Skip to content

Use the remote address from thread context for rest request auditing#94959

Merged
albertzaharovits merged 3 commits intoelastic:mainfrom
albertzaharovits:always-audit-remote-host-address-from-thread-context
Apr 3, 2023
Merged

Use the remote address from thread context for rest request auditing#94959
albertzaharovits merged 3 commits intoelastic:mainfrom
albertzaharovits:always-audit-remote-host-address-from-thread-context

Conversation

@albertzaharovits
Copy link
Copy Markdown
Contributor

@albertzaharovits albertzaharovits commented Mar 31, 2023
edited
Loading

In preparation for when the audit trail will not be able to use
the request interface to extract the remote endpoint address of rest requests,
this PR makes the LoggingAuditTrail to look into the thread context
for the remote address, and the SecurityRestFilter to populate as such
the thread context before invoking the authentication.

@albertzaharovits albertzaharovits self-assigned this Mar 31, 2023
@elasticsearchmachine elasticsearchmachine added needs:triage Requires assignment of a team area label v8.8.0 labels Mar 31, 2023
@albertzaharovits albertzaharovits added :Security/Audit X-Pack Audit logging >non-issue and removed needs:triage Requires assignment of a team area label labels Mar 31, 2023
@elasticsearchmachine elasticsearchmachine added the Team:Security Meta label for security team label Mar 31, 2023
@elasticsearchmachine
Copy link
Copy Markdown
Collaborator

elasticsearchmachine commented Mar 31, 2023

Pinging @elastic/es-security (Team:Security)

jakelandis
jakelandis approved these changes Mar 31, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@jakelandis jakelandis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@albertzaharovits albertzaharovits merged commit 2fad04b into elastic:main Apr 3, 2023
@albertzaharovits albertzaharovits deleted the always-audit-remote-host-address-from-thread-context branch April 3, 2023 09:24
albertzaharovits added a commit to albertzaharovits/elasticsearch that referenced this pull request Jun 9, 2023
@albertzaharovits
Use the remote address from thread context for rest request auditing (e…
5d57628 
…lastic#94959)

In preparation for when the audit trail will not be able to use
the request interface to extract the remote endpoint address of rest requests,
this PR makes the LoggingAuditTrail to look into the thread context
for the remote address, and the SecurityRestFilter to populate as such
the thread context before invoking the authentication.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jakelandis jakelandis jakelandis approved these changes

Assignees

@albertzaharovits albertzaharovits

Labels

>non-issue :Security/Audit X-Pack Audit logging Team:Security Meta label for security team v8.8.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@albertzaharovits @elasticsearchmachine @jakelandis