-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix bad error handling in api key auth #3935
Conversation
This pull request does not have a backport label. Could you fix it @blakerouse? 🙏
|
|
go-lint is very wrong here... idk |
Quality Gate passedIssues Measures |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
linter issues are fixed in: #3928
* Fix bad error handling in api key auth. * Don't return so much information. * bug-fix * Remove un-need changes. (cherry picked from commit 28e96bf)
* Fix bad error handling in api key auth. * Don't return so much information. * bug-fix * Remove un-need changes. (cherry picked from commit 28e96bf) Co-authored-by: Blake Rouse <[email protected]>
What is the problem this PR solves?
Currently any error returned back to Fleet Server from elasticsearch that is not 401 or 429 is returned as a 401 error. This tells the calling client that the API key is invalidate. That is only true when the error is 401, otherwise the error means something different.
How does this PR solve the problem?
This solves the issue by returning the actual error back elasticsearch to the calling client. This means that a 500 error from elasticsearch will not result in a 401 back to the client, instead it will be a 500 error.
This uses the standard
es.ParseError
logic to determine the error and return something readable to the calling client.How to test this PR locally
Design Checklist
[ ] I have or intend to scale test my changes, ensuring it will work reliably with 100K+ agents connected.(no effect on scale)[ ] I have included fail safe mechanisms to limit the load on fleet-server: rate limiting, circuit breakers, caching, load shedding, etc.(no effect)Checklist
[ ] I have made corresponding changes to the documentation[ ] I have made corresponding change to the default configuration files./changelog/fragments
using the changelog toolRelated issues