Skip to content

Commit

Permalink
[Fleet] Fix find by apiKeyId escaping (#61816)
Browse files Browse the repository at this point in the history
  • Loading branch information
nchaulet authored Apr 3, 2020
1 parent 84867f0 commit 8120124
Show file tree
Hide file tree
Showing 5 changed files with 49 additions and 5 deletions.
7 changes: 5 additions & 2 deletions x-pack/plugins/ingest_manager/server/services/agents/crud.ts
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import {
} from '../../constants';
import { AgentSOAttributes, Agent, AgentEventSOAttributes } from '../../types';
import { savedObjectToAgent } from './saved_objects';
import { escapeSearchQueryPhrase } from '../saved_object';

export async function listAgents(
soClient: SavedObjectsClientContract,
Expand Down Expand Up @@ -72,14 +73,16 @@ export async function getAgentByAccessAPIKeyId(
const response = await soClient.find<AgentSOAttributes>({
type: AGENT_SAVED_OBJECT_TYPE,
searchFields: ['access_api_key_id'],
search: accessAPIKeyId,
search: escapeSearchQueryPhrase(accessAPIKeyId),
});

const [agent] = response.saved_objects.map(savedObjectToAgent);

if (!agent) {
throw Boom.notFound('Agent not found');
}
if (agent.access_api_key_id !== accessAPIKeyId) {
throw new Error('Agent api key id is not matching');
}
if (!agent.active) {
throw Boom.forbidden('Agent inactive');
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import { SavedObjectsClientContract, SavedObject, KibanaRequest } from 'src/core
import { ENROLLMENT_API_KEYS_SAVED_OBJECT_TYPE } from '../../constants';
import { EnrollmentAPIKeySOAttributes, EnrollmentAPIKey } from '../../types';
import { createAPIKey } from './security';
import { escapeSearchQueryPhrase } from '../saved_object';

export { invalidateAPIKey } from './security';
export * from './enrollment_api_key';
Expand Down Expand Up @@ -71,10 +72,14 @@ export async function getEnrollmentAPIKeyById(
await soClient.find<EnrollmentAPIKeySOAttributes>({
type: ENROLLMENT_API_KEYS_SAVED_OBJECT_TYPE,
searchFields: ['api_key_id'],
search: apiKeyId,
search: escapeSearchQueryPhrase(apiKeyId),
})
).saved_objects.map(_savedObjectToEnrollmentApiKey);

if (enrollmentAPIKey?.api_key_id !== apiKeyId) {
throw new Error('find enrollmentKeyById returned an incorrect key');
}

return enrollmentAPIKey;
}

Expand Down
23 changes: 23 additions & 0 deletions x-pack/plugins/ingest_manager/server/services/saved_object.test.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

import { escapeSearchQueryPhrase } from './saved_object';

describe('Saved object service', () => {
describe('escapeSearchQueryPhrase', () => {
it('should return value between quotes', () => {
const res = escapeSearchQueryPhrase('-test');

expect(res).toEqual('"-test"');
});

it('should escape quotes', () => {
const res = escapeSearchQueryPhrase('test1"test2');

expect(res).toEqual(`"test1\"test2"`);
});
});
});
14 changes: 14 additions & 0 deletions x-pack/plugins/ingest_manager/server/services/saved_object.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

/**
* Escape a value with double quote to use with saved object search
* Example: escapeSearchQueryPhrase('-test"toto') => '"-test\"toto""'
* @param val
*/
export function escapeSearchQueryPhrase(val: string): string {
return `"${val.replace(/["]/g, '"')}"`;
}
3 changes: 1 addition & 2 deletions x-pack/test/api_integration/apis/fleet/agents/acks.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,7 @@ export default function(providerContext: FtrProviderContext) {
const supertest = getSupertestWithoutAuth(providerContext);
let apiKey: { id: string; api_key: string };

// FLAKY: https://github.com/elastic/kibana/issues/60471
describe.skip('fleet_agents_acks', () => {
describe('fleet_agents_acks', () => {
before(async () => {
await esArchiver.loadIfNeeded('fleet/agents');

Expand Down

0 comments on commit 8120124

Please sign in to comment.