Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Extensions] Audit Logging: Log when permissions have been granted/revoked and on privilege evaluation #2700

Closed
cwperks opened this issue Apr 18, 2023 · 2 comments
Closed

[Extensions] Audit Logging: Log when permissions have been granted/revoked and on privilege evaluation #2700

cwperks opened this issue Apr 18, 2023 · 2 comments
Labels
triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@cwperks
Copy link
Member

cwperks commented Apr 18, 2023
edited by DarshitChanpura
Loading

Authorization in the REST layer needs to keep a log of requests that have been permitted and blocked, similar to how its logged for authorization in the Transport layer inside SecurityFilter.

In order for this issue to be addressed, changes will need to be made to the Security plugin so that when authorization on the REST layer occurs, the specific permissions granted to the subject are reported in the audit log.

Resolves:

  • As a cluster admin, I have record of when permissions granted/revoked

Details can be found in this PR: #2753
@cwperks cwperks converted this from a draft issue Apr 18, 2023
@github-actions github-actions bot added the untriaged Require the attention of the repository maintainers and may need to be prioritized label Apr 18, 2023
@stephen-crawford stephen-crawford added triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. and removed untriaged Require the attention of the repository maintainers and may need to be prioritized labels Apr 24, 2023
@stephen-crawford
Copy link
Contributor

[Triage] This is part of the ongoing work for the Extensions project.

@stephen-crawford stephen-crawford changed the title Audit Logging: Log when permissions have been granted/revoked and on privilege evaluation [Extensions] Audit Logging: Log when permissions have been granted/revoked and on privilege evaluation Apr 24, 2023
@MaciejMierzwa MaciejMierzwa mentioned this issue Jun 22, 2023
Merged
3 tasks
This was referenced Jul 31, 2023
Closed
Merged
@peternied
Copy link
Member

Looks like #3099 was a duplicate filing for the same kind of issue

@github-project-automation github-project-automation bot moved this from Todo to Done in Security for Extensions Aug 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
Security for Extensions
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@peternied @cwperks @stephen-crawford