[SERVER-53962] Move UMC audit hooks to OpObservers Created: 21/Jan/21  Updated: 29/Oct/23  Resolved: 12/Feb/21

Status: Closed
Project: Core Server
Component/s: Internal Code, Security
Affects Version/s: None
Fix Version/s: 5.0.0

Type: Improvement Priority: Major - P3
Reporter: Spencer Jackson Assignee: Sergey Galtsev (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File Results1.txt     Text File Results2.txt     File log.json    
Issue Links:
Depends
Documented
is documented by DOCS-14223 Investigate changes in SERVER-53962: ... Closed
Duplicate
duplicates SERVER-49344 Audit hooks for authorization state c... Closed
Backwards Compatibility: Minor Change
Sprint: Security 2021-02-08, Security 2021-02-22
Participants:

 Description   

We should consider moving the audit hooks from the User Management Commands to the AuthOpObserver, which would invoke them solely on primaries. When a primary performs a write to these system collections, either as a part of a User Management Command or as part of a CRUD operation, the hook will check whether the generated oplog event implies that an authorization audit event should be recorded. If yes and the current node is a primary, it will invoke the audit hook. Because primaries invoke OpObserves in the catalog layer while clients perform operations, the active OperationContext will contain the client's authentication and authorization state.



 Comments   
Comment by Githook User [ 12/Feb/21 ]

Author:

{'name': 'sergey.galtsev', 'email': 'sergey.galtsev@mongodb.com', 'username': 'brushless-glitch'}

Message: SERVER-53962 Move UMC audit hooks to OpObservers
Branch: master
https://github.com/mongodb/mongo/commit/3afb4b31149e5a747e25f2aab611621a99bf8667

Comment by Githook User [ 12/Feb/21 ]

Author:

{'name': 'sergey.galtsev', 'email': 'sergey.galtsev@mongodb.com', 'username': 'brushless-glitch'}

Message: SERVER-53962 Move UMC audit hooks to OpObservers
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/bbe0b1f7821b98620dc8fb9df4854c0828dc40a1

Generated at Thu Feb 08 05:32:18 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.