Skip to content

Deprecate index audit output type#37301

Closed
albertzaharovits wants to merge 2 commits intoelastic:masterfrom
albertzaharovits:deprecate_index_audit
Closed

Deprecate index audit output type#37301
albertzaharovits wants to merge 2 commits intoelastic:masterfrom
albertzaharovits:deprecate_index_audit

Conversation

@albertzaharovits
Copy link
Copy Markdown
Contributor

@albertzaharovits albertzaharovits commented Jan 10, 2019

This PR deprecates the index audit output.
In general, the problem with it is that event indexing can be slower than the rate with which audit events are generated, especially during the daily rollovers or the rolling cluster upgrades. In this situation audit events will be lost which is a terrible failure case for an audit system.

I will follow-up with the removal PR for 7.0 .

Relates #29881

CC @ycombinator

@albertzaharovits albertzaharovits self-assigned this Jan 10, 2019
@elasticmachine
Copy link
Copy Markdown
Collaborator

elasticmachine commented Jan 10, 2019

Pinging @elastic/es-security

@ycombinator
Copy link
Copy Markdown
Contributor

ycombinator commented Jan 10, 2019

The beats work to handle this deprecation is close to being done: elastic/beats#8852

jaymode
jaymode approved these changes Jan 11, 2019
View reviewed changes
Copy link
Copy Markdown
Member

@jaymode jaymode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

jaymode
jaymode requested changes Jan 11, 2019
View reviewed changes
Copy link
Copy Markdown
Member

@jaymode jaymode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry I was too quick with the LGTM. This should also add a check in NodeDeprecationChecks

@albertzaharovits
Copy link
Copy Markdown
Contributor Author

albertzaharovits commented Jan 13, 2019
edited
Loading

Ah, right.
I was planning to add this in the follow-up 7.0 PR that actually removes the output type because the deprecation check will be admonishing that the output type has been removed. But the 7.0 PR does not touch the 6.x branch, yet the check has to sit in 6.x. I will add the check.

@albertzaharovits albertzaharovits changed the base branch from master to 6.x January 20, 2019 11:27
@albertzaharovits albertzaharovits changed the base branch from 6.x to master January 20, 2019 11:27
@albertzaharovits albertzaharovits mentioned this pull request Jan 21, 2019
Merged
@albertzaharovits
Copy link
Copy Markdown
Contributor Author

albertzaharovits commented Jan 21, 2019

@jaymode I went for a new PR to add the NodeDeprecationChecks. The files for these are only stubs in master so I guess the idiomatic way to add these is a 6.x PR which I have opened here #37671 . I will follow with a master only PR to remove the output altogether and add the /migration/migrate_7_0/settings.asciidoc notice.

@albertzaharovits albertzaharovits deleted the deprecate_index_audit branch January 22, 2019 11:15
@albertzaharovits albertzaharovits mentioned this pull request Jan 22, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jaymode jaymode jaymode requested changes

@tvernum tvernum Awaiting requested review from tvernum

@lcawl lcawl Awaiting requested review from lcawl

Assignees

@albertzaharovits albertzaharovits

Labels

>deprecation :Security/Audit X-Pack Audit logging v6.7.0 v7.0.0-beta1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@albertzaharovits @elasticmachine @ycombinator @jaymode @colings86