Skip to content

Commit

Permalink
[Fleet] Fix find by apiKeyId escaping
Browse files Browse the repository at this point in the history
  • Loading branch information
nchaulet committed Mar 30, 2020
1 parent e3b394d commit aa8d894
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 5 deletions.
7 changes: 5 additions & 2 deletions x-pack/plugins/ingest_manager/server/services/agents/crud.ts
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import {
} from '../../constants';
import { AgentSOAttributes, Agent, AgentEventSOAttributes } from '../../types';
import { savedObjectToAgent } from './saved_objects';
import { escapeSearchQueryPhrase } from '../saved_object';

export async function listAgents(
soClient: SavedObjectsClientContract,
Expand Down Expand Up @@ -72,14 +73,16 @@ export async function getAgentByAccessAPIKeyId(
const response = await soClient.find<AgentSOAttributes>({
type: AGENT_SAVED_OBJECT_TYPE,
searchFields: ['access_api_key_id'],
search: accessAPIKeyId,
search: escapeSearchQueryPhrase(accessAPIKeyId),
});

const [agent] = response.saved_objects.map(savedObjectToAgent);

if (!agent) {
throw Boom.notFound('Agent not found');
}
if (agent.access_api_key_id !== accessAPIKeyId) {
throw new Error('Agent api key id is not matching');
}
if (!agent.active) {
throw Boom.forbidden('Agent inactive');
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import { SavedObjectsClientContract, SavedObject, KibanaRequest } from 'src/core
import { ENROLLMENT_API_KEYS_SAVED_OBJECT_TYPE } from '../../constants';
import { EnrollmentAPIKeySOAttributes, EnrollmentAPIKey } from '../../types';
import { createAPIKey } from './security';
import { escapeSearchQueryPhrase } from '../saved_object';

export * from './enrollment_api_key';

Expand Down Expand Up @@ -70,10 +71,14 @@ export async function getEnrollmentAPIKeyById(
await soClient.find<EnrollmentAPIKeySOAttributes>({
type: ENROLLMENT_API_KEYS_SAVED_OBJECT_TYPE,
searchFields: ['api_key_id'],
search: apiKeyId,
search: escapeSearchQueryPhrase(apiKeyId),
})
).saved_objects.map(_savedObjectToEnrollmentApiKey);

if (enrollmentAPIKey?.id !== apiKeyId) {
throw new Error('find enrollmentKeyById returned an incorrect key');
}

return enrollmentAPIKey;
}

Expand Down
9 changes: 9 additions & 0 deletions x-pack/plugins/ingest_manager/server/services/saved_object.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

export function escapeSearchQueryPhrase(val: string) {
return `"${val.replace(/["]/g, '"')}"`;
}
3 changes: 1 addition & 2 deletions x-pack/test/api_integration/apis/fleet/agents/acks.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,7 @@ export default function(providerContext: FtrProviderContext) {
const supertest = getSupertestWithoutAuth(providerContext);
let apiKey: { id: string; api_key: string };

// FLAKY: https://github.com/elastic/kibana/issues/60471
describe.skip('fleet_agents_acks', () => {
describe('fleet_agents_acks', () => {
before(async () => {
await esArchiver.loadIfNeeded('fleet/agents');

Expand Down

0 comments on commit aa8d894

Please sign in to comment.