From 4730a3dcf1203cfc1d0b5ccb7c3a7f788b3213c8 Mon Sep 17 00:00:00 2001 From: Bernd Ahlers Date: Wed, 24 Aug 2016 18:05:23 +0200 Subject: [PATCH] Audit event changes (#2718) * Rename urn:graylog:server to urn:graylog:node * Add `node_id` to audit event context and use version string * Update AuditEventTypes and record some new events * Remove unused extractor:import and extractor:export audit events * Remove unused grok pattern export audit event * Make grok pattern import a separate event * Remove more unused events and update cluster resource * Make audit event type prefix public * Swap PREFIX and NAMESPACE constants in AuditEventTypes * Update AuditCoverageTest * Add NoAuditEvent for more cluster proxy resources * Return saved search ID * Remove unused session:update audit event * Remove unused static_field:update * Return systemJobId in system jobs resource * Fix access token deletion in api browser * Remove unused user_access_token:update audit event --- .../java/org/graylog2/audit/AuditActor.java | 4 +- .../org/graylog2/audit/AuditEventTypes.java | 253 ++++++++---------- .../audit/formatter/FormattedAuditEvent.java | 2 +- .../graylog2/bootstrap/ServerBootstrap.java | 5 +- .../java/org/graylog2/indexer/Deflector.java | 12 + .../org/graylog2/indexer/indices/Indices.java | 5 +- .../cluster/ClusterDeflectorResource.java | 5 +- .../ClusterLoadBalancerStatusResource.java | 5 +- .../cluster/ClusterLoggersResource.java | 5 +- .../ClusterSystemProcessingResource.java | 7 +- .../search/SavedSearchesResource.java | 2 +- .../resources/system/DeflectorResource.java | 2 +- .../rest/resources/system/GrokResource.java | 2 +- .../resources/system/IndexRangesResource.java | 4 +- .../system/jobs/SystemJobResource.java | 2 +- .../rest/resources/users/UsersResource.java | 2 +- .../org/graylog2/audit/AuditActorTest.java | 2 +- .../org/graylog2/audit/AuditCoverageTest.java | 4 + .../org/graylog2/indexer/DeflectorTest.java | 16 ++ .../ranges/EsIndexRangeServiceTest.java | 7 +- 20 files changed, 183 insertions(+), 163 deletions(-) diff --git a/graylog2-server/src/main/java/org/graylog2/audit/AuditActor.java b/graylog2-server/src/main/java/org/graylog2/audit/AuditActor.java index 71ff467612ee..d91427084430 100644 --- a/graylog2-server/src/main/java/org/graylog2/audit/AuditActor.java +++ b/graylog2-server/src/main/java/org/graylog2/audit/AuditActor.java @@ -26,7 +26,7 @@ @AutoValue public abstract class AuditActor { - private static final String URN_GRAYLOG_SERVER = "urn:graylog:server:"; + private static final String URN_GRAYLOG_NODE = "urn:graylog:node:"; private static final String URN_GRAYLOG_USER = "urn:graylog:user:"; public abstract String urn(); @@ -39,6 +39,6 @@ public static AuditActor user(@Nonnull String username) { } public static AuditActor system(@Nonnull NodeId nodeId) { - return new AutoValue_AuditActor(URN_GRAYLOG_SERVER + requireNonNull(nodeId, "nodeId must not be null").toString()); + return new AutoValue_AuditActor(URN_GRAYLOG_NODE + requireNonNull(nodeId, "nodeId must not be null").toString()); } } diff --git a/graylog2-server/src/main/java/org/graylog2/audit/AuditEventTypes.java b/graylog2-server/src/main/java/org/graylog2/audit/AuditEventTypes.java index 9696092beb20..6ecabf5ee71f 100644 --- a/graylog2-server/src/main/java/org/graylog2/audit/AuditEventTypes.java +++ b/graylog2-server/src/main/java/org/graylog2/audit/AuditEventTypes.java @@ -21,130 +21,123 @@ import java.util.Set; public class AuditEventTypes implements PluginAuditEventTypes { - private static final String NAMESPACE = "server:"; + public static final String NAMESPACE = "server"; + private static final String PREFIX = NAMESPACE + ":"; - public static final String ALARM_CALLBACK_CREATE = NAMESPACE + "alarm_callback:create"; - public static final String ALARM_CALLBACK_DELETE = NAMESPACE + "alarm_callback:delete"; - public static final String ALARM_CALLBACK_UPDATE = NAMESPACE + "alarm_callback:update"; - public static final String ALERT_CONDITION_CREATE = NAMESPACE + "alert_condition:create"; - public static final String ALERT_CONDITION_DELETE = NAMESPACE + "alert_condition:delete"; - public static final String ALERT_CONDITION_UPDATE = NAMESPACE + "alert_condition:update"; - public static final String ALERT_RECEIVER_CREATE = NAMESPACE + "alert_receiver:create"; - public static final String ALERT_RECEIVER_DELETE = NAMESPACE + "alert_receiver:delete"; - public static final String ALERT_RECEIVER_UPDATE = NAMESPACE + "alert_receiver:update"; - public static final String AUTHENTICATION_PROVIDER_CONFIGURATION_UPDATE = NAMESPACE + "authentication_provider_configuration:update"; - public static final String BLACKLIST_FILTER_CREATE = NAMESPACE + "blacklist_filter:create"; - public static final String BLACKLIST_FILTER_DELETE = NAMESPACE + "blacklist_filter:delete"; - public static final String BLACKLIST_FILTER_UPDATE = NAMESPACE + "blacklist_filter:update"; - public static final String CLUSTER_CONFIGURATION_CREATE = NAMESPACE + "cluster_configuration:create"; - public static final String CLUSTER_CONFIGURATION_DELETE = NAMESPACE + "cluster_configuration:delete"; - public static final String CLUSTER_CONFIGURATION_UPDATE = NAMESPACE + "cluster_configuration:update"; - public static final String CONTENT_PACK_APPLY = NAMESPACE + "content_pack:apply"; - public static final String CONTENT_PACK_CREATE = NAMESPACE + "content_pack:create"; - public static final String CONTENT_PACK_DELETE = NAMESPACE + "content_pack:delete"; - public static final String CONTENT_PACK_EXPORT = NAMESPACE + "content_pack:export"; - public static final String CONTENT_PACK_UPDATE = NAMESPACE + "content_pack:update"; - public static final String DASHBOARD_CREATE = NAMESPACE + "dashboard:create"; - public static final String DASHBOARD_DELETE = NAMESPACE + "dashboard:delete"; - public static final String DASHBOARD_UPDATE = NAMESPACE + "dashboard:update"; - public static final String DASHBOARD_WIDGET_CREATE = NAMESPACE + "dashboard_widget:create"; - public static final String DASHBOARD_WIDGET_DELETE = NAMESPACE + "dashboard_widget:delete"; - public static final String DASHBOARD_WIDGET_POSITIONS_UPDATE = NAMESPACE + "dashboard_widget_positions:update"; - public static final String DASHBOARD_WIDGET_UPDATE = NAMESPACE + "dashboard_widget:update"; - public static final String ES_INDEX_CLOSE = NAMESPACE + "es_index:close"; - public static final String ES_INDEX_CREATE = NAMESPACE + "es_index:create"; - public static final String ES_INDEX_DELETE = NAMESPACE + "es_index:delete"; - public static final String ES_INDEX_OPEN = NAMESPACE + "es_index:open"; - public static final String ES_INDEX_RANGE_CREATE = NAMESPACE + "es_index_range:create"; - public static final String ES_INDEX_RANGE_DELETE = NAMESPACE + "es_index_range:delete"; - public static final String ES_INDEX_RANGE_UPDATE = NAMESPACE + "es_index_range:update"; - public static final String ES_INDEX_RETENTION_COMPLETE = NAMESPACE + "es_index_retention:complete"; - public static final String ES_INDEX_RETENTION_INITIATE = NAMESPACE + "es_index_retention:initiate"; - public static final String ES_INDEX_RETENTION_STRATEGY_UPDATE = NAMESPACE + "es_index_retention_strategy:update"; - public static final String ES_INDEX_ROTATION_COMPLETE = NAMESPACE + "es_index_rotation:complete"; - public static final String ES_INDEX_ROTATION_INITIATE = NAMESPACE + "es_index_rotation:initiate"; - public static final String ES_INDEX_ROTATION_STRATEGY_UPDATE = NAMESPACE + "es_index_rotation_strategy:update"; - public static final String ES_WRITE_INDEX_UPDATE = NAMESPACE + "es_write_index:update"; - public static final String EXTRACTOR_CREATE = NAMESPACE + "extractor:create"; - public static final String EXTRACTOR_DELETE = NAMESPACE + "extractor:delete"; - public static final String EXTRACTOR_EXPORT = NAMESPACE + "extractor:export"; - public static final String EXTRACTOR_IMPORT = NAMESPACE + "extractor:import"; - public static final String EXTRACTOR_ORDER_UPDATE = NAMESPACE + "extractor_order:update"; - public static final String EXTRACTOR_UPDATE = NAMESPACE + "extractor:update"; - public static final String GETTING_STARTED_GUIDE_OPT_OUT_CREATE = NAMESPACE + "getting_started_guide_opt_out:create"; - public static final String GROK_PATTERN_CREATE = NAMESPACE + "grok_pattern:create"; - public static final String GROK_PATTERN_DELETE = NAMESPACE + "grok_pattern:delete"; - public static final String GROK_PATTERN_EXPORT = NAMESPACE + "grok_pattern:export"; - public static final String GROK_PATTERN_IMPORT = NAMESPACE + "grok_pattern:import"; - public static final String GROK_PATTERN_UPDATE = NAMESPACE + "grok_pattern:update"; - public static final String LDAP_CONFIGURATION_CREATE = NAMESPACE + "ldap_configuration:create"; - public static final String LDAP_CONFIGURATION_DELETE = NAMESPACE + "ldap_configuration:delete"; - public static final String LDAP_CONFIGURATION_UPDATE = NAMESPACE + "ldap_configuration:update"; - public static final String LDAP_GROUP_MAPPING_CREATE = NAMESPACE + "ldap_group_mapping:create"; - public static final String LDAP_GROUP_MAPPING_DELETE = NAMESPACE + "ldap_group_mapping:delete"; - public static final String LDAP_GROUP_MAPPING_UPDATE = NAMESPACE + "ldap_group_mapping:update"; - public static final String LOAD_BALANCER_STATUS_UPDATE = NAMESPACE + "load_balancer_status:update"; - public static final String LOG_LEVEL_UPDATE = NAMESPACE + "log_level:update"; - public static final String MESSAGE_DECORATOR_CREATE = NAMESPACE + "message_decorator:create"; - public static final String MESSAGE_DECORATOR_DELETE = NAMESPACE + "message_decorator:delete"; - public static final String MESSAGE_DECORATOR_UPDATE = NAMESPACE + "message_decorator:update"; - public static final String MESSAGE_INPUT_CREATE = NAMESPACE + "message_input:create"; - public static final String MESSAGE_INPUT_DELETE = NAMESPACE + "message_input:delete"; - public static final String MESSAGE_INPUT_START = NAMESPACE + "message_input:start"; - public static final String MESSAGE_INPUT_STOP = NAMESPACE + "message_input:stop"; - public static final String MESSAGE_INPUT_UPDATE = NAMESPACE + "message_input:update"; - public static final String MESSAGE_OUTPUT_CREATE = NAMESPACE + "message_output:create"; - public static final String MESSAGE_OUTPUT_DELETE = NAMESPACE + "message_output:delete"; - public static final String MESSAGE_OUTPUT_START = NAMESPACE + "message_output:start"; - public static final String MESSAGE_OUTPUT_STOP = NAMESPACE + "message_output:stop"; - public static final String MESSAGE_OUTPUT_UPDATE = NAMESPACE + "message_output:update"; - public static final String MESSAGE_PROCESSING_LOCK = NAMESPACE + "message_processing:lock"; - public static final String MESSAGE_PROCESSING_START = NAMESPACE + "message_processing:start"; - public static final String MESSAGE_PROCESSING_STOP = NAMESPACE + "message_processing:stop"; - public static final String MESSAGE_PROCESSING_UNLOCK = NAMESPACE + "message_processing:unlock"; - public static final String MESSAGE_PROCESSOR_CONFIGURATION_UPDATE = NAMESPACE + "message_processor_configuration:update"; - public static final String NODE_SHUTDOWN_COMPLETE = NAMESPACE + "node_shutdown:complete"; - public static final String NODE_SHUTDOWN_INITIATE = NAMESPACE + "node_shutdown:initiate"; - public static final String NODE_STARTUP_COMPLETE = NAMESPACE + "node_startup:complete"; - public static final String NODE_STARTUP_INITIATE = NAMESPACE + "node_startup:initiate"; - public static final String ROLE_CREATE = NAMESPACE + "role:create"; - public static final String ROLE_DELETE = NAMESPACE + "role:delete"; - public static final String ROLE_MEMBERSHIP_DELETE = NAMESPACE + "role_membership:delete"; - public static final String ROLE_MEMBERSHIP_UPDATE = NAMESPACE + "role_membership:update"; - public static final String ROLE_UPDATE = NAMESPACE + "role:update"; - public static final String SAVED_SEARCH_CREATE = NAMESPACE + "saved_search:create"; - public static final String SAVED_SEARCH_DELETE = NAMESPACE + "saved_search:delete"; - public static final String SAVED_SEARCH_UPDATE = NAMESPACE + "saved_search:update"; - public static final String SESSION_CREATE = NAMESPACE + "session:create"; - public static final String SESSION_DELETE = NAMESPACE + "session:delete"; - public static final String SESSION_UPDATE = NAMESPACE + "session:update"; - public static final String STATIC_FIELD_CREATE = NAMESPACE + "static_field:create"; - public static final String STATIC_FIELD_DELETE = NAMESPACE + "static_field:delete"; - public static final String STATIC_FIELD_UPDATE = NAMESPACE + "static_field:update"; - public static final String STREAM_CREATE = NAMESPACE + "stream:create"; - public static final String STREAM_DELETE = NAMESPACE + "stream:delete"; - public static final String STREAM_OUTPUT_ASSIGNMENT_CREATE = NAMESPACE + "stream_output_assignment:create"; - public static final String STREAM_OUTPUT_ASSIGNMENT_DELETE = NAMESPACE + "stream_output_assignment:delete"; - public static final String STREAM_RULE_CREATE = NAMESPACE + "stream_rule:create"; - public static final String STREAM_RULE_DELETE = NAMESPACE + "stream_rule:delete"; - public static final String STREAM_RULE_UPDATE = NAMESPACE + "stream_rule:update"; - public static final String STREAM_START = NAMESPACE + "stream:start"; - public static final String STREAM_STOP = NAMESPACE + "stream:stop"; - public static final String STREAM_UPDATE = NAMESPACE + "stream:update"; - public static final String SYSTEM_JOB_START = NAMESPACE + "system_job:start"; - public static final String SYSTEM_JOB_STOP = NAMESPACE + "system_job:stop"; - public static final String SYSTEM_NOTIFICATION_CREATE = NAMESPACE + "system_notification:create"; - public static final String SYSTEM_NOTIFICATION_DELETE = NAMESPACE + "system_notification:delete"; - public static final String USER_ACCESS_TOKEN_CREATE = NAMESPACE + "user_access_token:create"; - public static final String USER_ACCESS_TOKEN_DELETE = NAMESPACE + "user_access_token:delete"; - public static final String USER_ACCESS_TOKEN_UPDATE = NAMESPACE + "user_access_token:update"; - public static final String USER_CREATE = NAMESPACE + "user:create"; - public static final String USER_DELETE = NAMESPACE + "user:delete"; - public static final String USER_PASSWORD_UPDATE = NAMESPACE + "user_password:update"; - public static final String USER_PERMISSIONS_UPDATE = NAMESPACE + "user_permissions:update"; - public static final String USER_PERMISSIONS_DELETE = NAMESPACE + "user_permissions:delete"; - public static final String USER_PREFERENCES_UPDATE = NAMESPACE + "user_preferences:update"; - public static final String USER_UPDATE = NAMESPACE + "user:update"; + public static final String ALARM_CALLBACK_CREATE = PREFIX + "alarm_callback:create"; + public static final String ALARM_CALLBACK_DELETE = PREFIX + "alarm_callback:delete"; + public static final String ALARM_CALLBACK_UPDATE = PREFIX + "alarm_callback:update"; + public static final String ALERT_CONDITION_CREATE = PREFIX + "alert_condition:create"; + public static final String ALERT_CONDITION_DELETE = PREFIX + "alert_condition:delete"; + public static final String ALERT_CONDITION_UPDATE = PREFIX + "alert_condition:update"; + public static final String ALERT_RECEIVER_CREATE = PREFIX + "alert_receiver:create"; + public static final String ALERT_RECEIVER_DELETE = PREFIX + "alert_receiver:delete"; + public static final String ALERT_RECEIVER_UPDATE = PREFIX + "alert_receiver:update"; + public static final String AUTHENTICATION_PROVIDER_CONFIGURATION_UPDATE = PREFIX + "authentication_provider_configuration:update"; + public static final String BLACKLIST_FILTER_CREATE = PREFIX + "blacklist_filter:create"; + public static final String BLACKLIST_FILTER_DELETE = PREFIX + "blacklist_filter:delete"; + public static final String BLACKLIST_FILTER_UPDATE = PREFIX + "blacklist_filter:update"; + public static final String CLUSTER_CONFIGURATION_CREATE = PREFIX + "cluster_configuration:create"; + public static final String CLUSTER_CONFIGURATION_DELETE = PREFIX + "cluster_configuration:delete"; + public static final String CLUSTER_CONFIGURATION_UPDATE = PREFIX + "cluster_configuration:update"; + public static final String CONTENT_PACK_APPLY = PREFIX + "content_pack:apply"; + public static final String CONTENT_PACK_CREATE = PREFIX + "content_pack:create"; + public static final String CONTENT_PACK_DELETE = PREFIX + "content_pack:delete"; + public static final String CONTENT_PACK_EXPORT = PREFIX + "content_pack:export"; + public static final String CONTENT_PACK_UPDATE = PREFIX + "content_pack:update"; + public static final String DASHBOARD_CREATE = PREFIX + "dashboard:create"; + public static final String DASHBOARD_DELETE = PREFIX + "dashboard:delete"; + public static final String DASHBOARD_UPDATE = PREFIX + "dashboard:update"; + public static final String DASHBOARD_WIDGET_CREATE = PREFIX + "dashboard_widget:create"; + public static final String DASHBOARD_WIDGET_DELETE = PREFIX + "dashboard_widget:delete"; + public static final String DASHBOARD_WIDGET_POSITIONS_UPDATE = PREFIX + "dashboard_widget_positions:update"; + public static final String DASHBOARD_WIDGET_UPDATE = PREFIX + "dashboard_widget:update"; + public static final String ES_INDEX_CLOSE = PREFIX + "es_index:close"; + public static final String ES_INDEX_CREATE = PREFIX + "es_index:create"; + public static final String ES_INDEX_DELETE = PREFIX + "es_index:delete"; + public static final String ES_INDEX_OPEN = PREFIX + "es_index:open"; + public static final String ES_INDEX_RANGE_CREATE = PREFIX + "es_index_range:create"; + public static final String ES_INDEX_RANGE_DELETE = PREFIX + "es_index_range:delete"; + public static final String ES_INDEX_RANGE_UPDATE_JOB = PREFIX + "es_index_range_update_job:start"; + public static final String ES_INDEX_RETENTION_COMPLETE = PREFIX + "es_index_retention:complete"; + public static final String ES_INDEX_RETENTION_INITIATE = PREFIX + "es_index_retention:initiate"; + public static final String ES_INDEX_RETENTION_STRATEGY_UPDATE = PREFIX + "es_index_retention_strategy:update"; + public static final String ES_INDEX_ROTATION_COMPLETE = PREFIX + "es_index_rotation:complete"; + public static final String ES_INDEX_ROTATION_INITIATE = PREFIX + "es_index_rotation:initiate"; + public static final String ES_INDEX_ROTATION_STRATEGY_UPDATE = PREFIX + "es_index_rotation_strategy:update"; + public static final String ES_WRITE_INDEX_UPDATE = PREFIX + "es_write_index:update"; + public static final String ES_WRITE_INDEX_UPDATE_JOB_START = PREFIX + "es_write_index_update_job:start"; + public static final String EXTRACTOR_CREATE = PREFIX + "extractor:create"; + public static final String EXTRACTOR_DELETE = PREFIX + "extractor:delete"; + public static final String EXTRACTOR_ORDER_UPDATE = PREFIX + "extractor_order:update"; + public static final String EXTRACTOR_UPDATE = PREFIX + "extractor:update"; + public static final String GETTING_STARTED_GUIDE_OPT_OUT_CREATE = PREFIX + "getting_started_guide_opt_out:create"; + public static final String GROK_PATTERN_CREATE = PREFIX + "grok_pattern:create"; + public static final String GROK_PATTERN_DELETE = PREFIX + "grok_pattern:delete"; + public static final String GROK_PATTERN_IMPORT_CREATE = PREFIX + "grok_pattern_import:create"; + public static final String GROK_PATTERN_UPDATE = PREFIX + "grok_pattern:update"; + public static final String LDAP_CONFIGURATION_DELETE = PREFIX + "ldap_configuration:delete"; + public static final String LDAP_CONFIGURATION_UPDATE = PREFIX + "ldap_configuration:update"; + public static final String LDAP_GROUP_MAPPING_UPDATE = PREFIX + "ldap_group_mapping:update"; + public static final String LOAD_BALANCER_STATUS_UPDATE = PREFIX + "load_balancer_status:update"; + public static final String LOG_LEVEL_UPDATE = PREFIX + "log_level:update"; + public static final String MESSAGE_DECORATOR_CREATE = PREFIX + "message_decorator:create"; + public static final String MESSAGE_DECORATOR_DELETE = PREFIX + "message_decorator:delete"; + public static final String MESSAGE_DECORATOR_UPDATE = PREFIX + "message_decorator:update"; + public static final String MESSAGE_INPUT_CREATE = PREFIX + "message_input:create"; + public static final String MESSAGE_INPUT_DELETE = PREFIX + "message_input:delete"; + public static final String MESSAGE_INPUT_START = PREFIX + "message_input:start"; + public static final String MESSAGE_INPUT_STOP = PREFIX + "message_input:stop"; + public static final String MESSAGE_INPUT_UPDATE = PREFIX + "message_input:update"; + public static final String MESSAGE_OUTPUT_CREATE = PREFIX + "message_output:create"; + public static final String MESSAGE_OUTPUT_DELETE = PREFIX + "message_output:delete"; + public static final String MESSAGE_OUTPUT_START = PREFIX + "message_output:start"; + public static final String MESSAGE_OUTPUT_STOP = PREFIX + "message_output:stop"; + public static final String MESSAGE_OUTPUT_UPDATE = PREFIX + "message_output:update"; + public static final String MESSAGE_PROCESSING_LOCK = PREFIX + "message_processing:lock"; + public static final String MESSAGE_PROCESSING_START = PREFIX + "message_processing:start"; + public static final String MESSAGE_PROCESSING_STOP = PREFIX + "message_processing:stop"; + public static final String MESSAGE_PROCESSING_UNLOCK = PREFIX + "message_processing:unlock"; + public static final String MESSAGE_PROCESSOR_CONFIGURATION_UPDATE = PREFIX + "message_processor_configuration:update"; + public static final String NODE_SHUTDOWN_COMPLETE = PREFIX + "node_shutdown:complete"; + public static final String NODE_SHUTDOWN_INITIATE = PREFIX + "node_shutdown:initiate"; + public static final String NODE_STARTUP_COMPLETE = PREFIX + "node_startup:complete"; + public static final String NODE_STARTUP_INITIATE = PREFIX + "node_startup:initiate"; + public static final String ROLE_CREATE = PREFIX + "role:create"; + public static final String ROLE_DELETE = PREFIX + "role:delete"; + public static final String ROLE_MEMBERSHIP_DELETE = PREFIX + "role_membership:delete"; + public static final String ROLE_MEMBERSHIP_UPDATE = PREFIX + "role_membership:update"; + public static final String ROLE_UPDATE = PREFIX + "role:update"; + public static final String SAVED_SEARCH_CREATE = PREFIX + "saved_search:create"; + public static final String SAVED_SEARCH_DELETE = PREFIX + "saved_search:delete"; + public static final String SAVED_SEARCH_UPDATE = PREFIX + "saved_search:update"; + public static final String SESSION_CREATE = PREFIX + "session:create"; + public static final String SESSION_DELETE = PREFIX + "session:delete"; + public static final String STATIC_FIELD_CREATE = PREFIX + "static_field:create"; + public static final String STATIC_FIELD_DELETE = PREFIX + "static_field:delete"; + public static final String STREAM_CREATE = PREFIX + "stream:create"; + public static final String STREAM_DELETE = PREFIX + "stream:delete"; + public static final String STREAM_OUTPUT_ASSIGNMENT_CREATE = PREFIX + "stream_output_assignment:create"; + public static final String STREAM_OUTPUT_ASSIGNMENT_DELETE = PREFIX + "stream_output_assignment:delete"; + public static final String STREAM_RULE_CREATE = PREFIX + "stream_rule:create"; + public static final String STREAM_RULE_DELETE = PREFIX + "stream_rule:delete"; + public static final String STREAM_RULE_UPDATE = PREFIX + "stream_rule:update"; + public static final String STREAM_START = PREFIX + "stream:start"; + public static final String STREAM_STOP = PREFIX + "stream:stop"; + public static final String STREAM_UPDATE = PREFIX + "stream:update"; + public static final String SYSTEM_JOB_START = PREFIX + "system_job:start"; + public static final String SYSTEM_JOB_STOP = PREFIX + "system_job:stop"; + public static final String SYSTEM_NOTIFICATION_CREATE = PREFIX + "system_notification:create"; + public static final String SYSTEM_NOTIFICATION_DELETE = PREFIX + "system_notification:delete"; + public static final String USER_ACCESS_TOKEN_CREATE = PREFIX + "user_access_token:create"; + public static final String USER_ACCESS_TOKEN_DELETE = PREFIX + "user_access_token:delete"; + public static final String USER_CREATE = PREFIX + "user:create"; + public static final String USER_DELETE = PREFIX + "user:delete"; + public static final String USER_PASSWORD_UPDATE = PREFIX + "user_password:update"; + public static final String USER_PERMISSIONS_UPDATE = PREFIX + "user_permissions:update"; + public static final String USER_PERMISSIONS_DELETE = PREFIX + "user_permissions:delete"; + public static final String USER_PREFERENCES_UPDATE = PREFIX + "user_preferences:update"; + public static final String USER_UPDATE = PREFIX + "user:update"; private static final Set EVENT_TYPES = ImmutableSet.builder() .add(ALARM_CALLBACK_CREATE) @@ -181,7 +174,7 @@ public class AuditEventTypes implements PluginAuditEventTypes { .add(ES_INDEX_OPEN) .add(ES_INDEX_RANGE_CREATE) .add(ES_INDEX_RANGE_DELETE) - .add(ES_INDEX_RANGE_UPDATE) + .add(ES_INDEX_RANGE_UPDATE_JOB) .add(ES_INDEX_RETENTION_COMPLETE) .add(ES_INDEX_RETENTION_INITIATE) .add(ES_INDEX_RETENTION_STRATEGY_UPDATE) @@ -189,23 +182,18 @@ public class AuditEventTypes implements PluginAuditEventTypes { .add(ES_INDEX_ROTATION_INITIATE) .add(ES_INDEX_ROTATION_STRATEGY_UPDATE) .add(ES_WRITE_INDEX_UPDATE) + .add(ES_WRITE_INDEX_UPDATE_JOB_START) .add(EXTRACTOR_CREATE) .add(EXTRACTOR_DELETE) - .add(EXTRACTOR_EXPORT) - .add(EXTRACTOR_IMPORT) .add(EXTRACTOR_ORDER_UPDATE) .add(EXTRACTOR_UPDATE) .add(GETTING_STARTED_GUIDE_OPT_OUT_CREATE) .add(GROK_PATTERN_CREATE) .add(GROK_PATTERN_DELETE) - .add(GROK_PATTERN_EXPORT) - .add(GROK_PATTERN_IMPORT) + .add(GROK_PATTERN_IMPORT_CREATE) .add(GROK_PATTERN_UPDATE) - .add(LDAP_CONFIGURATION_CREATE) .add(LDAP_CONFIGURATION_DELETE) .add(LDAP_CONFIGURATION_UPDATE) - .add(LDAP_GROUP_MAPPING_CREATE) - .add(LDAP_GROUP_MAPPING_DELETE) .add(LDAP_GROUP_MAPPING_UPDATE) .add(LOAD_BALANCER_STATUS_UPDATE) .add(LOG_LEVEL_UPDATE) @@ -241,10 +229,8 @@ public class AuditEventTypes implements PluginAuditEventTypes { .add(SAVED_SEARCH_UPDATE) .add(SESSION_CREATE) .add(SESSION_DELETE) - .add(SESSION_UPDATE) .add(STATIC_FIELD_CREATE) .add(STATIC_FIELD_DELETE) - .add(STATIC_FIELD_UPDATE) .add(STREAM_CREATE) .add(STREAM_DELETE) .add(STREAM_OUTPUT_ASSIGNMENT_CREATE) @@ -261,7 +247,6 @@ public class AuditEventTypes implements PluginAuditEventTypes { .add(SYSTEM_NOTIFICATION_DELETE) .add(USER_ACCESS_TOKEN_CREATE) .add(USER_ACCESS_TOKEN_DELETE) - .add(USER_ACCESS_TOKEN_UPDATE) .add(USER_CREATE) .add(USER_DELETE) .add(USER_PASSWORD_UPDATE) diff --git a/graylog2-server/src/main/java/org/graylog2/audit/formatter/FormattedAuditEvent.java b/graylog2-server/src/main/java/org/graylog2/audit/formatter/FormattedAuditEvent.java index e86b088165c0..465d14a789e0 100644 --- a/graylog2-server/src/main/java/org/graylog2/audit/formatter/FormattedAuditEvent.java +++ b/graylog2-server/src/main/java/org/graylog2/audit/formatter/FormattedAuditEvent.java @@ -29,7 +29,7 @@ public interface FormattedAuditEvent { * Examples: * * {@code urn:graylog:user:jane} - * {@code urn:graylog:server:28164cbe-4ad9-4c9c-a76e-088655aa7889} + * {@code urn:graylog:node:28164cbe-4ad9-4c9c-a76e-088655aa7889} * * @return the actor URN */ diff --git a/graylog2-server/src/main/java/org/graylog2/bootstrap/ServerBootstrap.java b/graylog2-server/src/main/java/org/graylog2/bootstrap/ServerBootstrap.java index 768a5b4415ed..0412edf23f19 100644 --- a/graylog2-server/src/main/java/org/graylog2/bootstrap/ServerBootstrap.java +++ b/graylog2-server/src/main/java/org/graylog2/bootstrap/ServerBootstrap.java @@ -98,8 +98,9 @@ protected void startCommand() { final AuditEventSender auditEventSender = injector.getInstance(AuditEventSender.class); final NodeId nodeId = injector.getInstance(NodeId.class); final Map auditEventContext = ImmutableMap.of( - "version", version, - "java", Tools.getSystemInformation() + "version", version.toString(), + "java", Tools.getSystemInformation(), + "node_id", nodeId.toString() ); auditEventSender.success(AuditActor.system(nodeId), NODE_STARTUP_INITIATE, auditEventContext); diff --git a/graylog2-server/src/main/java/org/graylog2/indexer/Deflector.java b/graylog2-server/src/main/java/org/graylog2/indexer/Deflector.java index aecc8b34b434..47a4603da19c 100644 --- a/graylog2-server/src/main/java/org/graylog2/indexer/Deflector.java +++ b/graylog2-server/src/main/java/org/graylog2/indexer/Deflector.java @@ -17,14 +17,18 @@ package org.graylog2.indexer; import com.google.common.collect.ComparisonChain; +import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSortedSet; import org.elasticsearch.cluster.health.ClusterHealthStatus; import org.elasticsearch.indices.InvalidAliasNameException; +import org.graylog2.audit.AuditActor; +import org.graylog2.audit.AuditEventSender; import org.graylog2.indexer.indices.Indices; import org.graylog2.indexer.indices.TooManyAliasesException; import org.graylog2.indexer.indices.jobs.SetIndexReadOnlyAndCalculateRangeJob; import org.graylog2.indexer.ranges.IndexRange; import org.graylog2.indexer.ranges.IndexRangeService; +import org.graylog2.plugin.system.NodeId; import org.graylog2.shared.system.activities.Activity; import org.graylog2.shared.system.activities.ActivityWriter; import org.graylog2.system.jobs.SystemJob; @@ -46,6 +50,7 @@ import java.util.stream.Collectors; import static com.google.common.base.Strings.isNullOrEmpty; +import static org.graylog2.audit.AuditEventTypes.ES_WRITE_INDEX_UPDATE; /** * Format of actual indexes behind the Deflector: @@ -70,6 +75,8 @@ public class Deflector { // extends Ablenkblech private final Indices indices; private final Pattern deflectorIndexPattern; private final Pattern indexPattern; + private final AuditEventSender auditEventSender; + private final NodeId nodeId; private final SetIndexReadOnlyAndCalculateRangeJob.Factory setIndexReadOnlyAndCalculateRangeJobFactory; @Inject @@ -78,12 +85,16 @@ public Deflector(final SystemJobManager systemJobManager, final ActivityWriter activityWriter, final Indices indices, final IndexRangeService indexRangeService, + final AuditEventSender auditEventSender, + final NodeId nodeId, final SetIndexReadOnlyAndCalculateRangeJob.Factory setIndexReadOnlyAndCalculateRangeJobFactory) { this.indexPrefix = indexPrefix; this.systemJobManager = systemJobManager; this.activityWriter = activityWriter; this.indexRangeService = indexRangeService; + this.auditEventSender = auditEventSender; + this.nodeId = nodeId; this.setIndexReadOnlyAndCalculateRangeJobFactory = setIndexReadOnlyAndCalculateRangeJobFactory; this.deflectorName = buildName(indexPrefix); @@ -183,6 +194,7 @@ public void cycle() { LOG.info("Done!"); activityWriter.write(activity); + auditEventSender.success(AuditActor.system(nodeId), ES_WRITE_INDEX_UPDATE, ImmutableMap.of("indexName", newTarget)); } private void addDeflectorIndexRange(String newTarget) { diff --git a/graylog2-server/src/main/java/org/graylog2/indexer/indices/Indices.java b/graylog2-server/src/main/java/org/graylog2/indexer/indices/Indices.java index 6a2e6ed3c881..d63d80624207 100644 --- a/graylog2-server/src/main/java/org/graylog2/indexer/indices/Indices.java +++ b/graylog2-server/src/main/java/org/graylog2/indexer/indices/Indices.java @@ -18,6 +18,7 @@ import com.carrotsearch.hppc.cursors.ObjectObjectCursor; import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; import com.google.common.collect.Maps; import com.google.common.collect.Sets; @@ -308,9 +309,9 @@ public boolean create(String indexName, int numShards, int numReplicas, Settings final boolean acknowledged = c.admin().indices().create(cir).actionGet().isAcknowledged(); if (acknowledged) { - auditEventSender.success(AuditActor.system(nodeId), ES_INDEX_CREATE); + auditEventSender.success(AuditActor.system(nodeId), ES_INDEX_CREATE, ImmutableMap.of("indexName", indexName)); } else { - auditEventSender.failure(AuditActor.system(nodeId), ES_INDEX_CREATE); + auditEventSender.failure(AuditActor.system(nodeId), ES_INDEX_CREATE, ImmutableMap.of("indexName", indexName)); } return acknowledged; } diff --git a/graylog2-server/src/main/java/org/graylog2/rest/resources/cluster/ClusterDeflectorResource.java b/graylog2-server/src/main/java/org/graylog2/rest/resources/cluster/ClusterDeflectorResource.java index 5defeac33ef7..f937272dbadd 100644 --- a/graylog2-server/src/main/java/org/graylog2/rest/resources/cluster/ClusterDeflectorResource.java +++ b/graylog2-server/src/main/java/org/graylog2/rest/resources/cluster/ClusterDeflectorResource.java @@ -20,8 +20,7 @@ import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import org.apache.shiro.authz.annotation.RequiresAuthentication; -import org.graylog2.audit.AuditEventTypes; -import org.graylog2.audit.jersey.AuditEvent; +import org.graylog2.audit.jersey.NoAuditEvent; import org.graylog2.cluster.Node; import org.graylog2.cluster.NodeService; import org.graylog2.rest.RemoteInterfaceProvider; @@ -57,7 +56,7 @@ public ClusterDeflectorResource(@Context HttpHeaders httpHeaders, @Timed @ApiOperation(value = "Finds master node and triggers deflector cycle") @Path("/cycle") - @AuditEvent(type = AuditEventTypes.ES_WRITE_INDEX_UPDATE) + @NoAuditEvent("this is a proxy resource, the event will be triggered on the individual nodes") public void cycle() throws IOException { final Optional master = nodeService.allActive().values().stream().filter(Node::isMaster).findFirst(); if (!master.isPresent()) { diff --git a/graylog2-server/src/main/java/org/graylog2/rest/resources/cluster/ClusterLoadBalancerStatusResource.java b/graylog2-server/src/main/java/org/graylog2/rest/resources/cluster/ClusterLoadBalancerStatusResource.java index f386776f9dba..ba1254a68fbd 100644 --- a/graylog2-server/src/main/java/org/graylog2/rest/resources/cluster/ClusterLoadBalancerStatusResource.java +++ b/graylog2-server/src/main/java/org/graylog2/rest/resources/cluster/ClusterLoadBalancerStatusResource.java @@ -23,8 +23,7 @@ import io.swagger.annotations.ApiParam; import org.apache.shiro.authz.annotation.RequiresAuthentication; import org.apache.shiro.authz.annotation.RequiresPermissions; -import org.graylog2.audit.AuditEventTypes; -import org.graylog2.audit.jersey.AuditEvent; +import org.graylog2.audit.jersey.NoAuditEvent; import org.graylog2.cluster.Node; import org.graylog2.cluster.NodeNotFoundException; import org.graylog2.cluster.NodeService; @@ -70,7 +69,7 @@ public ClusterLoadBalancerStatusResource(NodeService nodeService, @ApiOperation(value = "Override load balancer status of this graylog-server node. Next lifecycle " + "change will override it again to its default. Set to ALIVE, DEAD, or THROTTLED.") @Path("/override/{status}") - @AuditEvent(type = AuditEventTypes.LOAD_BALANCER_STATUS_UPDATE) + @NoAuditEvent("this is a proxy resource, the audit event will be emitted on the target node") public void override(@ApiParam(name = "nodeId", value = "The id of the node whose LB status will be changed", required = true) @PathParam("nodeId") String nodeId, @ApiParam(name = "status") @PathParam("status") String status) throws IOException, NodeNotFoundException { diff --git a/graylog2-server/src/main/java/org/graylog2/rest/resources/cluster/ClusterLoggersResource.java b/graylog2-server/src/main/java/org/graylog2/rest/resources/cluster/ClusterLoggersResource.java index ccbfe40f5d69..371e9674f323 100644 --- a/graylog2-server/src/main/java/org/graylog2/rest/resources/cluster/ClusterLoggersResource.java +++ b/graylog2-server/src/main/java/org/graylog2/rest/resources/cluster/ClusterLoggersResource.java @@ -23,8 +23,7 @@ import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponses; import org.apache.shiro.authz.annotation.RequiresAuthentication; -import org.graylog2.audit.AuditEventTypes; -import org.graylog2.audit.jersey.AuditEvent; +import org.graylog2.audit.jersey.NoAuditEvent; import org.graylog2.cluster.Node; import org.graylog2.cluster.NodeNotFoundException; import org.graylog2.cluster.NodeService; @@ -84,7 +83,7 @@ public Map> subsystems() { @ApiResponses(value = { @ApiResponse(code = 404, message = "No such subsystem.") }) - @AuditEvent(type = AuditEventTypes.LOG_LEVEL_UPDATE) + @NoAuditEvent("proxy resource, audit event will be emitted on target nodes") public void setSubsystemLoggerLevel( @ApiParam(name = "nodeId", required = true) @PathParam("nodeId") @NotEmpty String nodeId, @ApiParam(name = "subsystem", required = true) @PathParam("subsystem") @NotEmpty String subsystemTitle, diff --git a/graylog2-server/src/main/java/org/graylog2/rest/resources/cluster/ClusterSystemProcessingResource.java b/graylog2-server/src/main/java/org/graylog2/rest/resources/cluster/ClusterSystemProcessingResource.java index aa937a34c42b..e1d046c100c2 100644 --- a/graylog2-server/src/main/java/org/graylog2/rest/resources/cluster/ClusterSystemProcessingResource.java +++ b/graylog2-server/src/main/java/org/graylog2/rest/resources/cluster/ClusterSystemProcessingResource.java @@ -22,8 +22,7 @@ import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiParam; import org.apache.shiro.authz.annotation.RequiresAuthentication; -import org.graylog2.audit.AuditEventTypes; -import org.graylog2.audit.jersey.AuditEvent; +import org.graylog2.audit.jersey.NoAuditEvent; import org.graylog2.cluster.Node; import org.graylog2.cluster.NodeNotFoundException; import org.graylog2.cluster.NodeService; @@ -75,7 +74,7 @@ private RemoteSystemProcessingResource getRemoteSystemProcessingResource(String notes = "If the message journal is enabled, incoming messages will be spooled on disk, if it is disabled, " + "you might lose messages from inputs which cannot buffer themselves, like AMQP or Kafka-based inputs.") @Path("pause") - @AuditEvent(type = AuditEventTypes.MESSAGE_PROCESSING_STOP) + @NoAuditEvent("proxy resource, audit event will be emitted on target node") public void pause(@ApiParam(name = "nodeId", value = "The id of the node where processing will be paused.", required = true) @PathParam("nodeId") String nodeId) throws IOException, NodeNotFoundException { final Response response = this.getRemoteSystemProcessingResource(nodeId).pause().execute(); @@ -89,7 +88,7 @@ public void pause(@ApiParam(name = "nodeId", value = "The id of the node where p @Timed @ApiOperation(value = "Resume message processing on node") @Path("resume") - @AuditEvent(type = AuditEventTypes.MESSAGE_PROCESSING_START) + @NoAuditEvent("proxy resource, audit event will be emitted on target node") public void resume(@ApiParam(name = "nodeId", value = "The id of the node where processing will be resumed.", required = true) @PathParam("nodeId") String nodeId) throws IOException, NodeNotFoundException { final Response response = this.getRemoteSystemProcessingResource(nodeId).resume().execute(); diff --git a/graylog2-server/src/main/java/org/graylog2/rest/resources/search/SavedSearchesResource.java b/graylog2-server/src/main/java/org/graylog2/rest/resources/search/SavedSearchesResource.java index 5234652df704..5438488bb9d4 100644 --- a/graylog2-server/src/main/java/org/graylog2/rest/resources/search/SavedSearchesResource.java +++ b/graylog2-server/src/main/java/org/graylog2/rest/resources/search/SavedSearchesResource.java @@ -93,7 +93,7 @@ public Response create(@ApiParam(name = "JSON body", required = true) .path("{searchId}") .build(id); - return Response.created(searchUri).build(); + return Response.created(searchUri).entity(ImmutableMap.of("search_id", id)).build(); } @GET diff --git a/graylog2-server/src/main/java/org/graylog2/rest/resources/system/DeflectorResource.java b/graylog2-server/src/main/java/org/graylog2/rest/resources/system/DeflectorResource.java index b15d68530d43..7f5c906d838c 100644 --- a/graylog2-server/src/main/java/org/graylog2/rest/resources/system/DeflectorResource.java +++ b/graylog2-server/src/main/java/org/graylog2/rest/resources/system/DeflectorResource.java @@ -87,7 +87,7 @@ public DeflectorSummary deflector() throws TooManyAliasesException { @RequiresPermissions(RestPermissions.DEFLECTOR_CYCLE) @Path("/cycle") @RestrictToMaster - @AuditEvent(type = AuditEventTypes.ES_WRITE_INDEX_UPDATE) + @AuditEvent(type = AuditEventTypes.ES_WRITE_INDEX_UPDATE_JOB_START) public void cycle() { final String msg = "Cycling deflector. Reason: REST request."; LOG.info(msg); diff --git a/graylog2-server/src/main/java/org/graylog2/rest/resources/system/GrokResource.java b/graylog2-server/src/main/java/org/graylog2/rest/resources/system/GrokResource.java index 44cb66a795c0..c233d8ab0c66 100644 --- a/graylog2-server/src/main/java/org/graylog2/rest/resources/system/GrokResource.java +++ b/graylog2-server/src/main/java/org/graylog2/rest/resources/system/GrokResource.java @@ -111,7 +111,7 @@ public Response createPattern(@ApiParam(name = "pattern", required = true) @PUT @Timed @ApiOperation("Add a list of new patterns") - @AuditEvent(type = AuditEventTypes.GROK_PATTERN_IMPORT) + @AuditEvent(type = AuditEventTypes.GROK_PATTERN_IMPORT_CREATE) public Response bulkUpdatePatterns(@ApiParam(name = "patterns", required = true) @NotNull GrokPatternList patternList, @ApiParam(name = "replace", value = "Replace all patterns with the new ones.") @QueryParam("replace") @DefaultValue("false") boolean replace) throws ValidationException { diff --git a/graylog2-server/src/main/java/org/graylog2/rest/resources/system/IndexRangesResource.java b/graylog2-server/src/main/java/org/graylog2/rest/resources/system/IndexRangesResource.java index 5e3fe45343ed..b3845122692b 100644 --- a/graylog2-server/src/main/java/org/graylog2/rest/resources/system/IndexRangesResource.java +++ b/graylog2-server/src/main/java/org/graylog2/rest/resources/system/IndexRangesResource.java @@ -141,7 +141,7 @@ public IndexRangeSummary show( @ApiResponse(code = 202, message = "Rebuild/sync systemjob triggered.") }) @Produces(MediaType.APPLICATION_JSON) - @AuditEvent(type = AuditEventTypes.ES_INDEX_RANGE_UPDATE) + @AuditEvent(type = AuditEventTypes.ES_INDEX_RANGE_UPDATE_JOB) public Response rebuild() { final SystemJob rebuildJob = rebuildIndexRangesJobFactory.create(this.deflector); try { @@ -166,7 +166,7 @@ public Response rebuild() { @ApiResponse(code = 202, message = "Rebuild/sync system job triggered.") }) @Produces(MediaType.APPLICATION_JSON) - @AuditEvent(type = AuditEventTypes.ES_INDEX_RANGE_UPDATE) + @AuditEvent(type = AuditEventTypes.ES_INDEX_RANGE_UPDATE_JOB) public Response rebuildIndex( @ApiParam(name = "index", value = "The name of the Graylog-managed Elasticsearch index", required = true) @PathParam("index") @NotEmpty String index) { diff --git a/graylog2-server/src/main/java/org/graylog2/rest/resources/system/jobs/SystemJobResource.java b/graylog2-server/src/main/java/org/graylog2/rest/resources/system/jobs/SystemJobResource.java index 282e5f064b6e..d061d122e283 100644 --- a/graylog2-server/src/main/java/org/graylog2/rest/resources/system/jobs/SystemJobResource.java +++ b/graylog2-server/src/main/java/org/graylog2/rest/resources/system/jobs/SystemJobResource.java @@ -170,7 +170,7 @@ public Response trigger(@ApiParam(name = "JSON body", required = true) throw new ForbiddenException("Maximum concurrency level of this job reached", e); } - return Response.accepted().build(); + return Response.accepted().entity(ImmutableMap.of("system_job_id", job.getId())).build(); } @DELETE diff --git a/graylog2-server/src/main/java/org/graylog2/rest/resources/users/UsersResource.java b/graylog2-server/src/main/java/org/graylog2/rest/resources/users/UsersResource.java index 196c442b9188..921073ce439a 100644 --- a/graylog2-server/src/main/java/org/graylog2/rest/resources/users/UsersResource.java +++ b/graylog2-server/src/main/java/org/graylog2/rest/resources/users/UsersResource.java @@ -458,7 +458,7 @@ public Token generateNewToken( @AuditEvent(type = AuditEventTypes.USER_ACCESS_TOKEN_DELETE) public void revokeToken( @ApiParam(name = "username", required = true) @PathParam("username") String username, - @ApiParam(name = "access token", required = true) @PathParam("token") String token) { + @ApiParam(name = "token", required = true) @PathParam("token") String token) { final User user = _tokensCheckAndLoadUser(username); final AccessToken accessToken = accessTokenService.load(token); diff --git a/graylog2-server/src/test/java/org/graylog2/audit/AuditActorTest.java b/graylog2-server/src/test/java/org/graylog2/audit/AuditActorTest.java index 4c80de8ed4b0..d7ac46bf7ec3 100644 --- a/graylog2-server/src/test/java/org/graylog2/audit/AuditActorTest.java +++ b/graylog2-server/src/test/java/org/graylog2/audit/AuditActorTest.java @@ -47,7 +47,7 @@ public void testSystem() throws Exception { when(nodeId.toString()).thenReturn("28164cbe-4ad9-4c9c-a76e-088655aa78892"); final AuditActor actor = AuditActor.system(nodeId); - assertThat(actor.urn()).isEqualTo("urn:graylog:server:28164cbe-4ad9-4c9c-a76e-088655aa78892"); + assertThat(actor.urn()).isEqualTo("urn:graylog:node:28164cbe-4ad9-4c9c-a76e-088655aa78892"); } @Test(expected = NullPointerException.class) diff --git a/graylog2-server/src/test/java/org/graylog2/audit/AuditCoverageTest.java b/graylog2-server/src/test/java/org/graylog2/audit/AuditCoverageTest.java index 3884deedaaea..8dd87414074d 100644 --- a/graylog2-server/src/test/java/org/graylog2/audit/AuditCoverageTest.java +++ b/graylog2-server/src/test/java/org/graylog2/audit/AuditCoverageTest.java @@ -85,6 +85,10 @@ public void testAuditEventTypeFormat() throws Exception { final Set auditEventTypes = new AuditEventTypes().auditEventTypes(); for (Field field : fields) { + // Skip public NAMESPACE field, which is meant to identify server audit events + if (field.getName().equals("NAMESPACE")) { + continue; + } String type = ""; try { type = (String) field.get(field.getType().newInstance()); diff --git a/graylog2-server/src/test/java/org/graylog2/indexer/DeflectorTest.java b/graylog2-server/src/test/java/org/graylog2/indexer/DeflectorTest.java index f59a5ba939a7..2f7e8743298f 100644 --- a/graylog2-server/src/test/java/org/graylog2/indexer/DeflectorTest.java +++ b/graylog2-server/src/test/java/org/graylog2/indexer/DeflectorTest.java @@ -22,10 +22,12 @@ import com.google.common.collect.Maps; import com.google.common.collect.Sets; +import org.graylog2.audit.AuditEventSender; import org.graylog2.indexer.indices.Indices; import org.graylog2.indexer.indices.jobs.SetIndexReadOnlyAndCalculateRangeJob; import org.graylog2.indexer.ranges.CreateNewSingleIndexRangeJob; import org.graylog2.indexer.ranges.IndexRangeService; +import org.graylog2.plugin.system.NodeId; import org.graylog2.system.activities.SystemMessageActivityWriter; import org.graylog2.system.jobs.SystemJobManager; import org.junit.Before; @@ -62,6 +64,10 @@ public class DeflectorTest { private SetIndexReadOnlyAndCalculateRangeJob.Factory setIndexReadOnlyAndCalculateRangeJobFactory; @Mock private Indices indices; + @Mock + private AuditEventSender auditEventSender; + @Mock + private NodeId nodeId; private Deflector deflector; @Mock @@ -74,6 +80,8 @@ public void setUp() { activityWriter, indices, indexRangeService, + auditEventSender, + nodeId, setIndexReadOnlyAndCalculateRangeJobFactory); } @@ -185,6 +193,8 @@ public void getNewestTargetNumber() throws NoTargetIndexException { activityWriter, indices, indexRangeService, + auditEventSender, + nodeId, setIndexReadOnlyAndCalculateRangeJobFactory); final int number = deflector.getNewestTargetNumber(); @@ -207,6 +217,8 @@ public void getAllGraylogIndexNames() { activityWriter, indices, indexRangeService, + auditEventSender, + nodeId, setIndexReadOnlyAndCalculateRangeJobFactory); final String[] allGraylogIndexNames = deflector.getAllGraylogIndexNames(); @@ -230,6 +242,8 @@ public void getAllGraylogDeflectorIndices() { activityWriter, indices, indexRangeService, + auditEventSender, + nodeId, setIndexReadOnlyAndCalculateRangeJobFactory); final Map> deflectorIndices = deflector.getAllGraylogDeflectorIndices(); @@ -254,6 +268,8 @@ public void testCleanupAliases() throws Exception { activityWriter, indices, indexRangeService, + auditEventSender, + nodeId, setIndexReadOnlyAndCalculateRangeJobFactory); deflector.cleanupAliases(Sets.newHashSet("graylog_2", "graylog_3", "foobar")); diff --git a/graylog2-server/src/test/java/org/graylog2/indexer/ranges/EsIndexRangeServiceTest.java b/graylog2-server/src/test/java/org/graylog2/indexer/ranges/EsIndexRangeServiceTest.java index 6e4199f61b4d..3d761fc17869 100644 --- a/graylog2-server/src/test/java/org/graylog2/indexer/ranges/EsIndexRangeServiceTest.java +++ b/graylog2-server/src/test/java/org/graylog2/indexer/ranges/EsIndexRangeServiceTest.java @@ -25,6 +25,7 @@ import com.lordofthejars.nosqlunit.elasticsearch2.EmbeddedElasticsearch; import org.elasticsearch.client.Client; import org.elasticsearch.common.settings.Settings; +import org.graylog2.audit.AuditEventSender; import org.graylog2.audit.NullAuditEventSender; import org.graylog2.configuration.ElasticsearchConfiguration; import org.graylog2.database.NotFoundException; @@ -76,6 +77,10 @@ public String getIndexPrefix() { private Indices indices; @Mock private EventBus localEventBus; + @Mock + private AuditEventSender auditEventSender; + @Mock + private NodeId nodeId; private EsIndexRangeService indexRangeService; public EsIndexRangeServiceTest() { @@ -88,7 +93,7 @@ public void setUp() throws Exception { final Messages messages = new Messages(client, ELASTICSEARCH_CONFIGURATION, new MetricRegistry()); indices = new Indices(client, ELASTICSEARCH_CONFIGURATION, new IndexMapping(), messages, mock(NodeId.class), new NullAuditEventSender()); final Deflector deflector = new Deflector(null, ELASTICSEARCH_CONFIGURATION.getIndexPrefix(), new NullActivityWriter(), - indices, null, null); + indices, null, auditEventSender, nodeId, null); indexRangeService = new EsIndexRangeService(client, deflector, localEventBus, new MetricRegistry()); }