Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

audit: Replaced __audit with __audit_log #15326

Merged
merged 1 commit into from
Dec 6, 2023
Merged

audit: Replaced __audit with __audit_log #15326

merged 1 commit into from
Dec 6, 2023

Conversation

michael-redpanda
Copy link
Contributor

__audit was the original name of the audit log topic that was added
long before the audit feature was designed and developed. By
replacing all __audit with __audit_log, the audit log will no longer
be part of billing.

Fixes: #15324

Signed-off-by: Michael Boquard michael@redpanda.com

Backports Required

  • none - not a bug fix
  • none - this is a backport
  • none - issue does not exist in previous branches
  • none - papercut/not impactful enough to backport
  • v23.2.x
  • v23.1.x
  • v22.3.x

Release Notes

  • none

@michael-redpanda michael-redpanda self-assigned this Dec 6, 2023
graphcareful
graphcareful suggested changes Dec 6, 2023
View reviewed changes
src/v/config/configuration.cc Show resolved Hide resolved
src/v/config/configuration.cc Outdated Show resolved Hide resolved
src/v/kafka/server/usage_manager.h Show resolved Hide resolved
@vbotbuildovich
Copy link
Collaborator

ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/42305#018c3cda-0565-498e-acc2-aceba3482484

@michael-redpanda
audit: Replaced __audit with __audit_log
50b3be6 
__audit was the original name of the audit log topic that was added
long before the audit feature was designed and developed.  By
replacing all __audit with __audit_log, the audit log will no longer
be part of billing.

Fixes: redpanda-data#15324

Signed-off-by: Michael Boquard <michael@redpanda.com>
@michael-redpanda
Copy link
Contributor Author

Force push 50b3be6:

Removed __audit_log from noproduce cluster config option

@michael-redpanda
Copy link
Contributor Author

unit test failure: #13275

dotnwat
dotnwat reviewed Dec 6, 2023
View reviewed changes
src/v/config/configuration.cc
{"__audit"},
{},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is exclusion of the audit topic implemented somewhere else? i looked around but didn't see it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes this is handled in the produce handler

redpanda/src/v/kafka/server/handlers/produce.cc

Lines 522 to 536 in 2915bc8

const bool audit_produce_restricted
= !octx.rctx.authorized_auditor()
&& topic.name == model::kafka_audit_logging_topic();
// Need to make an exception here in case the audit log topic is in the
// noproduce topics list
const bool is_audit_produce
= octx.rctx.authorized_auditor()
&& topic.name == model::kafka_audit_logging_topic();
if (
(is_noproduce_topic || audit_produce_restricted)
&& !is_audit_produce) {
push_error_response(error_code::topic_authorization_failed);
continue;
}

@dotnwat dotnwat merged commit 0e9896d into redpanda-data:dev Dec 6, 2023
17 of 19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dotnwat dotnwat dotnwat left review comments

@deniscoady deniscoady deniscoady left review comments

@graphcareful graphcareful graphcareful approved these changes

Assignees

@michael-redpanda michael-redpanda

Labels
area/redpanda
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Exclude audit log topic from billing
5 participants
@michael-redpanda @vbotbuildovich @dotnwat @deniscoady @graphcareful