From 48cf3357a148d766dfa67dbe3acd6614b96a0852 Mon Sep 17 00:00:00 2001
From: Thom Heymann <thom.heymann@elastic.co>
Date: Wed, 26 May 2021 17:18:53 +0300
Subject: [PATCH] Create API keys with metadata

---
 .../plugins/security/common/model/api_key.ts  |  1 +
 .../api_keys/api_keys_api_client.ts           |  1 +
 .../api_keys_grid/create_api_key_flyout.tsx   | 59 +++++++++++++++++++
 .../server/routes/api_keys/create.test.ts     |  3 +
 .../security/server/routes/api_keys/create.ts |  1 +
 5 files changed, 65 insertions(+)

diff --git a/x-pack/plugins/security/common/model/api_key.ts b/x-pack/plugins/security/common/model/api_key.ts
index f2467468f8069b..ed622bf0dc87ea 100644
--- a/x-pack/plugins/security/common/model/api_key.ts
+++ b/x-pack/plugins/security/common/model/api_key.ts
@@ -15,6 +15,7 @@ export interface ApiKey {
   creation: number;
   expiration: number;
   invalidated: boolean;
+  metadata: Record<string, any>;
 }
 
 export interface ApiKeyToInvalidate {
diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.ts b/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.ts
index 65540fd7ebfc15..96f4506e09b716 100644
--- a/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.ts
+++ b/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.ts
@@ -28,6 +28,7 @@ export interface CreateApiKeyRequest {
   name: string;
   expiration?: string;
   role_descriptors?: ApiKeyRoleDescriptors;
+  metadata?: Record<string, any>;
 }
 
 export interface CreateApiKeyResponse {
diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/create_api_key_flyout.tsx b/x-pack/plugins/security/public/management/api_keys/api_keys_grid/create_api_key_flyout.tsx
index 27385e4b29b009..d13798f1e8622d 100644
--- a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/create_api_key_flyout.tsx
+++ b/x-pack/plugins/security/public/management/api_keys/api_keys_grid/create_api_key_flyout.tsx
@@ -45,7 +45,9 @@ export interface ApiKeyFormValues {
   expiration: string;
   customExpiration: boolean;
   customPrivileges: boolean;
+  includeMetadata: boolean;
   role_descriptors: string;
+  metadata: string;
 }
 
 export interface CreateApiKeyFlyoutProps {
@@ -59,6 +61,7 @@ const defaultDefaultValues: ApiKeyFormValues = {
   expiration: '',
   customExpiration: false,
   customPrivileges: false,
+  includeMetadata: false,
   role_descriptors: JSON.stringify(
     {
       'role-a': {
@@ -83,6 +86,18 @@ const defaultDefaultValues: ApiKeyFormValues = {
     null,
     2
   ),
+  metadata: JSON.stringify(
+    {
+      application: 'my-application',
+      environment: {
+        level: 1,
+        trusted: true,
+        tags: ['dev', 'staging'],
+      },
+    },
+    null,
+    2
+  ),
 };
 
 export const CreateApiKeyFlyout: FunctionComponent<CreateApiKeyFlyoutProps> = ({
@@ -312,6 +327,49 @@ export const CreateApiKeyFlyout: FunctionComponent<CreateApiKeyFlyoutProps> = ({
             )}
           </EuiFormFieldset>
 
+          <EuiSpacer />
+          <EuiFormFieldset>
+            <EuiSwitch
+              id="apiKeyCustom"
+              label={i18n.translate(
+                'xpack.security.accountManagement.createApiKey.includeMetadataLabel',
+                {
+                  defaultMessage: 'Include metadata',
+                }
+              )}
+              checked={!!form.values.includeMetadata}
+              onChange={(e) => form.setValue('includeMetadata', e.target.checked)}
+            />
+            {form.values.includeMetadata && (
+              <>
+                <EuiSpacer size="m" />
+                <EuiFormRow
+                  helpText={
+                    <DocLink
+                      app="elasticsearch"
+                      doc="security-api-create-api-key.html#security-api-create-api-key-request-body"
+                    >
+                      <FormattedMessage
+                        id="xpack.security.accountManagement.createApiKey.metadataHelpText"
+                        defaultMessage="Learn how to structure metadata."
+                      />
+                    </DocLink>
+                  }
+                  error={form.errors.metadata}
+                  isInvalid={form.touched.metadata && !!form.errors.metadata}
+                >
+                  <CodeEditorField
+                    value={form.values.metadata!}
+                    onChange={(value) => form.setValue('metadata', value)}
+                    languageId="xjson"
+                    height={200}
+                  />
+                </EuiFormRow>
+                <EuiSpacer size="s" />
+              </>
+            )}
+          </EuiFormFieldset>
+
           {/* Hidden submit button is required for enter key to trigger form submission */}
           <input type="submit" hidden />
         </EuiForm>
@@ -374,5 +432,6 @@ export function mapValues(values: ApiKeyFormValues): CreateApiKeyRequest {
       values.customPrivileges && values.role_descriptors
         ? JSON.parse(values.role_descriptors)
         : undefined,
+    metadata: values.includeMetadata && values.metadata ? JSON.parse(values.metadata) : undefined,
   };
 }
diff --git a/x-pack/plugins/security/server/routes/api_keys/create.test.ts b/x-pack/plugins/security/server/routes/api_keys/create.test.ts
index 8e34ededdd8fac..502a7cb1246c49 100644
--- a/x-pack/plugins/security/server/routes/api_keys/create.test.ts
+++ b/x-pack/plugins/security/server/routes/api_keys/create.test.ts
@@ -85,6 +85,9 @@ describe('Create API Key route', () => {
         role_descriptors: {
           role_1: {},
         },
+        metadata: {
+          foo: 'bar',
+        },
       };
 
       const request = httpServerMock.createKibanaRequest({
diff --git a/x-pack/plugins/security/server/routes/api_keys/create.ts b/x-pack/plugins/security/server/routes/api_keys/create.ts
index a309d3a0e3edba..b9e927592a4926 100644
--- a/x-pack/plugins/security/server/routes/api_keys/create.ts
+++ b/x-pack/plugins/security/server/routes/api_keys/create.ts
@@ -29,6 +29,7 @@ export function defineCreateApiKeyRoutes({
               defaultValue: {},
             }
           ),
+          metadata: schema.maybe(schema.object({}, { unknowns: 'allow' })),
         }),
       },
     },