Skip to content

Check interaction of field masking with audit logging

The test ComplianceAuditLogTest.testReadWriteDfm fails ATM:

java.lang.AssertionError: Messages arrived: {
  "audit_cluster_name" : "utest_n1_fnull_t15609296706395",
  "audit_node_name" : "node_utest_n1_fnull_t15609296706395_num2",
  "audit_category" : "COMPLIANCE_DOC_READ",
  "audit_request_origin" : "REST",
  "audit_request_body" : "{\"field_names\":[\"Status\",\"Designation\",\"Address\",\"FirstName\",\"LastName\",\"Plz\"]}",
  "audit_node_id" : "x9tn5w97RGCJJj1M0ja6WQ",
  "@timestamp" : "2023-01-22T13:41:03.201+00:00",
  "audit_format_version" : 4,
  "audit_request_remote_address" : "127.0.0.1",
  "audit_trace_doc_id" : "100",
  "audit_node_host_address" : "127.0.0.1",
  "audit_request_effective_user" : "fls_audit",
  "audit_request_effective_user_auth_domain" : "basic/internal_users_db",
  "audit_trace_indices" : [
    "humanresources"
  ],
  "audit_trace_resolved_indices" : [
    "humanresources"
  ],
  "audit_node_host_name" : "127.0.0.1"
}

This is likely because the new field masking impl does not properly interact with audit logging in order to remove masked fields.

This is supposed to look like this:

{
  "audit_cluster_name" : "utest_n1_fnull_t15949756818180",
  "audit_node_name" : "node_utest_n1_fnull_t15949756818180_num1",
  "audit_category" : "COMPLIANCE_DOC_READ",
  "audit_request_origin" : "REST",
  "audit_request_body" : "{\"field_names\":[\"Designation\"]}",
  "audit_node_id" : "aGLoatlMQAqp4EfbW5s9FQ",
  "@timestamp" : "2023-01-22T13:46:42.991+00:00",
  "audit_format_version" : 4,
  "audit_request_remote_address" : "127.0.0.1",
  "audit_trace_doc_id" : "100",
  "audit_node_host_address" : "127.0.0.1",
  "audit_request_effective_user" : "fls_audit",
  "audit_request_effective_user_auth_domain" : "basic/internal",
  "audit_trace_indices" : [
    "humanresources"
  ],
  "audit_trace_resolved_indices" : [
    "humanresources"
  ],
  "audit_node_host_name" : "127.0.0.1"
}