Skip to content

Remove the legacy audit logger #116191

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Oct 26, 2021
Merged

Remove the legacy audit logger #116191

merged 8 commits into from
Oct 26, 2021

Conversation

@legrego
Copy link
Member

@legrego legrego commented Oct 25, 2021
edited by jportner
Loading

Summary

Removes the ability to record legacy audit events.

Closes #82578

Followup tasks

  • Remove the legacy audit logger interface & dead code, and update downstream consumers
  • Create a new default location to audit logs, consistent with Elasticsearch
  • Update documentation

^ Some of these will be addressed in #116282.

Release notes

The legacy audit logger has been removed. Administrators who wish to audit Kibana events should instead enable the ECS-compliant audit logger.

@legrego
Copy link
Member Author

legrego commented Oct 25, 2021

@elasticmachine merge upstream

@legrego legrego changed the title Create default audit log appender Remove the legacy audit logger Oct 26, 2021
@legrego legrego added release_note:breaking Team:Security Platform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t// v8.0.0 Feature:Security/Audit Platform Security - Audit Logging feature labels Oct 26, 2021
@legrego legrego requested a review from jportner October 26, 2021 12:37
@legrego
Copy link
Member Author

legrego commented Oct 26, 2021

@jportner ready for a preliminary review while CI completes. As discussed, this isn't our ideal end-state, and we will have some bugs to resolve before the 8.0 release

legrego
legrego commented Oct 26, 2021
View reviewed changes
x-pack/plugins/security/server/config.ts
config.audit.appender ??
({
type: 'rolling-file',
fileName: path.join(getDataPath(), 'audit.log'),
Copy link
Member Author

@legrego legrego Oct 26, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This default appender writes to Kibana's data directory, as suggested in #82578 (comment).

The ideal solution is to write this data to a new logs directory. I propose tackling this in a followup (for 8.0) as this would require additional work to align with ES, and we don't have the luxury of time.

x-pack/plugins/security/server/audit/audit_service.ts
...data,
});
},
log: (eventType: string, message: string, data?: Record<string, any>) => {},
Copy link
Member Author

@legrego legrego Oct 26, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The legacy audit logger is a no-op now. We should remove the function altogether in a followup. I opted not to do so here because that involves pinging a number of other teams for codeowner's review, and we don't have the luxury of time.

@jportner
Copy link
Contributor

jportner commented Oct 26, 2021

I reviewed and it looks good. Will approve when this is marked ready for review 👍

@jportner jportner mentioned this pull request Oct 26, 2021
Closed
@legrego legrego marked this pull request as ready for review October 26, 2021 16:22
@legrego legrego requested a review from a team as a code owner October 26, 2021 16:22
@elasticmachine
Copy link
Contributor

elasticmachine commented Oct 26, 2021

Pinging @elastic/kibana-security (Team:Security)

jportner
jportner approved these changes Oct 26, 2021
View reviewed changes
Copy link
Contributor

@jportner jportner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚢

@legrego legrego added the backport:skip This PR does not require backporting label Oct 26, 2021
@legrego legrego enabled auto-merge (squash) October 26, 2021 16:33
@legrego legrego merged commit 5a9e170 into elastic:master Oct 26, 2021
@kibanamachine
Copy link
Contributor

kibanamachine commented Oct 26, 2021

💛 Build succeeded, but was flaky

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@legrego legrego deleted the security/remove-legacy-audit-logger branch October 26, 2021 17:46
@watson watson mentioned this pull request Oct 27, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jportner jportner jportner approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport:skip This PR does not require backporting Feature:Security/Audit Platform Security - Audit Logging feature release_note:breaking Team:Security Platform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t// v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Breaking change] Audit logging events have changed

4 participants

@legrego @jportner @elasticmachine @kibanamachine