From f481dea1d05af54bc02945b1168c0df58e14db57 Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Wed, 13 Jul 2016 20:43:55 -0700 Subject: [PATCH] Internal: Remove use of Transport in audit trails Both logfile and index audit trails currently depend on injection of Transport in order to find the bound address of the local node. However, the ClusterService provides access to information about the local node, including the bound addresses. This change makes the audit trails use the cluster service, and also makes the logging audit trail not use a lifecycle. Original commit: elastic/x-pack-elasticsearch@d747d64ee108da3c6004d453d17b74cdaa4b86c8 --- .../xpack/security/Security.java | 6 +- .../security/audit/AuditTrailModule.java | 5 +- .../security/audit/index/IndexAuditTrail.java | 21 +- .../audit/logfile/LoggingAuditTrail.java | 252 +++++++++--------- .../security/audit/AuditTrailModuleTests.java | 96 ++----- .../index/IndexAuditTrailMutedTests.java | 12 +- .../audit/index/IndexAuditTrailTests.java | 12 +- .../IndexAuditTrailUpdateMappingTests.java | 11 +- .../audit/logfile/LoggingAuditTrailTests.java | 104 +++----- 9 files changed, 222 insertions(+), 297 deletions(-) diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java index 21d29bb730f..579ce3795b5 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java @@ -18,6 +18,7 @@ import java.util.function.Function; import org.elasticsearch.action.ActionRequest; import org.elasticsearch.action.ActionResponse; import org.elasticsearch.action.support.ActionFilter; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.Booleans; import org.elasticsearch.common.Strings; import org.elasticsearch.common.component.LifecycleComponent; @@ -179,11 +180,6 @@ public class Security implements ActionPlugin { return Collections.emptyList(); } List> list = new ArrayList<>(); - - //TODO why only focus on file audit logs? shouldn't we just check if audit trail is enabled in general? - if (AuditTrailModule.fileAuditLoggingEnabled(settings) == true) { - list.add(LoggingAuditTrail.class); - } list.add(SecurityLicensee.class); list.add(FileRolesStore.class); list.add(Realms.class); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailModule.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailModule.java index de26c226e7c..bee3c2d716d 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailModule.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailModule.java @@ -55,8 +55,7 @@ public class AuditTrailModule extends AbstractSecurityModule.Node { bind(AuditTrailService.class).asEagerSingleton(); bind(AuditTrail.class).to(AuditTrailService.class); Multibinder binder = Multibinder.newSetBinder(binder(), AuditTrail.class); - Set uniqueOutputs = Sets.newHashSet(outputs); - for (String output : uniqueOutputs) { + for (String output : outputs) { switch (output) { case LoggingAuditTrail.NAME: binder.addBinding().to(LoggingAuditTrail.class); @@ -67,7 +66,7 @@ public class AuditTrailModule extends AbstractSecurityModule.Node { bind(IndexAuditTrail.class).asEagerSingleton(); break; default: - throw new ElasticsearchException("unknown audit trail output [" + output + "]"); + throw new IllegalArgumentException("unknown audit trail output [" + output + "]"); } } } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrail.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrail.java index e3b00743df7..79811fe590c 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrail.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrail.java @@ -19,6 +19,7 @@ import org.elasticsearch.action.index.IndexRequest; import org.elasticsearch.client.Client; import org.elasticsearch.client.transport.TransportClient; import org.elasticsearch.cluster.ClusterChangedEvent; +import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.ClusterStateListener; @@ -153,7 +154,6 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl private final Provider clientProvider; private final BlockingQueue eventQueue; private final QueueConsumer queueConsumer; - private final Transport transport; private final ThreadPool threadPool; private final Lock putMappingLock = new ReentrantLock(); private final ClusterService clusterService; @@ -172,11 +172,10 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl } @Inject - public IndexAuditTrail(Settings settings, Transport transport, - Provider clientProvider, ThreadPool threadPool, ClusterService clusterService) { + public IndexAuditTrail(Settings settings, Provider clientProvider, ThreadPool threadPool, + ClusterService clusterService) { super(settings); this.clientProvider = clientProvider; - this.transport = transport; this.threadPool = threadPool; this.clusterService = clusterService; this.nodeName = settings.get("name"); @@ -277,8 +276,8 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl */ public void start(boolean master) { if (state.compareAndSet(State.INITIALIZED, State.STARTING)) { - this.nodeHostName = transport.boundAddress().publishAddress().getHost(); - this.nodeHostAddress = transport.boundAddress().publishAddress().getAddress(); + this.nodeHostName = clusterService.localNode().getHostName(); + this.nodeHostAddress = clusterService.localNode().getHostAddress(); if (client == null) { initializeClient(); @@ -545,7 +544,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl Message msg = new Message().start(); common("transport", type, msg.builder); - originAttributes(message, msg.builder, transport, threadPool.getThreadContext()); + originAttributes(message, msg.builder, clusterService.localNode(), threadPool.getThreadContext()); if (action != null) { msg.builder.field(Field.ACTION, action); @@ -577,7 +576,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl Message msg = new Message().start(); common("transport", type, msg.builder); - originAttributes(message, msg.builder, transport, threadPool.getThreadContext()); + originAttributes(message, msg.builder, clusterService.localNode(), threadPool.getThreadContext()); if (action != null) { msg.builder.field(Field.ACTION, action); @@ -672,8 +671,8 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl return builder; } - private static XContentBuilder originAttributes(TransportMessage message, XContentBuilder builder, Transport transport, ThreadContext - threadContext) throws IOException { + private static XContentBuilder originAttributes(TransportMessage message, XContentBuilder builder, + DiscoveryNode localNode, ThreadContext threadContext) throws IOException { // first checking if the message originated in a rest call InetSocketAddress restAddress = RemoteHostHeader.restRemoteAddress(threadContext); @@ -698,7 +697,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl // the call was originated locally on this node builder.field(Field.ORIGIN_TYPE, "local_node"); - builder.field(Field.ORIGIN_ADDRESS, transport.boundAddress().publishAddress().getAddress()); + builder.field(Field.ORIGIN_ADDRESS, localNode.getHostAddress()); return builder; } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java index 3db017b9804..209c87598dd 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java @@ -5,6 +5,9 @@ */ package org.elasticsearch.xpack.security.audit.logfile; +import org.elasticsearch.cluster.node.DiscoveryNode; +import org.elasticsearch.cluster.service.ClusterService; +import org.elasticsearch.common.component.AbstractComponent; import org.elasticsearch.common.component.AbstractLifecycleComponent; import org.elasticsearch.common.component.Lifecycle; import org.elasticsearch.common.component.LifecycleListener; @@ -44,7 +47,7 @@ import static org.elasticsearch.xpack.security.Security.setting; /** * */ -public class LoggingAuditTrail extends AbstractLifecycleComponent implements AuditTrail { +public class LoggingAuditTrail extends AbstractComponent implements AuditTrail { public static final String NAME = "logfile"; public static final Setting HOST_ADDRESS_SETTING = @@ -55,7 +58,7 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud Setting.boolSetting(setting("audit.logfile.prefix.emit_node_name"), true, Property.NodeScope); private final ESLogger logger; - private final Transport transport; + private final ClusterService clusterService; private final ThreadContext threadContext; private String prefix; @@ -66,43 +69,22 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud } @Inject - public LoggingAuditTrail(Settings settings, Transport transport, ThreadPool threadPool) { - this(settings, transport, Loggers.getLogger(LoggingAuditTrail.class), threadPool.getThreadContext()); + public LoggingAuditTrail(Settings settings, ClusterService clusterService, ThreadPool threadPool) { + this(settings, clusterService, Loggers.getLogger(LoggingAuditTrail.class), threadPool.getThreadContext()); } - LoggingAuditTrail(Settings settings, Transport transport, ESLogger logger, ThreadContext threadContext) { - this("", settings, transport, logger, threadContext); - } - - LoggingAuditTrail(String prefix, Settings settings, Transport transport, ESLogger logger, ThreadContext threadContext) { + LoggingAuditTrail(Settings settings, ClusterService clusterService, ESLogger logger, ThreadContext threadContext) { super(settings); this.logger = logger; - this.prefix = prefix; - this.transport = transport; + this.clusterService = clusterService; this.threadContext = threadContext; } - - @Override - protected void doStart() { - if (transport.lifecycleState() == Lifecycle.State.STARTED) { - prefix = resolvePrefix(settings, transport); - } else { - transport.addLifecycleListener(new LifecycleListener() { - @Override - public void afterStart() { - prefix = resolvePrefix(settings, transport); - } - }); + private String getPrefix() { + if (prefix == null) { + prefix = resolvePrefix(settings, clusterService.localNode()); } - } - - @Override - protected void doStop() { - } - - @Override - protected void doClose() { + return prefix; } @Override @@ -110,19 +92,20 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud String indices = indicesString(message); if (indices != null) { if (logger.isDebugEnabled()) { - logger.debug("{}[transport] [anonymous_access_denied]\t{}, action=[{}], indices=[{}], request=[{}]", prefix, - originAttributes(message, transport, threadContext), action, indices, message.getClass().getSimpleName()); + logger.debug("{}[transport] [anonymous_access_denied]\t{}, action=[{}], indices=[{}], request=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), action, indices, + message.getClass().getSimpleName()); } else { - logger.warn("{}[transport] [anonymous_access_denied]\t{}, action=[{}], indices=[{}]", prefix, originAttributes(message, - transport, threadContext), action, indices); + logger.warn("{}[transport] [anonymous_access_denied]\t{}, action=[{}], indices=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), action, indices); } } else { if (logger.isDebugEnabled()) { - logger.debug("{}[transport] [anonymous_access_denied]\t{}, action=[{}], request=[{}]", prefix, originAttributes(message, - transport, threadContext), action, message.getClass().getSimpleName()); + logger.debug("{}[transport] [anonymous_access_denied]\t{}, action=[{}], request=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), action, message.getClass().getSimpleName()); } else { - logger.warn("{}[transport] [anonymous_access_denied]\t{}, action=[{}]", prefix, originAttributes(message, transport, - threadContext), action); + logger.warn("{}[transport] [anonymous_access_denied]\t{}, action=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), action); } } } @@ -130,10 +113,10 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud @Override public void anonymousAccessDenied(RestRequest request) { if (logger.isDebugEnabled()) { - logger.debug("{}[rest] [anonymous_access_denied]\t{}, uri=[{}], request_body=[{}]", prefix, hostAttributes(request), request - .uri(), restRequestContent(request)); + logger.debug("{}[rest] [anonymous_access_denied]\t{}, uri=[{}], request_body=[{}]", getPrefix(), + hostAttributes(request), request.uri(), restRequestContent(request)); } else { - logger.warn("{}[rest] [anonymous_access_denied]\t{}, uri=[{}]", prefix, hostAttributes(request), request.uri()); + logger.warn("{}[rest] [anonymous_access_denied]\t{}, uri=[{}]", getPrefix(), hostAttributes(request), request.uri()); } } @@ -143,19 +126,20 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud if (indices != null) { if (logger.isDebugEnabled()) { logger.debug("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}], indices=[{}], request=[{}]", - prefix, originAttributes(message, transport, threadContext), token.principal(), action, indices, message.getClass - ().getSimpleName()); + getPrefix(), originAttributes(message, clusterService.localNode(), threadContext), token.principal(), + action, indices, message.getClass().getSimpleName()); } else { - logger.error("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}], indices=[{}]", prefix, - originAttributes(message, transport, threadContext), token.principal(), action, indices); + logger.error("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}], indices=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), token.principal(), action, indices); } } else { if (logger.isDebugEnabled()) { - logger.debug("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}], request=[{}]", prefix, - originAttributes(message, transport, threadContext), token.principal(), action, message.getClass().getSimpleName()); + logger.debug("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}], request=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), token.principal(), action, + message.getClass().getSimpleName()); } else { - logger.error("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}]", prefix, originAttributes(message, - transport, threadContext), token.principal(), action); + logger.error("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), token.principal(), action); } } } @@ -163,10 +147,10 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud @Override public void authenticationFailed(RestRequest request) { if (logger.isDebugEnabled()) { - logger.debug("{}[rest] [authentication_failed]\t{}, uri=[{}], request_body=[{}]", prefix, hostAttributes(request), request - .uri(), restRequestContent(request)); + logger.debug("{}[rest] [authentication_failed]\t{}, uri=[{}], request_body=[{}]", getPrefix(), hostAttributes(request), + request.uri(), restRequestContent(request)); } else { - logger.error("{}[rest] [authentication_failed]\t{}, uri=[{}]", prefix, hostAttributes(request), request.uri()); + logger.error("{}[rest] [authentication_failed]\t{}, uri=[{}]", getPrefix(), hostAttributes(request), request.uri()); } } @@ -175,19 +159,20 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud String indices = indicesString(message); if (indices != null) { if (logger.isDebugEnabled()) { - logger.debug("{}[transport] [authentication_failed]\t{}, action=[{}], indices=[{}], request=[{}]", prefix, - originAttributes(message, transport, threadContext), action, indices, message.getClass().getSimpleName()); + logger.debug("{}[transport] [authentication_failed]\t{}, action=[{}], indices=[{}], request=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), action, indices, + message.getClass().getSimpleName()); } else { - logger.error("{}[transport] [authentication_failed]\t{}, action=[{}], indices=[{}]", prefix, originAttributes(message, - transport, threadContext), action, indices); + logger.error("{}[transport] [authentication_failed]\t{}, action=[{}], indices=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), action, indices); } } else { if (logger.isDebugEnabled()) { - logger.debug("{}[transport] [authentication_failed]\t{}, action=[{}], request=[{}]", prefix, originAttributes(message, - transport, threadContext), action, message.getClass().getSimpleName()); + logger.debug("{}[transport] [authentication_failed]\t{}, action=[{}], request=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), action, message.getClass().getSimpleName()); } else { - logger.error("{}[transport] [authentication_failed]\t{}, action=[{}]", prefix, originAttributes(message, transport, - threadContext), action); + logger.error("{}[transport] [authentication_failed]\t{}, action=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), action); } } } @@ -195,11 +180,11 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud @Override public void authenticationFailed(AuthenticationToken token, RestRequest request) { if (logger.isDebugEnabled()) { - logger.debug("{}[rest] [authentication_failed]\t{}, principal=[{}], uri=[{}], request_body=[{}]", prefix, hostAttributes - (request), token.principal(), request.uri(), restRequestContent(request)); + logger.debug("{}[rest] [authentication_failed]\t{}, principal=[{}], uri=[{}], request_body=[{}]", getPrefix(), + hostAttributes(request), token.principal(), request.uri(), restRequestContent(request)); } else { - logger.error("{}[rest] [authentication_failed]\t{}, principal=[{}], uri=[{}]", prefix, hostAttributes(request), token - .principal(), request.uri()); + logger.error("{}[rest] [authentication_failed]\t{}, principal=[{}], uri=[{}]", getPrefix(), hostAttributes(request), + token.principal(), request.uri()); } } @@ -209,12 +194,12 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud String indices = indicesString(message); if (indices != null) { logger.trace("{}[transport] [authentication_failed]\trealm=[{}], {}, principal=[{}], action=[{}], indices=[{}], " + - "request=[{}]", prefix, realm, originAttributes(message, transport, threadContext), token.principal(), action, - indices, message.getClass().getSimpleName()); + "request=[{}]", getPrefix(), realm, originAttributes(message, clusterService.localNode(), threadContext), + token.principal(), action, indices, message.getClass().getSimpleName()); } else { - logger.trace("{}[transport] [authentication_failed]\trealm=[{}], {}, principal=[{}], action=[{}], request=[{}]", prefix, - realm, originAttributes(message, transport, threadContext), token.principal(), action, message.getClass() - .getSimpleName()); + logger.trace("{}[transport] [authentication_failed]\trealm=[{}], {}, principal=[{}], action=[{}], request=[{}]", + getPrefix(), realm, originAttributes(message, clusterService.localNode(), threadContext), token.principal(), + action, message.getClass().getSimpleName()); } } } @@ -222,8 +207,8 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud @Override public void authenticationFailed(String realm, AuthenticationToken token, RestRequest request) { if (logger.isTraceEnabled()) { - logger.trace("{}[rest] [authentication_failed]\trealm=[{}], {}, principal=[{}], uri=[{}], request_body=[{}]", prefix, realm, - hostAttributes(request), token.principal(), request.uri(), restRequestContent(request)); + logger.trace("{}[rest] [authentication_failed]\trealm=[{}], {}, principal=[{}], uri=[{}], request_body=[{}]", getPrefix(), + realm, hostAttributes(request), token.principal(), request.uri(), restRequestContent(request)); } } @@ -235,12 +220,12 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud if ((SystemUser.is(user) && SystemPrivilege.INSTANCE.predicate().test(action)) || XPackUser.is(user)) { if (logger.isTraceEnabled()) { if (indices != null) { - logger.trace("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}], request=[{}]", prefix, - originAttributes(message, transport, threadContext), principal(user), action, indices, + logger.trace("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}], request=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), principal(user), action, indices, message.getClass().getSimpleName()); } else { - logger.trace("{}[transport] [access_granted]\t{}, {}, action=[{}], request=[{}]", prefix, - originAttributes(message, transport, threadContext), principal(user), action, + logger.trace("{}[transport] [access_granted]\t{}, {}, action=[{}], request=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), principal(user), action, message.getClass().getSimpleName()); } } @@ -249,20 +234,21 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud if (indices != null) { if (logger.isDebugEnabled()) { - logger.debug("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}], request=[{}]", prefix, - originAttributes(message, transport, threadContext), principal(user), action, indices, + logger.debug("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}], request=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), principal(user), action, indices, message.getClass().getSimpleName()); } else { - logger.info("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}]", prefix, - originAttributes(message, transport, threadContext), principal(user), action, indices); + logger.info("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), principal(user), action, indices); } } else { if (logger.isDebugEnabled()) { - logger.debug("{}[transport] [access_granted]\t{}, {}, action=[{}], request=[{}]", prefix, - originAttributes(message, transport, threadContext), principal(user), action, message.getClass().getSimpleName()); + logger.debug("{}[transport] [access_granted]\t{}, {}, action=[{}], request=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), principal(user), action, + message.getClass().getSimpleName()); } else { - logger.info("{}[transport] [access_granted]\t{}, {}, action=[{}]", prefix, - originAttributes(message, transport, threadContext), principal(user), action); + logger.info("{}[transport] [access_granted]\t{}, {}, action=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), principal(user), action); } } } @@ -272,20 +258,21 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud String indices = indicesString(message); if (indices != null) { if (logger.isDebugEnabled()) { - logger.debug("{}[transport] [access_denied]\t{}, {}, action=[{}], indices=[{}], request=[{}]", prefix, - originAttributes(message, transport, threadContext), principal(user), action, indices, + logger.debug("{}[transport] [access_denied]\t{}, {}, action=[{}], indices=[{}], request=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), principal(user), action, indices, message.getClass().getSimpleName()); } else { - logger.error("{}[transport] [access_denied]\t{}, {}, action=[{}], indices=[{}]", prefix, - originAttributes(message, transport, threadContext), principal(user), action, indices); + logger.error("{}[transport] [access_denied]\t{}, {}, action=[{}], indices=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), principal(user), action, indices); } } else { if (logger.isDebugEnabled()) { - logger.debug("{}[transport] [access_denied]\t{}, {}, action=[{}], request=[{}]", prefix, - originAttributes(message, transport, threadContext), principal(user), action, message.getClass().getSimpleName()); + logger.debug("{}[transport] [access_denied]\t{}, {}, action=[{}], request=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), principal(user), action, + message.getClass().getSimpleName()); } else { - logger.error("{}[transport] [access_denied]\t{}, {}, action=[{}]", prefix, - originAttributes(message, transport, threadContext), principal(user), action); + logger.error("{}[transport] [access_denied]\t{}, {}, action=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), principal(user), action); } } } @@ -293,10 +280,10 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud @Override public void tamperedRequest(RestRequest request) { if (logger.isDebugEnabled()) { - logger.debug("{}[rest] [tampered_request]\t{}, uri=[{}], request_body=[{}]", prefix, hostAttributes(request), request.uri(), - restRequestContent(request)); + logger.debug("{}[rest] [tampered_request]\t{}, uri=[{}], request_body=[{}]", getPrefix(), hostAttributes(request), + request.uri(), restRequestContent(request)); } else { - logger.error("{}[rest] [tampered_request]\t{}, uri=[{}]", prefix, hostAttributes(request), request.uri()); + logger.error("{}[rest] [tampered_request]\t{}, uri=[{}]", getPrefix(), hostAttributes(request), request.uri()); } } @@ -305,19 +292,21 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud String indices = indicesString(message); if (indices != null) { if (logger.isDebugEnabled()) { - logger.debug("{}[transport] [tampered_request]\t{}, action=[{}], indices=[{}], request=[{}]", prefix, - originAttributes(message, transport, threadContext), action, indices, message.getClass().getSimpleName()); + logger.debug("{}[transport] [tampered_request]\t{}, action=[{}], indices=[{}], request=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), action, indices, + message.getClass().getSimpleName()); } else { - logger.error("{}[transport] [tampered_request]\t{}, action=[{}], indices=[{}]", prefix, - originAttributes(message, transport, threadContext), action, indices); + logger.error("{}[transport] [tampered_request]\t{}, action=[{}], indices=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), action, indices); } } else { if (logger.isDebugEnabled()) { - logger.debug("{}[transport] [tampered_request]\t{}, action=[{}], request=[{}]", prefix, - originAttributes(message, transport, threadContext), action, message.getClass().getSimpleName()); + logger.debug("{}[transport] [tampered_request]\t{}, action=[{}], request=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), action, + message.getClass().getSimpleName()); } else { - logger.error("{}[transport] [tampered_request]\t{}, action=[{}]", prefix, - originAttributes(message, transport, threadContext), action); + logger.error("{}[transport] [tampered_request]\t{}, action=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), action); } } } @@ -327,20 +316,21 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud String indices = indicesString(request); if (indices != null) { if (logger.isDebugEnabled()) { - logger.debug("{}[transport] [tampered_request]\t{}, {}, action=[{}], indices=[{}], request=[{}]", prefix, - originAttributes(request, transport, threadContext), principal(user), action, indices, + logger.debug("{}[transport] [tampered_request]\t{}, {}, action=[{}], indices=[{}], request=[{}]", getPrefix(), + originAttributes(request, clusterService.localNode(), threadContext), principal(user), action, indices, request.getClass().getSimpleName()); } else { - logger.error("{}[transport] [tampered_request]\t{}, {}, action=[{}], indices=[{}]", prefix, - originAttributes(request, transport, threadContext), principal(user), action, indices); + logger.error("{}[transport] [tampered_request]\t{}, {}, action=[{}], indices=[{}]", getPrefix(), + originAttributes(request, clusterService.localNode(), threadContext), principal(user), action, indices); } } else { if (logger.isDebugEnabled()) { - logger.debug("{}[transport] [tampered_request]\t{}, {}, action=[{}], request=[{}]", prefix, - originAttributes(request, transport, threadContext), principal(user), action, request.getClass().getSimpleName()); + logger.debug("{}[transport] [tampered_request]\t{}, {}, action=[{}], request=[{}]", getPrefix(), + originAttributes(request, clusterService.localNode(), threadContext), principal(user), action, + request.getClass().getSimpleName()); } else { - logger.error("{}[transport] [tampered_request]\t{}, {}, action=[{}]", prefix, - originAttributes(request, transport, threadContext), principal(user), action); + logger.error("{}[transport] [tampered_request]\t{}, {}, action=[{}]", getPrefix(), + originAttributes(request, clusterService.localNode(), threadContext), principal(user), action); } } } @@ -348,48 +338,50 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud @Override public void connectionGranted(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) { if (logger.isTraceEnabled()) { - logger.trace("{}[ip_filter] [connection_granted]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", prefix, + logger.trace("{}[ip_filter] [connection_granted]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", getPrefix(), NetworkAddress.format(inetAddress), profile, rule); } } @Override public void connectionDenied(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) { - logger.error("{}[ip_filter] [connection_denied]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", prefix, + logger.error("{}[ip_filter] [connection_denied]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", getPrefix(), NetworkAddress.format(inetAddress), profile, rule); } @Override public void runAsGranted(User user, String action, TransportMessage message) { if (logger.isDebugEnabled()) { - logger.debug("{}[transport] [run_as_granted]\t{}, principal=[{}], run_as_principal=[{}], action=[{}], request=[{}]", prefix, - originAttributes(message, transport, threadContext), user.principal(), user.runAs().principal(), action, - message.getClass().getSimpleName()); + logger.debug("{}[transport] [run_as_granted]\t{}, principal=[{}], run_as_principal=[{}], action=[{}], request=[{}]", + getPrefix(), originAttributes(message, clusterService.localNode(), threadContext), user.principal(), + user.runAs().principal(), action, message.getClass().getSimpleName()); } else { - logger.info("{}[transport] [run_as_granted]\t{}, principal=[{}], run_as_principal=[{}], action=[{}]", prefix, - originAttributes(message, transport, threadContext), user.principal(), user.runAs().principal(), action); + logger.info("{}[transport] [run_as_granted]\t{}, principal=[{}], run_as_principal=[{}], action=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), user.principal(), + user.runAs().principal(), action); } } @Override public void runAsDenied(User user, String action, TransportMessage message) { if (logger.isDebugEnabled()) { - logger.debug("{}[transport] [run_as_denied]\t{}, principal=[{}], run_as_principal=[{}], action=[{}], request=[{}]", prefix, - originAttributes(message, transport, threadContext), user.principal(), user.runAs().principal(), action, - message.getClass().getSimpleName()); + logger.debug("{}[transport] [run_as_denied]\t{}, principal=[{}], run_as_principal=[{}], action=[{}], request=[{}]", + getPrefix(), originAttributes(message, clusterService.localNode(), threadContext), user.principal(), + user.runAs().principal(), action, message.getClass().getSimpleName()); } else { - logger.info("{}[transport] [run_as_denied]\t{}, principal=[{}], run_as_principal=[{}], action=[{}]", prefix, - originAttributes(message, transport, threadContext), user.principal(), user.runAs().principal(), action); + logger.info("{}[transport] [run_as_denied]\t{}, principal=[{}], run_as_principal=[{}], action=[{}]", getPrefix(), + originAttributes(message, clusterService.localNode(), threadContext), user.principal(), + user.runAs().principal(), action); } } @Override public void runAsDenied(User user, RestRequest request) { if (logger.isDebugEnabled()) { - logger.debug("{}[rest] [run_as_denied]\t{}, principal=[{}], uri=[{}], request_body=[{}]", prefix, + logger.debug("{}[rest] [run_as_denied]\t{}, principal=[{}], uri=[{}], request_body=[{}]", getPrefix(), hostAttributes(request), user.principal(), request.uri(), restRequestContent(request)); } else { - logger.info("{}[transport] [run_as_denied]\t{}, principal=[{}], uri=[{}]", prefix, + logger.info("{}[transport] [run_as_denied]\t{}, principal=[{}], uri=[{}]", getPrefix(), hostAttributes(request), user.principal(), request.uri()); } } @@ -405,7 +397,7 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud return "origin_address=[" + formattedAddress + "]"; } - static String originAttributes(TransportMessage message, Transport transport, ThreadContext threadContext) { + static String originAttributes(TransportMessage message, DiscoveryNode localNode, ThreadContext threadContext) { StringBuilder builder = new StringBuilder(); // first checking if the message originated in a rest call @@ -433,21 +425,21 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud // the call was originated locally on this node return builder.append("origin_type=[local_node], origin_address=[") - .append(transport.boundAddress().publishAddress().getAddress()) + .append(localNode.getHostAddress()) .append("]") .toString(); } - static String resolvePrefix(Settings settings, Transport transport) { + static String resolvePrefix(Settings settings, DiscoveryNode localNode) { StringBuilder builder = new StringBuilder(); if (HOST_ADDRESS_SETTING.get(settings)) { - String address = transport.boundAddress().publishAddress().getAddress(); + String address = localNode.getHostAddress(); if (address != null) { builder.append("[").append(address).append("] "); } } if (HOST_NAME_SETTING.get(settings)) { - String hostName = transport.boundAddress().publishAddress().getHost(); + String hostName = localNode.getHostName(); if (hostName != null) { builder.append("[").append(hostName).append("] "); } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/AuditTrailModuleTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/AuditTrailModuleTests.java index 660304b31b7..4a5f9871bdc 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/AuditTrailModuleTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/AuditTrailModuleTests.java @@ -5,92 +5,46 @@ */ package org.elasticsearch.xpack.security.audit; -import org.elasticsearch.common.inject.Guice; -import org.elasticsearch.common.inject.Injector; -import org.elasticsearch.common.io.stream.NamedWriteableRegistry; -import org.elasticsearch.common.network.NetworkModule; -import org.elasticsearch.common.network.NetworkService; +import org.elasticsearch.common.inject.ModuleTestCase; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.settings.SettingsModule; -import org.elasticsearch.indices.breaker.CircuitBreakerService; -import org.elasticsearch.node.Node; -import org.elasticsearch.test.ESTestCase; -import org.elasticsearch.threadpool.TestThreadPool; -import org.elasticsearch.threadpool.ThreadPool; -import org.elasticsearch.transport.Transport; -import org.elasticsearch.transport.local.LocalTransport; +import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail; import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail; -import static org.hamcrest.Matchers.instanceOf; -import static org.hamcrest.Matchers.is; -import static org.hamcrest.Matchers.notNullValue; +public class AuditTrailModuleTests extends ModuleTestCase { -public class AuditTrailModuleTests extends ESTestCase { public void testEnabled() throws Exception { - Settings settings = Settings.builder() - .put("client.type", "node") - .put(AuditTrailModule.ENABLED_SETTING.getKey(), false) - .build(); - SettingsModule settingsModule = new SettingsModule(settings, AuditTrailModule.ENABLED_SETTING); - Injector injector = Guice.createInjector(settingsModule, new AuditTrailModule(settings)); - AuditTrail auditTrail = injector.getInstance(AuditTrail.class); - assertThat(auditTrail, is(AuditTrail.NOOP)); + Settings settings = Settings.builder().put(AuditTrailModule.ENABLED_SETTING.getKey(), true).build(); + AuditTrailModule module = new AuditTrailModule(settings); + assertBinding(module, AuditTrail.class, AuditTrailService.class); + assertSetMultiBinding(module, AuditTrail.class, LoggingAuditTrail.class); } public void testDisabledByDefault() throws Exception { - Settings settings = Settings.builder() - .put("client.type", "node").build(); - Injector injector = Guice.createInjector(new SettingsModule(settings), new AuditTrailModule(settings)); - AuditTrail auditTrail = injector.getInstance(AuditTrail.class); - assertThat(auditTrail, is(AuditTrail.NOOP)); + AuditTrailModule module = new AuditTrailModule(Settings.EMPTY); + assertInstanceBinding(module, AuditTrail.class, x -> x == AuditTrail.NOOP); } - public void testLogfile() throws Exception { + public void testIndexAuditTrail() throws Exception { Settings settings = Settings.builder() - .put(AuditTrailModule.ENABLED_SETTING.getKey(), true) - .put("client.type", "node") - .build(); - ThreadPool pool = new TestThreadPool("testLogFile"); - try { - SettingsModule settingsModule = new SettingsModule(settings, AuditTrailModule.ENABLED_SETTING); - Injector injector = Guice.createInjector( - settingsModule, - new NetworkModule(new NetworkService(settings), settings, false, new NamedWriteableRegistry()) { - @Override - protected void configure() { - bind(Transport.class).to(LocalTransport.class).asEagerSingleton(); - } - }, - new AuditTrailModule(settings), - b -> { - b.bind(CircuitBreakerService.class).toInstance(Node.createCircuitBreakerService(settingsModule.getSettings(), - settingsModule.getClusterSettings())); - b.bind(ThreadPool.class).toInstance(pool); - } - ); - AuditTrail auditTrail = injector.getInstance(AuditTrail.class); - assertThat(auditTrail, instanceOf(AuditTrailService.class)); - AuditTrailService service = (AuditTrailService) auditTrail; - assertThat(service.auditTrails, notNullValue()); - assertThat(service.auditTrails.length, is(1)); - assertThat(service.auditTrails[0], instanceOf(LoggingAuditTrail.class)); - } finally { - pool.shutdown(); - } + .put(AuditTrailModule.ENABLED_SETTING.getKey(), true) + .put(AuditTrailModule.OUTPUTS_SETTING.getKey(), "index").build(); + AuditTrailModule module = new AuditTrailModule(settings); + assertSetMultiBinding(module, AuditTrail.class, IndexAuditTrail.class); + } + + public void testIndexAndLoggingAuditTrail() throws Exception { + Settings settings = Settings.builder() + .put(AuditTrailModule.ENABLED_SETTING.getKey(), true) + .put(AuditTrailModule.OUTPUTS_SETTING.getKey(), "index,logfile").build(); + AuditTrailModule module = new AuditTrailModule(settings); + assertSetMultiBinding(module, AuditTrail.class, IndexAuditTrail.class, LoggingAuditTrail.class); } public void testUnknownOutput() throws Exception { Settings settings = Settings.builder() .put(AuditTrailModule.ENABLED_SETTING.getKey(), true) - .put(AuditTrailModule.OUTPUTS_SETTING.getKey() , "foo") - .put("client.type", "node") - .build(); - SettingsModule settingsModule = new SettingsModule(settings, AuditTrailModule.ENABLED_SETTING, AuditTrailModule.OUTPUTS_SETTING); - try { - Guice.createInjector(settingsModule, new AuditTrailModule(settings)); - fail("Expect initialization to fail when an unknown audit trail output is configured"); - } catch (Exception e) { - // expected - } + .put(AuditTrailModule.OUTPUTS_SETTING.getKey(), "foo").build(); + AuditTrailModule module = new AuditTrailModule(settings); + assertBindingFailure(module, "unknown audit trail output [foo]"); } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailMutedTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailMutedTests.java index 47105853454..e837ee3eef5 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailMutedTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailMutedTests.java @@ -13,6 +13,7 @@ import org.elasticsearch.action.ActionResponse; import org.elasticsearch.client.Client; import org.elasticsearch.client.FilterClient; import org.elasticsearch.client.transport.TransportClient; +import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.inject.util.Providers; import org.elasticsearch.common.settings.Settings; @@ -49,7 +50,7 @@ public class IndexAuditTrailMutedTests extends ESTestCase { private InternalClient client; private TransportClient transportClient; private ThreadPool threadPool; - private Transport transport; + private ClusterService clusterService; private IndexAuditTrail auditTrail; private AtomicBoolean messageEnqueued; @@ -57,9 +58,10 @@ public class IndexAuditTrailMutedTests extends ESTestCase { @Before public void setup() { - transport = mock(Transport.class); - when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { LocalTransportAddress.buildUnique() }, - LocalTransportAddress.buildUnique())); + DiscoveryNode localNode = mock(DiscoveryNode.class); + when(localNode.getHostAddress()).thenReturn(LocalTransportAddress.buildUnique().toString()); + clusterService = mock(ClusterService.class); + when(clusterService.localNode()).thenReturn(localNode); threadPool = new TestThreadPool("index audit trail tests"); transportClient = TransportClient.builder().settings(Settings.builder().put("transport.type", "local")).build(); @@ -257,7 +259,7 @@ public class IndexAuditTrailMutedTests extends ESTestCase { IndexAuditTrail createAuditTrail(String[] excludes) { Settings settings = IndexAuditTrailTests.levelSettings(null, excludes); - auditTrail = new IndexAuditTrail(settings, transport, Providers.of(client), threadPool, mock(ClusterService.class)) { + auditTrail = new IndexAuditTrail(settings, Providers.of(client), threadPool, clusterService) { @Override void putTemplate(Settings settings) { // make this a no-op so we don't have to stub out unnecessary client activities diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailTests.java index f48d5b114e7..2e322a74bb1 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailTests.java @@ -15,6 +15,7 @@ import org.elasticsearch.action.support.IndicesOptions; import org.elasticsearch.client.Client; import org.elasticsearch.client.Requests; import org.elasticsearch.cluster.health.ClusterHealthStatus; +import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.Priority; import org.elasticsearch.common.inject.util.Providers; @@ -268,13 +269,14 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase { Settings settings = builder.put(settings(rollover, includes, excludes)).build(); logger.info("--> settings: [{}]", settings.getAsMap().toString()); - Transport transport = mock(Transport.class); - BoundTransportAddress boundTransportAddress = new BoundTransportAddress(new TransportAddress[]{ remoteHostAddress()}, - remoteHostAddress()); - when(transport.boundAddress()).thenReturn(boundTransportAddress); + DiscoveryNode localNode = mock(DiscoveryNode.class); + when(localNode.getHostAddress()).thenReturn(remoteHostAddress().getAddress()); + when(localNode.getHostName()).thenReturn(remoteHostAddress().getHost()); + ClusterService clusterService = mock(ClusterService.class); + when(clusterService.localNode()).thenReturn(localNode); threadPool = new TestThreadPool("index audit trail tests"); enqueuedMessage = new SetOnce<>(); - auditor = new IndexAuditTrail(settings, transport, Providers.of(internalClient()), threadPool, mock(ClusterService.class)) { + auditor = new IndexAuditTrail(settings, Providers.of(internalClient()), threadPool, clusterService) { @Override void enqueue(Message message, String type) { enqueuedMessage.set(message); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailUpdateMappingTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailUpdateMappingTests.java index b6e4c6cfb51..c8ef9ba8a71 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailUpdateMappingTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailUpdateMappingTests.java @@ -6,6 +6,7 @@ package org.elasticsearch.xpack.security.audit.index; import org.elasticsearch.action.admin.indices.mapping.get.GetMappingsResponse; +import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.inject.util.Providers; import org.elasticsearch.common.settings.Settings; @@ -48,11 +49,11 @@ public class IndexAuditTrailUpdateMappingTests extends SecurityIntegTestCase { IndexNameResolver.Rollover rollover = randomFrom(HOURLY, DAILY, WEEKLY, MONTHLY); Settings settings = Settings.builder().put("xpack.security.audit.index.rollover", rollover.name().toLowerCase(Locale.ENGLISH)) .put("path.home", createTempDir()).build(); - Transport transport = mock(Transport.class); - when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { LocalTransportAddress.buildUnique() }, - LocalTransportAddress.buildUnique())); - auditor = new IndexAuditTrail(settings, transport, Providers.of(internalClient()), threadPool, - mock(ClusterService.class)); + DiscoveryNode localNode = mock(DiscoveryNode.class); + when(localNode.getHostAddress()).thenReturn(LocalTransportAddress.buildUnique().toString()); + ClusterService clusterService = mock(ClusterService.class); + when(clusterService.localNode()).thenReturn(localNode); + auditor = new IndexAuditTrail(settings, Providers.of(internalClient()), threadPool, clusterService); // before starting we add an event auditor.authenticationFailed(new FakeRestRequest()); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java index 11104ff64d5..fc447fa2628 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java @@ -7,6 +7,8 @@ package org.elasticsearch.xpack.security.audit.logfile; import org.elasticsearch.action.IndicesRequest; import org.elasticsearch.action.support.IndicesOptions; +import org.elasticsearch.cluster.node.DiscoveryNode; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.bytes.BytesArray; import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.component.Lifecycle; @@ -41,9 +43,6 @@ import static org.hamcrest.Matchers.is; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; -/** - * - */ public class LoggingAuditTrailTests extends ESTestCase { private static enum RestContent { VALID() { @@ -102,7 +101,8 @@ public class LoggingAuditTrailTests extends ESTestCase { private String prefix; private Settings settings; - private Transport transport; + private DiscoveryNode localNode; + private ClusterService clusterService; private ThreadContext threadContext; @Before @@ -112,21 +112,20 @@ public class LoggingAuditTrailTests extends ESTestCase { .put("xpack.security.audit.logfile.prefix.emit_node_host_name", randomBoolean()) .put("xpack.security.audit.logfile.prefix.emit_node_name", randomBoolean()) .build(); - transport = mock(Transport.class); - when(transport.lifecycleState()).thenReturn(Lifecycle.State.STARTED); - when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { LocalTransportAddress.buildUnique() }, - LocalTransportAddress.buildUnique())); - prefix = LoggingAuditTrail.resolvePrefix(settings, transport); + localNode = mock(DiscoveryNode.class); + when(localNode.getHostAddress()).thenReturn(LocalTransportAddress.buildUnique().toString()); + clusterService = mock(ClusterService.class); + when(clusterService.localNode()).thenReturn(localNode); + prefix = LoggingAuditTrail.resolvePrefix(settings, localNode); } public void testAnonymousAccessDeniedTransport() throws Exception { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); CapturingLogger logger = new CapturingLogger(level); - LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext); - auditTrail.start(); + LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); - String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext); + String origins = LoggingAuditTrail.originAttributes(message, clusterService.localNode(), threadContext); auditTrail.anonymousAccessDenied("_action", message); switch (level) { case ERROR: @@ -164,8 +163,7 @@ public class LoggingAuditTrailTests extends ESTestCase { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); CapturingLogger logger = new CapturingLogger(level); - LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext); - auditTrail.start(); + LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); auditTrail.anonymousAccessDenied(request); switch (level) { case ERROR: @@ -188,10 +186,9 @@ public class LoggingAuditTrailTests extends ESTestCase { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); CapturingLogger logger = new CapturingLogger(level); - LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext); - auditTrail.start(); + LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); - String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);; + String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);; auditTrail.authenticationFailed(new MockToken(), "_action", message); switch (level) { case ERROR: @@ -222,10 +219,9 @@ public class LoggingAuditTrailTests extends ESTestCase { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); CapturingLogger logger = new CapturingLogger(level); - LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext); - auditTrail.start(); + LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); - String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);; + String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);; auditTrail.authenticationFailed("_action", message); switch (level) { case ERROR: @@ -261,8 +257,7 @@ public class LoggingAuditTrailTests extends ESTestCase { when(request.uri()).thenReturn("_uri"); String expectedMessage = prepareRestContent(request); CapturingLogger logger = new CapturingLogger(level); - LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext); - auditTrail.start(); + LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); auditTrail.authenticationFailed(new MockToken(), request); switch (level) { case ERROR: @@ -289,8 +284,7 @@ public class LoggingAuditTrailTests extends ESTestCase { when(request.uri()).thenReturn("_uri"); String expectedMessage = prepareRestContent(request); CapturingLogger logger = new CapturingLogger(level); - LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext); - auditTrail.start(); + LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); auditTrail.authenticationFailed(request); switch (level) { case ERROR: @@ -311,10 +305,9 @@ public class LoggingAuditTrailTests extends ESTestCase { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); CapturingLogger logger = new CapturingLogger(level); - LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext); - auditTrail.start(); + LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); - String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);; + String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);; auditTrail.authenticationFailed("_realm", new MockToken(), "_action", message); switch (level) { case ERROR: @@ -344,8 +337,7 @@ public class LoggingAuditTrailTests extends ESTestCase { when(request.uri()).thenReturn("_uri"); String expectedMessage = prepareRestContent(request); CapturingLogger logger = new CapturingLogger(level); - LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext); - auditTrail.start(); + LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); auditTrail.authenticationFailed("_realm", new MockToken(), request); switch (level) { case ERROR: @@ -366,10 +358,9 @@ public class LoggingAuditTrailTests extends ESTestCase { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); CapturingLogger logger = new CapturingLogger(level); - LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext); - auditTrail.start(); + LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); - String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext); + String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext); boolean runAs = randomBoolean(); User user; if (runAs) { @@ -411,10 +402,9 @@ public class LoggingAuditTrailTests extends ESTestCase { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); CapturingLogger logger = new CapturingLogger(level); - LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext); - auditTrail.start(); + LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); - String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext); + String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext); auditTrail.accessGranted(SystemUser.INSTANCE, "internal:_action", message); switch (level) { case ERROR: @@ -440,10 +430,9 @@ public class LoggingAuditTrailTests extends ESTestCase { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); CapturingLogger logger = new CapturingLogger(level); - LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext); - auditTrail.start(); + LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); - String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext); + String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext); boolean runAs = randomBoolean(); User user; if (runAs) { @@ -485,10 +474,9 @@ public class LoggingAuditTrailTests extends ESTestCase { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); CapturingLogger logger = new CapturingLogger(level); - LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext); - auditTrail.start(); + LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); - String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext); + String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext); boolean runAs = randomBoolean(); User user; if (runAs) { @@ -534,8 +522,7 @@ public class LoggingAuditTrailTests extends ESTestCase { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); CapturingLogger logger = new CapturingLogger(level); - LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext); - auditTrail.start(); + LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); auditTrail.tamperedRequest(request); switch (level) { case ERROR: @@ -557,10 +544,9 @@ public class LoggingAuditTrailTests extends ESTestCase { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); - String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext); + String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext); CapturingLogger logger = new CapturingLogger(level); - LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext); - auditTrail.start(); + LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); auditTrail.tamperedRequest(action, message); switch (level) { case ERROR: @@ -599,10 +585,9 @@ public class LoggingAuditTrailTests extends ESTestCase { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); - String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext); + String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext); CapturingLogger logger = new CapturingLogger(level); - LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext); - auditTrail.start(); + LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); auditTrail.tamperedRequest(user, action, message); switch (level) { case ERROR: @@ -633,8 +618,7 @@ public class LoggingAuditTrailTests extends ESTestCase { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); CapturingLogger logger = new CapturingLogger(level); - LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext); - auditTrail.start(); + LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); InetAddress inetAddress = InetAddress.getLoopbackAddress(); SecurityIpFilterRule rule = new SecurityIpFilterRule(false, "_all"); auditTrail.connectionDenied(inetAddress, "default", rule); @@ -656,8 +640,7 @@ public class LoggingAuditTrailTests extends ESTestCase { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); CapturingLogger logger = new CapturingLogger(level); - LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext); - auditTrail.start(); + LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); InetAddress inetAddress = InetAddress.getLoopbackAddress(); SecurityIpFilterRule rule = IPFilter.DEFAULT_PROFILE_ACCEPT_ALL; auditTrail.connectionGranted(inetAddress, "default", rule); @@ -680,10 +663,9 @@ public class LoggingAuditTrailTests extends ESTestCase { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); CapturingLogger logger = new CapturingLogger(level); - LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext); - auditTrail.start(); + LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = new MockMessage(threadContext); - String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext); + String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext); User user = new User("_username", new String[]{"r1"}, new User("running as", new String[] {"r2"})); auditTrail.runAsGranted(user, "_action", message); switch (level) { @@ -707,10 +689,9 @@ public class LoggingAuditTrailTests extends ESTestCase { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); CapturingLogger logger = new CapturingLogger(level); - LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext); - auditTrail.start(); + LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = new MockMessage(threadContext); - String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext); + String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext); User user = new User("_username", new String[]{"r1"}, new User("running as", new String[] {"r2"})); auditTrail.runAsDenied(user, "_action", message); switch (level) { @@ -733,7 +714,7 @@ public class LoggingAuditTrailTests extends ESTestCase { public void testOriginAttributes() throws Exception { threadContext = new ThreadContext(Settings.EMPTY); MockMessage message = new MockMessage(threadContext); - String text = LoggingAuditTrail.originAttributes(message, transport, threadContext);; + String text = LoggingAuditTrail.originAttributes(message, localNode, threadContext);; InetSocketAddress restAddress = RemoteHostHeader.restRemoteAddress(threadContext); if (restAddress != null) { assertThat(text, equalTo("origin_type=[rest], origin_address=[" + @@ -742,8 +723,7 @@ public class LoggingAuditTrailTests extends ESTestCase { } TransportAddress address = message.remoteAddress(); if (address == null) { - assertThat(text, equalTo("origin_type=[local_node], origin_address=[" + - transport.boundAddress().publishAddress().getAddress() + "]")); + assertThat(text, equalTo("origin_type=[local_node], origin_address=[" + localNode.getHostAddress() + "]")); return; }