Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding authc.invalidateAPIKeyAsInternalUser #60717

Merged
merged 9 commits into from
Mar 23, 2020
Merged

Adding authc.invalidateAPIKeyAsInternalUser #60717

merged 9 commits into from
Mar 23, 2020

Conversation

mikecote
Copy link
Contributor

@mikecote mikecote commented Mar 20, 2020
edited
Loading

In this PR, I'm adding a new function to authc which allows to invalidate API keys using the internal user. This new function is pending kibana_system to have the api_key/invalidate privilege which will be merged soon elastic/elasticsearch#53824.

Solves portion of #49398.

@mikecote mikecote added Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v8.0.0 release_note:skip Skip the PR/issue when compiling release notes Feature:Security/Authorization Platform Security - Authorization v7.7.0 labels Mar 20, 2020
@mikecote mikecote self-assigned this Mar 20, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@mikecote mikecote changed the title Adding Adding authc.invalidateAPIKeyAsInternalUser Adding authc.invalidateAPIKeyAsInternalUser Mar 20, 2020
@mikecote mikecote force-pushed the security/invalidate-as-internal-user branch from 6da60b1 to b40f05a Compare March 20, 2020 01:22
@mikecote
Copy link
Contributor Author

@elasticmachine merge upstream

@mikecote mikecote marked this pull request as ready for review March 20, 2020 15:20
@mikecote mikecote requested a review from a team as a code owner March 20, 2020 15:20
@azasypkin azasypkin self-requested a review March 20, 2020 19:07
@azasypkin
Copy link
Member

azasypkin commented Mar 20, 2020
edited
Loading

ACK: couldn't get to this PR today, but will review first thing on Monday.

azasypkin
azasypkin approved these changes Mar 23, 2020
View reviewed changes
Copy link
Member

@azasypkin azasypkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just few minor nits! Tested locally and it worked as expected (via custom Kibana system user with a role that includes cluster:admin/xpack/security/api_key/invalidate).

x-pack/plugins/security/server/authentication/api_keys.ts Outdated Show resolved Hide resolved
x-pack/plugins/security/server/authentication/api_keys.ts Outdated Show resolved Hide resolved
x-pack/plugins/security/server/authentication/api_keys.ts Outdated Show resolved Hide resolved
x-pack/plugins/security/server/authentication/api_keys.ts Outdated Show resolved Hide resolved
x-pack/plugins/security/server/authentication/api_keys.ts Show resolved Hide resolved
x-pack/plugins/security/server/authentication/api_keys.ts Outdated Show resolved Hide resolved
x-pack/plugins/security/server/authentication/index.test.ts Outdated Show resolved Hide resolved
@kibanamachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Test Failures

Kibana Pipeline / kibana-xpack-agent / X-Pack API Integration Tests.x-pack/test/api_integration/apis/fleet/agents/enroll·ts.apis Fleet Endpoints fleet_agents_enroll should allow to enroll an agent with a valid enrollment token

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 6 times on tracked branches: https://github.com/elastic/kibana/issues/60865

[00:00:00]       │
[00:00:00]         └-: apis
[00:00:00]           └-> "before all" hook
[00:08:32]           └-: Fleet Endpoints
[00:08:32]             └-> "before all" hook
[00:08:43]             └-: fleet_agents_enroll
[00:08:43]               └-> "before all" hook
[00:08:43]               └-> "before all" hook
[00:08:43]                 │ info [fleet/agents] Loading "mappings.json"
[00:08:43]                 │ info [fleet/agents] Loading "data.json"
[00:08:43]                 │ info [o.e.c.m.MetaDataDeleteIndexService] [kibana-ci-immutable-ubuntu-18-tests-xl-1584968211713258600] [.kibana_1/mYb50P6WRqmeWBFLyUhAGQ] deleting index
[00:08:43]                 │ info [o.e.c.m.MetaDataDeleteIndexService] [kibana-ci-immutable-ubuntu-18-tests-xl-1584968211713258600] [.kibana_2/WfOnkFP6S4acCDsV1MDcTg] deleting index
[00:08:43]                 │ info [fleet/agents] Deleted existing index [".kibana_2",".kibana_1"]
[00:08:43]                 │ info [o.e.c.m.MetaDataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xl-1584968211713258600] [.kibana_1] creating index, cause [api], templates [], shards [1]/[0], mappings [_doc]
[00:08:44]                 │ info [fleet/agents] Created index ".kibana_1"
[00:08:44]                 │ debg [fleet/agents] ".kibana_1" settings {"index":{"auto_expand_replicas":"0-1","number_of_replicas":"0","number_of_shards":"1"}}
[00:08:44]                 │ info [fleet/agents] Indexed 7 docs into ".kibana"
[00:08:44]                 │ info [o.e.c.m.MetaDataMappingService] [kibana-ci-immutable-ubuntu-18-tests-xl-1584968211713258600] [.kibana_1/kXIJwZY3Spi5w4hxKVtkOg] update_mapping [_doc]
[00:08:44]                 │ debg Migrating saved objects
[00:08:45]                 │ proc [kibana]   log   [14:11:23.756] [info][savedobjects-service] Detected mapping change in "dynamic"
[00:08:45]                 │ proc [kibana]   log   [14:11:23.758] [info][savedobjects-service] Creating index .kibana_2.
[00:08:45]                 │ info [o.e.c.m.MetaDataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xl-1584968211713258600] [.kibana_2] creating index, cause [api], templates [], shards [1]/[1], mappings [_doc]
[00:08:45]                 │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-ubuntu-18-tests-xl-1584968211713258600] updating number_of_replicas to [0] for indices [.kibana_2]
[00:08:45]                 │ proc [kibana]   log   [14:11:23.838] [info][savedobjects-service] Migrating .kibana_1 saved objects to .kibana_2
[00:08:45]                 │ proc [kibana]   log   [14:11:23.851] [info][savedobjects-service] Pointing alias .kibana to .kibana_2.
[00:08:45]                 │ proc [kibana]   log   [14:11:23.913] [info][savedobjects-service] Finished in 156ms.
[00:08:46]               └-> "before all" hook
[00:08:47]                 │ proc [kibana]  error  [14:11:24.778]  Error: Internal Server Error
[00:08:47]                 │ proc [kibana]     at HapiResponseAdapter.toError (/dev/shm/workspace/install/kibana-6/src/core/server/http/router/response_adapter.js:130:19)
[00:08:47]                 │ proc [kibana]     at HapiResponseAdapter.toHapiResponse (/dev/shm/workspace/install/kibana-6/src/core/server/http/router/response_adapter.js:84:19)
[00:08:47]                 │ proc [kibana]     at HapiResponseAdapter.handle (/dev/shm/workspace/install/kibana-6/src/core/server/http/router/response_adapter.js:79:17)
[00:08:47]                 │ proc [kibana]     at Router.handle (/dev/shm/workspace/install/kibana-6/src/core/server/http/router/router.js:162:34)
[00:08:47]                 │ proc [kibana]     at process._tickCallback (internal/process/next_tick.js:68:7)
[00:08:48]               └-> should not allow to enroll an agent with a invalid enrollment
[00:08:48]                 │ proc [kibana]  error  [14:11:26.068]  Error: Internal Server Error
[00:08:48]                 │ proc [kibana]     at HapiResponseAdapter.toError (/dev/shm/workspace/install/kibana-6/src/core/server/http/router/response_adapter.js:130:19)
[00:08:48]                 │ proc [kibana]     at HapiResponseAdapter.toHapiResponse (/dev/shm/workspace/install/kibana-6/src/core/server/http/router/response_adapter.js:84:19)
[00:08:48]                 │ proc [kibana]     at HapiResponseAdapter.handle (/dev/shm/workspace/install/kibana-6/src/core/server/http/router/response_adapter.js:79:17)
[00:08:48]                 │ proc [kibana]     at Router.handle (/dev/shm/workspace/install/kibana-6/src/core/server/http/router/router.js:162:34)
[00:08:48]                 │ proc [kibana]     at process._tickCallback (internal/process/next_tick.js:68:7)
[00:08:48]                 └-> "before each" hook: global before each
[00:08:48]                 │ info [o.e.x.s.a.AuthenticationService] [kibana-ci-immutable-ubuntu-18-tests-xl-1584968211713258600] Authentication using apikey failed - invalid ApiKey value
[00:08:48]                 │      java.lang.IllegalArgumentException: invalid ApiKey value
[00:08:48]                 │      	at org.elasticsearch.xpack.security.authc.ApiKeyService.getCredentialsFromHeader(ApiKeyService.java:542) ~[x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.xpack.security.authc.ApiKeyService.authenticateWithApiKeyIfPresent(ApiKeyService.java:295) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.checkForApiKey(AuthenticationService.java:348) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$0(AuthenticationService.java:330) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.xpack.security.authc.TokenService.getAndValidateToken(TokenService.java:395) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$2(AuthenticationService.java:326) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$lookForExistingAuthentication$6(AuthenticationService.java:386) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lookForExistingAuthentication(AuthenticationService.java:397) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.authenticateAsync(AuthenticationService.java:321) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:141) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:126) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.xpack.security.rest.SecurityRestFilter.handleRequest(SecurityRestFilter.java:61) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:249) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.rest.RestController.tryAllHandlers(RestController.java:331) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:189) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.http.AbstractHttpServerTransport.dispatchRequest(AbstractHttpServerTransport.java:329) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.http.AbstractHttpServerTransport.handleIncomingRequest(AbstractHttpServerTransport.java:383) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.http.AbstractHttpServerTransport.incomingRequest(AbstractHttpServerTransport.java:308) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.http.netty4.Netty4HttpRequestHandler.channelRead0(Netty4HttpRequestHandler.java:54) [transport-netty4-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at org.elasticsearch.http.netty4.Netty4HttpRequestHandler.channelRead0(Netty4HttpRequestHandler.java:29) [transport-netty4-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:355) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at org.elasticsearch.http.netty4.Netty4HttpPipeliningHandler.channelRead(Netty4HttpPipeliningHandler.java:58) [transport-netty4-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:355) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102) [netty-codec-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.handler.codec.MessageToMessageCodec.channelRead(MessageToMessageCodec.java:111) [netty-codec-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:355) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102) [netty-codec-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:355) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102) [netty-codec-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:355) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:321) [netty-codec-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:295) [netty-codec-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:355) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:286) [netty-handler-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:355) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:714) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:615) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:578) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) [netty-common-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-common-4.1.45.Final.jar:4.1.45.Final]
[00:08:48]                 │      	at java.lang.Thread.run(Thread.java:830) [?:?]
[00:08:48]                 │ proc [kibana]   log   [14:11:27.235] [info][authentication][plugins][security] Authentication attempt failed: [security_exception] missing authentication credentials for REST request [/_security/_authenticate], with { header={ WWW-Authenticate={ 0="ApiKey" & 1="Basic realm=\"security\" charset=\"UTF-8\"" } } }
[00:08:48]                 └- ✓ pass  (60ms) "apis Fleet Endpoints fleet_agents_enroll should not allow to enroll an agent with a invalid enrollment"
[00:08:48]               └-> should not allow to enroll an agent with a shared id if it already exists 
[00:08:48]                 └-> "before each" hook: global before each
[00:08:48]                 └- ✓ pass  (119ms) "apis Fleet Endpoints fleet_agents_enroll should not allow to enroll an agent with a shared id if it already exists "
[00:08:48]               └-> should allow to enroll an agent with a valid enrollment token
[00:08:48]                 └-> "before each" hook: global before each
[00:08:49]                 └- ✖ fail: "apis Fleet Endpoints fleet_agents_enroll should allow to enroll an agent with a valid enrollment token"
[00:08:49]                 │

Stack Trace

Error: expected 200 "OK", got 500 "Internal Server Error"
    at Test._assertStatus (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:268:12)
    at Test._assertFunction (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:283:11)
    at Test.assert (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:173:18)
    at assert (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:131:12)
    at /dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:128:5
    at Test.Request.callback (/dev/shm/workspace/kibana/node_modules/superagent/lib/node/index.js:718:3)
    at parser (/dev/shm/workspace/kibana/node_modules/superagent/lib/node/index.js:906:18)
    at IncomingMessage.res.on (/dev/shm/workspace/kibana/node_modules/superagent/lib/node/parsers/json.js:19:7)
    at endReadableNT (_stream_readable.js:1145:12)
    at process._tickCallback (internal/process/next_tick.js:63:19)

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@peterschretlen
Copy link
Contributor

elastic/elasticsearch#53824 is merged and will be backported in elastic/elasticsearch#53987

@mikecote mikecote merged commit 91e8e3e into elastic:master Mar 23, 2020
mikecote added a commit to mikecote/kibana that referenced this pull request Mar 23, 2020
@mikecote @elasticmachine
Adding authc.invalidateAPIKeyAsInternalUser (elastic#60717)
f8499e0 
* Initial work

* Fix type check issues

* Fix test failures

* Fix ESLint issues

* Add back comment

* PR feedback

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
@mikecote mikecote mentioned this pull request Mar 23, 2020
Merged
gmmorris added a commit to gmmorris/kibana that referenced this pull request Mar 23, 2020
@gmmorris
Merge branch 'master' into alerting/tls-warning
d4ed23c 
* master:
  [Uptime] Skip failing location test temporarily (elastic#60938)
  [ML] Disabling datafeed editing when job is running (elastic#60751)
  Adding `authc.invalidateAPIKeyAsInternalUser` (elastic#60717)
  [SIEM] Add license check to ML Rule form (elastic#60691)
  Adding `authc.grantAPIKeyAsInternalUser`  (elastic#60423)
  Support Histogram Data Type (elastic#59387)
  [Upgrade Assistant] Fix edge case where reindex op can falsely be seen as stale (elastic#60770)
  [SIEM] [Cases] Update case icons (elastic#60812)
  [TSVB] Fix percentiles band mode (elastic#60741)
gmmorris added a commit to gmmorris/kibana that referenced this pull request Mar 23, 2020
@gmmorris
Merge branch 'master' into alerting/details-cleanup
5897883 
* master: (26 commits)
  [Alerting] Fixes flaky test in Alert Instances Details page (elastic#60893)
  cleanup visualizations api (elastic#59958)
  Inline timezoneProvider function, remove ui/vis/lib/timezone  (elastic#60475)
  [SIEM] Adds 'Open one signal' Cypress test (elastic#60484)
  [UA] Upgrade assistant migration meta data can become stale (elastic#60789)
  [Metrics Alerts] Remove metric field from doc count on backend (elastic#60679)
  [Uptime] Skip failing location test temporarily (elastic#60938)
  [ML] Disabling datafeed editing when job is running (elastic#60751)
  Adding `authc.invalidateAPIKeyAsInternalUser` (elastic#60717)
  [SIEM] Add license check to ML Rule form (elastic#60691)
  Adding `authc.grantAPIKeyAsInternalUser`  (elastic#60423)
  Support Histogram Data Type (elastic#59387)
  [Upgrade Assistant] Fix edge case where reindex op can falsely be seen as stale (elastic#60770)
  [SIEM] [Cases] Update case icons (elastic#60812)
  [TSVB] Fix percentiles band mode (elastic#60741)
  Fix formatter on range aggregation (elastic#58651)
  Goodbye, legacy data plugin 👋 (elastic#60449)
  [Metrics UI] Alerting for metrics explorer and inventory (elastic#58779)
  [Remote clustersadopt changes to remote info API (elastic#60795)
  Only run xpack siem cypress in PRs when there are siem changes (elastic#60661)
  ...
mikecote added a commit that referenced this pull request Mar 23, 2020
@mikecote @elasticmachine
Adding authc.invalidateAPIKeyAsInternalUser (#60717) (#60935)
57a52a8 
* Initial work

* Fix type check issues

* Fix test failures

* Fix ESLint issues

* Add back comment

* PR feedback

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@azasypkin azasypkin azasypkin approved these changes

Assignees

@mikecote mikecote

Labels
Feature:Security/Authorization Platform Security - Authorization release_note:skip Skip the PR/issue when compiling release notes Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v7.7.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@mikecote @elasticmachine @azasypkin @kibanamachine @peterschretlen