authc.realms.jwt.jwt1.client_authentication.shared_secret=jwt_secret',
'discovery.type=single-node',
];
@ -20,6 +21,7 @@ test('`parseSettings` parses and returns all settings by default', () => {
['abc.def', '1'],
['xpack.security.authc.realms.oidc.oidc1.rp.client_secret', 'secret'],
['xpack.security.authc.realms.oidc.oidc1.rp.client_id', 'client id'],
['xpack.security.authc.realms.jwt.jwt1.client_authentication.shared_secret', 'jwt_secret'],
['discovery.type', 'single-node'],
]);
});
@ -29,6 +31,7 @@ test('`parseSettings` parses and returns all settings with `SettingsFilter.All`
['abc.def', '1'],
['xpack.security.authc.realms.oidc.oidc1.rp.client_secret', 'secret'],
['xpack.security.authc.realms.oidc.oidc1.rp.client_id', 'client id'],
['xpack.security.authc.realms.jwt.jwt1.client_authentication.shared_secret', 'jwt_secret'],
['discovery.type', 'single-node'],
]);
});
@ -36,6 +39,7 @@ test('`parseSettings` parses and returns all settings with `SettingsFilter.All`
test('`parseSettings` parses and returns only secure settings with `SettingsFilter.SecureOnly` filter', () => {
expect(parseSettings(mockSettings, { filter: SettingsFilter.SecureOnly })).toEqual([
['xpack.security.authc.realms.oidc.oidc1.rp.client_secret', 'secret'],
['xpack.security.authc.realms.jwt.jwt1.client_authentication.shared_secret', 'jwt_secret'],
]);
});

1
packages/kbn-es/src/settings.ts
View file

@ -11,6 +11,7 @@
*/
const SECURE_SETTINGS_LIST = [
/^xpack\.security\.authc\.realms\.oidc\.[a-zA-Z0-9_]+\.rp\.client_secret$/,
/^xpack\.security\.authc\.realms\.jwt\.[a-zA-Z0-9_]+\.client_authentication\.shared_secret$/,
];
function isSecureSetting(settingName: string) {