Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support audit ignore policy by actions (elastic#67477)
* Support audit ignore policy by index privileges Adding new audit ignore policy - privileges For example, following policy will filter out all events, which actions minimal required privilege is either "read" or "delete": xpack.security.audit.logfile.events.ignore_filters: example: privileges: ["read", "delete"] Resolve: elastic#60877 Related: elastic#10836 Related: elastic#37148 * Support audit ignore policy by index privileges Adding new audit ignore policy - privileges For example, following policy will filter out all events, which actions required privilege is either "read" or "delete": xpack.security.audit.logfile.events.ignore_filters: example: privileges: ["read", "delete"] Resolve: elastic#60877 Related: elastic#10836 Related: elastic#37148 * To avoid ambiguity (as cluster and index policies may have the same name) changing implementation to have to separate policies for `index_privileges` and `cluster_privileges`. If both are set for the same policy, throw the IllegalArgumentException. * To avoid ambiguity (as cluster and index policies may have the same name) changing implementation to have to separate policies for `index_privileges` and `cluster_privileges`. If both are set for the same policy, throw the IllegalArgumentException. * Fixing Api key related privilege check which expects request and authentication by introducing overloaded version of findPrivilegesThatGrant just checking if privileges which can grant the action regardless of the request and authentication context. * Fixing a test; adding a caching mechanism to avoid calling findPrivilegesThatGrant each time. * Support audit ignore policy by index privileges Addressing review feedback * Support audit ignore policy by index privileges Addressing review comments + changing approach: - use permission check instead of simple "checkIfGrants" - adding more testing * Support audit ignore policy by index privileges Addressing review comments + changing approach: - use permission check instead of simple "checkIfGrants" - adding more testing * Support audit ignore policy by index privileges Addressing review comments + changing approach: - use permission check instead of simple "checkIfGrants" - adding more testing * Support audit ignore policy by index privileges Addressing review comments + changing approach: - use permission check instead of simple "checkIfGrants" - adding more testing * Revert "Support audit ignore policy by index privileges" This reverts commit 152821e * Revert "Support audit ignore policy by index privileges" This reverts commit 79649e9 * Revert "Support audit ignore policy by index privileges" This reverts commit 96d22a4 * Revert "Support audit ignore policy by index privileges" This reverts commit 67574b2 * Revert "Support audit ignore policy by index privileges" This reverts commit 35573c8 * Revert "Fixing a test; adding a caching mechanism to avoid calling findPrivilegesThatGrant each time." This reverts commit 7faa52f * Revert "Fixing Api key related privilege check which expects request and authentication by introducing overloaded version of findPrivilegesThatGrant just checking if privileges which can grant the action regardless of the request and authentication context." This reverts commit 72b9aef * Revert "To avoid ambiguity (as cluster and index policies may have the same name) changing implementation to have to separate policies for `index_privileges` and `cluster_privileges`. If both are set for the same policy, throw the IllegalArgumentException." This reverts commit 7dd8fe7 * Revert "To avoid ambiguity (as cluster and index policies may have the same name) changing implementation to have to separate policies for `index_privileges` and `cluster_privileges`. If both are set for the same policy, throw the IllegalArgumentException." This reverts commit cb5bc09 * Revert "Support audit ignore policy by index privileges" This reverts commit a918da1 * Support audit ignore policy by actions Getting back to action filtering * Support audit ignore policy by actions Cleaning up some tests * Support audit ignore policy by actions Cleaning up some tests Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
- Loading branch information