Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve auditing of API key authentication #58928

Merged
merged 32 commits into from
Jul 9, 2020
Merged

Improve auditing of API key authentication #58928

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
9936355
WIP
albertzaharovits Jun 15, 2020
9d4029b
Merge branch 'master' into audit_key_usage
albertzaharovits Jun 15, 2020
e337dbe
WIP mhhhmm
albertzaharovits Jun 15, 2020
bb4b8ea
WIP mhmm
albertzaharovits Jun 15, 2020
df1fee9
Nothing here
albertzaharovits Jun 18, 2020
0680978
Merge branch 'master' into audit_key_usage
albertzaharovits Jun 28, 2020
f041041
Revert to wrong format
albertzaharovits Jun 28, 2020
9092e66
WIP
albertzaharovits Jun 28, 2020
39e4e5a
WIP
albertzaharovits Jun 29, 2020
e1b1897
Tests FIX WIP
albertzaharovits Jun 29, 2020
3f48839
Teests compile and AuthenticationServiceTests passes
albertzaharovits Jun 29, 2020
55744e5
Le tests
albertzaharovits Jun 29, 2020
2b5616c
Merge branch 'master' into audit_key_usage
albertzaharovits Jul 1, 2020
cd24d50
Limited role changes
albertzaharovits Jul 1, 2020
170cc33
Authentication type
albertzaharovits Jul 1, 2020
3857df9
More tests
albertzaharovits Jul 2, 2020
34f1bbf
Filter tests
albertzaharovits Jul 2, 2020
659f2e8
Merge branch 'master' into audit_key_usage
albertzaharovits Jul 2, 2020
ed88ee8
Revert gradle run file
albertzaharovits Jul 2, 2020
549083d
Checkstyle
albertzaharovits Jul 2, 2020
c22b1b7
nothing to see here
albertzaharovits Jul 2, 2020
267349f
Merge branch 'master' into audit_key_usage
albertzaharovits Jul 5, 2020
3a8ddbb
Revert changes to api key roles
albertzaharovits Jul 5, 2020
7f497d5
ApiKeyService#getCreatorRealmName
albertzaharovits Jul 5, 2020
06894d1
Tease out the roles PR
albertzaharovits Jul 5, 2020
856eea7
Checkstyle
albertzaharovits Jul 5, 2020
22a1687
Merge branch 'master' into audit_key_usage
albertzaharovits Jul 7, 2020
2977aa1
Merge branch 'master' into audit_key_usage
albertzaharovits Jul 7, 2020
112bfee
Merge fallout
albertzaharovits Jul 7, 2020
0e112ae
Checkstyle
albertzaharovits Jul 8, 2020
03cc8de
Merge branch 'master' into audit_key_usage
albertzaharovits Jul 8, 2020
8aa9068
Review resurrect "realm" for authn_success
albertzaharovits Jul 8, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions x-pack/plugin/core/src/main/config/log4j2.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,11 @@ appender.audit_rolling.layout.pattern = {\
%varsNotEmpty{, "user.realm":"%enc{%map{user.realm}}{JSON}"}\
%varsNotEmpty{, "user.run_by.realm":"%enc{%map{user.run_by.realm}}{JSON}"}\
%varsNotEmpty{, "user.run_as.realm":"%enc{%map{user.run_as.realm}}{JSON}"}\
%varsNotEmpty{, "apikey.id":"%enc{%map{apikey.id}}{JSON}"}\
%varsNotEmpty{, "apikey.name":"%enc{%map{apikey.name}}{JSON}"}\
%varsNotEmpty{, "user.roles":%map{user.roles}}\
%varsNotEmpty{, "origin.type":"%enc{%map{origin.type}}{JSON}"}\
%varsNotEmpty{, "authentication.type":"%enc{%map{authentication.type}}{JSON}"}\
%varsNotEmpty{, "origin.address":"%enc{%map{origin.address}}{JSON}"}\
%varsNotEmpty{, "realm":"%enc{%map{realm}}{JSON}"}\
%varsNotEmpty{, "url.path":"%enc{%map{url.path}}{JSON}"}\
Expand Down
7 changes: 3 additions & 4 deletions x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrail.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.xpack.core.security.authc.Authentication;
import org.elasticsearch.xpack.core.security.authc.AuthenticationToken;
import org.elasticsearch.xpack.core.security.user.User;
import org.elasticsearch.xpack.core.security.authz.AuthorizationEngine.AuthorizationInfo;
import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;

Expand All @@ -22,9 +21,9 @@ public interface AuditTrail {

String name();

void authenticationSuccess(String requestId, String realm, User user, RestRequest request);
void authenticationSuccess(String requestId, Authentication authentication, RestRequest request);

void authenticationSuccess(String requestId, String realm, User user, String action, TransportRequest transportRequest);
void authenticationSuccess(String requestId, Authentication authentication, String action, TransportRequest transportRequest);

void anonymousAccessDenied(String requestId, String action, TransportRequest transportRequest);

Expand Down Expand Up @@ -52,7 +51,7 @@ void accessDenied(String requestId, Authentication authentication, String action

void tamperedRequest(String requestId, String action, TransportRequest transportRequest);

void tamperedRequest(String requestId, User user, String action, TransportRequest transportRequest);
void tamperedRequest(String requestId, Authentication authentication, String action, TransportRequest transportRequest);

/**
* The {@link #connectionGranted(InetAddress, String, SecurityIpFilterRule)} and
Expand Down
21 changes: 11 additions & 10 deletions ...ugin/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.xpack.core.security.authc.Authentication;
import org.elasticsearch.xpack.core.security.authc.AuthenticationToken;
import org.elasticsearch.xpack.core.security.user.User;
import org.elasticsearch.xpack.core.security.authz.AuthorizationEngine.AuthorizationInfo;
import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;

Expand Down Expand Up @@ -54,10 +53,11 @@ public String name() {
}

@Override
public void authenticationSuccess(String requestId, String realm, User user, RestRequest request) {}
public void authenticationSuccess(String requestId, Authentication authentication, RestRequest request) {}

@Override
public void authenticationSuccess(String requestId, String realm, User user, String action, TransportRequest transportRequest) {}
public void authenticationSuccess(String requestId, Authentication authentication, String action,
TransportRequest transportRequest) {}

@Override
public void anonymousAccessDenied(String requestId, String action, TransportRequest transportRequest) {}
Expand Down Expand Up @@ -99,7 +99,7 @@ public void tamperedRequest(String requestId, RestRequest request) {}
public void tamperedRequest(String requestId, String action, TransportRequest transportRequest) {}

@Override
public void tamperedRequest(String requestId, User user, String action, TransportRequest transportRequest) {}
public void tamperedRequest(String requestId, Authentication authentication, String action, TransportRequest transportRequest) {}

@Override
public void connectionGranted(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) {}
Expand Down Expand Up @@ -143,16 +143,17 @@ public String name() {
}

@Override
public void authenticationSuccess(String requestId, String realm, User user, RestRequest request) {
public void authenticationSuccess(String requestId, Authentication authentication, RestRequest request) {
for (AuditTrail auditTrail : auditTrails) {
auditTrail.authenticationSuccess(requestId, realm, user, request);
auditTrail.authenticationSuccess(requestId, authentication, request);
}
}

@Override
public void authenticationSuccess(String requestId, String realm, User user, String action, TransportRequest transportRequest) {
public void authenticationSuccess(String requestId, Authentication authentication, String action,
TransportRequest transportRequest) {
for (AuditTrail auditTrail : auditTrails) {
auditTrail.authenticationSuccess(requestId, realm, user, action, transportRequest);
auditTrail.authenticationSuccess(requestId, authentication, action, transportRequest);
}
}

Expand Down Expand Up @@ -244,9 +245,9 @@ public void tamperedRequest(String requestId, String action, TransportRequest tr
}

@Override
public void tamperedRequest(String requestId, User user, String action, TransportRequest transportRequest) {
public void tamperedRequest(String requestId, Authentication authentication, String action, TransportRequest transportRequest) {
for (AuditTrail auditTrail : auditTrails) {
auditTrail.tamperedRequest(requestId, user, action, transportRequest);
auditTrail.tamperedRequest(requestId, authentication, action, transportRequest);
}
}

Expand Down
Loading