Skip to content

[RORDEV-1414] ES node details audit reporting #1116

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 23 commits into
base: develop
Choose a base branch
from
Open

[RORDEV-1414] ES node details audit reporting #1116

wants to merge 23 commits into from

Conversation

mgoworko
Copy link
Collaborator

@mgoworko mgoworko commented May 18, 2025
edited
Loading

🚀New (ES) Added ES node name and cluster name in the ES cluster audit reporting

Summary by CodeRabbit

  • New Features

    • Audit logs now include Elasticsearch node and cluster names for improved traceability.
    • Audit log format updated with additional environment context fields.

  • Refactor

    • Audit settings and related configuration types have been renamed and streamlined.
    • Environment and node settings are now automatically extracted and passed internally, reducing manual configuration.
    • Internal handling of Elasticsearch node name moved from external parameters to internal environment context.

  • Chores

    • Updated internal version to 1.65.0-pre2.

  • Tests

    • Test suites updated to support new audit log structure and environment context handling.
    • Added reusable test utilities for node settings.

  • Documentation

    • Audit log structure and settings documentation updated to reflect new fields and configuration changes.

@coderabbitai coderabbitai

This comment was marked as outdated.

Sign in to view
coderabbitai[bot]

This comment was marked as outdated.

Sign in to view

@mgoworko mgoworko requested a review from coutoPL May 19, 2025 16:46
coutoPL
coutoPL requested changes May 19, 2025
View reviewed changes
mgoworko added 6 commits May 23, 2025 23:59
@mgoworko
qs
b59a83b
@mgoworko
Merge remote-tracking branch 'origin/develop' into 1414
bd0dd23 
# Conflicts:
#	core/src/main/scala/tech/beshu/ror/accesscontrol/audit/AuditingTool.scala
#	core/src/main/scala/tech/beshu/ror/boot/ReadonlyRest.scala
#	core/src/test/scala/tech/beshu/ror/integration/AuditOutputFormatTests.scala
#	core/src/test/scala/tech/beshu/ror/unit/acl/logging/AuditingToolTests.scala
#	core/src/test/scala/tech/beshu/ror/unit/boot/ReadonlyRestStartingTests.scala
#	core/src/test/scala/tech/beshu/ror/unit/boot/RorIndexTest.scala
#	core/src/test/scala/tech/beshu/ror/utils/TestsUtils.scala
#	es67x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es67x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es70x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es70x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es710x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es710x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es711x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es711x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es714x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es714x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es716x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es716x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es717x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es717x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es72x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es72x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es73x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es73x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es74x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es74x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es77x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es77x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es78x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es78x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es79x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es79x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es80x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es80x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es810x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es810x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es811x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es811x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es812x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es812x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es813x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es813x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es814x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es814x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es815x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es815x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es816x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es816x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es81x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es81x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es82x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es82x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es83x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es83x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es84x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es84x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es85x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es85x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es87x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es87x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es88x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es88x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es89x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es89x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	es90x/src/main/scala/tech/beshu/ror/es/IndexLevelActionFilter.scala
#	es90x/src/main/scala/tech/beshu/ror/es/ReadonlyRestPlugin.scala
#	gradle.properties
#	integration-tests/src/test/scala/tech/beshu/ror/integration/suites/audit/LocalClusterAuditingToolsSuite.scala
#	integration-tests/src/test/scala/tech/beshu/ror/integration/suites/audit/RemoteClusterAuditingToolsSuite.scala
#	integration-tests/src/test/scala/tech/beshu/ror/integration/suites/base/BaseAuditingToolsSuite.scala
@mgoworko
merge fixes
eaf09fc
@mgoworko
qs
2a74995
@mgoworko
qs
7afc0b9
@mgoworko
qs
50062d9
@mgoworko mgoworko force-pushed the RORDEV-1414-es-node-details-reporting branch from 1169b5a to 50062d9 Compare May 25, 2025 16:34
coderabbitai[bot]

This comment was marked as outdated.

Sign in to view

@mgoworko mgoworko requested a review from coutoPL May 25, 2025 16:59
coderabbitai[bot]

This comment was marked as outdated.

Sign in to view

coderabbitai[bot]

This comment was marked as outdated.

Sign in to view

@mgoworko mgoworko requested a review from coutoPL May 31, 2025 10:37
coutoPL
coutoPL reviewed Jun 13, 2025
View reviewed changes
Copy link
Collaborator

@coutoPL coutoPL left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I forgot about this PR :(

audit/src/main/scala/tech/beshu/ror/audit/AuditLogSerializer.scala
@@ -19,5 +19,6 @@ package tech.beshu.ror.audit
import org.json.JSONObject

trait AuditLogSerializer {
def onResponse(responseContext: AuditResponseContext): Option[JSONObject]
def onResponse(responseContext: AuditResponseContext,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about backward compatibility here? The existing custom serializers should work with the new approach too.

core/src/main/scala/tech/beshu/ror/accesscontrol/factory/decoders/AuditingSettingsDecoder.scala
whenEnabled(c) {
for {
auditIndexTemplate <- decodeOptionalSetting[RorAuditIndexTemplate](c)("index_template", fallbackKey = "audit_index_template")
customAuditSerializer <- decodeOptionalSetting[AuditLogSerializer](c)("serializer", fallbackKey = "audit_serializer")
remoteAuditCluster <- decodeOptionalSetting[AuditCluster.RemoteAuditCluster](c)("cluster", fallbackKey = "audit_cluster")
} yield AuditingTool.Settings(
enableReportingEsNodeDetails <- c.downField("enable_reporting_es_node_details").as[Option[Boolean]]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we leave the toggle? Why?

core/src/main/scala/tech/beshu/ror/es/EsNodeSettings.scala
*/
package tech.beshu.ror.es

case class EsNodeSettings(nodeName: String, clusterName: String)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

final

es67x/src/main/scala/tech/beshu/ror/es/utils/EsEnvProvider.scala
esVersion = EsVersion(major = Version.CURRENT.major, minor = Version.CURRENT.minor, revision = Version.CURRENT.revision)
esVersion = EsVersion(major = Version.CURRENT.major, minor = Version.CURRENT.minor, revision = Version.CURRENT.revision),
esNodeSettings = EsNodeSettings(
nodeName = settings.get("node.name"),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you confirm these two will always be non-null? Even if the user doesn't set them? (I'm not sure if they are required settings)

gradle.properties
@@ -1,5 +1,5 @@
publishedPluginVersion=1.64.2
pluginVersion=1.65.0-pre1
pluginVersion=1.65.0-pre2
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pre5?

...src/test/scala/tech/beshu/ror/integration/suites/audit/RemoteClusterAuditingToolsSuite.scala
@@ -61,4 +62,10 @@ class RemoteClusterAuditingToolsSuite
override protected def baseRorConfig: String = resolvedRorConfigFile.contentAsString

override protected def baseAuditDataStreamName: Option[String] = Option.when(isDataStreamSupported)("audit_data_stream")

// Adding the ES cluster fields is enabled in the /cluster_auditing_tools/readonlyrest.yml config file (`DefaultAuditLogSerializerV2` is used)
override def assertForEveryAuditEntry(entry: JSON): Unit = {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if this test covers this use case too, but I'd be nice to test the scenario as above:

1. The user starts ES with ROR with `DefaultAuditLogSerializerV1` configured
2. The user generates some traffic to create some audit documents
3. The user reconfigures ROR to use `DefaultAuditLogSerializerV2` and reloads config
4. The user generates some traffic to create some audit documents

The result - there should be no problem with the scenario above.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coutoPL coutoPL coutoPL requested changes

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mgoworko @coutoPL