From bfc90492c251d6ffb67197050b7e348c88dc6918 Mon Sep 17 00:00:00 2001 From: Thomas Watson Date: Thu, 28 Oct 2021 09:46:21 +0200 Subject: [PATCH 1/5] Move audit logs to a dedicated logs directory --- .gitignore | 1 + docs/settings/security-settings.asciidoc | 2 +- packages/kbn-utils/src/path/index.test.ts | 28 ++++++++++++++----- packages/kbn-utils/src/path/index.ts | 8 ++++++ src/dev/build/tasks/clean_tasks.ts | 1 + .../tasks/create_empty_dirs_and_files_task.ts | 6 +++- src/dev/build/tasks/os_packages/run_fpm.ts | 3 ++ x-pack/plugins/security/server/config.test.ts | 4 +-- x-pack/plugins/security/server/config.ts | 4 +-- 9 files changed, 44 insertions(+), 13 deletions(-) diff --git a/.gitignore b/.gitignore index 32c77b20ef204..7a62a12fc27c9 100644 --- a/.gitignore +++ b/.gitignore @@ -41,6 +41,7 @@ target .eslintcache /plugins/ /data +/logs disabledPlugins webpackstats.json /config/* diff --git a/docs/settings/security-settings.asciidoc b/docs/settings/security-settings.asciidoc index 2ed3c21c482d5..56d08ee24efe1 100644 --- a/docs/settings/security-settings.asciidoc +++ b/docs/settings/security-settings.asciidoc @@ -332,7 +332,7 @@ For more details and a reference of audit events, refer to < type: rolling-file - fileName: ./data/audit.log + fileName: ./logs/audit.log policy: type: time-interval interval: 24h <2> diff --git a/packages/kbn-utils/src/path/index.test.ts b/packages/kbn-utils/src/path/index.test.ts index daa2cb8dc9a5d..307d47af9ac50 100644 --- a/packages/kbn-utils/src/path/index.test.ts +++ b/packages/kbn-utils/src/path/index.test.ts @@ -7,21 +7,35 @@ */ import { accessSync, constants } from 'fs'; -import { getConfigPath, getDataPath, getConfigDirectory } from './'; +import { createAbsolutePathSerializer } from '@kbn/dev-utils'; +import { getConfigPath, getDataPath, getLogsPath, getConfigDirectory } from './'; + +expect.addSnapshotSerializer(createAbsolutePathSerializer()); describe('Default path finder', () => { - it('should find a kibana.yml', () => { - const configPath = getConfigPath(); - expect(() => accessSync(configPath, constants.R_OK)).not.toThrow(); + it('should expose a path to the config directory', () => { + expect(getConfigDirectory()).toMatchInlineSnapshot('/config'); }); - it('should find a data directory', () => { - const dataPath = getDataPath(); - expect(() => accessSync(dataPath, constants.R_OK)).not.toThrow(); + it('should expose a path to the kibana.yml', () => { + expect(getConfigPath()).toMatchInlineSnapshot('/config/kibana.yml'); + }); + + it('should expose a path to the data directory', () => { + expect(getDataPath()).toMatchInlineSnapshot('/data'); + }); + + it('should expose a path to the logs directory', () => { + expect(getLogsPath()).toMatchInlineSnapshot('/logs'); }); it('should find a config directory', () => { const configDirectory = getConfigDirectory(); expect(() => accessSync(configDirectory, constants.R_OK)).not.toThrow(); }); + + it('should find a kibana.yml', () => { + const configPath = getConfigPath(); + expect(() => accessSync(configPath, constants.R_OK)).not.toThrow(); + }); }); diff --git a/packages/kbn-utils/src/path/index.ts b/packages/kbn-utils/src/path/index.ts index 15d6a3eddf01e..440ba142793a9 100644 --- a/packages/kbn-utils/src/path/index.ts +++ b/packages/kbn-utils/src/path/index.ts @@ -27,6 +27,8 @@ const CONFIG_DIRECTORIES = [ const DATA_PATHS = [join(REPO_ROOT, 'data'), '/var/lib/kibana'].filter(isString); +const LOGS_PATHS = [join(REPO_ROOT, 'logs'), '/var/lib/kibana'].filter(isString); + function findFile(paths: string[]) { const availablePath = paths.find((configPath) => { try { @@ -57,6 +59,12 @@ export const getConfigDirectory = () => findFile(CONFIG_DIRECTORIES); */ export const getDataPath = () => findFile(DATA_PATHS); +/** + * Get the directory containing logs + * @internal + */ +export const getLogsPath = () => findFile(LOGS_PATHS); + export type PathConfigType = TypeOf; export const config = { diff --git a/src/dev/build/tasks/clean_tasks.ts b/src/dev/build/tasks/clean_tasks.ts index f9fcbc74b0efc..19747ce72b5a6 100644 --- a/src/dev/build/tasks/clean_tasks.ts +++ b/src/dev/build/tasks/clean_tasks.ts @@ -196,6 +196,7 @@ export const CleanEmptyFolders: Task = { await deleteEmptyFolders(log, build.resolvePath('.'), [ build.resolvePath('plugins'), build.resolvePath('data'), + build.resolvePath('logs'), ]); }, }; diff --git a/src/dev/build/tasks/create_empty_dirs_and_files_task.ts b/src/dev/build/tasks/create_empty_dirs_and_files_task.ts index 26ed25e801475..dd4cea350ba00 100644 --- a/src/dev/build/tasks/create_empty_dirs_and_files_task.ts +++ b/src/dev/build/tasks/create_empty_dirs_and_files_task.ts @@ -12,6 +12,10 @@ export const CreateEmptyDirsAndFiles: Task = { description: 'Creating some empty directories and files to prevent file-permission issues', async run(config, log, build) { - await Promise.all([mkdirp(build.resolvePath('plugins')), mkdirp(build.resolvePath('data'))]); + await Promise.all([ + mkdirp(build.resolvePath('plugins')), + mkdirp(build.resolvePath('data')), + mkdirp(build.resolvePath('logs')), + ]); }, }; diff --git a/src/dev/build/tasks/os_packages/run_fpm.ts b/src/dev/build/tasks/os_packages/run_fpm.ts index c7d9f6997cdf2..d67283cea80d3 100644 --- a/src/dev/build/tasks/os_packages/run_fpm.ts +++ b/src/dev/build/tasks/os_packages/run_fpm.ts @@ -129,6 +129,9 @@ export async function runFpm( // copy the data directory at /var/lib/kibana `${resolveWithTrailingSlash(fromBuild('data'))}=/var/lib/kibana/`, + // copy the logs directory at /var/log/kibana + `${resolveWithTrailingSlash(fromBuild('logs'))}=/var/log/kibana/`, + // copy package configurations `${resolveWithTrailingSlash(__dirname, 'service_templates/systemd/')}=/`, diff --git a/x-pack/plugins/security/server/config.test.ts b/x-pack/plugins/security/server/config.test.ts index feadbbab5a4ca..9ebdcb5e4d05f 100644 --- a/x-pack/plugins/security/server/config.test.ts +++ b/x-pack/plugins/security/server/config.test.ts @@ -11,7 +11,7 @@ jest.mock('crypto', () => ({ })); jest.mock('@kbn/utils', () => ({ - getDataPath: () => '/mock/kibana/data/path', + getLogsPath: () => '/mock/kibana/logs/path', })); import { loggingSystemMock } from 'src/core/server/mocks'; @@ -1720,7 +1720,7 @@ describe('createConfig()', () => { ).audit.appender ).toMatchInlineSnapshot(` Object { - "fileName": "/mock/kibana/data/path/audit.log", + "fileName": "/mock/kibana/logs/path/audit.log", "layout": Object { "type": "json", }, diff --git a/x-pack/plugins/security/server/config.ts b/x-pack/plugins/security/server/config.ts index ba0d0d35d8ddd..f993707bd8d9e 100644 --- a/x-pack/plugins/security/server/config.ts +++ b/x-pack/plugins/security/server/config.ts @@ -12,7 +12,7 @@ import path from 'path'; import type { Type, TypeOf } from '@kbn/config-schema'; import { schema } from '@kbn/config-schema'; import { i18n } from '@kbn/i18n'; -import { getDataPath } from '@kbn/utils'; +import { getLogsPath } from '@kbn/utils'; import type { AppenderConfigType, Logger } from 'src/core/server'; import { config as coreConfig } from '../../../../src/core/server'; @@ -378,7 +378,7 @@ export function createConfig( config.audit.appender ?? ({ type: 'rolling-file', - fileName: path.join(getDataPath(), 'audit.log'), + fileName: path.join(getLogsPath(), 'audit.log'), layout: { type: 'json', }, From a370d90987f066f445e70d2a3e8dfd763bac3241 Mon Sep 17 00:00:00 2001 From: Thomas Watson Date: Thu, 4 Nov 2021 12:59:33 +0100 Subject: [PATCH 2/5] Apply suggestions from code review Co-authored-by: Aleh Zasypkin --- packages/kbn-utils/src/path/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/kbn-utils/src/path/index.ts b/packages/kbn-utils/src/path/index.ts index 440ba142793a9..c839522441c7c 100644 --- a/packages/kbn-utils/src/path/index.ts +++ b/packages/kbn-utils/src/path/index.ts @@ -27,7 +27,7 @@ const CONFIG_DIRECTORIES = [ const DATA_PATHS = [join(REPO_ROOT, 'data'), '/var/lib/kibana'].filter(isString); -const LOGS_PATHS = [join(REPO_ROOT, 'logs'), '/var/lib/kibana'].filter(isString); +const LOGS_PATHS = [join(REPO_ROOT, 'logs'), '/var/log/kibana'].filter(isString); function findFile(paths: string[]) { const availablePath = paths.find((configPath) => { From a994d223beca91b0cb6147880c9184070d697b09 Mon Sep 17 00:00:00 2001 From: Thomas Watson Date: Tue, 9 Nov 2021 11:52:25 +0100 Subject: [PATCH 3/5] Add empty logs directory --- logs/.empty | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 logs/.empty diff --git a/logs/.empty b/logs/.empty new file mode 100644 index 0000000000000..e69de29bb2d1d From b1a9f46e23ba517b91d90be0cc30d8842a878a20 Mon Sep 17 00:00:00 2001 From: Thomas Watson Date: Tue, 9 Nov 2021 20:45:03 +0100 Subject: [PATCH 4/5] Cleanup --- .gitignore | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitignore b/.gitignore index a89aeb09a4ec8..cd79644e5d060 100644 --- a/.gitignore +++ b/.gitignore @@ -42,7 +42,6 @@ types.eslint.config.js .eslintcache /plugins/ /data -/logs disabledPlugins webpackstats.json /config/* From 0565f0fa420429300f04a876aa1d0d2474c3ecd8 Mon Sep 17 00:00:00 2001 From: Thomas Watson Date: Tue, 9 Nov 2021 20:45:22 +0100 Subject: [PATCH 5/5] Address review comments --- src/dev/build/tasks/os_packages/run_fpm.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/dev/build/tasks/os_packages/run_fpm.ts b/src/dev/build/tasks/os_packages/run_fpm.ts index d67283cea80d3..9c3f370ba7e98 100644 --- a/src/dev/build/tasks/os_packages/run_fpm.ts +++ b/src/dev/build/tasks/os_packages/run_fpm.ts @@ -113,6 +113,8 @@ export async function runFpm( '--exclude', `usr/share/kibana/data`, '--exclude', + `usr/share/kibana/logs`, + '--exclude', 'run/kibana/.gitempty', // flags specific to the package we are building, supplied by tasks below