Get api key generation working

seanstory · seanstory · commit bd00a1da8867 · 2023-12-21T12:35:47.000-06:00
diff --git a/example-apps/internal-knowledge-search/app-ui/README.md b/example-apps/internal-knowledge-search/app-ui/README.md
@@ -106,7 +106,7 @@ To be able to use the index filtering and sorting in the UI you should update th
 
 ### Setting the environment variables
 
-You need to set `REACT_APP_SEARCH_APP_NAME`, `REACT_APP_SEARCH_APP_API_KEY` and `REACT_APP_SEARCH_APP_ENDPOINT` inside [.env](.env) to the corresponding values, which you'll get when [creating a search application](https://www.elastic.co/guide/en/enterprise-search/current/search-applications.html).
+You need to set `REACT_APP_SEARCH_APP_NAME`, `REACT_APP_SEARCH_APP_USER`, `REACT_APP_SEARCH_APP_PASSWORD` and `REACT_APP_SEARCH_APP_ENDPOINT` inside [.env](.env) to the corresponding values, which you'll get when [creating a search application](https://www.elastic.co/guide/en/enterprise-search/current/search-applications.html).
 
 ### Set up DLS with SPO
 1. create a connector in kibana named `search-sharepoint` 
@@ -117,7 +117,6 @@ You need to set `REACT_APP_SEARCH_APP_NAME`, `REACT_APP_SEARCH_APP_API_KEY` and
 6. define mappings, as above in this README
 7. create search application
 8. enable cors: https://www.elastic.co/guide/en/elasticsearch/reference/master/search-application-security.html#search-application-security-cors-elasticsearch
-9. create an API key that has read access to `.search-acl-filter-search-sharepoint` and the search application (`sharepoint`)
 
 
 ### Make it go
diff --git a/example-apps/internal-knowledge-search/app-ui/src/components/SearchApplicationSettings.tsx b/example-apps/internal-knowledge-search/app-ui/src/components/SearchApplicationSettings.tsx
@@ -4,14 +4,12 @@ import {updateSettings} from "../store/slices/searchApplicationSettingsSlice";
 import {useToast} from "../contexts/ToastContext";
 import {MessageType} from "./Toast";
 import {RootState} from "../store/store";
-import {FontAwesomeIcon} from "@fortawesome/react-fontawesome";
-import {faAngleDown, faAngleUp} from "@fortawesome/free-solid-svg-icons";
-import {json} from "react-router-dom";
+
 
 
 const SearchApplicationSettings: React.FC = () => {
     const dispatch = useDispatch();
-    const {appName, appUser, appPassword, searchEndpoint, searchPersona} = useSelector((state: RootState) => state.searchApplicationSettings);
+    const {appName, appUser, appPassword, searchEndpoint, searchPersona, searchPersonaAPIKey} = useSelector((state: RootState) => state.searchApplicationSettings);
     const {showToast} = useToast();
 
     const fetchPersonaOptions = async () => {
@@ -29,12 +27,127 @@ const SearchApplicationSettings: React.FC = () => {
         }
     }
 
+    const roleName = appName+"-key-role"
+    const defaultRoleDescriptor = {
+        [roleName]: {
+            "cluster": [],
+            "indices": [
+                {
+                    "names": [
+                        appName
+                    ],
+                    "privileges": [
+                        "read"
+                    ],
+                    "allow_restricted_indices": false
+                }
+            ],
+            "applications": [],
+            "run_as": [],
+            "metadata": {},
+            "transient_metadata": {
+                "enabled": true
+            },
+            "restriction": {
+                "workflows": [
+                    "search_application_query"
+                ]
+            }
+        }
+    }
+    const personaRoleDescriptor = async () => {
+        const identitiesIndex = ".search-acl-filter-search-sharepoint" //TODO fix hardcoded
+        const identityPath = searchEndpoint + "/" + identitiesIndex + "/_doc/" + searchPersona
+        const response = await fetch(identityPath, {headers: {"Authorization": "Basic " + btoa(appUser + ":" + appPassword)}});
+        const jsonData = await response.json();
+        console.log("Permissions lookup response is:")
+        console.log(jsonData)
+        const permissions = jsonData._source.query.template.params.access_control
+        return {
+            "dls-role": {
+                "cluster": ["all"],
+                "indices": [
+                    {
+                        "names": ["search-sharepoint"],// TODO: hardcoded
+                        "privileges": ["read"],
+                        "query": {
+                            "template": {
+                                "params": {
+                                    "permissions": permissions
+                                },
+                                'source': `
+                                    {
+                                      "bool": {
+                                        "filter": {
+                                          "bool": {
+                                            "should": [
+                                              {
+                                                "bool": {
+                                                  "must_not": {
+                                                    "exists": {
+                                                      "field": "_allow_access_control"
+                                                    }
+                                                  }
+                                                }
+                                              },
+                                              {
+                                                "terms": {
+                                                  "_allow_access_control": {{#toJson}}permissions{{/toJson}}
+                                                }
+                                              }
+                                            ]
+                                          }
+                                        }
+                                      }
+                                    }
+                                    `
+                            }
+                        }
+                    }
+                ],
+                "restriction": {
+                    "workflows": [
+                        "search_application_query"
+                    ]
+                }
+            }
+        }
+    }
+    const createPersonaAPIKey = async(persona) => {
+        const roleDescriptor = persona == "admin" ? defaultRoleDescriptor : await personaRoleDescriptor()
+        const apiKeyPath = searchEndpoint + "/_security/api_key"
+        const response = await fetch(apiKeyPath, {
+            method: "POST",
+            headers: {
+                "Authorization": "Basic " + btoa(appUser + ":" + appPassword),
+                "Content-Type": "application/json",
+            },
+            body: JSON.stringify({
+                "name": appName+"-internal-knowledge-search-example-"+persona,
+                "expiration": "1h",
+                "role_descriptors": roleDescriptor,
+                "metadata": {
+                    "application": appName,
+                    "createdBy": appUser
+                }
+            })
+        })
+        const jsonData = await response.json()
+        console.log("API key create response is:")
+        console.log(jsonData)
+        return jsonData.encoded
+    }
+
     const [searchPersonaOptions, setSearchPersonaOptions] = useState(["admin"]);
 
     useEffect(()=>{
         (async()=>{
-            const fetched = await fetchPersonaOptions()
-            setSearchPersonaOptions(fetched)
+            const fetchedPersonas = await fetchPersonaOptions()
+            setSearchPersonaOptions(fetchedPersonas)
+            if (searchPersonaAPIKey == "missing") {
+                const createdAPIKey = await createPersonaAPIKey(searchPersona)
+                updateSearchPersonaAPIKey(createdAPIKey)
+            }
         })()
     },[])
 
@@ -44,24 +157,26 @@ const SearchApplicationSettings: React.FC = () => {
         setIsOpen(!isOpen);
     };
 
-    const handlePersonaChange = (value: string) => {
-        updateSearchPersona(value);
+    const handlePersonaChange = async (value: string) => {
+        updateSearchPersona(value, await createPersonaAPIKey(value));
     };
 
     const handleSave = () => {
-        dispatch(updateSettings({appName, appUser, appPassword, searchEndpoint, searchPersona}));
+        dispatch(updateSettings({appName, appUser, appPassword, searchEndpoint, searchPersona, searchPersonaAPIKey}));
         showToast("Settings saved!", MessageType.Info);
     };
 
-    const updateAppName = (e) => dispatch(updateSettings({appName: e.target.value, appUser, appPassword, searchEndpoint, searchPersona}))
+    const updateAppName = (e) => dispatch(updateSettings({appName: e.target.value, appUser, appPassword, searchEndpoint, searchPersona, searchPersonaAPIKey}))
+
+    const updateAppUser = (e) => dispatch(updateSettings({appName, appUser: e.target.value, appPassword, searchEndpoint, searchPersona, searchPersonaAPIKey}))
 
-    const updateAppUser = (e) => dispatch(updateSettings({appName, appUser: e.target.value, appPassword, searchEndpoint, searchPersona}))
+    const updateAppPassword = (e) => dispatch(updateSettings({appName, appUser, appPassword: e.target.value, searchEndpoint, searchPersona, searchPersonaAPIKey}))
 
-    const updateAppPassword = (e) => dispatch(updateSettings({appName, appUser, appPassword: e.target.value, searchEndpoint, searchPersona}))
+    const updateSearchEndpoint = (e) => dispatch(updateSettings({appName, appUser, appPassword, searchEndpoint: e.target.value, searchPersona, searchPersonaAPIKey}))
 
-    const updateSearchEndpoint = (e) => dispatch(updateSettings({appName, appUser, appPassword, searchEndpoint: e.target.value, searchPersona}))
+    const updateSearchPersona = (persona, apiKey) => dispatch(updateSettings({appName, appUser, appPassword, searchEndpoint, searchPersona: persona, searchPersonaAPIKey: apiKey}))
 
-    const updateSearchPersona = (e) => dispatch(updateSettings({appName, appUser, appPassword, searchEndpoint, searchPersona: e}))
+    const updateSearchPersonaAPIKey = (apiKey) => dispatch(updateSettings({appName, appUser, appPassword, searchEndpoint, searchPersona, searchPersonaAPIKey: apiKey}))
 
     return (
         <div className="container mx-auto p-4 bg-white rounded shadow-md">
@@ -154,10 +269,13 @@ const SearchApplicationSettings: React.FC = () => {
                 <p className="text-xs mb-2 text-gray-500">The persona on whose behalf searches will be executed</p>
                 <div className="relative">
                     <select
-                        onChange={(event) => handlePersonaChange(event.target.value)}
+                        onChange={ async (event) => await handlePersonaChange(event.target.value)}
                         value={searchPersona}
                         className="flex items-center space-x-2 p-2 bg-white rounded border border-gray-300 focus:outline-none focus:border-blue-500"
                     >
+                        {searchPersonaOptions.includes(searchPersona) ? "" : <option value={searchPersona} key={searchPersona} className="block text-left p-2 hover:bg-gray-100 cursor-pointer">
+                            {searchPersona}
+                        </option>}
                         {searchPersonaOptions.map((option, index) => (
                             <option value={option} key={option} className="block text-left p-2 hover:bg-gray-100 cursor-pointer">
                                 {option}
diff --git a/example-apps/internal-knowledge-search/app-ui/src/models/SearchApplicationSettingsModel.ts b/example-apps/internal-knowledge-search/app-ui/src/models/SearchApplicationSettingsModel.ts
@@ -7,4 +7,6 @@ export interface SearchApplicationSettingsModel {
     searchEndpoint: string;
 
     searchPersona: string;
+
+    searchPersonaAPIKey: string;
 }
diff --git a/example-apps/internal-knowledge-search/app-ui/src/pages/SearchPage.tsx b/example-apps/internal-knowledge-search/app-ui/src/pages/SearchPage.tsx
@@ -37,7 +37,7 @@ export default function SearchPage() {
     //TODO: simplify query state and move it to one place
     const [query, setQuery] = useState<string>("");
 
-    const {appName, appUser, appPassword, searchEndpoint, searchPersona} = useSelector((state: RootState) => state.searchApplicationSettings);
+    const {appName, appUser, appPassword, searchEndpoint, searchPersonaAPIKey} = useSelector((state: RootState) => state.searchApplicationSettings);
     const {sorts} = useSelector((state: RootState) => state.sort);
     const indexFilter = useSelector((state: RootState) => state.filter)["filters"]["Data sources"].values;
 
@@ -47,75 +47,11 @@ export default function SearchPage() {
         fetchData();
     }, [indexFilter, sorts, appName, appUser, appPassword, searchEndpoint]);
 
-    const getOrCreateApiKey = async () => {
-        if (searchPersona == "admin"){
-            return "admin key" //TODO fix hardcoded
-        }
-        else {
-            const identitiesIndex = ".search-acl-filter-search-sharepoint" //TODO fix hardcoded
-            const identityPath = searchEndpoint + "/" + identitiesIndex + "/_doc/" + searchPersona
-            const response = await fetch(identityPath, {headers: {"Authorization": "Basic " + btoa(appUser + ":" + appPassword)}});
-            const jsonData = await response.json();
-            console.log(jsonData)
-            const permissions = jsonData._source.query.template.params.access_control
-            const apiKeyRoleDescriptor = {
-                name: searchPersona,
-                role_descriptors: {
-                    "dls-role": {
-                        "cluster": ["all"],
-                        "indices": [
-                            {
-                                "names": ["search-sharepoint"],// TODO: hardcoded
-                                "privileges": ["read"],
-                                "query": {
-                                    "template": {
-                                        "params": {
-                                            "permissions": permissions
-                                        },
-                                        'source': `
-                                        {
-                                          "bool": {
-                                            "filter": {
-                                              "bool": {
-                                                "should": [
-                                                  {
-                                                    "bool": {
-                                                      "must_not": {
-                                                        "exists": {
-                                                          "field": "_allow_access_control"
-                                                        }
-                                                      }
-                                                    }
-                                                  },
-                                                  {
-                                                    "terms": {
-                                                      "_allow_access_control": {{#toJson}}permissions{{/toJson}}
-                                                    }
-                                                  }
-                                                ]
-                                              }
-                                            }
-                                          }
-                                        }
-                                        `
-                                    }
-                                }
-                            }
-                        ]
-                    }
-                }
-            }
-
-            // TODO Use fetch: https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API
-            return "missing"
-        }
-    }
-
     const handleSearchSubmit = async () => {
         try {
             setLoading(true);
 
-            const apiKey = await getOrCreateApiKey()
+            const apiKey = searchPersonaAPIKey
             showToast("API key is: "+apiKey)
 
             const client = SearchApplicationClient(appName, searchEndpoint, apiKey, {
diff --git a/example-apps/internal-knowledge-search/app-ui/src/store/slices/searchApplicationSettingsSlice.ts b/example-apps/internal-knowledge-search/app-ui/src/store/slices/searchApplicationSettingsSlice.ts
@@ -8,7 +8,8 @@ const initialState: SearchApplicationSettingsModel = {
     appUser: process.env.REACT_APP_SEARCH_USER || "elastic",
     appPassword: process.env.REACT_APP_SEARCH_PASSWORD || "changeme",
     searchEndpoint: process.env.REACT_APP_SEARCH_APP_ENDPOINT || "https://some-search-end-point.co",
-    searchPersona: "admin"
+    searchPersona: "admin",
+    searchPersonaAPIKey: "missing"
 };
 
 const searchApplicationSettingsSlice = createSlice({

Original file line number	Diff line number	Diff line change
`@@ -7,4 +7,6 @@ export interface SearchApplicationSettingsModel {`
`7`	`7`	`searchEndpoint: string;`
`8`	`8`
`9`	`9`	`searchPersona: string;`
	`10`	`+`
	`11`	`+ searchPersonaAPIKey: string;`
`10`	`12`	`}`