Skip to content

Changed log level for message with authz opt out#199678

Merged
elena-shostak merged 3 commits intoelastic:mainfrom
elena-shostak:199677-authz-opt-out-log-level
Nov 12, 2024
Merged

Changed log level for message with authz opt out#199678
elena-shostak merged 3 commits intoelastic:mainfrom
elena-shostak:199677-authz-opt-out-log-level

Conversation

@elena-shostak
Copy link
Copy Markdown
Contributor

@elena-shostak elena-shostak commented Nov 11, 2024
edited by kibanamachine
Loading

Summary

Changed log level for message with authz opt out from warn to debug

Closes: #199677

@elena-shostak elena-shostak marked this pull request as ready for review November 11, 2024 17:45
@elena-shostak elena-shostak requested a review from a team as a code owner November 11, 2024 17:45
@elena-shostak elena-shostak added Feature:Security/Authorization Platform Security - Authorization release_note:skip Skip the PR/issue when compiling release notes backport:prev-minor Team:Security Platform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t// labels Nov 11, 2024
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Nov 11, 2024

Pinging @elastic/kibana-security (Team:Security)

TinaHeiligers
TinaHeiligers approved these changes Nov 11, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@TinaHeiligers TinaHeiligers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using debug level will prevent spamming the logs by default.
Thank you!
LGTM

azasypkin
azasypkin reviewed Nov 12, 2024
View reviewed changes
x-pack/plugins/security/server/authorization/api_authorization.ts Outdated
if (security) {
if (isAuthzDisabled(security.authz)) {
logger.warn(
logger.debug(
Copy link
Copy Markdown
Contributor

@azasypkin azasypkin Nov 12, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: Is there any value in this log entry at all? I mean, we already have HTTP logs if we want to know which endpoint is being called, and if we want to check whether this endpoint has authorization enabled or disabled, we just need to know the Kibana version, since the definition is mostly static and set in the code.

If, for some reason, we want to keep this as a debug log, it would make sense to remove the request.url.search part, as it’s not relevant to the authorization decision (it's essentially based on path) and might potentially contain sensitive data that we don’t want to record in logs.

Copy link
Copy Markdown
Contributor Author

@elena-shostak elena-shostak Nov 12, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tbh I think we are okay to delete it, don't see any issues with that, we are just generating additional noise with it

Copy link
Copy Markdown
Contributor Author

@elena-shostak elena-shostak Nov 12, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removed in 4493b87

azasypkin
azasypkin approved these changes Nov 12, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@azasypkin azasypkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@elena-shostak elena-shostak enabled auto-merge (squash) November 12, 2024 08:37
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Nov 12, 2024
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #33 / EPM Endpoints Installs a package using stream-based approach security_detection_engine package should install security-rule assets from the package
  • [job] [logs] FTR Configs #33 / EPM Endpoints Installs a package using stream-based approach security_detection_engine package should install security-rule assets from the package

Metrics [docs]

✅ unchanged

History

@elena-shostak
Copy link
Copy Markdown
Contributor Author

elena-shostak commented Nov 12, 2024

@elasticmachine merge upstream

@elena-shostak elena-shostak merged commit 9bb3661 into elastic:main Nov 12, 2024
@kibanamachine
Copy link
Copy Markdown
Contributor

kibanamachine commented Nov 12, 2024

Starting backport for target branches: 8.x

https://github.com/elastic/kibana/actions/runs/11796883370

kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Nov 12, 2024
@elena-shostak
Changed log level for message with authz opt out (elastic#199678)
0fd1961 
## Summary

Changed log level for message with authz opt out from `warn` to `debug`

__Closes: https://github.com/elastic/kibana/issues/199677__

(cherry picked from commit 9bb3661)
@kibanamachine kibanamachine mentioned this pull request Nov 12, 2024
Merged
@kibanamachine
Copy link
Copy Markdown
Contributor

kibanamachine commented Nov 12, 2024

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

This was referenced Nov 12, 2024
Merged
Merged
@kibanamachine kibanamachine mentioned this pull request Nov 13, 2024
Merged
3 tasks
@kibanamachine
Copy link
Copy Markdown
Contributor

kibanamachine commented Nov 13, 2024

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine kibanamachine added the backport missing Added to PRs automatically when the are determined to be missing a backport. label Nov 13, 2024
@kibanamachine
Copy link
Copy Markdown
Contributor

kibanamachine commented Nov 14, 2024

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

kibanamachine added a commit that referenced this pull request Nov 14, 2024
@kibanamachine @elena-shostak @elasticmachine
[8.x] Changed log level for message with authz opt out (#199678) (#19…
ffbf7b5 
…9772)

# Backport

This will backport the following commits from `main` to `8.x`:
- [Changed log level for message with authz opt out
(#199678)](#199678)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Elena
Shostak","email":"165678770+elena-shostak@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-11-12T12:05:56Z","message":"Changed
log level for message with authz opt out (#199678)\n\n##
Summary\r\n\r\nChanged log level for message with authz opt out from
`warn` to `debug`\r\n\r\n\r\n__Closes:
https://github.com/elastic/kibana/issues/199677__","sha":"9bb3661060e01628a052e34bd471ecea0b428fa7","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","Feature:Security/Authorization","v9.0.0","backport:prev-minor"],"title":"Changed
log level for message with authz opt
out","number":199678,"url":"https://github.com/elastic/kibana/pull/199678","mergeCommit":{"message":"Changed
log level for message with authz opt out (#199678)\n\n##
Summary\r\n\r\nChanged log level for message with authz opt out from
`warn` to `debug`\r\n\r\n\r\n__Closes:
https://github.com/elastic/kibana/issues/199677__","sha":"9bb3661060e01628a052e34bd471ecea0b428fa7"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199678","number":199678,"mergeCommit":{"message":"Changed
log level for message with authz opt out (#199678)\n\n##
Summary\r\n\r\nChanged log level for message with authz opt out from
`warn` to `debug`\r\n\r\n\r\n__Closes:
https://github.com/elastic/kibana/issues/199677__","sha":"9bb3661060e01628a052e34bd471ecea0b428fa7"}}]}]
BACKPORT-->

Co-authored-by: Elena Shostak <165678770+elena-shostak@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
@kibanamachine kibanamachine added v8.17.0 and removed backport missing Added to PRs automatically when the are determined to be missing a backport. labels Nov 14, 2024
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this pull request Nov 18, 2024
@elena-shostak @CAWilson94
Changed log level for message with authz opt out (elastic#199678)
6050ab0 
## Summary

Changed log level for message with authz opt out from `warn` to `debug`


__Closes: https://github.com/elastic/kibana/issues/199677__
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@azasypkin azasypkin azasypkin approved these changes

@TinaHeiligers TinaHeiligers TinaHeiligers approved these changes

Assignees

No one assigned

Labels

Feature:Security/Authorization Platform Security - Authorization release_note:skip Skip the PR/issue when compiling release notes Team:Security Platform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t// v8.17.0 v9.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Change log level for authz opt out message from warn to debug

5 participants

@elena-shostak @elasticmachine @kibanamachine @azasypkin @TinaHeiligers