audit-log: Only capture API method args when asked #8222

Merged
merged 2 commits into from Dec 14, 2017

Conversation

Projects
None yet
3 participants
Member

babbageclunk commented Dec 14, 2017

Description of change

In general we don't think it will be necessary to save the API method arguments in the audit log (because people using it will be more interested in the client commands), and there's some risk of there being secrets in the log. If audit-log-capture-args=true is specified in the controller config then we still capture them, but by default we don't.

QA steps

Bootstrap with --config="auditing-enabled=true". The request messages in the audit log don't include arguments for the API calls.

Bootstrap with --config="auditing-enabled=true" --config="audit-log-capture-args=true". request messages include serialised JSON method parameters.

apiserver/observer/recorder.go
@@ -16,20 +16,26 @@ import (
// recorders that that will update the observer and the auditlog
// recorder when it records a request or reply. The auditlog recorder
// can be nil.
-func NewRecorderFactory(observerFactory rpc.ObserverFactory, recorder *auditlog.Recorder) rpc.RecorderFactory {
+func NewRecorderFactory(
+ captureArgs bool,
@wallyworld

wallyworld Dec 14, 2017

Owner

Personal preference, but this arg IMO should go to the end of the param list.
So (factory, record, capture)
It looks icky to see callers go NewRecorderFactory(true, factory, recorder)
Also, we should define consts for RecordArgs and NoRecordArgs and use those instead of true/false

@babbageclunk

babbageclunk Dec 14, 2017

Member

Ok, thanks!

apiserver/observer/recorder.go
}
}
}
// combinedRecorder wraps an observer (which might be a multiplexer)
// up with an auditlog recorder into an rpc.Recorder.
type combinedRecorder struct {
- observer rpc.Observer
- recorder *auditlog.Recorder
+ captureArgs bool
@wallyworld

wallyworld Dec 14, 2017

Owner

same as before - make it go to the end

Member

babbageclunk commented Dec 14, 2017

$$merge$$

Contributor

jujubot commented Dec 14, 2017

Status: merge request accepted. Url: http://ci.jujucharms.com/job/github-merge-juju

Member

babbageclunk commented Dec 14, 2017

Looks like AWS killed it?

$$merge$$

Contributor

jujubot commented Dec 14, 2017

Build failed: Tests failed
build url: http://ci.jujucharms.com/job/github-merge-juju/685

Member

babbageclunk commented Dec 14, 2017

$$merge$$

Contributor

jujubot commented Dec 14, 2017

Status: merge request accepted. Url: http://ci.jujucharms.com/job/github-merge-juju

@jujubot jujubot merged commit 5d32857 into juju:2.3 Dec 14, 2017

1 check failed

continuous-integration/jenkins/pr-merge This commit cannot be built
Details

@babbageclunk babbageclunk deleted the babbageclunk:audit-capture-args branch Dec 14, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment