Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

audit: Disable auditing in recovery mode #15228

Merged
merged 3 commits into from
Nov 30, 2023
Merged

audit: Disable auditing in recovery mode #15228

merged 3 commits into from
Nov 30, 2023

Conversation

michael-redpanda
Copy link
Contributor

Fixes: #15226

Audit logging is not able to function in recovery mode as produce messages are rejected. In this situation, it's possible the cluster may become unusable if audit messages are generated and the queues are unable to drain.

Also fixed a logic error in the ducktape tests.

Backports Required

  • none - not a bug fix
  • none - this is a backport
  • none - issue does not exist in previous branches
  • none - papercut/not impactful enough to backport
  • v23.2.x
  • v23.1.x
  • v22.3.x

Release Notes

  • none

@michael-redpanda michael-redpanda self-assigned this Nov 30, 2023
graphcareful
graphcareful suggested changes Nov 30, 2023
View reviewed changes
src/v/security/audit/audit_log_manager.cc Outdated Show resolved Hide resolved
src/v/security/audit/audit_log_manager.cc Show resolved Hide resolved
tests/rptest/tests/audit_log_test.py Show resolved Hide resolved
@michael-redpanda
audit: Better handling of audit log special case
6d85e68 
Any modification or access to the audit log topic must be audited,
regardless of whether or not the event is enabled.  This fix ensures
that that continues to happen but takes into account whether
or not the auditing was actually enabled/disabled.

Signed-off-by: Michael Boquard <michael@redpanda.com>
@michael-redpanda
Copy link
Contributor Author

Force push 6fc8182:

  • updates from pr comments
  • Fix for auditing events on audit log topic

@michael-redpanda
Copy link
Contributor Author

Force push 159c3a6:

  • Split apart commits

@michael-redpanda
audit: Disable auditing while in recovery mode
82dc612 
Signed-off-by: Michael Boquard <michael@redpanda.com>
@michael-redpanda
dt/audit: Added tests for auditing in recovery mode
dea71ed 
Signed-off-by: Michael Boquard <michael@redpanda.com>
@michael-redpanda
Copy link
Contributor Author

Force push dea71ed:

  • Update to not hold config flag in boolean member variable

@vbotbuildovich
Copy link
Collaborator

new failures in https://buildkite.com/redpanda/redpanda/builds/42064#018c21be-5597-4d5f-968f-e8d826b2004d:

"rptest.tests.simple_e2e_test.SimpleEndToEndTest.test_leader_acks"

@michael-redpanda
Copy link
Contributor Author

CI Failures:

@piyushredpanda piyushredpanda merged commit 6f49d28 into redpanda-data:dev Nov 30, 2023
17 of 20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@graphcareful graphcareful graphcareful approved these changes

Assignees

@michael-redpanda michael-redpanda

Labels
area/redpanda
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Do not enable auditing when in recovery mode
4 participants
@michael-redpanda @vbotbuildovich @graphcareful @piyushredpanda