honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request elastic/elasticsearch#2822 from rjernst/deguice4 

Remove use of Transport in audit trails

Original commit: elastic/x-pack-elasticsearch@26d9f18545
This commit is contained in:
Ryan Ernst 2016-07-14 13:05:40 -07:00 committed by GitHub
parent 4224d70986 f481dea1d0
commit d68970e4b9
9 changed files with 222 additions and 297 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java
View File

@ -18,6 +18,7 @@ import java.util.function.Function;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.ActionResponse;
import org.elasticsearch.action.support.ActionFilter;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.Booleans;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.component.LifecycleComponent;
@ -179,11 +180,6 @@ public class Security implements ActionPlugin {
return Collections.emptyList();
}
List<Class<? extends LifecycleComponent>> list = new ArrayList<>();
//TODO why only focus on file audit logs? shouldn't we just check if audit trail is enabled in general?
if (AuditTrailModule.fileAuditLoggingEnabled(settings) == true) {
list.add(LoggingAuditTrail.class);
}
list.add(SecurityLicensee.class);
list.add(FileRolesStore.class);
list.add(Realms.class);

5
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailModule.java
View File

@ -55,8 +55,7 @@ public class AuditTrailModule extends AbstractSecurityModule.Node {
bind(AuditTrailService.class).asEagerSingleton();
bind(AuditTrail.class).to(AuditTrailService.class);
Multibinder<AuditTrail> binder = Multibinder.newSetBinder(binder(), AuditTrail.class);
Set<String> uniqueOutputs = Sets.newHashSet(outputs);
for (String output : uniqueOutputs) {
for (String output : outputs) {
switch (output) {
case LoggingAuditTrail.NAME:
binder.addBinding().to(LoggingAuditTrail.class);
@ -67,7 +66,7 @@ public class AuditTrailModule extends AbstractSecurityModule.Node {
bind(IndexAuditTrail.class).asEagerSingleton();
break;
default:
throw new ElasticsearchException("unknown audit trail output [" + output + "]");
throw new IllegalArgumentException("unknown audit trail output [" + output + "]");
}
}
}

21
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrail.java
View File

@ -19,6 +19,7 @@ import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.cluster.ClusterChangedEvent;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.cluster.ClusterState;
import org.elasticsearch.cluster.ClusterStateListener;
@ -153,7 +154,6 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
private final Provider<InternalClient> clientProvider;
private final BlockingQueue<Message> eventQueue;
private final QueueConsumer queueConsumer;
private final Transport transport;
private final ThreadPool threadPool;
private final Lock putMappingLock = new ReentrantLock();
private final ClusterService clusterService;
@ -172,11 +172,10 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
}
@Inject
public IndexAuditTrail(Settings settings, Transport transport,
Provider<InternalClient> clientProvider, ThreadPool threadPool, ClusterService clusterService) {
public IndexAuditTrail(Settings settings, Provider<InternalClient> clientProvider, ThreadPool threadPool,
ClusterService clusterService) {
super(settings);
this.clientProvider = clientProvider;
this.transport = transport;
this.threadPool = threadPool;
this.clusterService = clusterService;
this.nodeName = settings.get("name");
@ -277,8 +276,8 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
*/
public void start(boolean master) {
if (state.compareAndSet(State.INITIALIZED, State.STARTING)) {
this.nodeHostName = transport.boundAddress().publishAddress().getHost();
this.nodeHostAddress = transport.boundAddress().publishAddress().getAddress();
this.nodeHostName = clusterService.localNode().getHostName();
this.nodeHostAddress = clusterService.localNode().getHostAddress();
if (client == null) {
initializeClient();
@ -545,7 +544,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
Message msg = new Message().start();
common("transport", type, msg.builder);
originAttributes(message, msg.builder, transport, threadPool.getThreadContext());
originAttributes(message, msg.builder, clusterService.localNode(), threadPool.getThreadContext());
if (action != null) {
msg.builder.field(Field.ACTION, action);
@ -577,7 +576,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
Message msg = new Message().start();
common("transport", type, msg.builder);
originAttributes(message, msg.builder, transport, threadPool.getThreadContext());
originAttributes(message, msg.builder, clusterService.localNode(), threadPool.getThreadContext());
if (action != null) {
msg.builder.field(Field.ACTION, action);
@ -672,8 +671,8 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
return builder;
}
private static XContentBuilder originAttributes(TransportMessage message, XContentBuilder builder, Transport transport, ThreadContext
threadContext) throws IOException {
private static XContentBuilder originAttributes(TransportMessage message, XContentBuilder builder,
DiscoveryNode localNode, ThreadContext threadContext) throws IOException {
// first checking if the message originated in a rest call
InetSocketAddress restAddress = RemoteHostHeader.restRemoteAddress(threadContext);
@ -698,7 +697,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
// the call was originated locally on this node
builder.field(Field.ORIGIN_TYPE, "local_node");
builder.field(Field.ORIGIN_ADDRESS, transport.boundAddress().publishAddress().getAddress());
builder.field(Field.ORIGIN_ADDRESS, localNode.getHostAddress());
return builder;
}

252
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java
View File

@ -5,6 +5,9 @@
*/
package org.elasticsearch.xpack.security.audit.logfile;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.component.AbstractLifecycleComponent;
import org.elasticsearch.common.component.Lifecycle;
import org.elasticsearch.common.component.LifecycleListener;
@ -44,7 +47,7 @@ import static org.elasticsearch.xpack.security.Security.setting;
/**
*
*/
public class LoggingAuditTrail extends AbstractLifecycleComponent implements AuditTrail {
public class LoggingAuditTrail extends AbstractComponent implements AuditTrail {
public static final String NAME = "logfile";
public static final Setting<Boolean> HOST_ADDRESS_SETTING =
@ -55,7 +58,7 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
Setting.boolSetting(setting("audit.logfile.prefix.emit_node_name"), true, Property.NodeScope);
private final ESLogger logger;
private final Transport transport;
private final ClusterService clusterService;
private final ThreadContext threadContext;
private String prefix;
@ -66,43 +69,22 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
}
@Inject
public LoggingAuditTrail(Settings settings, Transport transport, ThreadPool threadPool) {
this(settings, transport, Loggers.getLogger(LoggingAuditTrail.class), threadPool.getThreadContext());
public LoggingAuditTrail(Settings settings, ClusterService clusterService, ThreadPool threadPool) {
this(settings, clusterService, Loggers.getLogger(LoggingAuditTrail.class), threadPool.getThreadContext());
}
LoggingAuditTrail(Settings settings, Transport transport, ESLogger logger, ThreadContext threadContext) {
this("", settings, transport, logger, threadContext);
}
LoggingAuditTrail(String prefix, Settings settings, Transport transport, ESLogger logger, ThreadContext threadContext) {
LoggingAuditTrail(Settings settings, ClusterService clusterService, ESLogger logger, ThreadContext threadContext) {
super(settings);
this.logger = logger;
this.prefix = prefix;
this.transport = transport;
this.clusterService = clusterService;
this.threadContext = threadContext;
}
@Override
protected void doStart() {
if (transport.lifecycleState() == Lifecycle.State.STARTED) {
prefix = resolvePrefix(settings, transport);
} else {
transport.addLifecycleListener(new LifecycleListener() {
@Override
public void afterStart() {
prefix = resolvePrefix(settings, transport);
}
});
private String getPrefix() {
if (prefix == null) {
prefix = resolvePrefix(settings, clusterService.localNode());
}
}
@Override
protected void doStop() {
}
@Override
protected void doClose() {
return prefix;
}
@Override
@ -110,19 +92,20 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
String indices = indicesString(message);
if (indices != null) {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [anonymous_access_denied]\t{}, action=[{}], indices=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), action, indices, message.getClass().getSimpleName());
logger.debug("{}[transport] [anonymous_access_denied]\t{}, action=[{}], indices=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action, indices,
message.getClass().getSimpleName());
} else {
logger.warn("{}[transport] [anonymous_access_denied]\t{}, action=[{}], indices=[{}]", prefix, originAttributes(message,
transport, threadContext), action, indices);
logger.warn("{}[transport] [anonymous_access_denied]\t{}, action=[{}], indices=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action, indices);
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [anonymous_access_denied]\t{}, action=[{}], request=[{}]", prefix, originAttributes(message,
transport, threadContext), action, message.getClass().getSimpleName());
logger.debug("{}[transport] [anonymous_access_denied]\t{}, action=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action, message.getClass().getSimpleName());
} else {
logger.warn("{}[transport] [anonymous_access_denied]\t{}, action=[{}]", prefix, originAttributes(message, transport,
threadContext), action);
logger.warn("{}[transport] [anonymous_access_denied]\t{}, action=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action);
}
}
}
@ -130,10 +113,10 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
@Override
public void anonymousAccessDenied(RestRequest request) {
if (logger.isDebugEnabled()) {
logger.debug("{}[rest] [anonymous_access_denied]\t{}, uri=[{}], request_body=[{}]", prefix, hostAttributes(request), request
.uri(), restRequestContent(request));
logger.debug("{}[rest] [anonymous_access_denied]\t{}, uri=[{}], request_body=[{}]", getPrefix(),
hostAttributes(request), request.uri(), restRequestContent(request));
} else {
logger.warn("{}[rest] [anonymous_access_denied]\t{}, uri=[{}]", prefix, hostAttributes(request), request.uri());
logger.warn("{}[rest] [anonymous_access_denied]\t{}, uri=[{}]", getPrefix(), hostAttributes(request), request.uri());
}
}
@ -143,19 +126,20 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
if (indices != null) {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}], indices=[{}], request=[{}]",
prefix, originAttributes(message, transport, threadContext), token.principal(), action, indices, message.getClass
().getSimpleName());
getPrefix(), originAttributes(message, clusterService.localNode(), threadContext), token.principal(),
action, indices, message.getClass().getSimpleName());
} else {
logger.error("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}], indices=[{}]", prefix,
originAttributes(message, transport, threadContext), token.principal(), action, indices);
logger.error("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}], indices=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), token.principal(), action, indices);
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), token.principal(), action, message.getClass().getSimpleName());
logger.debug("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), token.principal(), action,
message.getClass().getSimpleName());
} else {
logger.error("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}]", prefix, originAttributes(message,
transport, threadContext), token.principal(), action);
logger.error("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), token.principal(), action);
}
}
}
@ -163,10 +147,10 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
@Override
public void authenticationFailed(RestRequest request) {
if (logger.isDebugEnabled()) {
logger.debug("{}[rest] [authentication_failed]\t{}, uri=[{}], request_body=[{}]", prefix, hostAttributes(request), request
.uri(), restRequestContent(request));
logger.debug("{}[rest] [authentication_failed]\t{}, uri=[{}], request_body=[{}]", getPrefix(), hostAttributes(request),
request.uri(), restRequestContent(request));
} else {
logger.error("{}[rest] [authentication_failed]\t{}, uri=[{}]", prefix, hostAttributes(request), request.uri());
logger.error("{}[rest] [authentication_failed]\t{}, uri=[{}]", getPrefix(), hostAttributes(request), request.uri());
}
}
@ -175,19 +159,20 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
String indices = indicesString(message);
if (indices != null) {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [authentication_failed]\t{}, action=[{}], indices=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), action, indices, message.getClass().getSimpleName());
logger.debug("{}[transport] [authentication_failed]\t{}, action=[{}], indices=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action, indices,
message.getClass().getSimpleName());
} else {
logger.error("{}[transport] [authentication_failed]\t{}, action=[{}], indices=[{}]", prefix, originAttributes(message,
transport, threadContext), action, indices);
logger.error("{}[transport] [authentication_failed]\t{}, action=[{}], indices=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action, indices);
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [authentication_failed]\t{}, action=[{}], request=[{}]", prefix, originAttributes(message,
transport, threadContext), action, message.getClass().getSimpleName());
logger.debug("{}[transport] [authentication_failed]\t{}, action=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action, message.getClass().getSimpleName());
} else {
logger.error("{}[transport] [authentication_failed]\t{}, action=[{}]", prefix, originAttributes(message, transport,
threadContext), action);
logger.error("{}[transport] [authentication_failed]\t{}, action=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action);
}
}
}
@ -195,11 +180,11 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
@Override
public void authenticationFailed(AuthenticationToken token, RestRequest request) {
if (logger.isDebugEnabled()) {
logger.debug("{}[rest] [authentication_failed]\t{}, principal=[{}], uri=[{}], request_body=[{}]", prefix, hostAttributes
(request), token.principal(), request.uri(), restRequestContent(request));
logger.debug("{}[rest] [authentication_failed]\t{}, principal=[{}], uri=[{}], request_body=[{}]", getPrefix(),
hostAttributes(request), token.principal(), request.uri(), restRequestContent(request));
} else {
logger.error("{}[rest] [authentication_failed]\t{}, principal=[{}], uri=[{}]", prefix, hostAttributes(request), token
.principal(), request.uri());
logger.error("{}[rest] [authentication_failed]\t{}, principal=[{}], uri=[{}]", getPrefix(), hostAttributes(request),
token.principal(), request.uri());
}
}
@ -209,12 +194,12 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
String indices = indicesString(message);
if (indices != null) {
logger.trace("{}[transport] [authentication_failed]\trealm=[{}], {}, principal=[{}], action=[{}], indices=[{}], " +
"request=[{}]", prefix, realm, originAttributes(message, transport, threadContext), token.principal(), action,
indices, message.getClass().getSimpleName());
"request=[{}]", getPrefix(), realm, originAttributes(message, clusterService.localNode(), threadContext),
token.principal(), action, indices, message.getClass().getSimpleName());
} else {
logger.trace("{}[transport] [authentication_failed]\trealm=[{}], {}, principal=[{}], action=[{}], request=[{}]", prefix,
realm, originAttributes(message, transport, threadContext), token.principal(), action, message.getClass()
.getSimpleName());
logger.trace("{}[transport] [authentication_failed]\trealm=[{}], {}, principal=[{}], action=[{}], request=[{}]",
getPrefix(), realm, originAttributes(message, clusterService.localNode(), threadContext), token.principal(),
action, message.getClass().getSimpleName());
}
}
}
@ -222,8 +207,8 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
@Override
public void authenticationFailed(String realm, AuthenticationToken token, RestRequest request) {
if (logger.isTraceEnabled()) {
logger.trace("{}[rest] [authentication_failed]\trealm=[{}], {}, principal=[{}], uri=[{}], request_body=[{}]", prefix, realm,
hostAttributes(request), token.principal(), request.uri(), restRequestContent(request));
logger.trace("{}[rest] [authentication_failed]\trealm=[{}], {}, principal=[{}], uri=[{}], request_body=[{}]", getPrefix(),
realm, hostAttributes(request), token.principal(), request.uri(), restRequestContent(request));
}
}
@ -235,12 +220,12 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
if ((SystemUser.is(user) && SystemPrivilege.INSTANCE.predicate().test(action)) || XPackUser.is(user)) {
if (logger.isTraceEnabled()) {
if (indices != null) {
logger.trace("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action, indices,
logger.trace("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action, indices,
message.getClass().getSimpleName());
} else {
logger.trace("{}[transport] [access_granted]\t{}, {}, action=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action,
logger.trace("{}[transport] [access_granted]\t{}, {}, action=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action,
message.getClass().getSimpleName());
}
}
@ -249,20 +234,21 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
if (indices != null) {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action, indices,
logger.debug("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action, indices,
message.getClass().getSimpleName());
} else {
logger.info("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action, indices);
logger.info("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action, indices);
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [access_granted]\t{}, {}, action=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action, message.getClass().getSimpleName());
logger.debug("{}[transport] [access_granted]\t{}, {}, action=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action,
message.getClass().getSimpleName());
} else {
logger.info("{}[transport] [access_granted]\t{}, {}, action=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action);
logger.info("{}[transport] [access_granted]\t{}, {}, action=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action);
}
}
}
@ -272,20 +258,21 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
String indices = indicesString(message);
if (indices != null) {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [access_denied]\t{}, {}, action=[{}], indices=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action, indices,
logger.debug("{}[transport] [access_denied]\t{}, {}, action=[{}], indices=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action, indices,
message.getClass().getSimpleName());
} else {
logger.error("{}[transport] [access_denied]\t{}, {}, action=[{}], indices=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action, indices);
logger.error("{}[transport] [access_denied]\t{}, {}, action=[{}], indices=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action, indices);
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [access_denied]\t{}, {}, action=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action, message.getClass().getSimpleName());
logger.debug("{}[transport] [access_denied]\t{}, {}, action=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action,
message.getClass().getSimpleName());
} else {
logger.error("{}[transport] [access_denied]\t{}, {}, action=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action);
logger.error("{}[transport] [access_denied]\t{}, {}, action=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action);
}
}
}
@ -293,10 +280,10 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
@Override
public void tamperedRequest(RestRequest request) {
if (logger.isDebugEnabled()) {
logger.debug("{}[rest] [tampered_request]\t{}, uri=[{}], request_body=[{}]", prefix, hostAttributes(request), request.uri(),
restRequestContent(request));
logger.debug("{}[rest] [tampered_request]\t{}, uri=[{}], request_body=[{}]", getPrefix(), hostAttributes(request),
request.uri(), restRequestContent(request));
} else {
logger.error("{}[rest] [tampered_request]\t{}, uri=[{}]", prefix, hostAttributes(request), request.uri());
logger.error("{}[rest] [tampered_request]\t{}, uri=[{}]", getPrefix(), hostAttributes(request), request.uri());
}
}
@ -305,19 +292,21 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
String indices = indicesString(message);
if (indices != null) {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [tampered_request]\t{}, action=[{}], indices=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), action, indices, message.getClass().getSimpleName());
logger.debug("{}[transport] [tampered_request]\t{}, action=[{}], indices=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action, indices,
message.getClass().getSimpleName());
} else {
logger.error("{}[transport] [tampered_request]\t{}, action=[{}], indices=[{}]", prefix,
originAttributes(message, transport, threadContext), action, indices);
logger.error("{}[transport] [tampered_request]\t{}, action=[{}], indices=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action, indices);
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [tampered_request]\t{}, action=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), action, message.getClass().getSimpleName());
logger.debug("{}[transport] [tampered_request]\t{}, action=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action,
message.getClass().getSimpleName());
} else {
logger.error("{}[transport] [tampered_request]\t{}, action=[{}]", prefix,
originAttributes(message, transport, threadContext), action);
logger.error("{}[transport] [tampered_request]\t{}, action=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action);
}
}
}
@ -327,20 +316,21 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
String indices = indicesString(request);
if (indices != null) {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [tampered_request]\t{}, {}, action=[{}], indices=[{}], request=[{}]", prefix,
originAttributes(request, transport, threadContext), principal(user), action, indices,
logger.debug("{}[transport] [tampered_request]\t{}, {}, action=[{}], indices=[{}], request=[{}]", getPrefix(),
originAttributes(request, clusterService.localNode(), threadContext), principal(user), action, indices,
request.getClass().getSimpleName());
} else {
logger.error("{}[transport] [tampered_request]\t{}, {}, action=[{}], indices=[{}]", prefix,
originAttributes(request, transport, threadContext), principal(user), action, indices);
logger.error("{}[transport] [tampered_request]\t{}, {}, action=[{}], indices=[{}]", getPrefix(),
originAttributes(request, clusterService.localNode(), threadContext), principal(user), action, indices);
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [tampered_request]\t{}, {}, action=[{}], request=[{}]", prefix,
originAttributes(request, transport, threadContext), principal(user), action, request.getClass().getSimpleName());
logger.debug("{}[transport] [tampered_request]\t{}, {}, action=[{}], request=[{}]", getPrefix(),
originAttributes(request, clusterService.localNode(), threadContext), principal(user), action,
request.getClass().getSimpleName());
} else {
logger.error("{}[transport] [tampered_request]\t{}, {}, action=[{}]", prefix,
originAttributes(request, transport, threadContext), principal(user), action);
logger.error("{}[transport] [tampered_request]\t{}, {}, action=[{}]", getPrefix(),
originAttributes(request, clusterService.localNode(), threadContext), principal(user), action);
}
}
}
@ -348,48 +338,50 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
@Override
public void connectionGranted(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) {
if (logger.isTraceEnabled()) {
logger.trace("{}[ip_filter] [connection_granted]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", prefix,
logger.trace("{}[ip_filter] [connection_granted]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", getPrefix(),
NetworkAddress.format(inetAddress), profile, rule);
}
}
@Override
public void connectionDenied(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) {
logger.error("{}[ip_filter] [connection_denied]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", prefix,
logger.error("{}[ip_filter] [connection_denied]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", getPrefix(),
NetworkAddress.format(inetAddress), profile, rule);
}
@Override
public void runAsGranted(User user, String action, TransportMessage message) {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [run_as_granted]\t{}, principal=[{}], run_as_principal=[{}], action=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), user.principal(), user.runAs().principal(), action,
message.getClass().getSimpleName());
logger.debug("{}[transport] [run_as_granted]\t{}, principal=[{}], run_as_principal=[{}], action=[{}], request=[{}]",
getPrefix(), originAttributes(message, clusterService.localNode(), threadContext), user.principal(),
user.runAs().principal(), action, message.getClass().getSimpleName());
} else {
logger.info("{}[transport] [run_as_granted]\t{}, principal=[{}], run_as_principal=[{}], action=[{}]", prefix,
originAttributes(message, transport, threadContext), user.principal(), user.runAs().principal(), action);
logger.info("{}[transport] [run_as_granted]\t{}, principal=[{}], run_as_principal=[{}], action=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), user.principal(),
user.runAs().principal(), action);
}
}
@Override
public void runAsDenied(User user, String action, TransportMessage message) {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [run_as_denied]\t{}, principal=[{}], run_as_principal=[{}], action=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), user.principal(), user.runAs().principal(), action,
message.getClass().getSimpleName());
logger.debug("{}[transport] [run_as_denied]\t{}, principal=[{}], run_as_principal=[{}], action=[{}], request=[{}]",
getPrefix(), originAttributes(message, clusterService.localNode(), threadContext), user.principal(),
user.runAs().principal(), action, message.getClass().getSimpleName());
} else {
logger.info("{}[transport] [run_as_denied]\t{}, principal=[{}], run_as_principal=[{}], action=[{}]", prefix,
originAttributes(message, transport, threadContext), user.principal(), user.runAs().principal(), action);
logger.info("{}[transport] [run_as_denied]\t{}, principal=[{}], run_as_principal=[{}], action=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), user.principal(),
user.runAs().principal(), action);
}
}
@Override
public void runAsDenied(User user, RestRequest request) {
if (logger.isDebugEnabled()) {
logger.debug("{}[rest] [run_as_denied]\t{}, principal=[{}], uri=[{}], request_body=[{}]", prefix,
logger.debug("{}[rest] [run_as_denied]\t{}, principal=[{}], uri=[{}], request_body=[{}]", getPrefix(),
hostAttributes(request), user.principal(), request.uri(), restRequestContent(request));
} else {
logger.info("{}[transport] [run_as_denied]\t{}, principal=[{}], uri=[{}]", prefix,
logger.info("{}[transport] [run_as_denied]\t{}, principal=[{}], uri=[{}]", getPrefix(),
hostAttributes(request), user.principal(), request.uri());
}
}
@ -405,7 +397,7 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
return "origin_address=[" + formattedAddress + "]";
}
static String originAttributes(TransportMessage message, Transport transport, ThreadContext threadContext) {
static String originAttributes(TransportMessage message, DiscoveryNode localNode, ThreadContext threadContext) {
StringBuilder builder = new StringBuilder();
// first checking if the message originated in a rest call
@ -433,21 +425,21 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
// the call was originated locally on this node
return builder.append("origin_type=[local_node], origin_address=[")
.append(transport.boundAddress().publishAddress().getAddress())
.append(localNode.getHostAddress())
.append("]")
.toString();
}
static String resolvePrefix(Settings settings, Transport transport) {
static String resolvePrefix(Settings settings, DiscoveryNode localNode) {
StringBuilder builder = new StringBuilder();
if (HOST_ADDRESS_SETTING.get(settings)) {
String address = transport.boundAddress().publishAddress().getAddress();
String address = localNode.getHostAddress();
if (address != null) {
builder.append("[").append(address).append("] ");
}
}
if (HOST_NAME_SETTING.get(settings)) {
String hostName = transport.boundAddress().publishAddress().getHost();
String hostName = localNode.getHostName();
if (hostName != null) {
builder.append("[").append(hostName).append("] ");
}

96
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/AuditTrailModuleTests.java
View File

@ -5,92 +5,46 @@
*/
package org.elasticsearch.xpack.security.audit;
import org.elasticsearch.common.inject.Guice;
import org.elasticsearch.common.inject.Injector;
import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.network.NetworkService;
import org.elasticsearch.common.inject.ModuleTestCase;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsModule;
import org.elasticsearch.indices.breaker.CircuitBreakerService;
import org.elasticsearch.node.Node;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.local.LocalTransport;
import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
public class AuditTrailModuleTests extends ModuleTestCase {
public class AuditTrailModuleTests extends ESTestCase {
public void testEnabled() throws Exception {
Settings settings = Settings.builder()
.put("client.type", "node")
.put(AuditTrailModule.ENABLED_SETTING.getKey(), false)
.build();
SettingsModule settingsModule = new SettingsModule(settings, AuditTrailModule.ENABLED_SETTING);
Injector injector = Guice.createInjector(settingsModule, new AuditTrailModule(settings));
AuditTrail auditTrail = injector.getInstance(AuditTrail.class);
assertThat(auditTrail, is(AuditTrail.NOOP));
Settings settings = Settings.builder().put(AuditTrailModule.ENABLED_SETTING.getKey(), true).build();
AuditTrailModule module = new AuditTrailModule(settings);
assertBinding(module, AuditTrail.class, AuditTrailService.class);
assertSetMultiBinding(module, AuditTrail.class, LoggingAuditTrail.class);
}
public void testDisabledByDefault() throws Exception {
Settings settings = Settings.builder()
.put("client.type", "node").build();
Injector injector = Guice.createInjector(new SettingsModule(settings), new AuditTrailModule(settings));
AuditTrail auditTrail = injector.getInstance(AuditTrail.class);
assertThat(auditTrail, is(AuditTrail.NOOP));
AuditTrailModule module = new AuditTrailModule(Settings.EMPTY);
assertInstanceBinding(module, AuditTrail.class, x -> x == AuditTrail.NOOP);
}
public void testLogfile() throws Exception {
public void testIndexAuditTrail() throws Exception {
Settings settings = Settings.builder()
.put(AuditTrailModule.ENABLED_SETTING.getKey(), true)
.put("client.type", "node")
.build();
ThreadPool pool = new TestThreadPool("testLogFile");
try {
SettingsModule settingsModule = new SettingsModule(settings, AuditTrailModule.ENABLED_SETTING);
Injector injector = Guice.createInjector(
settingsModule,
new NetworkModule(new NetworkService(settings), settings, false, new NamedWriteableRegistry()) {
@Override
protected void configure() {
bind(Transport.class).to(LocalTransport.class).asEagerSingleton();
}
},
new AuditTrailModule(settings),
b -> {
b.bind(CircuitBreakerService.class).toInstance(Node.createCircuitBreakerService(settingsModule.getSettings(),
settingsModule.getClusterSettings()));
b.bind(ThreadPool.class).toInstance(pool);
}
);
AuditTrail auditTrail = injector.getInstance(AuditTrail.class);
assertThat(auditTrail, instanceOf(AuditTrailService.class));
AuditTrailService service = (AuditTrailService) auditTrail;
assertThat(service.auditTrails, notNullValue());
assertThat(service.auditTrails.length, is(1));
assertThat(service.auditTrails[0], instanceOf(LoggingAuditTrail.class));
} finally {
pool.shutdown();
}
.put(AuditTrailModule.ENABLED_SETTING.getKey(), true)
.put(AuditTrailModule.OUTPUTS_SETTING.getKey(), "index").build();
AuditTrailModule module = new AuditTrailModule(settings);
assertSetMultiBinding(module, AuditTrail.class, IndexAuditTrail.class);
}
public void testIndexAndLoggingAuditTrail() throws Exception {
Settings settings = Settings.builder()
.put(AuditTrailModule.ENABLED_SETTING.getKey(), true)
.put(AuditTrailModule.OUTPUTS_SETTING.getKey(), "index,logfile").build();
AuditTrailModule module = new AuditTrailModule(settings);
assertSetMultiBinding(module, AuditTrail.class, IndexAuditTrail.class, LoggingAuditTrail.class);
}
public void testUnknownOutput() throws Exception {
Settings settings = Settings.builder()
.put(AuditTrailModule.ENABLED_SETTING.getKey(), true)
.put(AuditTrailModule.OUTPUTS_SETTING.getKey() , "foo")
.put("client.type", "node")
.build();
SettingsModule settingsModule = new SettingsModule(settings, AuditTrailModule.ENABLED_SETTING, AuditTrailModule.OUTPUTS_SETTING);
try {
Guice.createInjector(settingsModule, new AuditTrailModule(settings));
fail("Expect initialization to fail when an unknown audit trail output is configured");
} catch (Exception e) {
// expected
}
.put(AuditTrailModule.OUTPUTS_SETTING.getKey(), "foo").build();
AuditTrailModule module = new AuditTrailModule(settings);
assertBindingFailure(module, "unknown audit trail output [foo]");
}
}

12
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailMutedTests.java
View File

@ -13,6 +13,7 @@ import org.elasticsearch.action.ActionResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.FilterClient;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.inject.util.Providers;
import org.elasticsearch.common.settings.Settings;
@ -49,7 +50,7 @@ public class IndexAuditTrailMutedTests extends ESTestCase {
private InternalClient client;
private TransportClient transportClient;
private ThreadPool threadPool;
private Transport transport;
private ClusterService clusterService;
private IndexAuditTrail auditTrail;
private AtomicBoolean messageEnqueued;
@ -57,9 +58,10 @@ public class IndexAuditTrailMutedTests extends ESTestCase {
@Before
public void setup() {
transport = mock(Transport.class);
when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { LocalTransportAddress.buildUnique() },
LocalTransportAddress.buildUnique()));
DiscoveryNode localNode = mock(DiscoveryNode.class);
when(localNode.getHostAddress()).thenReturn(LocalTransportAddress.buildUnique().toString());
clusterService = mock(ClusterService.class);
when(clusterService.localNode()).thenReturn(localNode);
threadPool = new TestThreadPool("index audit trail tests");
transportClient = TransportClient.builder().settings(Settings.builder().put("transport.type", "local")).build();
@ -257,7 +259,7 @@ public class IndexAuditTrailMutedTests extends ESTestCase {
IndexAuditTrail createAuditTrail(String[] excludes) {
Settings settings = IndexAuditTrailTests.levelSettings(null, excludes);
auditTrail = new IndexAuditTrail(settings, transport, Providers.of(client), threadPool, mock(ClusterService.class)) {
auditTrail = new IndexAuditTrail(settings, Providers.of(client), threadPool, clusterService) {
@Override
void putTemplate(Settings settings) {
// make this a no-op so we don't have to stub out unnecessary client activities

12
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailTests.java
View File

@ -15,6 +15,7 @@ import org.elasticsearch.action.support.IndicesOptions;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.Requests;
import org.elasticsearch.cluster.health.ClusterHealthStatus;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.Priority;
import org.elasticsearch.common.inject.util.Providers;
@ -268,13 +269,14 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
Settings settings = builder.put(settings(rollover, includes, excludes)).build();
logger.info("--> settings: [{}]", settings.getAsMap().toString());
Transport transport = mock(Transport.class);
BoundTransportAddress boundTransportAddress = new BoundTransportAddress(new TransportAddress[]{ remoteHostAddress()},
remoteHostAddress());
when(transport.boundAddress()).thenReturn(boundTransportAddress);
DiscoveryNode localNode = mock(DiscoveryNode.class);
when(localNode.getHostAddress()).thenReturn(remoteHostAddress().getAddress());
when(localNode.getHostName()).thenReturn(remoteHostAddress().getHost());
ClusterService clusterService = mock(ClusterService.class);
when(clusterService.localNode()).thenReturn(localNode);
threadPool = new TestThreadPool("index audit trail tests");
enqueuedMessage = new SetOnce<>();
auditor = new IndexAuditTrail(settings, transport, Providers.of(internalClient()), threadPool, mock(ClusterService.class)) {
auditor = new IndexAuditTrail(settings, Providers.of(internalClient()), threadPool, clusterService) {
@Override
void enqueue(Message message, String type) {
enqueuedMessage.set(message);

11
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailUpdateMappingTests.java
View File

@ -6,6 +6,7 @@
package org.elasticsearch.xpack.security.audit.index;
import org.elasticsearch.action.admin.indices.mapping.get.GetMappingsResponse;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.inject.util.Providers;
import org.elasticsearch.common.settings.Settings;
@ -48,11 +49,11 @@ public class IndexAuditTrailUpdateMappingTests extends SecurityIntegTestCase {
IndexNameResolver.Rollover rollover = randomFrom(HOURLY, DAILY, WEEKLY, MONTHLY);
Settings settings = Settings.builder().put("xpack.security.audit.index.rollover", rollover.name().toLowerCase(Locale.ENGLISH))
.put("path.home", createTempDir()).build();
Transport transport = mock(Transport.class);
when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { LocalTransportAddress.buildUnique() },
LocalTransportAddress.buildUnique()));
auditor = new IndexAuditTrail(settings, transport, Providers.of(internalClient()), threadPool,
mock(ClusterService.class));
DiscoveryNode localNode = mock(DiscoveryNode.class);
when(localNode.getHostAddress()).thenReturn(LocalTransportAddress.buildUnique().toString());
ClusterService clusterService = mock(ClusterService.class);
when(clusterService.localNode()).thenReturn(localNode);
auditor = new IndexAuditTrail(settings, Providers.of(internalClient()), threadPool, clusterService);
// before starting we add an event
auditor.authenticationFailed(new FakeRestRequest());

104
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java
View File

@ -7,6 +7,8 @@ package org.elasticsearch.xpack.security.audit.logfile;
import org.elasticsearch.action.IndicesRequest;
import org.elasticsearch.action.support.IndicesOptions;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.bytes.BytesArray;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.component.Lifecycle;
@ -41,9 +43,6 @@ import static org.hamcrest.Matchers.is;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
/**
*
*/
public class LoggingAuditTrailTests extends ESTestCase {
private static enum RestContent {
VALID() {
@ -102,7 +101,8 @@ public class LoggingAuditTrailTests extends ESTestCase {
private String prefix;
private Settings settings;
private Transport transport;
private DiscoveryNode localNode;
private ClusterService clusterService;
private ThreadContext threadContext;
@Before
@ -112,21 +112,20 @@ public class LoggingAuditTrailTests extends ESTestCase {
.put("xpack.security.audit.logfile.prefix.emit_node_host_name", randomBoolean())
.put("xpack.security.audit.logfile.prefix.emit_node_name", randomBoolean())
.build();
transport = mock(Transport.class);
when(transport.lifecycleState()).thenReturn(Lifecycle.State.STARTED);
when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { LocalTransportAddress.buildUnique() },
LocalTransportAddress.buildUnique()));
prefix = LoggingAuditTrail.resolvePrefix(settings, transport);
localNode = mock(DiscoveryNode.class);
when(localNode.getHostAddress()).thenReturn(LocalTransportAddress.buildUnique().toString());
clusterService = mock(ClusterService.class);
when(clusterService.localNode()).thenReturn(localNode);
prefix = LoggingAuditTrail.resolvePrefix(settings, localNode);
}
public void testAnonymousAccessDeniedTransport() throws Exception {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);
String origins = LoggingAuditTrail.originAttributes(message, clusterService.localNode(), threadContext);
auditTrail.anonymousAccessDenied("_action", message);
switch (level) {
case ERROR:
@ -164,8 +163,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
auditTrail.anonymousAccessDenied(request);
switch (level) {
case ERROR:
@ -188,10 +186,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);;
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);;
auditTrail.authenticationFailed(new MockToken(), "_action", message);
switch (level) {
case ERROR:
@ -222,10 +219,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);;
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);;
auditTrail.authenticationFailed("_action", message);
switch (level) {
case ERROR:
@ -261,8 +257,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
when(request.uri()).thenReturn("_uri");
String expectedMessage = prepareRestContent(request);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
auditTrail.authenticationFailed(new MockToken(), request);
switch (level) {
case ERROR:
@ -289,8 +284,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
when(request.uri()).thenReturn("_uri");
String expectedMessage = prepareRestContent(request);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
auditTrail.authenticationFailed(request);
switch (level) {
case ERROR:
@ -311,10 +305,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);;
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);;
auditTrail.authenticationFailed("_realm", new MockToken(), "_action", message);
switch (level) {
case ERROR:
@ -344,8 +337,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
when(request.uri()).thenReturn("_uri");
String expectedMessage = prepareRestContent(request);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
auditTrail.authenticationFailed("_realm", new MockToken(), request);
switch (level) {
case ERROR:
@ -366,10 +358,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);
boolean runAs = randomBoolean();
User user;
if (runAs) {
@ -411,10 +402,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);
auditTrail.accessGranted(SystemUser.INSTANCE, "internal:_action", message);
switch (level) {
case ERROR:
@ -440,10 +430,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);
boolean runAs = randomBoolean();
User user;
if (runAs) {
@ -485,10 +474,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);
boolean runAs = randomBoolean();
User user;
if (runAs) {
@ -534,8 +522,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
auditTrail.tamperedRequest(request);
switch (level) {
case ERROR:
@ -557,10 +544,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
auditTrail.tamperedRequest(action, message);
switch (level) {
case ERROR:
@ -599,10 +585,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
auditTrail.tamperedRequest(user, action, message);
switch (level) {
case ERROR:
@ -633,8 +618,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
InetAddress inetAddress = InetAddress.getLoopbackAddress();
SecurityIpFilterRule rule = new SecurityIpFilterRule(false, "_all");
auditTrail.connectionDenied(inetAddress, "default", rule);
@ -656,8 +640,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
InetAddress inetAddress = InetAddress.getLoopbackAddress();
SecurityIpFilterRule rule = IPFilter.DEFAULT_PROFILE_ACCEPT_ALL;
auditTrail.connectionGranted(inetAddress, "default", rule);
@ -680,10 +663,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = new MockMessage(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);
User user = new User("_username", new String[]{"r1"}, new User("running as", new String[] {"r2"}));
auditTrail.runAsGranted(user, "_action", message);
switch (level) {
@ -707,10 +689,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = new MockMessage(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);
User user = new User("_username", new String[]{"r1"}, new User("running as", new String[] {"r2"}));
auditTrail.runAsDenied(user, "_action", message);
switch (level) {
@ -733,7 +714,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
public void testOriginAttributes() throws Exception {
threadContext = new ThreadContext(Settings.EMPTY);
MockMessage message = new MockMessage(threadContext);
String text = LoggingAuditTrail.originAttributes(message, transport, threadContext);;
String text = LoggingAuditTrail.originAttributes(message, localNode, threadContext);;
InetSocketAddress restAddress = RemoteHostHeader.restRemoteAddress(threadContext);
if (restAddress != null) {
assertThat(text, equalTo("origin_type=[rest], origin_address=[" +
@ -742,8 +723,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
TransportAddress address = message.remoteAddress();
if (address == null) {
assertThat(text, equalTo("origin_type=[local_node], origin_address=[" +
transport.boundAddress().publishAddress().getAddress() + "]"));
assertThat(text, equalTo("origin_type=[local_node], origin_address=[" + localNode.getHostAddress() + "]"));
return;
}