From 4e0a403f0240c79f3ac23c9dff9eb43a22800ed2 Mon Sep 17 00:00:00 2001 From: Albert Zaharovits Date: Tue, 4 Dec 2018 01:35:05 +0200 Subject: [PATCH] Fix deprecation of audit log settings (#36175) I have botched deprecating the "prefix" logfile audit settings in #34475 , by not registering them. This commit fixes it and also adds a test that these deprecated settings are indeed still working and are dynamic. Closes #36162 --- .../logfile/DeprecatedLoggingAuditTrail.java | 8 ++-- .../audit/logfile/LoggingAuditTrail.java | 6 ++- .../AuditTrailSettingsUpdateTests.java | 44 +++++++++++++++++++ 3 files changed, 54 insertions(+), 4 deletions(-) diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/DeprecatedLoggingAuditTrail.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/DeprecatedLoggingAuditTrail.java index c7a4d1964d35d..1f4d13bad9a2d 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/DeprecatedLoggingAuditTrail.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/DeprecatedLoggingAuditTrail.java @@ -98,9 +98,11 @@ public DeprecatedLoggingAuditTrail(Settings settings, ClusterService clusterServ // always read before `localNodeInfo` and `includeRequestBody`. this.events = parse(LoggingAuditTrail.INCLUDE_EVENT_SETTINGS.get(newSettings), LoggingAuditTrail.EXCLUDE_EVENT_SETTINGS.get(newSettings)); - }, Arrays.asList(LoggingAuditTrail.EMIT_HOST_ADDRESS_SETTING, LoggingAuditTrail.EMIT_HOST_NAME_SETTING, - LoggingAuditTrail.EMIT_NODE_NAME_SETTING, LoggingAuditTrail.INCLUDE_EVENT_SETTINGS, - LoggingAuditTrail.EXCLUDE_EVENT_SETTINGS, LoggingAuditTrail.INCLUDE_REQUEST_BODY)); + }, Arrays.asList(LoggingAuditTrail.EMIT_HOST_ADDRESS_SETTING, LoggingAuditTrail.DEPRECATED_EMIT_HOST_ADDRESS_SETTING, + LoggingAuditTrail.EMIT_HOST_NAME_SETTING, LoggingAuditTrail.DEPRECATED_EMIT_NODE_NAME_SETTING, + LoggingAuditTrail.EMIT_NODE_NAME_SETTING, LoggingAuditTrail.DEPRECATED_EMIT_NODE_NAME_SETTING, + LoggingAuditTrail.INCLUDE_EVENT_SETTINGS, LoggingAuditTrail.EXCLUDE_EVENT_SETTINGS, + LoggingAuditTrail.INCLUDE_REQUEST_BODY)); clusterService.getClusterSettings().addAffixUpdateConsumer(LoggingAuditTrail.FILTER_POLICY_IGNORE_PRINCIPALS, (policyName, filtersList) -> { final Optional policy = eventFilterPolicyRegistry.get(policyName); diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java index d8862dcf17daa..15e0abb205e7f 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java @@ -184,7 +184,8 @@ public LoggingAuditTrail(Settings settings, ClusterService clusterService, Threa // `entryCommonFields` and `includeRequestBody` writes happen-before! `events` is // always read before `entryCommonFields` and `includeRequestBody`. this.events = parse(INCLUDE_EVENT_SETTINGS.get(newSettings), EXCLUDE_EVENT_SETTINGS.get(newSettings)); - }, Arrays.asList(EMIT_HOST_ADDRESS_SETTING, EMIT_HOST_NAME_SETTING, EMIT_NODE_NAME_SETTING, EMIT_NODE_ID_SETTING, + }, Arrays.asList(EMIT_HOST_ADDRESS_SETTING, DEPRECATED_EMIT_HOST_ADDRESS_SETTING, EMIT_HOST_NAME_SETTING, + DEPRECATED_EMIT_HOST_NAME_SETTING, EMIT_NODE_NAME_SETTING, DEPRECATED_EMIT_NODE_NAME_SETTING, EMIT_NODE_ID_SETTING, INCLUDE_EVENT_SETTINGS, EXCLUDE_EVENT_SETTINGS, INCLUDE_REQUEST_BODY)); clusterService.getClusterSettings().addAffixUpdateConsumer(FILTER_POLICY_IGNORE_PRINCIPALS, (policyName, filtersList) -> { final Optional policy = eventFilterPolicyRegistry.get(policyName); @@ -784,8 +785,11 @@ private static String effectiveRealmName(Authentication authentication) { public static void registerSettings(List> settings) { settings.add(EMIT_HOST_ADDRESS_SETTING); + settings.add(DEPRECATED_EMIT_HOST_ADDRESS_SETTING); settings.add(EMIT_HOST_NAME_SETTING); + settings.add(DEPRECATED_EMIT_HOST_NAME_SETTING); settings.add(EMIT_NODE_NAME_SETTING); + settings.add(DEPRECATED_EMIT_NODE_NAME_SETTING); settings.add(EMIT_NODE_ID_SETTING); settings.add(INCLUDE_EVENT_SETTINGS); settings.add(EXCLUDE_EVENT_SETTINGS); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/AuditTrailSettingsUpdateTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/AuditTrailSettingsUpdateTests.java index e05f4620ccca2..531749c8efbcd 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/AuditTrailSettingsUpdateTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/AuditTrailSettingsUpdateTests.java @@ -65,6 +65,10 @@ protected Settings nodeSettings(int nodeOrdinal) { settingsBuilder.put("xpack.security.audit.outputs", "logfile"); // add only startup filter policies settingsBuilder.put(startupFilterSettings); + // Remove non-deprecated version of prefix settings so that we can test the deprecated variant + settingsBuilder.remove(LoggingAuditTrail.EMIT_HOST_ADDRESS_SETTING.getKey()); + settingsBuilder.remove(LoggingAuditTrail.EMIT_HOST_NAME_SETTING.getKey()); + settingsBuilder.remove(LoggingAuditTrail.EMIT_NODE_NAME_SETTING.getKey()); return settingsBuilder.build(); } @@ -147,6 +151,46 @@ public void testDynamicHostSettings() { assertThat(loggingAuditTrail.entryCommonFields.commonFields.containsKey(LoggingAuditTrail.HOST_NAME_FIELD_NAME), is(false)); } + public void testDynamicHostDeprecatedSettings() { + final Settings.Builder settingsBuilder = Settings.builder(); + settingsBuilder.put(LoggingAuditTrail.DEPRECATED_EMIT_HOST_NAME_SETTING.getKey(), true); + settingsBuilder.put(LoggingAuditTrail.DEPRECATED_EMIT_HOST_ADDRESS_SETTING.getKey(), true); + settingsBuilder.put(LoggingAuditTrail.DEPRECATED_EMIT_NODE_NAME_SETTING.getKey(), true); + final boolean persistent = randomBoolean(); + updateSettings(settingsBuilder.build(), persistent); + final LoggingAuditTrail loggingAuditTrail = (LoggingAuditTrail) internalCluster().getInstances(AuditTrailService.class) + .iterator() + .next() + .getAuditTrails() + .iterator() + .next(); + assertThat(loggingAuditTrail.entryCommonFields.commonFields.get(LoggingAuditTrail.NODE_NAME_FIELD_NAME), startsWith("node_")); + assertThat(loggingAuditTrail.entryCommonFields.commonFields.get(LoggingAuditTrail.HOST_ADDRESS_FIELD_NAME), is("127.0.0.1")); + assertThat(loggingAuditTrail.entryCommonFields.commonFields.get(LoggingAuditTrail.HOST_NAME_FIELD_NAME), is("127.0.0.1")); + settingsBuilder.put(LoggingAuditTrail.DEPRECATED_EMIT_HOST_ADDRESS_SETTING.getKey(), false); + updateSettings(settingsBuilder.build(), persistent); + assertThat(loggingAuditTrail.entryCommonFields.commonFields.get(LoggingAuditTrail.NODE_NAME_FIELD_NAME), startsWith("node_")); + assertThat(loggingAuditTrail.entryCommonFields.commonFields.containsKey(LoggingAuditTrail.HOST_ADDRESS_FIELD_NAME), is(false)); + assertThat(loggingAuditTrail.entryCommonFields.commonFields.get(LoggingAuditTrail.HOST_NAME_FIELD_NAME), is("127.0.0.1")); + settingsBuilder.put(LoggingAuditTrail.DEPRECATED_EMIT_HOST_NAME_SETTING.getKey(), false); + updateSettings(settingsBuilder.build(), persistent); + assertThat(loggingAuditTrail.entryCommonFields.commonFields.get(LoggingAuditTrail.NODE_NAME_FIELD_NAME), startsWith("node_")); + assertThat(loggingAuditTrail.entryCommonFields.commonFields.containsKey(LoggingAuditTrail.HOST_ADDRESS_FIELD_NAME), is(false)); + assertThat(loggingAuditTrail.entryCommonFields.commonFields.containsKey(LoggingAuditTrail.HOST_NAME_FIELD_NAME), is(false)); + settingsBuilder.put(LoggingAuditTrail.DEPRECATED_EMIT_NODE_NAME_SETTING.getKey(), false); + updateSettings(settingsBuilder.build(), persistent); + assertThat(loggingAuditTrail.entryCommonFields.commonFields.containsKey(LoggingAuditTrail.NODE_NAME_FIELD_NAME), is(false)); + assertThat(loggingAuditTrail.entryCommonFields.commonFields.containsKey(LoggingAuditTrail.HOST_ADDRESS_FIELD_NAME), is(false)); + assertThat(loggingAuditTrail.entryCommonFields.commonFields.containsKey(LoggingAuditTrail.HOST_NAME_FIELD_NAME), is(false)); + settingsBuilder.put(LoggingAuditTrail.DEPRECATED_EMIT_HOST_NAME_SETTING.getKey(), true); + settingsBuilder.put(LoggingAuditTrail.DEPRECATED_EMIT_HOST_ADDRESS_SETTING.getKey(), true); + settingsBuilder.put(LoggingAuditTrail.DEPRECATED_EMIT_NODE_NAME_SETTING.getKey(), true); + updateSettings(settingsBuilder.build(), persistent); + assertThat(loggingAuditTrail.entryCommonFields.commonFields.get(LoggingAuditTrail.NODE_NAME_FIELD_NAME), startsWith("node_")); + assertThat(loggingAuditTrail.entryCommonFields.commonFields.get(LoggingAuditTrail.HOST_ADDRESS_FIELD_NAME), is("127.0.0.1")); + assertThat(loggingAuditTrail.entryCommonFields.commonFields.get(LoggingAuditTrail.HOST_NAME_FIELD_NAME), is("127.0.0.1")); + } + public void testDynamicRequestBodySettings() { final boolean persistent = randomBoolean(); final boolean enableRequestBody = randomBoolean();