|
|
@@ -2471,7 +2471,6 @@ public class LoggingAuditTrailTests extends ESTestCase {
|
|
|
traceId(threadContext, checkedFields);
|
|
|
forwardedFor(threadContext, checkedFields);
|
|
|
assertMsg(logger, checkedFields.map());
|
|
|
-
|
|
|
CapturingLogger.output(logger.getName(), Level.INFO).clear();
|
|
|
|
|
|
// audit for authn with API Key
|
|
|
@@ -2497,6 +2496,32 @@ public class LoggingAuditTrailTests extends ESTestCase {
|
|
|
traceId(threadContext, checkedFields);
|
|
|
forwardedFor(threadContext, checkedFields);
|
|
|
assertMsg(logger, checkedFields.map());
|
|
|
+ CapturingLogger.output(logger.getName(), Level.INFO).clear();
|
|
|
+
|
|
|
+ // authentication success but run-as user does not exist
|
|
|
+ authentication = AuthenticationTestHelper.builder().realm().build(false).runAs(new User(randomAlphaOfLengthBetween(3, 8)), null);
|
|
|
+ checkedFields = new MapBuilder<>(commonFields);
|
|
|
+ auditTrail.authenticationSuccess(requestId, authentication, request);
|
|
|
+ checkedFields.put(LoggingAuditTrail.EVENT_TYPE_FIELD_NAME, LoggingAuditTrail.REST_ORIGIN_FIELD_VALUE)
|
|
|
+ .put(LoggingAuditTrail.EVENT_ACTION_FIELD_NAME, "authentication_success")
|
|
|
+ .put(LoggingAuditTrail.REALM_FIELD_NAME, authentication.getAuthenticatingSubject().getRealm().getName())
|
|
|
+ .put(LoggingAuditTrail.ORIGIN_TYPE_FIELD_NAME, LoggingAuditTrail.REST_ORIGIN_FIELD_VALUE)
|
|
|
+ .put(LoggingAuditTrail.ORIGIN_ADDRESS_FIELD_NAME, NetworkAddress.format(address))
|
|
|
+ .put(LoggingAuditTrail.REQUEST_METHOD_FIELD_NAME, request.method().toString())
|
|
|
+ .put(LoggingAuditTrail.REQUEST_ID_FIELD_NAME, requestId)
|
|
|
+ .put(LoggingAuditTrail.URL_PATH_FIELD_NAME, "_uri");
|
|
|
+ if (includeRequestBody && Strings.hasLength(expectedMessage)) {
|
|
|
+ checkedFields.put(LoggingAuditTrail.REQUEST_BODY_FIELD_NAME, expectedMessage);
|
|
|
+ }
|
|
|
+ if (params.isEmpty() == false) {
|
|
|
+ checkedFields.put(LoggingAuditTrail.URL_QUERY_FIELD_NAME, "foo=bar&evac=true");
|
|
|
+ }
|
|
|
+ authentication(authentication, checkedFields);
|
|
|
+ opaqueId(threadContext, checkedFields);
|
|
|
+ traceId(threadContext, checkedFields);
|
|
|
+ forwardedFor(threadContext, checkedFields);
|
|
|
+ assertMsg(logger, checkedFields.map());
|
|
|
+ CapturingLogger.output(logger.getName(), Level.INFO).clear();
|
|
|
}
|
|
|
|
|
|
public void testAuthenticationSuccessTransport() throws Exception {
|
|
|
@@ -2896,12 +2921,16 @@ public class LoggingAuditTrailTests extends ESTestCase {
|
|
|
final RealmRef authenticatedBy = authentication.getAuthenticatingSubject().getRealm();
|
|
|
if (authentication.isRunAs()) {
|
|
|
final RealmRef lookedUpBy = authentication.getEffectiveSubject().getRealm();
|
|
|
- checkedFields.put(LoggingAuditTrail.PRINCIPAL_REALM_FIELD_NAME, lookedUpBy.getName())
|
|
|
- .put(LoggingAuditTrail.PRINCIPAL_RUN_BY_FIELD_NAME, authentication.getAuthenticatingSubject().getUser().principal())
|
|
|
- .put(LoggingAuditTrail.PRINCIPAL_RUN_BY_REALM_FIELD_NAME, authenticatedBy.getName());
|
|
|
- if (lookedUpBy.getDomain() != null) {
|
|
|
- checkedFields.put(LoggingAuditTrail.PRINCIPAL_DOMAIN_FIELD_NAME, lookedUpBy.getDomain().name());
|
|
|
+ if (lookedUpBy != null) {
|
|
|
+ checkedFields.put(LoggingAuditTrail.PRINCIPAL_REALM_FIELD_NAME, lookedUpBy.getName());
|
|
|
+ if (lookedUpBy.getDomain() != null) {
|
|
|
+ checkedFields.put(LoggingAuditTrail.PRINCIPAL_DOMAIN_FIELD_NAME, lookedUpBy.getDomain().name());
|
|
|
+ }
|
|
|
}
|
|
|
+ checkedFields.put(
|
|
|
+ LoggingAuditTrail.PRINCIPAL_RUN_BY_FIELD_NAME,
|
|
|
+ authentication.getAuthenticatingSubject().getUser().principal()
|
|
|
+ ).put(LoggingAuditTrail.PRINCIPAL_RUN_BY_REALM_FIELD_NAME, authenticatedBy.getName());
|
|
|
if (authenticatedBy.getDomain() != null) {
|
|
|
checkedFields.put(LoggingAuditTrail.PRINCIPAL_RUN_BY_DOMAIN_FIELD_NAME, authenticatedBy.getDomain().name());
|
|
|
}
|
Yang Wang