Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changes the way policies are reported in audit logs #4747

Merged
merged 9 commits into from
Jun 14, 2018
Merged

Changes the way policies are reported in audit logs #4747

merged 9 commits into from
Jun 14, 2018

Conversation

jefferai
Copy link
Member

Previously, only policies tied to tokens would be reported. This could
make it difficult to perform after-the-fact analysis based on both the
initial response entry and further requests. Now, the full set of
applicable policies from both the token and any derived policies from
Identity are reported.

To keep things consistent, token authentications now also return the
full set of policies in api.Secret.Auth responses, so this both makes it
easier for users to understand their actual full set, and it matches
what the audit logs now report.

@jefferai jefferai added this to the 0.10.3 milestone Jun 12, 2018
@chrishoffman
Copy link
Contributor

I am overall in favor of this change but I think it would be confusing to return it in the auth response and not return it in token lookup. I think it might be better to split it into a separate field, on that shows what is currently shown from the token and one that shows all policies.

jefferai added 2 commits June 13, 2018 18:19
@jefferai
This changes the way policies are reported in audit logs.
e418a55 
Previously, only policies tied to tokens would be reported. This could
make it difficult to perform after-the-fact analysis based on both the
initial response entry and further requests. Now, the full set of
applicable policies from both the token and any derived policies from
Identity are reported.

To keep things consistent, token authentications now also return the
full set of policies in api.Secret.Auth responses, so this both makes it
easier for users to understand their actual full set, and it matches
what the audit logs now report.
@jefferai
Split policies out to all, token, and identity
54026ce
@jefferai jefferai force-pushed the audit-identity-policies branch from d7814db to 54026ce Compare June 13, 2018 22:20
@jefferai jefferai changed the title This changes the way policies are reported in audit logs. Changes the way policies are reported in audit logs Jun 14, 2018
@jefferai
Copy link
Member Author

Ready for another look!

briankassouf
briankassouf previously approved these changes Jun 14, 2018
View reviewed changes
chrishoffman
chrishoffman previously approved these changes Jun 14, 2018
View reviewed changes
@jefferai jefferai dismissed stale reviews from chrishoffman and briankassouf via 8fc5516 June 14, 2018 13:19
@jefferai jefferai merged commit 765fe52 into master Jun 14, 2018
@jefferai jefferai deleted the audit-identity-policies branch June 14, 2018 13:49
@jefferai jefferai mentioned this pull request Jun 14, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@briankassouf briankassouf briankassouf left review comments

@chrishoffman chrishoffman chrishoffman left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.10.3
Development

Successfully merging this pull request may close these issues.
3 participants
@jefferai @chrishoffman @briankassouf