Rename and deprecated prefix logfile audit setting names (#34475)

albertzaharovits · albertzaharovits · commit 134cd00765b5 · 2018-10-18T13:14:22.000+03:00
The logfile audit log format is no longer formed by prefix fields followed
by key value fields, it is all formed by key value fields only (JSON format).

Consequently, the following settings, which toggled some of the prefix
fields, have been renamed by splicing out the prefix component:
- xpack.security.audit.logfile.prefix.emit_node_host_address
- xpack.security.audit.logfile.prefix.emit_node_host_name
- xpack.security.audit.logfile.prefix.emit_node_name
diff --git a/docs/reference/migration/migrate_6_5.asciidoc b/docs/reference/migration/migrate_6_5.asciidoc
@@ -81,3 +81,25 @@ type of `Set<RoleDescriptor>`, but in 6.5.0 the role provider requires an
 `RoleRetrievalResult` object accepts a `Set<RoleDescriptor>` if the provider
 was successful; if the provider was not successful the `RoleRetrievalResult`
 should be populated with the error.
+
+[float]
+[[breaking_65_settings_changes]]
+=== Settings changes
+
+[float]
+==== Audit logfile local node info
+
+In 6.5.0 a new format for the logfile auditing has been introduced.
+The new file format prints audit entries as JSON documents.
+Entries in the previous format contained positional fields.
+These fields are no longer positional in the new format, as they are part of the
+structured log entry (the JSON document).
+Consequently, the following settings, which toggled some of the prefix
+positional fields, have be renamed ("prefix" was spliced out):
+- `xpack.security.audit.logfile.prefix.emit_node_host_address` to
+  `xpack.security.audit.logfile.emit_node_host_address`
+- `xpack.security.audit.logfile.prefix.emit_node_host_name` to
+  `xpack.security.audit.logfile.emit_node_host_name`
+- `xpack.security.audit.logfile.prefix.emit_node_name` to
+  `xpack.security.audit.logfile.emit_node_name`
+In 7.0.0 the `prefix` variant will be removed.
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java
@@ -110,13 +110,19 @@ public class LoggingAuditTrail extends AbstractComponent implements AuditTrail,
     public static final String OPAQUE_ID_FIELD_NAME = "opaque_id";
 
     public static final String NAME = "logfile";
-    public static final Setting<Boolean> EMIT_HOST_ADDRESS_SETTING = Setting
-            .boolSetting(setting("audit.logfile.prefix.emit_node_host_address"), false, Property.NodeScope, Property.Dynamic);
-    public static final Setting<Boolean> EMIT_HOST_NAME_SETTING = Setting.boolSetting(setting("audit.logfile.prefix.emit_node_host_name"),
-            false, Property.NodeScope, Property.Dynamic);
-    public static final Setting<Boolean> EMIT_NODE_NAME_SETTING = Setting.boolSetting(setting("audit.logfile.prefix.emit_node_name"), false,
-            Property.NodeScope, Property.Dynamic);
-    public static final Setting<Boolean> EMIT_NODE_ID_SETTING = Setting.boolSetting(setting("audit.logfile.prefix.emit_node_id"), true,
+    public static final Setting<Boolean> DEPRECATED_EMIT_HOST_ADDRESS_SETTING = Setting.boolSetting(
+            setting("audit.logfile.prefix.emit_node_host_address"), false, Property.NodeScope, Property.Dynamic, Property.Deprecated);
+    public static final Setting<Boolean> EMIT_HOST_ADDRESS_SETTING = Setting.boolSetting(setting("audit.logfile.emit_node_host_address"),
+            DEPRECATED_EMIT_HOST_ADDRESS_SETTING, Property.NodeScope, Property.Dynamic);
+    public static final Setting<Boolean> DEPRECATED_EMIT_HOST_NAME_SETTING = Setting.boolSetting(
+            setting("audit.logfile.prefix.emit_node_host_name"), false, Property.NodeScope, Property.Dynamic, Property.Deprecated);
+    public static final Setting<Boolean> EMIT_HOST_NAME_SETTING = Setting.boolSetting(setting("audit.logfile.emit_node_host_name"),
+            DEPRECATED_EMIT_HOST_NAME_SETTING, Property.NodeScope, Property.Dynamic);
+    public static final Setting<Boolean> DEPRECATED_EMIT_NODE_NAME_SETTING = Setting
+            .boolSetting(setting("audit.logfile.prefix.emit_node_name"), true, Property.NodeScope, Property.Dynamic, Property.Deprecated);
+    public static final Setting<Boolean> EMIT_NODE_NAME_SETTING = Setting.boolSetting(setting("audit.logfile.emit_node_name"),
+            DEPRECATED_EMIT_NODE_NAME_SETTING, Property.NodeScope, Property.Dynamic);
+    public static final Setting<Boolean> EMIT_NODE_ID_SETTING = Setting.boolSetting(setting("audit.logfile.emit_node_id"), true,
             Property.NodeScope, Property.Dynamic);
     private static final List<String> DEFAULT_EVENT_INCLUDES = Arrays.asList(ACCESS_DENIED.toString(), ACCESS_GRANTED.toString(),
             ANONYMOUS_ACCESS_DENIED.toString(), AUTHENTICATION_FAILED.toString(), CONNECTION_DENIED.toString(), TAMPERED_REQUEST.toString(),
diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailFilterTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailFilterTests.java
@@ -63,11 +63,11 @@ public class LoggingAuditTrailFilterTests extends ESTestCase {
     @Before
     public void init() throws Exception {
         settings = Settings.builder()
-                .put("xpack.security.audit.logfile.prefix.emit_node_host_address", randomBoolean())
-                .put("xpack.security.audit.logfile.prefix.emit_node_host_name", randomBoolean())
-                .put("xpack.security.audit.logfile.prefix.emit_node_name", randomBoolean())
-                .put("xpack.security.audit.logfile.events.emit_request_body", randomBoolean())
-                .put("xpack.security.audit.logfile.events.include", "_all")
+                .put(LoggingAuditTrail.EMIT_HOST_ADDRESS_SETTING.getKey(), randomBoolean())
+                .put(LoggingAuditTrail.EMIT_HOST_NAME_SETTING.getKey(), randomBoolean())
+                .put(LoggingAuditTrail.EMIT_NODE_NAME_SETTING.getKey(), randomBoolean())
+                .put(LoggingAuditTrail.INCLUDE_REQUEST_BODY.getKey(), randomBoolean())
+                .put(LoggingAuditTrail.INCLUDE_EVENT_SETTINGS.getKey(), "_all")
                 .build();
         localNode = mock(DiscoveryNode.class);
         when(localNode.getHostAddress()).thenReturn(buildNewFakeTransportAddress().toString());
diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java
@@ -166,9 +166,10 @@ public static void releasePatternLayout() {
     public void init() throws Exception {
         includeRequestBody = randomBoolean();
         settings = Settings.builder()
-                .put("xpack.security.audit.logfile.prefix.emit_node_host_address", randomBoolean())
-                .put("xpack.security.audit.logfile.prefix.emit_node_host_name", randomBoolean())
-                .put("xpack.security.audit.logfile.prefix.emit_node_name", randomBoolean())
+                .put(LoggingAuditTrail.EMIT_HOST_ADDRESS_SETTING.getKey(), randomBoolean())
+                .put(LoggingAuditTrail.EMIT_HOST_NAME_SETTING.getKey(), randomBoolean())
+                .put(LoggingAuditTrail.EMIT_NODE_NAME_SETTING.getKey(), randomBoolean())
+                .put(LoggingAuditTrail.EMIT_NODE_ID_SETTING.getKey(), randomBoolean())
                 .put("xpack.security.audit.logfile.events.emit_request_body", includeRequestBody)
                 .build();
         localNode = mock(DiscoveryNode.class);
