Skip to content

BACKPORT 7x Add new audit handler method for action responses (#63708) #66556

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Dec 17, 2020
Merged

BACKPORT 7x Add new audit handler method for action responses (#63708) #66556

merged 2 commits into from
Dec 17, 2020

Conversation

albertzaharovits
Copy link
Contributor

Backport of #63708

This adds a new method to the AuditTrail that intercepts the
responses of transport-level actions. This new method is unlike all
the other existing audit methods because it is called after the
action has been run (so that it has access to the response).
After careful deliberation, the new method is called for the
responses of actions that are intercepted by the
SecurityActionFilter only, and not by the transport filter.

In order to facilitate the "linking" of the new audit event with the
other existing events, the audit method receives the requestId
as well as the authentication as arguments (in addition to the
request itself and the response).

This is labeled non-issue because it is only the foundation
upon which later features that actually print out (some) responses
can be built upon.

Related #63221

@albertzaharovits
Add new audit handler for action responses (elastic#63708)
3732ea1 
This adds a new method to the AuditTrail that intercepts the
responses of transport-level actions. This new method is unlike all
the other existing audit methods because it is called after the
action has been run (so that it has access to the response).
After careful deliberation, the new method is called for the
responses of actions that are intercepted by the
`SecurityActionFilter` only, and not by the transport filter.

In order to facilitate the "linking" of the new audit event with the
other existing events, the audit method receives the requestId
as well as the authentication as arguments (in addition to the
request itself and the response).

This is labeled non-issue because it is only the foundation
upon which later features that actually print out (some) responses
can be built upon.

Related elastic#63221
@albertzaharovits albertzaharovits self-assigned this Dec 17, 2020
@albertzaharovits albertzaharovits merged commit bd9ba12 into elastic:7.x Dec 17, 2020
@albertzaharovits albertzaharovits deleted the backport_7x_post_authz_audit_event branch December 17, 2020 21:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@albertzaharovits albertzaharovits

Labels
backport v7.12.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@albertzaharovits