Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use the remote address from thread context for rest request auditing #94959

Merged
merged 3 commits into from
Apr 3, 2023
Merged

Use the remote address from thread context for rest request auditing #94959

merged 3 commits into from
Apr 3, 2023

Conversation

albertzaharovits
Copy link
Contributor

@albertzaharovits albertzaharovits commented Mar 31, 2023
edited
Loading

In preparation for when the audit trail will not be able to use
the request interface to extract the remote endpoint address of rest requests,
this PR makes the LoggingAuditTrail to look into the thread context
for the remote address, and the SecurityRestFilter to populate as such
the thread context before invoking the authentication.

@albertzaharovits albertzaharovits self-assigned this Mar 31, 2023
@elasticsearchmachine elasticsearchmachine added needs:triage Requires assignment of a team area label v8.8.0 labels Mar 31, 2023
@albertzaharovits albertzaharovits added :Security/Audit X-Pack Audit logging >non-issue and removed needs:triage Requires assignment of a team area label labels Mar 31, 2023
@elasticsearchmachine elasticsearchmachine added the Team:Security Meta label for security team label Mar 31, 2023
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

jakelandis
jakelandis approved these changes Mar 31, 2023
View reviewed changes
Copy link
Contributor

@jakelandis jakelandis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@albertzaharovits albertzaharovits merged commit 2fad04b into elastic:main Apr 3, 2023
@albertzaharovits albertzaharovits deleted the always-audit-remote-host-address-from-thread-context branch April 3, 2023 09:24
albertzaharovits added a commit to albertzaharovits/elasticsearch that referenced this pull request Jun 9, 2023
@albertzaharovits
Use the remote address from thread context for rest request auditing (e…
5d57628 
…lastic#94959)

In preparation for when the audit trail will not be able to use
the request interface to extract the remote endpoint address of rest requests,
this PR makes the LoggingAuditTrail to look into the thread context
for the remote address, and the SecurityRestFilter to populate as such
the thread context before invoking the authentication.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakelandis jakelandis jakelandis approved these changes

Assignees

@albertzaharovits albertzaharovits

Labels
>non-issue :Security/Audit X-Pack Audit logging Team:Security Meta label for security team v8.8.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@albertzaharovits @elasticsearchmachine @jakelandis