Skip to content

Commit

Permalink
Filter out read access to config and telemetry obj (#82314)
Browse files Browse the repository at this point in the history
* Filter out read access to config and telemetry obj

* Fix eslint errors
  • Loading branch information
thomheymann authored Nov 5, 2020
1 parent 340f85c commit 1f37816
Show file tree
Hide file tree
Showing 4 changed files with 91 additions and 3 deletions.
57 changes: 57 additions & 0 deletions x-pack/plugins/security/server/audit/audit_events.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,63 @@ describe('#savedObjectEvent', () => {
`);
});

test('does create event for read access of saved objects', () => {
expect(
savedObjectEvent({
action: SavedObjectAction.GET,
savedObject: { type: 'dashboard', id: 'SAVED_OBJECT_ID' },
})
).not.toBeUndefined();
expect(
savedObjectEvent({
action: SavedObjectAction.FIND,
savedObject: { type: 'dashboard', id: 'SAVED_OBJECT_ID' },
})
).not.toBeUndefined();
});

test('does not create event for read access of config or telemetry objects', () => {
expect(
savedObjectEvent({
action: SavedObjectAction.GET,
savedObject: { type: 'config', id: 'SAVED_OBJECT_ID' },
})
).toBeUndefined();
expect(
savedObjectEvent({
action: SavedObjectAction.GET,
savedObject: { type: 'telemetry', id: 'SAVED_OBJECT_ID' },
})
).toBeUndefined();
expect(
savedObjectEvent({
action: SavedObjectAction.FIND,
savedObject: { type: 'config', id: 'SAVED_OBJECT_ID' },
})
).toBeUndefined();
expect(
savedObjectEvent({
action: SavedObjectAction.FIND,
savedObject: { type: 'telemetry', id: 'SAVED_OBJECT_ID' },
})
).toBeUndefined();
});

test('does create event for write access of config or telemetry objects', () => {
expect(
savedObjectEvent({
action: SavedObjectAction.UPDATE,
savedObject: { type: 'config', id: 'SAVED_OBJECT_ID' },
})
).not.toBeUndefined();
expect(
savedObjectEvent({
action: SavedObjectAction.UPDATE,
savedObject: { type: 'telemetry', id: 'SAVED_OBJECT_ID' },
})
).not.toBeUndefined();
});

test('creates event with `success` outcome for `REMOVE_REFERENCES` action', () => {
expect(
savedObjectEvent({
Expand Down
10 changes: 9 additions & 1 deletion x-pack/plugins/security/server/audit/audit_events.ts
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,7 @@ export function savedObjectEvent({
deleteFromSpaces,
outcome,
error,
}: SavedObjectParams): AuditEvent {
}: SavedObjectParams): AuditEvent | undefined {
const doc = savedObject ? `${savedObject.type} [id=${savedObject.id}]` : 'saved objects';
const [present, progressive, past] = eventVerbs[action];
const message = error
Expand All @@ -230,6 +230,14 @@ export function savedObjectEvent({
: `User has ${past} ${doc}`;
const type = eventTypes[action];

if (
type === EventType.ACCESS &&
savedObject &&
(savedObject.type === 'config' || savedObject.type === 'telemetry')
) {
return;
}

return {
message,
event: {
Expand Down
20 changes: 20 additions & 0 deletions x-pack/plugins/security/server/audit/audit_service.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,26 @@ describe('#asScoped', () => {
audit.asScoped(request).log({ message: 'MESSAGE', event: { action: 'ACTION' } });
expect(logger.info).not.toHaveBeenCalled();
});

it('does not log to audit logger if no event was generated', async () => {
const audit = new AuditService(logger).setup({
license,
config: {
enabled: true,
ignore_filters: [{ actions: ['ACTION'] }],
},
logging,
http,
getCurrentUser,
getSpaceId,
});
const request = httpServerMock.createKibanaRequest({
kibanaRequestState: { requestId: 'REQUEST_ID', requestUuid: 'REQUEST_UUID' },
});

audit.asScoped(request).log(undefined);
expect(logger.info).not.toHaveBeenCalled();
});
});

describe('#createLoggingConfig', () => {
Expand Down
7 changes: 5 additions & 2 deletions x-pack/plugins/security/server/audit/audit_service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ export interface LegacyAuditLogger {
}

export interface AuditLogger {
log: (event: AuditEvent) => void;
log: (event: AuditEvent | undefined) => void;
}

interface AuditLogMeta extends AuditEvent {
Expand Down Expand Up @@ -127,7 +127,10 @@ export class AuditService {
* });
* ```
*/
const log = (event: AuditEvent) => {
const log: AuditLogger['log'] = (event) => {
if (!event) {
return;
}
const user = getCurrentUser(request);
const spaceId = getSpaceId(request);
const meta: AuditLogMeta = {
Expand Down

0 comments on commit 1f37816

Please sign in to comment.