Audit Logging for Extensions #5

DarshitChanpura · 2023-06-22T15:31:11Z

is there a difference in adding this route.name() here? Maybe i missed it in the logs you posted

you're right, it didn't do anything. It turns about this parameter wasn't used anywhere in one of the methods down the line. Added it in AbstractAuditLog and here's how logs look like now:
audit_request_privilege is logged correctly

{ "_index": "security-auditlog-2023.06.23", "_id": "KJVs54gBDjJ9Ce5u7dZD", "_score": null, "_source": { "audit_cluster_name": "opensearch", "audit_node_name": "node", "audit_rest_request_method": "POST", "audit_category": "MISSING_PRIVILEGES", "audit_request_origin": "REST", "audit_request_body": "{ }", "audit_node_id": "dwo7slt-SYiWN0z_aajNYQ", "audit_request_layer": "REST", "audit_rest_request_path": "/_extensions/_hw/hello", "@timestamp": "2023-06-23T08:44:15.545+00:00", "audit_format_version": 4, "audit_request_remote_address": "127.0.0.1", "audit_request_privilege": "hw:greet_with_adjective", "audit_node_host_address": "127.0.0.1", "audit_rest_request_headers": { "x-http2-stream-id": [ "1" ], "content-length": [ "3" ], "host": [ "localhost:9200" ], "x-http2-scheme": [ "https" ], "content-type": [ "application/json" ], "user-agent": [ "curl/7.81.0" ], "accept": [ "*/*" ] }, "audit_request_effective_user": "new-user", "audit_node_host_name": "127.0.0.1" }, "sort": [ 1687509855545 ] }, { "_index": "security-auditlog-2023.06.23", "_id": "J5Vs54gBDjJ9Ce5u7dZD", "_score": null, "_source": { "audit_cluster_name": "opensearch", "audit_node_name": "node", "audit_request_initiating_user": "new-user", "audit_rest_request_method": "POST", "audit_category": "AUTHENTICATED", "audit_request_origin": "REST", "audit_request_body": "{ }", "audit_node_id": "dwo7slt-SYiWN0z_aajNYQ", "audit_request_layer": "REST", "audit_rest_request_path": "/_extensions/_hw/hello", "@timestamp": "2023-06-23T08:44:12.445+00:00", "audit_request_effective_user_is_admin": false, "audit_format_version": 4, "audit_request_remote_address": "127.0.0.1", "audit_node_host_address": "127.0.0.1", "audit_rest_request_headers": { "x-http2-stream-id": [ "1" ], "content-length": [ "3" ], "host": [ "localhost:9200" ], "x-http2-scheme": [ "https" ], "content-type": [ "application/json" ], "user-agent": [ "curl/7.81.0" ], "accept": [ "*/*" ] }, "audit_request_effective_user": "new-user", "audit_node_host_name": "127.0.0.1" }, "sort": [ 1687509852445 ] }

-Original file line number
+Diff line change
@@ Expand Up @@
                     log.debug(pres.toString());
                 }
                 if (pres.isAllowed()) {
-                    // TODO make sure this is audit logged
                     log.debug("Request has been granted");
-                    // auditLog.logGrantedPrivileges(action, request, task);
+                    auditLog.logGrantedPrivileges(user.getName(), request);
                 } else {
-                    // auditLog.logMissingPrivileges(action, request, task);
+                    auditLog.logMissingPrivileges(route.name(), user.getName(), request);
                     String err;
                     if (!pres.getMissingSecurityRoles().isEmpty()) {
                         err = String.format("No mapping for %s on roles %s", user, pres.getMissingSecurityRoles());
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Audit Logging for Extensions #5

Diff view

Diff view

There are no files selected for viewing

DarshitChanpura Jun 22, 2023

MaciejMierzwa Jun 23, 2023

Audit Logging for Extensions #5

Audit Logging for Extensions #5

Diff view

Diff view

There are no files selected for viewing

DarshitChanpura Jun 22, 2023

Choose a reason for hiding this comment

MaciejMierzwa Jun 23, 2023

Choose a reason for hiding this comment