Introducing base audit logger (#19442)

* Adding very basic audit logging for auth success/failure * Extracting security specific audit logger from the AuditLogger * Using short auditLogger in authenticate in one more place * Logging some information from the request during success/failure * Adding AuditLogger tests * Removing the security audit logger, this is out of scope... * Better asserts, thanks Aleh * Adding `audit` to the default events * Using `info` with the audit logger, emulating with ES does
2025-04-24 01:38:56 -04:00 · 2018-05-30 08:26:09 -04:00 · 2018-05-30 08:26:09 -04:00 · f4f894a972
commit f4f894a972
parent 4e95a8a162
3 changed files with 76 additions and 0 deletions
--- a/x-pack/dev-tools/jest/create_jest_config.js
+++ b/x-pack/dev-tools/jest/create_jest_config.js
@ -12,6 +12,7 @@ export function createJestConfig({
    rootDir: xPackKibanaDirectory,
    roots: [
      "<rootDir>/plugins",
+      "<rootDir>/server",
    ],
    moduleFileExtensions: [
      "js",
--- a/x-pack/server/lib/audit_logger.js
+++ b/x-pack/server/lib/audit_logger.js
@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export class AuditLogger {
+  constructor(server, pluginId) {
+    this._server = server;
+    this._pluginId = pluginId;
+  }
+
+  log(eventType, message, data = {}) {
+    this._server.log(['info', 'audit', this._pluginId, eventType], {
+      tmpl: message,
+      eventType,
+      ...data
+    });
+  }
+}
--- a/x-pack/server/lib/audit_logger.test.js
+++ b/x-pack/server/lib/audit_logger.test.js
@ -0,0 +1,55 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+import { AuditLogger } from './audit_logger';
+
+test(`calls server.log with 'info', audit', pluginId and eventType as tags`, () => {
+  const mockServer = {
+    log: jest.fn()
+  };
+  const pluginId = 'foo';
+  const auditLogger = new AuditLogger(mockServer, pluginId);
+
+  const eventType = 'bar';
+  auditLogger.log(eventType, '');
+  expect(mockServer.log).toHaveBeenCalledTimes(1);
+  expect(mockServer.log).toHaveBeenCalledWith(['info', 'audit', pluginId, eventType], expect.anything());
+});
+
+
+test(`calls server.log with message as tmpl`, () => {
+  const mockServer = {
+    log: jest.fn()
+  };
+
+  const auditLogger = new AuditLogger(mockServer, 'foo');
+
+  const message = 'summary of what happened';
+  auditLogger.log('bar', message);
+  expect(mockServer.log).toHaveBeenCalledTimes(1);
+  expect(mockServer.log).toHaveBeenCalledWith(expect.anything(), expect.objectContaining({
+    tmpl: message
+  }));
+});
+
+test(`calls server.log with data appended to log message`, () => {
+  const mockServer = {
+    log: jest.fn()
+  };
+
+  const auditLogger = new AuditLogger(mockServer, 'foo');
+
+  const data = {
+    foo: 'yup',
+    bar: 'nah',
+  };
+
+  auditLogger.log('bar', 'summary of what happened', data);
+  expect(mockServer.log).toHaveBeenCalledTimes(1);
+  expect(mockServer.log).toHaveBeenCalledWith(expect.anything(), expect.objectContaining({
+    foo: data.foo,
+    bar: data.bar,
+  }));
+});