Emit an Audit log event when a Bot or Instance fails to join#40329
Merged
strideynet merged 9 commits intomasterfrom Apr 23, 2024
Merged
Emit an Audit log event when a Bot or Instance fails to join#40329strideynet merged 9 commits intomasterfrom
strideynet merged 9 commits intomasterfrom
Conversation
github-actions
Bot
added
audit-log
avatus
reviewed
Apr 10, 2024
avatus
approved these changes
Apr 10, 2024
tigrato
approved these changes
Apr 22, 2024
Contributor
#40729 added some logging for failed join attempts. Are we now going to log things twice? Does this take any of those changes into account? |
Contributor
Author
I've already resolved the conflicts with this PR, I've removed those log lines in favour of my ones, and added any details that were missing from mine. I feel it still makes sense to move ahead with my PR since 40729 did not add an audit log event, and for our cloud customers, they do not have access to the logs of Teleport. The audit log is therefore the only way we can provide feedback about misconfigured joins. I'll hold off merging until you've had a chance to see/respond to this :) |
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
ibeckermayer
approved these changes
Apr 23, 2024
|
@strideynet See the table below for backport results.
|
strideynet
added a commit
that referenced
this pull request
Apr 23, 2024
* Emit audit event on instance/bot join failure * Add audit log on failure to azure and iam join methods * Tidy up a lil bit * Add missing icon to EventTypeCell.tsx * Regenerate snapshot * Correct status code * Add host_id and node_name to the join audit log * Remove "unknown" default values
strideynet
added a commit
that referenced
this pull request
Apr 23, 2024
* Emit audit event on instance/bot join failure * Add audit log on failure to azure and iam join methods * Tidy up a lil bit * Add missing icon to EventTypeCell.tsx * Regenerate snapshot * Correct status code * Add host_id and node_name to the join audit log * Remove "unknown" default values
strideynet
added a commit
that referenced
this pull request
Apr 23, 2024
* Emit audit event on instance/bot join failure * Add audit log on failure to azure and iam join methods * Tidy up a lil bit * Add missing icon to EventTypeCell.tsx * Regenerate snapshot * Correct status code * Add host_id and node_name to the join audit log * Remove "unknown" default values
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Apr 23, 2024
…40329) (#40814) * Emit an Audit log event when a Bot or Instance fails to join (#40329) * Emit audit event on instance/bot join failure * Add audit log on failure to azure and iam join methods * Tidy up a lil bit * Add missing icon to EventTypeCell.tsx * Regenerate snapshot * Correct status code * Add host_id and node_name to the join audit log * Remove "unknown" default values * Fix broken snapshots
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Apr 23, 2024
…40329) (#40816) * Emit an Audit log event when a Bot or Instance fails to join (#40329) * Emit audit event on instance/bot join failure * Add audit log on failure to azure and iam join methods * Tidy up a lil bit * Add missing icon to EventTypeCell.tsx * Regenerate snapshot * Correct status code * Add host_id and node_name to the join audit log * Remove "unknown" default values * Fix badly generatd snapshots
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Apr 23, 2024
…40329) (#40815) * Emit an Audit log event when a Bot or Instance fails to join (#40329) * Emit audit event on instance/bot join failure * Add audit log on failure to azure and iam join methods * Tidy up a lil bit * Add missing icon to EventTypeCell.tsx * Regenerate snapshot * Correct status code * Add host_id and node_name to the join audit log * Remove "unknown" default values * fix backport * Regenerate bad snapshot
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Currently, a failed join is not audit logged or even logged. This makes it really hard to determine why a join failed or to detect a malicious join attempt. This PR introduces an audit log event which is emitted when a join fails for any reason.
For join methods that support returning the attributes of the joining identity, these will also show in the audit log. Not all join methods support this yet, and we ought to return to those and add the appropriate methods so they do surface this information which is extremely useful in diagnosing problems with joining and allow rules.
changelog: Adds a new Audit log event that is emitted when an Agent or Bot request to join the cluster is denied.
Closes #17948