-
Notifications
You must be signed in to change notification settings - Fork 165
[RORDEV-1481] New audit serializers, including fully configurable serializer #1140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
mgoworko
wants to merge
33
commits into
sscarduzio:develop
Choose a base branch
from
mgoworko:rordev-1481
base: develop
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+1,508
−332
Open
Changes from all commits
Commits
Show all changes
33 commits
Select commit
Hold shift + click to select a range
549a1b4
qs
mgoworko 9054992
qs
mgoworko 058639b
Merge remote-tracking branch 'origin/develop' into rordev-1481
mgoworko 2fa284c
qs
mgoworko 4ef563b
qs
mgoworko ab6a55c
qs
mgoworko ac12fea
qs
mgoworko 003c334
qs
mgoworko b39f217
qs
mgoworko 1c65e81
Cross compile from 2.11 to 3
mgoworko 5cc3848
qs
mgoworko f063e8d
refactor
mgoworko 083050f
tests
mgoworko b3e287d
Merge remote-tracking branch 'origin/develop' into rordev-1481
mgoworko 5b5cbc8
qs
mgoworko 0e598b0
adjustments
mgoworko ff9347c
fix audit cross compile
mgoworko 1cb7be1
Merge remote-tracking branch 'origin/develop' into rordev-1481
mgoworko 0ab38e6
review changes
mgoworko 38b8449
review changes
mgoworko 407b757
Merge remote-tracking branch 'origin/develop' into rordev-1481
mgoworko edb8373
review changes
mgoworko 4f61b41
Merge remote-tracking branch 'origin/develop' into rordev-1481
mgoworko 2146ba6
review changes
mgoworko 2bb638a
AuditEnvironmentContext refactor and fix
mgoworko 9536e4a
review changes
mgoworko 61b5278
Merge remote-tracking branch 'origin/develop' into rordev-1481
mgoworko 627e005
review changes
mgoworko 182f091
review changes
mgoworko 637a4ee
Merge remote-tracking branch 'origin/develop' into rordev-1481
mgoworko b198ac2
fix doc
mgoworko ceadacb
review changes
mgoworko 249e184
bump pre version
mgoworko File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
91 changes: 91 additions & 0 deletions
91
...src/main/scala/tech/beshu/ror/audit/instances/BlockVerbosityAwareAuditLogSerializer.scala
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,91 @@ | ||
| /* | ||
| * This file is part of ReadonlyREST. | ||
| * | ||
| * ReadonlyREST is free software: you can redistribute it and/or modify | ||
| * it under the terms of the GNU General Public License as published by | ||
| * the Free Software Foundation, either version 3 of the License, or | ||
| * (at your option) any later version. | ||
| * | ||
| * ReadonlyREST is distributed in the hope that it will be useful, | ||
| * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| * GNU General Public License for more details. | ||
| * | ||
| * You should have received a copy of the GNU General Public License | ||
| * along with ReadonlyREST. If not, see http://www.gnu.org/licenses/ | ||
| */ | ||
| package tech.beshu.ror.audit.instances | ||
|
|
||
| import org.json.JSONObject | ||
| import tech.beshu.ror.audit.AuditResponseContext.Verbosity | ||
| import tech.beshu.ror.audit.utils.AuditSerializationHelper | ||
| import tech.beshu.ror.audit.utils.AuditSerializationHelper.AllowedEventMode.Include | ||
| import tech.beshu.ror.audit.utils.AuditSerializationHelper.AuditFieldGroup.{CommonFields, EsEnvironmentFields} | ||
| import tech.beshu.ror.audit.{AuditLogSerializer, AuditResponseContext} | ||
|
|
||
| /** | ||
| * Serializer for audit events that is aware of **rule-defined verbosity**. | ||
| * | ||
| * - Serializes all non-`Allowed` events. | ||
| * - Serializes `Allowed` events only if the corresponding rule | ||
| * specifies that they should be logged at `Verbosity.Info`. | ||
| * | ||
| * Recommended for standard audit logging where request body capture | ||
| * is not required, but cluster and node context are desired. | ||
| * | ||
| * - Fields included: | ||
| * - `match` — whether the request matched a rule (boolean) | ||
| * - `block` — reason for blocking, if blocked (string) | ||
| * - `id` — audit event identifier (string) | ||
| * - `final_state` — final processing state (string) | ||
| * - `@timestamp` — event timestamp (ISO-8601 string) | ||
| * - `correlation_id` — correlation identifier for tracing (string) | ||
| * - `processingMillis` — request processing duration in milliseconds (number) | ||
| * - `error_type` — type of error, if any (string) | ||
| * - `error_message` — error message, if any (string) | ||
| * - `content_len` — request body size in bytes (number) | ||
| * - `content_len_kb` — request body size in kilobytes (number) | ||
| * - `type` — request type (string) | ||
| * - `origin` — client (remote) address (string) | ||
| * - `destination` — server (local) address (string) | ||
| * - `xff` — `X-Forwarded-For` HTTP header value (string) | ||
| * - `task_id` — Elasticsearch task ID (number) | ||
| * - `req_method` — HTTP request method (string) | ||
| * - `headers` — HTTP header names (array of strings) | ||
| * - `path` — HTTP request path (string) | ||
| * - `user` — authenticated user (string) | ||
| * - `impersonated_by` — impersonating user, if applicable (string) | ||
| * - `action` — Elasticsearch action name (string) | ||
| * - `indices` — indices involved in the request (array of strings) | ||
| * - `acl_history` — access control evaluation history (string) | ||
| * - `es_node_name` — Elasticsearch node name (string) | ||
| * - `es_cluster_name` — Elasticsearch cluster name (string) | ||
| */ | ||
| class BlockVerbosityAwareAuditLogSerializer extends DefaultAuditLogSerializer | ||
|
|
||
| @deprecated("Use tech.beshu.ror.audit.instances.BlockVerbosityAwareAuditLogSerializer instead", "1.67.0") | ||
| class DefaultAuditLogSerializer extends DefaultAuditLogSerializerV2 | ||
|
|
||
| @deprecated("Use tech.beshu.ror.audit.instances.BlockVerbosityAwareAuditLogSerializer instead", "1.67.0") | ||
| class DefaultAuditLogSerializerV2 extends AuditLogSerializer { | ||
|
|
||
| override def onResponse(responseContext: AuditResponseContext): Option[JSONObject] = | ||
| AuditSerializationHelper.serialize( | ||
| responseContext = responseContext, | ||
| fieldGroups = Set(CommonFields, EsEnvironmentFields), | ||
| allowedEventMode = Include(Set(Verbosity.Info)) | ||
| ) | ||
|
|
||
| } | ||
|
|
||
| @deprecated("Use tech.beshu.ror.audit.instances.BlockVerbosityAwareAuditLogSerializer instead", "1.67.0") | ||
| class DefaultAuditLogSerializerV1 extends AuditLogSerializer { | ||
|
|
||
| override def onResponse(responseContext: AuditResponseContext): Option[JSONObject] = | ||
| AuditSerializationHelper.serialize( | ||
| responseContext = responseContext, | ||
| fieldGroups = Set(CommonFields), | ||
| allowedEventMode = Include(Set(Verbosity.Info)) | ||
| ) | ||
|
|
||
| } |
21 changes: 0 additions & 21 deletions
21
audit/src/main/scala/tech/beshu/ror/audit/instances/DefaultAuditLogSerializer.scala
This file was deleted.
Oops, something went wrong.
98 changes: 0 additions & 98 deletions
98
audit/src/main/scala/tech/beshu/ror/audit/instances/DefaultAuditLogSerializerV1.scala
This file was deleted.
Oops, something went wrong.
67 changes: 67 additions & 0 deletions
67
audit/src/main/scala/tech/beshu/ror/audit/instances/FullAuditLogSerializer.scala
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| /* | ||
| * This file is part of ReadonlyREST. | ||
| * | ||
| * ReadonlyREST is free software: you can redistribute it and/or modify | ||
| * it under the terms of the GNU General Public License as published by | ||
| * the Free Software Foundation, either version 3 of the License, or | ||
| * (at your option) any later version. | ||
| * | ||
| * ReadonlyREST is distributed in the hope that it will be useful, | ||
| * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| * GNU General Public License for more details. | ||
| * | ||
| * You should have received a copy of the GNU General Public License | ||
| * along with ReadonlyREST. If not, see http://www.gnu.org/licenses/ | ||
| */ | ||
| package tech.beshu.ror.audit.instances | ||
|
|
||
| import org.json.JSONObject | ||
| import tech.beshu.ror.audit.utils.AuditSerializationHelper | ||
| import tech.beshu.ror.audit.utils.AuditSerializationHelper.AllowedEventMode.IncludeAll | ||
| import tech.beshu.ror.audit.utils.AuditSerializationHelper.AuditFieldGroup._ | ||
| import tech.beshu.ror.audit.{AuditLogSerializer, AuditResponseContext} | ||
|
|
||
| /** | ||
| * Serializer for **full audit events**. | ||
| * - Serializes all events, including every `Allowed` request, | ||
| regardless of rule verbosity. | ||
| * - Use this serializer, when you need complete coverage of all events. | ||
| * - Fields included: | ||
| * - `match` — whether the request matched a rule (boolean) | ||
| * - `block` — reason for blocking, if blocked (string) | ||
| * - `id` — audit event identifier (string) | ||
| * - `final_state` — final processing state (string) | ||
| * - `@timestamp` — event timestamp (ISO-8601 string) | ||
| * - `correlation_id` — correlation identifier for tracing (string) | ||
| * - `processingMillis` — request processing duration in milliseconds (number) | ||
| * - `error_type` — type of error, if any (string) | ||
| * - `error_message` — error message, if any (string) | ||
| * - `content_len` — request body size in bytes (number) | ||
| * - `content_len_kb` — request body size in kilobytes (number) | ||
| * - `type` — request type (string) | ||
| * - `origin` — client (remote) address (string) | ||
| * - `destination` — server (local) address (string) | ||
| * - `xff` — `X-Forwarded-For` HTTP header value (string) | ||
| * - `task_id` — Elasticsearch task ID (number) | ||
| * - `req_method` — HTTP request method (string) | ||
| * - `headers` — HTTP header names (array of strings) | ||
| * - `path` — HTTP request path (string) | ||
| * - `user` — authenticated user (string) | ||
| * - `impersonated_by` — impersonating user, if applicable (string) | ||
| * - `action` — Elasticsearch action name (string) | ||
| * - `indices` — indices involved in the request (array of strings) | ||
| * - `acl_history` — access control evaluation history (string) | ||
| * - `es_node_name` — Elasticsearch node name (string) | ||
| * - `es_cluster_name` — Elasticsearch cluster name (string) | ||
| */ | ||
| class FullAuditLogSerializer extends AuditLogSerializer { | ||
coutoPL marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| override def onResponse(responseContext: AuditResponseContext): Option[JSONObject] = | ||
coutoPL marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| AuditSerializationHelper.serialize( | ||
| responseContext = responseContext, | ||
| fieldGroups = Set(CommonFields, EsEnvironmentFields), | ||
| allowedEventMode = IncludeAll | ||
| ) | ||
|
|
||
| } | ||
68 changes: 68 additions & 0 deletions
68
audit/src/main/scala/tech/beshu/ror/audit/instances/FullAuditLogWithQuerySerializer.scala
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| /* | ||
| * This file is part of ReadonlyREST. | ||
| * | ||
| * ReadonlyREST is free software: you can redistribute it and/or modify | ||
| * it under the terms of the GNU General Public License as published by | ||
| * the Free Software Foundation, either version 3 of the License, or | ||
| * (at your option) any later version. | ||
| * | ||
| * ReadonlyREST is distributed in the hope that it will be useful, | ||
| * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| * GNU General Public License for more details. | ||
| * | ||
| * You should have received a copy of the GNU General Public License | ||
| * along with ReadonlyREST. If not, see http://www.gnu.org/licenses/ | ||
| */ | ||
| package tech.beshu.ror.audit.instances | ||
|
|
||
| import org.json.JSONObject | ||
| import tech.beshu.ror.audit.utils.AuditSerializationHelper | ||
| import tech.beshu.ror.audit.utils.AuditSerializationHelper.AllowedEventMode.IncludeAll | ||
| import tech.beshu.ror.audit.utils.AuditSerializationHelper.AuditFieldGroup._ | ||
| import tech.beshu.ror.audit.{AuditLogSerializer, AuditResponseContext} | ||
|
|
||
| /** | ||
| * Serializer for **full audit events including request content**. | ||
| * - Serializes all events, including every `Allowed` request, | ||
| * regardless of rule verbosity. | ||
| * - Use this serializer, when request body capture is required. | ||
| * - Fields included: | ||
| * - `match` — whether the request matched a rule (boolean) | ||
| * - `block` — reason for blocking, if blocked (string) | ||
| * - `id` — audit event identifier (string) | ||
| * - `final_state` — final processing state (string) | ||
| * - `@timestamp` — event timestamp (ISO-8601 string) | ||
| * - `correlation_id` — correlation identifier for tracing (string) | ||
| * - `processingMillis` — request processing duration in milliseconds (number) | ||
| * - `error_type` — type of error, if any (string) | ||
| * - `error_message` — error message, if any (string) | ||
| * - `content_len` — request body size in bytes (number) | ||
| * - `content_len_kb` — request body size in kilobytes (number) | ||
| * - `type` — request type (string) | ||
| * - `origin` — client (remote) address (string) | ||
| * - `destination` — server (local) address (string) | ||
| * - `xff` — `X-Forwarded-For` HTTP header value (string) | ||
| * - `task_id` — Elasticsearch task ID (number) | ||
| * - `req_method` — HTTP request method (string) | ||
| * - `headers` — HTTP header names (array of strings) | ||
| * - `path` — HTTP request path (string) | ||
| * - `user` — authenticated user (string) | ||
| * - `impersonated_by` — impersonating user, if applicable (string) | ||
| * - `action` — Elasticsearch action name (string) | ||
| * - `indices` — indices involved in the request (array of strings) | ||
| * - `acl_history` — access control evaluation history (string) | ||
| * - `es_node_name` — Elasticsearch node name (string) | ||
| * - `es_cluster_name` — Elasticsearch cluster name (string) | ||
| * - `content` — full request body (string) | ||
| */ | ||
| class FullAuditLogWithQuerySerializer extends AuditLogSerializer { | ||
|
|
||
| override def onResponse(responseContext: AuditResponseContext): Option[JSONObject] = | ||
| AuditSerializationHelper.serialize( | ||
| responseContext = responseContext, | ||
| fieldGroups = Set(CommonFields, EsEnvironmentFields, FullRequestContentFields), | ||
| allowedEventMode = IncludeAll | ||
| ) | ||
mgoworko marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| } | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.