Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configuration option for HTTP request header redaction. #15353

Merged
merged 5 commits into from
Jan 8, 2020
Merged

Configuration option for HTTP request header redaction. #15353

merged 5 commits into from
Jan 8, 2020

Conversation

ucosty
Copy link
Contributor

@ucosty ucosty commented Jan 7, 2020

Add redact_headers configuration option, which allows specific HTTP request headers to be redacted.

I've run into situations where people have added things like API keys into HTTP headers, which are making their way into our logs.

@ucosty ucosty requested a review from a team as a code owner January 7, 2020 11:51
@elasticmachine
Copy link
Collaborator

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

1 similar comment
@elasticmachine
Copy link
Collaborator

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

@ucosty ucosty changed the title Add redact_headers configuration option, which allows specific HTTP r… Configuration option for HTTP request header redaction. Jan 7, 2020
@adriansr
Copy link
Contributor

adriansr commented Jan 7, 2020

Thanks for your contribution!

It looks fine to me, pending CI.

Can you also add an entry in CHANGELOG.next.asciidoc as well as document the new configuration option in packetbeat-options.asciidoc ?

@ucosty
Copy link
Contributor Author

ucosty commented Jan 7, 2020

@adriansr I've updated the next changelog, as well as the asciidoc as per your request.

adriansr
adriansr suggested changes Jan 8, 2020
View reviewed changes
packetbeat/tests/system/packetbeat.py Outdated
import os
import sys
import subprocess
import json

sys.path.append(os.path.join(os.path.dirname(__file__), '../../../libbeat/tests/system'))

from beat.beat import TestCase
from beat.beat import Proc
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you revert this change? It is causing the tests to fail because its looking for beat.beat on the wrong path.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All done, and it looks like that build stage is passing now.

@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@adriansr
Copy link
Contributor

adriansr commented Jan 8, 2020

jenkins, test this

adriansr
adriansr suggested changes Jan 8, 2020
View reviewed changes
Copy link
Contributor

@adriansr adriansr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test pass now. Just one minor edit

CHANGELOG.next.asciidoc Outdated Show resolved Hide resolved
@ucosty @adriansr
Update CHANGELOG.next.asciidoc
57b2927 
Co-Authored-By: Adrian Serrano <adrisr83@gmail.com>
@adriansr
Copy link
Contributor

adriansr commented Jan 8, 2020

jenkins, test this

@adriansr adriansr merged commit ddeeb02 into elastic:master Jan 8, 2020
@adriansr adriansr added the needs_backport PR is waiting to be backported to other branches. label Jan 17, 2020
@ucosty
Copy link
Contributor Author

ucosty commented Mar 18, 2020

@adriansr do you know when this feature might make a release? It doesn't seem to be included in any of the releases since the merge to master.

@adriansr
Copy link
Contributor

@ucosty no, it was too late for 7.6.0, but I will backport it so its released in 7.7.0

@adriansr adriansr mentioned this pull request Mar 19, 2020
Merged
adriansr pushed a commit to adriansr/beats that referenced this pull request Mar 19, 2020
@ucosty @adriansr
Configuration option for HTTP request header redaction. (elastic#15353)
cfcecbf 
Add redact_headers configuration option, which allows specific HTTP request headers to be redacted.

I've run into situations where people have added things like API keys into HTTP headers, which are making their way into our logs.

(cherry picked from commit ddeeb02)
@adriansr adriansr added v7.7.0 and removed needs_backport PR is waiting to be backported to other branches. labels Mar 19, 2020
adriansr added a commit that referenced this pull request Mar 19, 2020
@adriansr @ucosty
Cherry-pick #15353 to 7.x: Configuration option for HTTP request head…
cb8cecc 
…er redaction. (#17107)

* Configuration option for HTTP request header redaction. (#15353)

Add redact_headers configuration option, which allows specific HTTP request headers to be redacted.

I've run into situations where people have added things like API keys into HTTP headers, which are making their way into our logs.

(cherry picked from commit ddeeb02)

* Fix changelog

Co-authored-by: Matthew Costa <ucosty@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adriansr adriansr adriansr approved these changes

Assignees
No one assigned
Labels
enhancement Packetbeat review v7.7.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ucosty @elasticmachine @adriansr @kaiyan-sheng