[security/apiKeys] migrate from id to ids in ES request (#87053)

Co-authored-by: spalger <spalger@users.noreply.github.com> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2021-01-04 15:46:37 -07:00 · 2021-01-04 15:46:37 -07:00 · e3856a9e45
parent 284f422642
commit e3856a9e45
8 changed files with 18 additions and 20 deletions
--- a/x-pack/plugins/alerts/server/invalidate_pending_api_keys/task.ts
+++ b/x-pack/plugins/alerts/server/invalidate_pending_api_keys/task.ts
@ -193,6 +193,7 @@ async function invalidateApiKeys(
  encryptedSavedObjectsClient: EncryptedSavedObjectsClient,
  securityPluginStart?: SecurityPluginStart
 ) {
+  // TODO: This could probably send a single request to ES now that the invalidate API supports multiple ids in a single request
  let totalInvalidated = 0;
  await Promise.all(
    apiKeysToInvalidate.saved_objects.map(async (apiKeyObj) => {
--- a/x-pack/plugins/security/server/authentication/api_keys/api_keys.test.ts
+++ b/x-pack/plugins/security/server/authentication/api_keys/api_keys.test.ts
@ -115,7 +115,7 @@ describe('API Keys', () => {
      expect(result).toEqual(true);
      expect(mockClusterClient.asInternalUser.security.invalidateApiKey).toHaveBeenCalledWith({
        body: {
-          id: 'kibana-api-key-service-test',
+          ids: ['kibana-api-key-service-test'],
        },
      });
    });
@ -318,7 +318,7 @@ describe('API Keys', () => {
      });
      expect(mockScopedClusterClient.asCurrentUser.security.invalidateApiKey).toHaveBeenCalledWith({
        body: {
-          id: '123',
+          ids: ['123'],
        },
      });
    });
@ -345,7 +345,7 @@ describe('API Keys', () => {
      });
      expect(mockScopedClusterClient.asCurrentUser.security.invalidateApiKey).toHaveBeenCalledWith({
        body: {
-          id: '123',
+          ids: ['123'],
        },
      });
    });
@ -378,7 +378,7 @@ describe('API Keys', () => {
      });
      expect(mockClusterClient.asInternalUser.security.invalidateApiKey).toHaveBeenCalledWith({
        body: {
-          id: '123',
+          ids: ['123'],
        },
      });
    });
@ -405,7 +405,7 @@ describe('API Keys', () => {
      });
      expect(mockClusterClient.asInternalUser.security.invalidateApiKey).toHaveBeenCalledWith({
        body: {
-          id: '123',
+          ids: ['123'],
        },
      });
    });
--- a/x-pack/plugins/security/server/authentication/api_keys/api_keys.ts
+++ b/x-pack/plugins/security/server/authentication/api_keys/api_keys.ts
@ -143,7 +143,7 @@ export class APIKeys {
    );

    try {
-      await this.clusterClient.asInternalUser.security.invalidateApiKey({ body: { id } });
+      await this.clusterClient.asInternalUser.security.invalidateApiKey({ body: { ids: [id] } });
      return true;
    } catch (e) {
      if (this.doesErrorIndicateAPIKeysAreDisabled(e)) {
@ -240,7 +240,7 @@ export class APIKeys {
        await this.clusterClient
          .asScoped(request)
          .asCurrentUser.security.invalidateApiKey<InvalidateAPIKeyResult>({
-            body: { id: params.id },
+            body: { ids: [params.id] },
          })
      ).body;
      this.logger.debug('API key was invalidated successfully as current user');
@ -268,7 +268,7 @@ export class APIKeys {
      // Internal user needs `cluster:admin/xpack/security/api_key/invalidate` privilege to use this API
      result = (
        await this.clusterClient.asInternalUser.security.invalidateApiKey<InvalidateAPIKeyResult>({
-          body: { id: params.id },
+          body: { ids: [params.id] },
        })
      ).body;
      this.logger.debug('API key was invalidated successfully');
--- a/x-pack/plugins/security/server/routes/api_keys/invalidate.test.ts
+++ b/x-pack/plugins/security/server/routes/api_keys/invalidate.test.ts
@ -127,7 +127,7 @@ describe('Invalidate API keys', () => {
        isAdmin: true,
      },
      asserts: {
-        apiArguments: [{ body: { id: 'si8If24B1bKsmSLTAhJV' } }],
+        apiArguments: [{ body: { ids: ['si8If24B1bKsmSLTAhJV'] } }],
        statusCode: 200,
        result: {
          itemsInvalidated: [],
@ -151,7 +151,7 @@ describe('Invalidate API keys', () => {
        isAdmin: true,
      },
      asserts: {
-        apiArguments: [{ body: { id: 'si8If24B1bKsmSLTAhJV' } }],
+        apiArguments: [{ body: { ids: ['si8If24B1bKsmSLTAhJV'] } }],
        statusCode: 200,
        result: {
          itemsInvalidated: [{ id: 'si8If24B1bKsmSLTAhJV', name: 'my-api-key' }],
@ -167,7 +167,7 @@ describe('Invalidate API keys', () => {
        isAdmin: false,
      },
      asserts: {
-        apiArguments: [{ body: { id: 'si8If24B1bKsmSLTAhJV', owner: true } }],
+        apiArguments: [{ body: { ids: ['si8If24B1bKsmSLTAhJV'], owner: true } }],
        statusCode: 200,
        result: {
          itemsInvalidated: [{ id: 'si8If24B1bKsmSLTAhJV', name: 'my-api-key' }],
@ -192,8 +192,8 @@ describe('Invalidate API keys', () => {
      },
      asserts: {
        apiArguments: [
-          { body: { id: 'si8If24B1bKsmSLTAhJV' } },
-          { body: { id: 'ab8If24B1bKsmSLTAhNC' } },
+          { body: { ids: ['si8If24B1bKsmSLTAhJV'] } },
+          { body: { ids: ['ab8If24B1bKsmSLTAhNC'] } },
        ],
        statusCode: 200,
        result: {
--- a/x-pack/plugins/security/server/routes/api_keys/invalidate.ts
+++ b/x-pack/plugins/security/server/routes/api_keys/invalidate.ts
@ -33,7 +33,7 @@ export function defineInvalidateApiKeysRoutes({ router }: RouteDefinitionParams)
          await Promise.all(
            request.body.apiKeys.map(async (key) => {
              try {
-                const body: { id: string; owner?: boolean } = { id: key.id };
+                const body: { ids: string[]; owner?: boolean } = { ids: [key.id] };
                if (!request.body.isAdmin) {
                  body.owner = true;
                }
--- a/x-pack/test/api_integration/apis/security/api_keys.ts
+++ b/x-pack/test/api_integration/apis/security/api_keys.ts
@ -10,8 +10,7 @@ import { FtrProviderContext } from '../../ftr_provider_context';
 export default function ({ getService }: FtrProviderContext) {
  const supertest = getService('supertest');

-  // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/87157
-  describe.skip('API Keys', () => {
+  describe('API Keys', () => {
    describe('GET /internal/security/api_key/_enabled', () => {
      it('should indicate that API Keys are enabled', async () => {
        await supertest
--- a/x-pack/test/fleet_api_integration/apis/agents/unenroll.ts
+++ b/x-pack/test/fleet_api_integration/apis/agents/unenroll.ts
@ -17,8 +17,7 @@ export default function (providerContext: FtrProviderContext) {
  const supertest = getService('supertest');
  const esClient = getService('es');

-  // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/87166
-  describe.skip('fleet_unenroll_agent', () => {
+  describe('fleet_unenroll_agent', () => {
    skipIfNoDockerRegistry(providerContext);
    let accessAPIKeyId: string;
    let outputAPIKeyId: string;
--- a/x-pack/test/functional/apps/api_keys/home_page.ts
+++ b/x-pack/test/functional/apps/api_keys/home_page.ts
@ -13,8 +13,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
  const security = getService('security');
  const testSubjects = getService('testSubjects');

-  // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/87163
-  describe.skip('Home page', function () {
+  describe('Home page', function () {
    before(async () => {
      await security.testUser.setRoles(['kibana_admin']);
      await pageObjects.common.navigateToApp('apiKeys');