Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changed log level for message with authz opt out #199678

Merged
merged 3 commits into from
Nov 12, 2024
Merged

Changed log level for message with authz opt out #199678

merged 3 commits into from
Nov 12, 2024

Conversation

elena-shostak
Copy link
Contributor

@elena-shostak elena-shostak commented Nov 11, 2024
edited by kibanamachine
Loading

Summary

Changed log level for message with authz opt out from warn to debug

Closes: #199677

@elena-shostak elena-shostak marked this pull request as ready for review November 11, 2024 17:45
@elena-shostak elena-shostak requested a review from a team as a code owner November 11, 2024 17:45
@elena-shostak elena-shostak added Feature:Security/Authorization Platform Security - Authorization release_note:skip Skip the PR/issue when compiling release notes backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! labels Nov 11, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

TinaHeiligers
TinaHeiligers approved these changes Nov 11, 2024
View reviewed changes
Copy link
Contributor

@TinaHeiligers TinaHeiligers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using debug level will prevent spamming the logs by default.
Thank you!
LGTM

azasypkin
azasypkin reviewed Nov 12, 2024
View reviewed changes
x-pack/plugins/security/server/authorization/api_authorization.ts Outdated
@@ -48,7 +48,7 @@ export function initAPIAuthorization(

if (security) {
if (isAuthzDisabled(security.authz)) {
logger.warn(
logger.debug(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: Is there any value in this log entry at all? I mean, we already have HTTP logs if we want to know which endpoint is being called, and if we want to check whether this endpoint has authorization enabled or disabled, we just need to know the Kibana version, since the definition is mostly static and set in the code.

If, for some reason, we want to keep this as a debug log, it would make sense to remove the request.url.search part, as it’s not relevant to the authorization decision (it's essentially based on path) and might potentially contain sensitive data that we don’t want to record in logs.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tbh I think we are okay to delete it, don't see any issues with that, we are just generating additional noise with it

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removed in 4493b87

azasypkin
azasypkin approved these changes Nov 12, 2024
View reviewed changes
Copy link
Member

@azasypkin azasypkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@elena-shostak elena-shostak enabled auto-merge (squash) November 12, 2024 08:37
@elasticmachine
Copy link
Contributor

elasticmachine commented Nov 12, 2024
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #33 / EPM Endpoints Installs a package using stream-based approach security_detection_engine package should install security-rule assets from the package
  • [job] [logs] FTR Configs #33 / EPM Endpoints Installs a package using stream-based approach security_detection_engine package should install security-rule assets from the package

Metrics [docs]

✅ unchanged

History

@elena-shostak
Copy link
Contributor Author

@elasticmachine merge upstream

@elena-shostak elena-shostak merged commit 9bb3661 into elastic:main Nov 12, 2024
21 checks passed
@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.x

https://github.com/elastic/kibana/actions/runs/11796883370

kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Nov 12, 2024
@elena-shostak
Changed log level for message with authz opt out (elastic#199678)
0fd1961 
## Summary

Changed log level for message with authz opt out from `warn` to `debug`

__Closes: https://github.com/elastic/kibana/issues/199677__

(cherry picked from commit 9bb3661)
@kibanamachine kibanamachine mentioned this pull request Nov 12, 2024
Open
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

This was referenced Nov 12, 2024
Merged
Merged
tkajtoch pushed a commit to tkajtoch/kibana that referenced this pull request Nov 12, 2024
@elena-shostak @tkajtoch
Changed log level for message with authz opt out (elastic#199678)
3ff582a 
## Summary

Changed log level for message with authz opt out from `warn` to `debug`


__Closes: https://github.com/elastic/kibana/issues/199677__
@kibanamachine kibanamachine mentioned this pull request Nov 13, 2024
Merged
3 tasks
@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine kibanamachine added the backport missing Added to PRs automatically when the are determined to be missing a backport. label Nov 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TinaHeiligers TinaHeiligers TinaHeiligers approved these changes

@azasypkin azasypkin azasypkin approved these changes

Assignees
No one assigned
Labels
backport missing Added to PRs automatically when the are determined to be missing a backport. backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) Feature:Security/Authorization Platform Security - Authorization release_note:skip Skip the PR/issue when compiling release notes Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v9.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Change log level for authz opt out message from warn to debug
5 participants
@elena-shostak @elasticmachine @kibanamachine @azasypkin @TinaHeiligers