From bf7a3c36cb4394b06a3b3fa09a0553c3f958bfed Mon Sep 17 00:00:00 2001 From: "Christiane (Tina) Heiligers" Date: Thu, 2 Mar 2023 13:44:49 -0700 Subject: [PATCH 1/3] Logs route path access --- .../core/http/core-http-server-internal/src/http_server.ts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/packages/core/http/core-http-server-internal/src/http_server.ts b/packages/core/http/core-http-server-internal/src/http_server.ts index 1ef5be6c67a54..a7e0906495dd1 100644 --- a/packages/core/http/core-http-server-internal/src/http_server.ts +++ b/packages/core/http/core-http-server-internal/src/http_server.ts @@ -516,6 +516,7 @@ export class HttpServer { } private configureRoute(route: RouterRoute) { + const optionsLogger = this.logger.get('http', 'server', this.name, 'options'); this.log.debug(`registering route handler for [${route.path}]`); // Hapi does not allow payload validation to be specified for 'head' or 'get' requests const validate = isSafeMethod(route.method) ? undefined : { payload: true }; @@ -526,6 +527,10 @@ export class HttpServer { xsrfRequired: route.options.xsrfRequired ?? !isSafeMethod(route.method), access: route.options.access ?? (route.path.startsWith('/internal') ? 'internal' : 'public'), }; + // Log HTTP API target consumer. Warning: may log sensitive information on paths including secrets + optionsLogger.debug( + `kibanaRouteOptions [${kibanaRouteOptions.access}] for path [${route.path}]` + ); this.server!.route({ handler: route.handler, From 4ccb36c2b57ad8479d128e2970ef49d415427dab Mon Sep 17 00:00:00 2001 From: "Christiane (Tina) Heiligers" Date: Mon, 6 Mar 2023 10:31:37 -0700 Subject: [PATCH 2/3] address PR comments --- .../core/http/core-http-server-internal/src/http_server.ts | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/packages/core/http/core-http-server-internal/src/http_server.ts b/packages/core/http/core-http-server-internal/src/http_server.ts index a7e0906495dd1..7e08f46ca7663 100644 --- a/packages/core/http/core-http-server-internal/src/http_server.ts +++ b/packages/core/http/core-http-server-internal/src/http_server.ts @@ -527,10 +527,8 @@ export class HttpServer { xsrfRequired: route.options.xsrfRequired ?? !isSafeMethod(route.method), access: route.options.access ?? (route.path.startsWith('/internal') ? 'internal' : 'public'), }; - // Log HTTP API target consumer. Warning: may log sensitive information on paths including secrets - optionsLogger.debug( - `kibanaRouteOptions [${kibanaRouteOptions.access}] for path [${route.path}]` - ); + // Log HTTP API target consumer. + optionsLogger.debug(`access [${kibanaRouteOptions.access}] for path [${route.path}]`); this.server!.route({ handler: route.handler, From fb86412ba872c2eccda4f106e9e8577a039da940 Mon Sep 17 00:00:00 2001 From: "Christiane (Tina) Heiligers" Date: Mon, 6 Mar 2023 13:46:14 -0700 Subject: [PATCH 3/3] Adds route method to options logger logs, implement PR nit --- .../http/core-http-server-internal/src/http_server.ts | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/packages/core/http/core-http-server-internal/src/http_server.ts b/packages/core/http/core-http-server-internal/src/http_server.ts index 7e08f46ca7663..2bdf76ee23310 100644 --- a/packages/core/http/core-http-server-internal/src/http_server.ts +++ b/packages/core/http/core-http-server-internal/src/http_server.ts @@ -516,7 +516,7 @@ export class HttpServer { } private configureRoute(route: RouterRoute) { - const optionsLogger = this.logger.get('http', 'server', this.name, 'options'); + const optionsLogger = this.log.get('options'); this.log.debug(`registering route handler for [${route.path}]`); // Hapi does not allow payload validation to be specified for 'head' or 'get' requests const validate = isSafeMethod(route.method) ? undefined : { payload: true }; @@ -528,7 +528,11 @@ export class HttpServer { access: route.options.access ?? (route.path.startsWith('/internal') ? 'internal' : 'public'), }; // Log HTTP API target consumer. - optionsLogger.debug(`access [${kibanaRouteOptions.access}] for path [${route.path}]`); + optionsLogger.debug( + `access [${kibanaRouteOptions.access}] [${route.method.toUpperCase()}] for path [${ + route.path + }]` + ); this.server!.route({ handler: route.handler,