Description
To reproduce:
1. Start a 5.5.x (possibly affects all 5.x versions) Couchbase Server cluster.
2. Go to Security -> Audit , and add a user under "Ignore Filterable Events From These Users"
3. Use a client to add/edit a document, maybe something like
/opt/couchbase/bin/cbworkloadgen -i 1 -b testB -u david -p password
|
4. Check audit logs "cat /opt/couchbase/var/lib/couchbase/logs/audit.log", you will see document mutation logged:
{"timestamp":"2019-04-02T10:15:46.446519Z","peername":"127.0.0.1:37730","sockname":"127.0.0.1:11210","real_userid":{"domain":"memcached","user":"david"},"bucket":"testB","key":"<ud>pymc0</ud>","id":20490,"name":"document modify","description":"Document was modified"}
|
Seems to be related to how domain is being set in the event payload.
Attachments
Issue Links
- backports to
-
MB-35534 [BP 5.5.x] [BP 6.0.x] Filterable audit events for filtered (whitelisted) users are still being logged in audit log
- Closed
Gerrit Reviews
For Gerrit Dashboard: MB-33603 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
107673,3 | MB-33603: Fix filtering of memcached generated audit events | master | kv_engine | Status: MERGED | +2 | +1 |
181528,11 | Refactor one of the audit tests | master | kv_engine | Status: MERGED | +2 | +1 |