audit log prefix settings no longer valid #36162

inqueue · 2018-12-03T16:34:48Z

Elasticsearch version (bin/elasticsearch --version):

bin/elasticsearch --version                                                                                                                                                                     
Java HotSpot(TM) 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Version: 6.5.1, Build: default/tar/8c58350/2018-11-16T02:22:42.182257Z, JVM: 10.0.2

Description of the problem including expected versus actual behavior:
Audit log prefix settings appear to be no longer valid in 6.5 though it appears according to #34475 they should have only been deprecated. I was not able to find any documented mention of deprecation or removal of prefix settings.

Steps to reproduce:

xpack.security:
  enabled: true
  audit:
    enabled: true
    outputs: logfile
    logfile.prefix.emit_node_host_name: true

Provide logs (if relevant):

[2018-12-03T11:22:33,786][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [Nw_dK3F] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalArgumentException: unknown setting [xpack.security.audit.logfile.prefix.emit_node_host_name] did you mean any of [xpack.security.audit.logfile.emit_node_host_name, xpack.security.audit.logfile.emit_node_name, xpack.security.audit.logfile.emit_node_host_address, xpack.security.audit.logfile.events.emit_request_body, xpack.security.audit.logfile.emit_node_id]?
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:140) ~[elasticsearch-6.5.1.jar:6.5.1]
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127) ~[elasticsearch-6.5.1.jar:6.5.1]
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.5.1.jar:6.5.1]
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.5.1.jar:6.5.1]
	at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.5.1.jar:6.5.1]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.5.1.jar:6.5.1]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86) ~[elasticsearch-6.5.1.jar:6.5.1]
Caused by: java.lang.IllegalArgumentException: unknown setting [xpack.security.audit.logfile.prefix.emit_node_host_name] did you mean any of [xpack.security.audit.logfile.emit_node_host_name, xpack.security.audit.logfile.emit_node_name, xpack.security.audit.logfile.emit_node_host_address, xpack.security.audit.logfile.events.emit_request_body, xpack.security.audit.logfile.emit_node_id]?
	at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:476) ~[elasticsearch-6.5.1.jar:6.5.1]
	at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:421) ~[elasticsearch-6.5.1.jar:6.5.1]
	at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:392) ~[elasticsearch-6.5.1.jar:6.5.1]
	at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:363) ~[elasticsearch-6.5.1.jar:6.5.1]
	at org.elasticsearch.common.settings.SettingsModule.<init>(SettingsModule.java:148) ~[elasticsearch-6.5.1.jar:6.5.1]
	at org.elasticsearch.node.Node.<init>(Node.java:373) ~[elasticsearch-6.5.1.jar:6.5.1]
	at org.elasticsearch.node.Node.<init>(Node.java:265) ~[elasticsearch-6.5.1.jar:6.5.1]
	at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:212) ~[elasticsearch-6.5.1.jar:6.5.1]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.5.1.jar:6.5.1]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.5.1.jar:6.5.1]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.5.1.jar:6.5.1]
	... 6 more

The text was updated successfully, but these errors were encountered:

elasticmachine · 2018-12-03T16:34:50Z

Pinging @elastic/es-security

albertzaharovits · 2018-12-03T17:56:03Z

Hi @inqueue ,

This is a bug due to me botching the deprecation in the PR you have correctly linked. I am working on the fix right now.

I have botched deprecating the "prefix" logfile audit settings in #34475 , by not registering them. This commit fixes it and also adds a test that these deprecated settings are indeed still working and are dynamic. Closes #36162

inqueue added the :Security/Audit X-Pack Audit logging label Dec 3, 2018

albertzaharovits self-assigned this Dec 3, 2018

albertzaharovits mentioned this issue Dec 3, 2018

Fix deprecation of audit log settings #36175

Merged

albertzaharovits closed this as completed Dec 4, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

audit log prefix settings no longer valid #36162

audit log prefix settings no longer valid #36162

inqueue commented Dec 3, 2018

elasticmachine commented Dec 3, 2018

albertzaharovits commented Dec 3, 2018

audit log prefix settings no longer valid #36162

audit log prefix settings no longer valid #36162

Comments

inqueue commented Dec 3, 2018

elasticmachine commented Dec 3, 2018

albertzaharovits commented Dec 3, 2018