diff --git a/src/main/java/org/opensearch/security/auditlog/AuditLog.java b/src/main/java/org/opensearch/security/auditlog/AuditLog.java index 58740de6c0..a7cda20025 100644 --- a/src/main/java/org/opensearch/security/auditlog/AuditLog.java +++ b/src/main/java/org/opensearch/security/auditlog/AuditLog.java @@ -48,9 +48,7 @@ public interface AuditLog extends Closeable { //login - void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, Task task); void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request); - void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, String action, Task task); void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request); //privs diff --git a/src/main/java/org/opensearch/security/auditlog/NullAuditLog.java b/src/main/java/org/opensearch/security/auditlog/NullAuditLog.java index 20b1faa909..06761f5636 100644 --- a/src/main/java/org/opensearch/security/auditlog/NullAuditLog.java +++ b/src/main/java/org/opensearch/security/auditlog/NullAuditLog.java @@ -52,21 +52,11 @@ public void close() throws IOException { //noop, intentionally left empty } - @Override - public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, Task task) { - //noop, intentionally left empty - } - @Override public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request) { //noop, intentionally left empty } - @Override - public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, String action, Task task) { - //noop, intentionally left empty - } - @Override public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request) { //noop, intentionally left empty diff --git a/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java b/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java index 54bdfb9b50..b8f888c779 100644 --- a/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java +++ b/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java @@ -133,23 +133,6 @@ public ComplianceConfig getComplianceConfig() { return this.complianceConfig; } - @Override - public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, Task task) { - final String action = null; - - if(!checkTransportFilter(AuditCategory.FAILED_LOGIN, action, effectiveUser, request)) { - return; - } - - final TransportAddress remoteAddress = getRemoteAddress(); - final List msgs = RequestResolver.resolve(AuditCategory.FAILED_LOGIN, getOrigin(), action, null, effectiveUser, securityadmin, initiatingUser, remoteAddress, request, getThreadContextHeaders(), task, resolver, clusterService, settings, auditConfigFilter.shouldLogRequestBody(), auditConfigFilter.shouldResolveIndices(), auditConfigFilter.shouldResolveBulkRequests(), securityIndex, auditConfigFilter.shouldExcludeSensitiveHeaders(), null); - - for(AuditMessage msg: msgs) { - save(msg); - } - } - - @Override public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request) { @@ -168,21 +151,6 @@ public void logFailedLogin(String effectiveUser, boolean securityadmin, String i save(msg); } - @Override - public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, String action, Task task) { - - if(!checkTransportFilter(AuditCategory.AUTHENTICATED, action, effectiveUser, request)) { - return; - } - - final TransportAddress remoteAddress = getRemoteAddress(); - final List msgs = RequestResolver.resolve(AuditCategory.AUTHENTICATED, getOrigin(), action, null, effectiveUser, securityadmin, initiatingUser,remoteAddress, request, getThreadContextHeaders(), task, resolver, clusterService, settings, auditConfigFilter.shouldLogRequestBody(), auditConfigFilter.shouldResolveIndices(), auditConfigFilter.shouldResolveBulkRequests(), securityIndex, auditConfigFilter.shouldExcludeSensitiveHeaders(), null); - - for(AuditMessage msg: msgs) { - save(msg); - } - } - @Override public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request) { diff --git a/src/main/java/org/opensearch/security/auditlog/impl/AuditLogImpl.java b/src/main/java/org/opensearch/security/auditlog/impl/AuditLogImpl.java index 1bb802f291..516ae7a980 100644 --- a/src/main/java/org/opensearch/security/auditlog/impl/AuditLogImpl.java +++ b/src/main/java/org/opensearch/security/auditlog/impl/AuditLogImpl.java @@ -128,13 +128,6 @@ protected void save(final AuditMessage msg) { } } - @Override - public void logFailedLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, TransportRequest request, Task task) { - if (enabled) { - super.logFailedLogin(effectiveUser, securityAdmin, initiatingUser, request, task); - } - } - @Override public void logFailedLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, RestRequest request) { if (enabled) { @@ -142,13 +135,6 @@ public void logFailedLogin(String effectiveUser, boolean securityAdmin, String i } } - @Override - public void logSucceededLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, TransportRequest request, String action, Task task) { - if (enabled) { - super.logSucceededLogin(effectiveUser, securityAdmin, initiatingUser, request, action, task); - } - } - @Override public void logSucceededLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, RestRequest request) { if (enabled) { diff --git a/src/main/java/org/opensearch/security/auth/RolesInjector.java b/src/main/java/org/opensearch/security/auth/RolesInjector.java index 734a4547fa..af7824b83d 100644 --- a/src/main/java/org/opensearch/security/auth/RolesInjector.java +++ b/src/main/java/org/opensearch/security/auth/RolesInjector.java @@ -82,6 +82,5 @@ private void addUser(final User user, final TransportRequest transportRequest, return; threadContext.putTransient(ConfigConstants.OPENDISTRO_SECURITY_USER, user); - auditLog.logSucceededLogin(user.getName(), false, null, transportRequest, action, task); } } diff --git a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java index 2b72aa5212..ec4286f3e9 100644 --- a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java +++ b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java @@ -99,18 +99,6 @@ public Set getRestAuthorizers() { return Collections.unmodifiableSet(restAuthorizers); } @Override - public SortedSet getTransportAuthDomains() { - return Collections.unmodifiableSortedSet(transportAuthDomains); - } - @Override - public Set getTransportAuthorizers() { - return Collections.unmodifiableSet(transportAuthorizers); - } - @Override - public String getTransportUsernameAttribute() { - return config.dynamic.transport_userrname_attribute; - } - @Override public boolean isAnonymousAuthenticationEnabled() { return config.dynamic.http.anonymous_auth_enabled; } diff --git a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java index aa4950398a..66fcf9c4ec 100644 --- a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java +++ b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java @@ -99,18 +99,6 @@ public Set getRestAuthorizers() { return Collections.unmodifiableSet(restAuthorizers); } @Override - public SortedSet getTransportAuthDomains() { - return Collections.unmodifiableSortedSet(transportAuthDomains); - } - @Override - public Set getTransportAuthorizers() { - return Collections.unmodifiableSet(transportAuthorizers); - } - @Override - public String getTransportUsernameAttribute() { - return config.dynamic.transport_userrname_attribute; - } - @Override public boolean isAnonymousAuthenticationEnabled() { return config.dynamic.http.anonymous_auth_enabled; } diff --git a/src/test/java/org/opensearch/security/auditlog/impl/DisabledCategoriesTest.java b/src/test/java/org/opensearch/security/auditlog/impl/DisabledCategoriesTest.java index 454a6a43c2..a6b348733f 100644 --- a/src/test/java/org/opensearch/security/auditlog/impl/DisabledCategoriesTest.java +++ b/src/test/java/org/opensearch/security/auditlog/impl/DisabledCategoriesTest.java @@ -116,10 +116,8 @@ public void enableAllCategoryTest() throws Exception { Assert.assertTrue(AuditCategory.values()+"#"+result, categoriesPresentInLog(result, filterComplianceCategories(AuditCategory.values()))); - Assert.assertThat(result, containsString("testuser.transport.succeededlogin")); Assert.assertThat(result, containsString("testuser.rest.succeededlogin")); Assert.assertThat(result, containsString("testuser.rest.failedlogin")); - Assert.assertThat(result, containsString("testuser.transport.failedlogin")); Assert.assertThat(result, containsString("privilege.missing")); Assert.assertThat(result, containsString("action.indexattempt")); Assert.assertThat(result, containsString("action.transport.ssl")); @@ -195,7 +193,7 @@ protected boolean categoriesPresentInLog(String result, AuditCategory... categor } protected void logAll(AuditLog auditLog) { - //11 requests + //10 requests logRestFailedLogin(auditLog); logRestBadHeaders(auditLog); logRestSSLException(auditLog); @@ -207,8 +205,6 @@ protected void logAll(AuditLog auditLog) { logTransportSSLException(auditLog); logTransportBadHeaders(auditLog); - logTransportFailedLogin(auditLog); - logTransportSucceededLogin(auditLog); logIndexEvent(auditLog); } @@ -217,19 +213,10 @@ protected void logRestSucceededLogin(AuditLog auditLog) { auditLog.logSucceededLogin("testuser.rest.succeededlogin", false, "testuser.rest.succeededlogin", new MockRestRequest()); } - protected void logTransportSucceededLogin(AuditLog auditLog) { - auditLog.logSucceededLogin("testuser.transport.succeededlogin", false, "testuser.transport.succeededlogin", new TransportRequest.Empty(), "test/action", new Task(0, "x", "ac", "", null, null)); - } - - protected void logRestFailedLogin(AuditLog auditLog) { auditLog.logFailedLogin("testuser.rest.failedlogin", false, "testuser.rest.failedlogin", new MockRestRequest()); } - protected void logTransportFailedLogin(AuditLog auditLog) { - auditLog.logFailedLogin("testuser.transport.failedlogin", false, "testuser.transport.failedlogin", new TransportRequest.Empty(), null); - } - protected void logMissingPrivileges(AuditLog auditLog) { auditLog.logMissingPrivileges("privilege.missing", new TransportRequest.Empty(), null); }