From 85033587e80576fc8819de989cf555fc1456e614 Mon Sep 17 00:00:00 2001
From: MaciejMierzwa <dev.maciej.mierzwa@gmail.com>
Date: Thu, 22 Jun 2023 14:32:59 +0200
Subject: [PATCH 1/2] turn on audit logging

Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>
---
 .../org/opensearch/security/filter/SecurityRestFilter.java   | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/opensearch/security/filter/SecurityRestFilter.java b/src/main/java/org/opensearch/security/filter/SecurityRestFilter.java
index d360b54775..39dd76a652 100644
--- a/src/main/java/org/opensearch/security/filter/SecurityRestFilter.java
+++ b/src/main/java/org/opensearch/security/filter/SecurityRestFilter.java
@@ -177,11 +177,10 @@ private boolean authorizeRequest(RestHandler original, RestRequest request, Rest
                 log.debug(pres.toString());
             }
             if (pres.isAllowed()) {
-                // TODO make sure this is audit logged
                 log.debug("Request has been granted");
-                // auditLog.logGrantedPrivileges(action, request, task);
+                auditLog.logGrantedPrivileges(user.getName(), request);
             } else {
-                // auditLog.logMissingPrivileges(action, request, task);
+                auditLog.logMissingPrivileges(route.name(), user.getName(), request);
                 String err;
                 if (!pres.getMissingSecurityRoles().isEmpty()) {
                     err = String.format("No mapping for %s on roles %s", user, pres.getMissingSecurityRoles());

From 3c397e259e9b69bdb33d840df2e6a2ac7301122b Mon Sep 17 00:00:00 2001
From: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>
Date: Fri, 23 Jun 2023 10:46:17 +0200
Subject: [PATCH 2/2] add privileges info

Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>
---
 .../org/opensearch/security/auditlog/impl/AbstractAuditLog.java  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java b/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java
index e14d5b17a9..fe5b01fec7 100644
--- a/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java
+++ b/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java
@@ -184,6 +184,7 @@ public void logMissingPrivileges(String privilege, String effectiveUser, RestReq
         msg.addRemoteAddress(remoteAddress);
         msg.addRestRequestInfo(request, auditConfigFilter);
         msg.addEffectiveUser(effectiveUser);
+        msg.addPrivilege(privilege);
         save(msg);
     }