mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-03-29 03:18:26 +00:00
335838db08
Adapts audit logging to actions that delay getting index access control until the action is started. The audit log will contain an entry for the action itself starting without any associated indices because the indices are not yet known. The audit log will also contain an entry for every time the action resolved security for a set of indices. Since sql resolves indices one at a time it will contain an entry per index. All of this customization is entirely in the security code. The only SQL change in this PR is to add audit logging support to the integration test. Original commit: elastic/x-pack-elasticsearch@539bb3c2a8
70 lines
3.1 KiB
Groovy
70 lines
3.1 KiB
Groovy
import org.elasticsearch.gradle.test.RunTask
|
|
|
|
apply plugin: 'elasticsearch.standalone-rest-test'
|
|
apply plugin: 'elasticsearch.rest-test'
|
|
|
|
dependencies {
|
|
testCompile project(path: ':x-pack-elasticsearch:plugin', configuration: 'runtime')
|
|
testCompile project(path: ':x-pack-elasticsearch:plugin', configuration: 'testArtifacts')
|
|
testCompile project(path: ':modules:reindex')
|
|
}
|
|
|
|
// NOCOMMIT we should try this on multiple nodes
|
|
|
|
integTestCluster {
|
|
plugin ':x-pack-elasticsearch:plugin'
|
|
setting 'xpack.ml.enabled', 'false'
|
|
setting 'xpack.monitoring.enabled', 'false'
|
|
// Enabled audit logging so we can test it
|
|
setting 'xpack.security.audit.enabled', 'true'
|
|
setting 'xpack.security.audit.outputs', 'index'
|
|
// Only log the events we need so we don't have as much to sort through
|
|
setting 'xpack.security.audit.index.events.include', '[access_denied, access_granted]'
|
|
// Try and speed up audit logging without overwelming it
|
|
setting 'xpack.security.audit.index.flush_interval', '250ms'
|
|
setting 'xpack.security.audit.index.settings.index.number_of_shards', '1'
|
|
setting 'xpack.security.audit.index.settings.index.refresh_interval', '250ms'
|
|
extraConfigFile 'x-pack/roles.yml', 'roles.yml'
|
|
setupCommand 'setupUser#test_admin',
|
|
'bin/x-pack/users', 'useradd', 'test_admin', '-p', 'x-pack-test-password', '-r', 'superuser'
|
|
waitCondition = { node, ant ->
|
|
File tmpFile = new File(node.cwd, 'wait.success')
|
|
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
|
|
dest: tmpFile.toString(),
|
|
username: 'test_admin',
|
|
password: 'x-pack-test-password',
|
|
ignoreerrors: true,
|
|
retries: 10)
|
|
return tmpFile.exists()
|
|
}
|
|
}
|
|
|
|
task run(type: RunTask) {
|
|
distribution = 'zip' // NOCOMMIT make double sure we want all the modules
|
|
plugin ':x-pack-elasticsearch:plugin'
|
|
setting 'xpack.ml.enabled', 'false'
|
|
setting 'xpack.monitoring.enabled', 'false'
|
|
// Enabled audit logging so we can test it
|
|
setting 'xpack.security.audit.enabled', 'true'
|
|
setting 'xpack.security.audit.outputs', 'index'
|
|
// Only log the events we need so we don't have as much to sort through
|
|
setting 'xpack.security.audit.index.events.include', '[access_denied, access_granted]'
|
|
// Try and speed up the logging process without overwelming it
|
|
setting 'xpack.security.audit.index.flush_interval', '250ms'
|
|
setting 'xpack.security.audit.index.settings.index.number_of_shards', '1'
|
|
setting 'xpack.security.audit.index.settings.index.refresh_interval', '250ms'
|
|
extraConfigFile 'x-pack/roles.yml', 'roles.yml'
|
|
setupCommand 'setupUser#test_admin',
|
|
'bin/x-pack/users', 'useradd', 'test_admin', '-p', 'x-pack-test-password', '-r', 'superuser'
|
|
waitCondition = { node, ant ->
|
|
File tmpFile = new File(node.cwd, 'wait.success')
|
|
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
|
|
dest: tmpFile.toString(),
|
|
username: 'test_admin',
|
|
password: 'x-pack-test-password',
|
|
ignoreerrors: true,
|
|
retries: 10)
|
|
return tmpFile.exists()
|
|
}
|
|
}
|