Skip to content

pgp key retrieval requires auth #4255

New issue
New issue
Closed
#4256
Closed
pgp key retrieval requires auth#4255
#4256
Assignees
michel-laterman
Labels
Team:Elastic-Agent-Control-PlaneLabel for the Agent Control Plane teambugSomething isn't working
@michel-laterman

Description

@michel-laterman
michel-laterman
opened on Dec 30, 2024

The PGP retrieval endpoint requires auth from the client:

fleet-server/internal/pkg/api/handlePGPRequest.go

Lines 54 to 58 in 76abe76

key, err := authAPIKey(r, pt.bulker, pt.cache)
if err != nil {
return err
}
zlog = zlog.With().Str(LogEnrollAPIKeyID, key.ID).Logger()

While this is defined behaviour as part of the OpenAPI spec

fleet-server/model/openapi.yml

Lines 1762 to 1768 in 76abe76

/api/agents/upgrades/{major}.{minor}.{patch}/pgp-public-key:
get:
operationId: getPGPKey
summary: retrieve a PGP key from the fleet-server's local storage.
description: "Get a PGP key that can be used to verify agent upgrades. Key is stored on (fleet-server's) disk."
security:
- apiKey: []

it should be removed as agents do not include an API key when attempting to get the PGP key

Metadata

Metadata

Assignees

Labels

Team:Elastic-Agent-Control-PlaneLabel for the Agent Control Plane teambugSomething isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions