Closed jakelandis closed 1 week ago
Pinging @elastic/kibana-security (Team:Security)
@jakelandis Does your example contain the full list of possible fields?
"names": ["logs*"],
"query": {"bool": { "must_not": { "term" : {"field2" : "value2"}}}},
"field_security": {"grant": [ "field2" ]},
"allow_restricted_indices" : true
Should replication
allow the same options?
FYI I noticed that I was able to enter random string into the query field without any rejection, e.g.
"query": {"something": { "must_not": { "term" : {"field2" : "value2"}}}},"
The query seems to always get captured as a string:
"query": """{"bool":{"must_not":{"term":{"field2":"value2"}}}}""",
Does your example contain the full list of possible fields?
yup.
Should replication allow the same options?
only "names" are allowed for replication.
FYI I noticed that I was able to enter random string into the query field without any rejection, e.g.
yeah, "query" is a weird one. we support either an object or a string as the value. Typically, I use cURL and define it like "query": "{\"term\":{\"foo\":{\"value\":\"bar\"}}}"
and get a bit confused by dev tools """
behavior. Also, we don't validate the syntax of the query.
Cross Cluster API keys allow the following options for search :
Describe the bug:
The UI prevents creating the API when anything but "names" is present under search.
Steps to reproduce: Navigate to Stack Management -> API keys -> Create API key -> choose Cross Cluster API key -> fill out a name -> add any one (or more) of the following : query, field_security, allow_restricted_indices -> Create API key
Screenshots (if relevant):
Any additional context:
8.14+ will prevent users from creating a single API key that has access.search.query AND a replication. See https://github.com/elastic/elasticsearch/pull/108600. I don't think there are any changes needed from Kibana since ES will prevent that scenario, just FYI.