Skip to content

Remove dead code related to auditing #94114

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 27, 2023
Merged

Remove dead code related to auditing #94114

merged 3 commits into from
Feb 27, 2023

Conversation

@albertzaharovits
Copy link
Contributor

@albertzaharovits albertzaharovits commented Feb 24, 2023
edited
Loading

This PR removes:

  • the CompositeAuditTrail which is designed to fan-out auditing events to multiple logger implementation types. This is not needed because since v7.0 there's only one audit logger implementation, the logfile.
  • any traces of the index-based logger implementation, namely the permission of the internal _xpack user to read the audit log index.

Related: #37707

@albertzaharovits albertzaharovits self-assigned this Feb 24, 2023
@albertzaharovits albertzaharovits changed the title Removes dead code related to auditing Remove dead code related to auditing Feb 24, 2023
@albertzaharovits albertzaharovits marked this pull request as ready for review February 24, 2023 13:54
@elasticsearchmachine elasticsearchmachine added v8.8.0 Team:Security Meta label for security team labels Feb 24, 2023
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Feb 24, 2023

Pinging @elastic/es-security (Team:Security)

@albertzaharovits
Copy link
Contributor Author

albertzaharovits commented Feb 24, 2023

@elasticmachine run elasticsearch-ci/part-1

@albertzaharovits
Copy link
Contributor Author

albertzaharovits commented Feb 24, 2023

@elasticmachine run elasticsearch-ci/packaging-tests-windows-sample

ywangd
ywangd approved these changes Feb 26, 2023
View reviewed changes
Copy link
Member

@ywangd ywangd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Linking the PR (#37707) that removed the index audit here for reference.

.../plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailService.java
Comment on lines +37 to +38
public AuditTrailService(@Nullable AuditTrail auditTrail, XPackLicenseState licenseState) {
this.auditTrail = auditTrail;
Copy link
Member

@ywangd ywangd Feb 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we use NOOP_AUDIT_TRAIL when the pass-in auditTrail is null? I think it's better if we don't have to deal with null within the class.

Copy link
Contributor Author

@albertzaharovits albertzaharovits Feb 27, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's definitely better to not have to deal with nulls. Problem is that null here means that auditing is not enabled, while NOOP is intended to be used when license level does not allow auditing.
I prefer to not have to deal with the two meanings using the same logger just now...
But thanks for the good point!

@albertzaharovits albertzaharovits merged commit 7294508 into elastic:main Feb 27, 2023
@albertzaharovits
Copy link
Contributor Author

albertzaharovits commented Feb 27, 2023

Thank you for the review Yang!

@albertzaharovits albertzaharovits deleted the remove-audit-dead-code branch February 27, 2023 12:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ywangd ywangd ywangd approved these changes

Assignees

@albertzaharovits albertzaharovits

Labels

>refactoring :Security/Audit X-Pack Audit logging Team:Security Meta label for security team v8.8.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@albertzaharovits @elasticsearchmachine @ywangd