Remove Transport Auth auditlog categories (opensearch-project#1578)

Signed-off-by: Jochen Kressin <jkressin@floragunn.com>

src/main/java/org/opensearch/security/auditlog/AuditLog.java

@@ -48,9 +48,7 @@
 public interface AuditLog extends Closeable {
 
     //login
-    void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, Task task);
     void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request);
-    void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, String action, Task task);
     void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request);
 
     //privs

src/main/java/org/opensearch/security/auditlog/NullAuditLog.java

@@ -52,21 +52,11 @@ public void close() throws IOException {
         //noop, intentionally left empty
     }
 
-    @Override
-    public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, Task task) {
-        //noop, intentionally left empty
-    }
-
     @Override
     public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request) {
         //noop, intentionally left empty
     }
 
-    @Override
-    public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, String action, Task task) {
-        //noop, intentionally left empty
-    }
-
     @Override
     public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request) {
         //noop, intentionally left empty

src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java

@@ -133,23 +133,6 @@ public ComplianceConfig getComplianceConfig() {
         return this.complianceConfig;
     }
 
-    @Override
-    public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, Task task) {
-        final String action = null;
-
-        if(!checkTransportFilter(AuditCategory.FAILED_LOGIN, action, effectiveUser, request)) {
-            return;
-        }
-
-        final TransportAddress remoteAddress = getRemoteAddress();
-        final List<AuditMessage> msgs = RequestResolver.resolve(AuditCategory.FAILED_LOGIN, getOrigin(), action, null, effectiveUser, securityadmin, initiatingUser, remoteAddress, request, getThreadContextHeaders(), task, resolver, clusterService, settings, auditConfigFilter.shouldLogRequestBody(), auditConfigFilter.shouldResolveIndices(), auditConfigFilter.shouldResolveBulkRequests(), securityIndex, auditConfigFilter.shouldExcludeSensitiveHeaders(), null);
-
-        for(AuditMessage msg: msgs) {
-            save(msg);
-        }
-    }
-
-
     @Override
     public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request) {
 
@@ -168,21 +151,6 @@ public void logFailedLogin(String effectiveUser, boolean securityadmin, String i
         save(msg);
     }
 
-    @Override
-    public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, String action, Task task) {
-
-        if(!checkTransportFilter(AuditCategory.AUTHENTICATED, action, effectiveUser, request)) {
-            return;
-        }
-
-        final TransportAddress remoteAddress = getRemoteAddress();
-        final List<AuditMessage> msgs = RequestResolver.resolve(AuditCategory.AUTHENTICATED, getOrigin(), action, null, effectiveUser, securityadmin, initiatingUser,remoteAddress, request, getThreadContextHeaders(), task, resolver, clusterService, settings, auditConfigFilter.shouldLogRequestBody(), auditConfigFilter.shouldResolveIndices(), auditConfigFilter.shouldResolveBulkRequests(), securityIndex, auditConfigFilter.shouldExcludeSensitiveHeaders(), null);
-
-        for(AuditMessage msg: msgs) {
-            save(msg);
-        }
-    }
-
     @Override
     public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request) {
 

src/main/java/org/opensearch/security/auditlog/impl/AuditLogImpl.java

@@ -128,27 +128,13 @@ protected void save(final AuditMessage msg) {
 		}
 	}
 
-	@Override
-	public void logFailedLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, TransportRequest request, Task task) {
-		if (enabled) {
-			super.logFailedLogin(effectiveUser, securityAdmin, initiatingUser, request, task);
-		}
-	}
-
 	@Override
 	public void logFailedLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, RestRequest request) {
 		if (enabled) {
 			super.logFailedLogin(effectiveUser, securityAdmin, initiatingUser, request);
 		}
 	}
 
-	@Override
-	public void logSucceededLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, TransportRequest request, String action, Task task) {
-		if (enabled) {
-			super.logSucceededLogin(effectiveUser, securityAdmin, initiatingUser, request, action, task);
-		}
-	}
-
 	@Override
 	public void logSucceededLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, RestRequest request) {
 		if (enabled) {

src/main/java/org/opensearch/security/auth/RolesInjector.java

@@ -82,6 +82,5 @@ private void addUser(final User user, final TransportRequest transportRequest,
             return;
 
         threadContext.putTransient(ConfigConstants.OPENDISTRO_SECURITY_USER, user);
-        auditLog.logSucceededLogin(user.getName(), false, null, transportRequest, action, task);
     }
 }

src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java

@@ -99,18 +99,6 @@ public Set<AuthorizationBackend> getRestAuthorizers() {
         return Collections.unmodifiableSet(restAuthorizers);
     }
     @Override
-    public SortedSet<AuthDomain> getTransportAuthDomains() {
-        return Collections.unmodifiableSortedSet(transportAuthDomains);
-    }
-    @Override
-    public Set<AuthorizationBackend> getTransportAuthorizers() {
-        return Collections.unmodifiableSet(transportAuthorizers);
-    }
-    @Override
-    public String getTransportUsernameAttribute() {
-        return config.dynamic.transport_userrname_attribute;
-    }
-    @Override
     public boolean isAnonymousAuthenticationEnabled() {
         return config.dynamic.http.anonymous_auth_enabled;
     }

src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java

@@ -99,18 +99,6 @@ public Set<AuthorizationBackend> getRestAuthorizers() {
         return Collections.unmodifiableSet(restAuthorizers);
     }
     @Override
-    public SortedSet<AuthDomain> getTransportAuthDomains() {
-        return Collections.unmodifiableSortedSet(transportAuthDomains);
-    }
-    @Override
-    public Set<AuthorizationBackend> getTransportAuthorizers() {
-        return Collections.unmodifiableSet(transportAuthorizers);
-    }
-    @Override
-    public String getTransportUsernameAttribute() {
-        return config.dynamic.transport_userrname_attribute;
-    }
-    @Override
     public boolean isAnonymousAuthenticationEnabled() {
         return config.dynamic.http.anonymous_auth_enabled;
     }

src/test/java/org/opensearch/security/auditlog/impl/DisabledCategoriesTest.java

@@ -116,10 +116,8 @@ public void enableAllCategoryTest() throws Exception {
 
 		Assert.assertTrue(AuditCategory.values()+"#"+result, categoriesPresentInLog(result, filterComplianceCategories(AuditCategory.values())));
 
-		Assert.assertThat(result, containsString("testuser.transport.succeededlogin"));
 		Assert.assertThat(result, containsString("testuser.rest.succeededlogin"));
 		Assert.assertThat(result, containsString("testuser.rest.failedlogin"));
-		Assert.assertThat(result, containsString("testuser.transport.failedlogin"));
 		Assert.assertThat(result, containsString("privilege.missing"));
 		Assert.assertThat(result, containsString("action.indexattempt"));
 		Assert.assertThat(result, containsString("action.transport.ssl"));
@@ -195,7 +193,7 @@ protected boolean categoriesPresentInLog(String result, AuditCategory... categor
 	}
 
 	protected void logAll(AuditLog auditLog) {
-		//11 requests
+		//10 requests
 	    logRestFailedLogin(auditLog);
 		logRestBadHeaders(auditLog);
 		logRestSSLException(auditLog);
@@ -207,8 +205,6 @@ protected void logAll(AuditLog auditLog) {
 
 		logTransportSSLException(auditLog);
 		logTransportBadHeaders(auditLog);
-		logTransportFailedLogin(auditLog);
-		logTransportSucceededLogin(auditLog);
 
 		logIndexEvent(auditLog);
     }
@@ -217,19 +213,10 @@ protected void logRestSucceededLogin(AuditLog auditLog) {
 	     auditLog.logSucceededLogin("testuser.rest.succeededlogin", false, "testuser.rest.succeededlogin", new MockRestRequest());
 	 }
 
-	 protected void logTransportSucceededLogin(AuditLog auditLog) {
-	     auditLog.logSucceededLogin("testuser.transport.succeededlogin", false, "testuser.transport.succeededlogin", new TransportRequest.Empty(), "test/action", new Task(0, "x", "ac", "", null, null));
-	 }
-
-
     protected void logRestFailedLogin(AuditLog auditLog) {
     	auditLog.logFailedLogin("testuser.rest.failedlogin", false, "testuser.rest.failedlogin", new MockRestRequest());
     }
 
-    protected void logTransportFailedLogin(AuditLog auditLog) {
-    	auditLog.logFailedLogin("testuser.transport.failedlogin", false, "testuser.transport.failedlogin", new TransportRequest.Empty(), null);
-    }
-
     protected void logMissingPrivileges(AuditLog auditLog) {
     	auditLog.logMissingPrivileges("privilege.missing", new TransportRequest.Empty(), null);
     }