github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-25 02:09:32 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/docs/user/security/api-keys
History
Kurt 9a6985eeef
Allow users to Update API Keys (#146237) 
## Summary

API keys can now be updated via the API Keys Management screen

## Release Note

API Keys can now be updated with new Role Descriptors and Metadata via
the API Keys Management screen.

## Testing Instructions

Login as `elastic`

Navigate to Roles and create a new role with the `read_security` cluster
privilege:
<img width="962" alt="Screen Shot 2022-11-30 at 9 42 31 AM"
src="https://user-images.githubusercontent.com/21210601/204826868-a8f6bf03-acf8-404c-90c8-e2b9ab62dc11.png">


Create a new user and assign that new role, `viewer`, and
`kibana_admin`:
<img width="936" alt="Screen Shot 2022-11-30 at 9 43 10 AM"
src="https://user-images.githubusercontent.com/21210601/204827030-e5f97f8e-6676-4c18-8a46-f6afee87ba12.png">


Navigate to Dev Tools and run the following:

```json
POST /_security/api_key/grant
{
  "grant_type": "password",
  "username" : "elastic",  
  "password" : "changeme",  
  "run_as": "elastic",  
  "api_key" : {
    "name": "test-expired-key",
    "expiration": "1ms"
  }
}

POST /_security/api_key/grant
{
  "grant_type": "password",
  "username" : "elastic",  
  "password" : "changeme",  
  "run_as": "test_user",  
  "api_key" : {
    "name": "test-user-key",
    "expiration": "1d"
  }
}
```

The first command will create an API key for the `elastic` user that
expires immediately.

The second command will create an API key for `test_user`.

Navigate to the API Key page, click the name column links to see a
readonly view for the 2 previously created keys as users cannot update
an API key that belongs to another user nor an API key that is expired.

Create a new API key:
<img width="632" alt="Screen Shot 2022-11-30 at 9 44 52 AM"
src="https://user-images.githubusercontent.com/21210601/204829114-672c6583-8801-4af0-bfa8-64ae1072ef46.png">

Click the name link for the newly created API key to see the Update API
key flyout.

Update the fields and click submit:
<img width="642" alt="Screen Shot 2022-11-30 at 9 45 59 AM"
src="https://user-images.githubusercontent.com/21210601/204829914-9fb1f8e6-8b3f-4acc-b63f-d7e4a0906727.png">

If the update was successful:
<img width="904" alt="Screen Shot 2022-11-30 at 9 46 42 AM"
src="https://user-images.githubusercontent.com/21210601/204830133-1dcb083b-f945-4980-9e91-19081c224b55.png">

Now click the name link again for the updated key and click submit
without making changes. You should see a warning:
<img width="895" alt="Screen Shot 2022-11-30 at 9 46 52 AM"
src="https://user-images.githubusercontent.com/21210601/204830570-2ca5e2e0-19b6-43ce-b7e4-ae594be6a86b.png">

Logout the `elastic` user and login as `test_user`

Navigate to API Keys and click the existing API Key to see a readonly
view flyout:
<img width="639" alt="Screen Shot 2022-11-30 at 9 58 25 AM"
src="https://user-images.githubusercontent.com/21210601/204832019-640ecd2e-4bcb-402b-a164-e8b8eb9f8848.png">


Thanks for reviewing!

Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2022-12-14 07:50:07 -05:00
..
images [Docs] Update security and spaces docs/screenshots (#105652) 2021-07-15 16:04:33 -04:00
index.asciidoc Allow users to Update API Keys (#146237) 2022-12-14 07:50:07 -05:00