Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick #10137 to 6.x: Teach elasticsearch/audit fileset to parse out some more fields #10271

Merged
merged 3 commits into from
Jan 24, 2019
Merged

Cherry-pick #10137 to 6.x: Teach elasticsearch/audit fileset to parse out some more fields #10271

merged 3 commits into from
Jan 24, 2019

Conversation

ycombinator
Copy link
Contributor

Cherry-pick of PR #10137 to 6.x branch. Original message:

Resolves #10134.

This PR teaches the elasticsearch/audit fileset to parse out a few more fields, viz:

  • elasticsearch.audit.realm,
  • elasticsearch.audit.roles
  • elasticsearch.audit.indices

It also teaches the fileset to parse elasticsearch.audit.action values that themselves contain [ and ] delimiters around sub-actions, e.g. action=[indices:data/read/search[free_context]].

@ycombinator ycombinator mentioned this pull request Jan 23, 2019
Merged
@ycombinator ycombinator requested review from ruflin, radoondas and a team January 23, 2019 00:57
@ycombinator
Teach elasticsearch/audit fileset to parse out some more fields (#10137)
b468d2c 
* Be more lenient in parsing node name

* Parse out elasticsearch.audit.realm

* Adding CHANGELOG entry

* Parse out elasticsearch.audit.roles

* Parse out elasticsearch.audit.indices

* Parse out optional sub-action

* Regenerating generated files

* Regenerating generated files

(cherry picked from commit 210460e)
@ycombinator
Regenerating generated files
50d0d44
@ycombinator
Copy link
Contributor Author

@ruflin I've fixed the array types to be keyword in this PR. So it's ready for review again. Thanks!

I will put up separate PRs for fixing other array fields in master and then backport it.

@ycombinator
Copy link
Contributor Author

jenkins, test this

@ycombinator ycombinator mentioned this pull request Jan 24, 2019
Merged
@ruflin
Copy link
Member

ruflin commented Jan 24, 2019

jenkins, test this

2 similar comments
@ycombinator
Copy link
Contributor Author

jenkins, test this

@ycombinator
Copy link
Contributor Author

jenkins, test this

@ycombinator ycombinator merged commit 8b273fe into elastic:6.x Jan 24, 2019
@ycombinator ycombinator deleted the backport_10137_6.x branch January 24, 2019 13:43
@ycombinator ycombinator mentioned this pull request Jan 24, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruflin ruflin ruflin approved these changes

@cachedout cachedout cachedout approved these changes

@radoondas radoondas Awaiting requested review from radoondas

Assignees
No one assigned
Labels
backport review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ycombinator @ruflin @cachedout