Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add additional ignore_headers audit configuration setting #3885

Merged
merged 16 commits into from
Jan 5, 2024
Merged

Add additional ignore_headers audit configuration setting #3885

merged 16 commits into from
Jan 5, 2024

Conversation

stephen-crawford
Copy link
Contributor

@stephen-crawford stephen-crawford commented Dec 21, 2023
edited by peternied
Loading

Description

This change adds a new setting to the audit.yml configuration allowing users to specify REST headers they wish to be ignored from audit logging.

Issues Resolved

Testing

Added a couple new test cases to check the setting

Check List

  • New functionality includes testing
  • New functionality has been documented
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

stephen-crawford and others added 8 commits December 20, 2023 11:34
@stephen-crawford
fix dependency conflict
efad9b7 
Signed-off-by: Stephen Crawford <[email protected]>
@stephen-crawford
rework audit log fix
afe8991 
Signed-off-by: Stephen Crawford <[email protected]>
@stephen-crawford
diff json
145fac0 
Signed-off-by: Stephen Crawford <[email protected]>
@stephen-crawford
Works other than audit config logs
a1d7b74 
Signed-off-by: Stephen Crawford <[email protected]>
@stephen-crawford
Merge branch 'opensearch-project:main' into jwtAuditLog
784af8c
@stephen-crawford
Fix version bump
e214e18 
Signed-off-by: Stephen Crawford <[email protected]>
@stephen-crawford
Working setting
23a3e40 
Signed-off-by: Stephen Crawford <[email protected]>
@stephen-crawford
spotless
d0f14e0 
Signed-off-by: Stephen Crawford <[email protected]>
@stephen-crawford stephen-crawford marked this pull request as ready for review December 21, 2023 21:32
@stephen-crawford
remove prints
cde5bd9 
Signed-off-by: Stephen Crawford <[email protected]>
@stephen-crawford
fix tests
c9ff35a 
Signed-off-by: Stephen Crawford <[email protected]>
cwperks
cwperks previously approved these changes Dec 22, 2023
View reviewed changes
Copy link
Member

@cwperks cwperks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! I left one small suggestion around naming the method on the filter.

src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java Outdated Show resolved Hide resolved
@stephen-crawford @cwperks
Update src/main/java/org/opensearch/security/auditlog/impl/AuditMessa…
c5a7238 
…ge.java

Co-authored-by: Craig Perkins <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
DarshitChanpura
DarshitChanpura previously approved these changes Jan 2, 2024
View reviewed changes
Copy link
Member

@DarshitChanpura DarshitChanpura left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Left few nits

src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java Outdated Show resolved Hide resolved
src/main/java/org/opensearch/security/compliance/ComplianceConfig.java Outdated Show resolved Hide resolved
@DarshitChanpura
Copy link
Member

There is a compilation error:

/home/runner/work/security/security/src/test/java/org/opensearch/security/auditlog/impl/AuditMessageTest.java:79: error: cannot find symbol
        when(auditConfig.getFilter().isHeaderDisabled("test-header")).thenReturn(false);

@stephen-crawford
spotless and fix rename
00baf13 
Signed-off-by: Stephen Crawford <[email protected]>
@codecov Codecov
Copy link

codecov bot commented Jan 2, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (26e62d5) 65.18% compared to head (6d630d1) 65.21%.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #3885      +/-   ##
==========================================
+ Coverage   65.18%   65.21%   +0.02%     
==========================================
  Files         298      298              
  Lines       21195    21210      +15     
  Branches     3456     3457       +1     
==========================================
+ Hits        13817    13832      +15     
  Misses       5664     5664              
  Partials     1714     1714
Files Coverage Δ
.../opensearch/security/OpenSearchSecurityPlugin.java 84.53% <100.00%> (+0.09%) ⬆️
...ensearch/security/auditlog/config/AuditConfig.java 99.22% <100.00%> (+0.05%) ⬆️
...earch/security/auditlog/impl/AbstractAuditLog.java 76.20% <ø> (ø)
...pensearch/security/auditlog/impl/AuditMessage.java 75.00% <100.00%> (+0.24%) ⬆️
...g/opensearch/security/support/ConfigConstants.java 95.23% <ø> (ø)

DarshitChanpura
DarshitChanpura previously approved these changes Jan 2, 2024
View reviewed changes
@stephen-crawford
Apply suggestions from code review
bb7b530 
Signed-off-by: Stephen Crawford <[email protected]>
cwperks
cwperks reviewed Jan 3, 2024
View reviewed changes
config/config.yml Outdated Show resolved Hide resolved
stephen-crawford
stephen-crawford commented Jan 3, 2024
View reviewed changes
config/config.yml Outdated Show resolved Hide resolved
@stephen-crawford
Update config/config.yml
6d630d1 
Signed-off-by: Stephen Crawford <[email protected]>
@peternied peternied merged commit 03fd79f into opensearch-project:main Jan 5, 2024
82 checks passed
@peternied peternied deleted the jwtAuditLog branch January 5, 2024 20:00
@peternied peternied added the backport 2.x backport to 2.x branch label Jan 5, 2024
opensearch-trigger-bot bot pushed a commit that referenced this pull request Jan 5, 2024
@github-actions @cwperks
Add additional ignore_headers audit configuration setting (#3885)
737328f 
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Co-authored-by: Craig Perkins <[email protected]>
(cherry picked from commit 03fd79f)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Jan 5, 2024
Merged
@peternied
Copy link
Member

@scrawfor99 Do you have a link to the documentation update?

peternied pushed a commit that referenced this pull request Jan 5, 2024
@opensearch-trigger-bot @github-actions @cwperks
[Backport 2.x] Add additional ignore_headers audit configuration sett…
13a5641 
…ing (#3926)

Backport 03fd79f from #3885.

Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Craig Perkins <[email protected]>
@stephen-crawford stephen-crawford mentioned this pull request Jan 16, 2024
Closed
dlin2028 pushed a commit to dlin2028/security that referenced this pull request May 1, 2024
@stephen-crawford @cwperks @dlin2028
Add additional ignore_headers audit configuration setting (opensearch…
f65854d 
…-project#3885)

Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Co-authored-by: Craig Perkins <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cwperks cwperks cwperks approved these changes

@peternied peternied peternied approved these changes

@cliu123 cliu123 Awaiting requested review from cliu123

@davidlago davidlago Awaiting requested review from davidlago

@RyanL1997 RyanL1997 Awaiting requested review from RyanL1997 RyanL1997 is a code owner

@reta reta Awaiting requested review from reta reta is a code owner

@willyborankin willyborankin Awaiting requested review from willyborankin willyborankin is a code owner

@DarshitChanpura DarshitChanpura Awaiting requested review from DarshitChanpura DarshitChanpura is a code owner

Assignees
No one assigned
Labels
backport 2.x backport to 2.x branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Redact custom headers from audit logging
4 participants
@stephen-crawford @DarshitChanpura @peternied @cwperks