Certificate audit logging #136660
Closed
Certificate audit logging #136660
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
…e identity verification, header verification
# Conflicts: # x-pack/plugin/security/qa/multi-cluster/src/javaRestTest/java/org/elasticsearch/xpack/remotecluster/RemoteClusterSecurityCrossClusterApiKeySigningIT.java # x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java # x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ApiKeyServiceTests.java # x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/CrossClusterAccessAuthenticationServiceIntegTests.java
Rebase audit logging changes on top of latest signature verififcation changes
Contributor Author
| Closing. After further investigation with @jfreden, we determined there is not a need to add this new audit logging in the |
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
Note: This PR includes changes from #136299 which must merge first.
This is currently a draft which adds Audit Logging to
CrossClusterAccessAuthenticationService. Relevant files that are changedCrossClusterAccessAuthenticationService.java(audit logging calls)CrossClusterAccessAuthenticationServiceTests.java(new tests)AuditTrail.java(new method signature)LoggingAuditTrail.java(new method implementation)Changes
authenticationFailed(requestId, token, action, remoteAddress)overload toAuditTrailtryAuthenticate()to call audit trail on authentication failuresTesting Approach
Audit logging is tested via unit tests with mocked
AuditTrailto verify we're calling the audit trail with the correct parameters for both success and failure scenarios.I initially looked at
AuditITwhich reads audit logs from the test cluster, but it uses the newerElasticsearchClustertest framework with log file access viacluster.getNodeLog(). The existingCrossClusterAccessAuthenticationServiceIntegTestsusesinternalCluster()which doesn't provide the same convenient API for log access, as far as I can tell.However, I've started adding integration test audit verification by accessing the audit log files directly through the
EnvironmentandNodeEnvironmentservices available ininternalCluster(); this code is present inCrossClusterAccessAuthenticationIntegTests.verifyAuditLogs. This allows reading the actual audit log to verify end-to-end audit trail behavior. The integration test audit verification is still being fleshed out but I think this approach is viable.