Skip to content

Commit

Permalink
revert logging changes
Browse files Browse the repository at this point in the history
Signed-off-by: Peter Nied <[email protected]>
  • Loading branch information
peternied committed Oct 4, 2023
1 parent edbe2be commit 33aa863
Show file tree
Hide file tree
Showing 14 changed files with 26 additions and 36 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -132,15 +132,13 @@ protected void save(final AuditMessage msg) {

@Override
public void logFailedLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, SecurityRequest request) {
new Exception("&&& logFailedLogin").printStackTrace();
if (enabled) {
super.logFailedLogin(effectiveUser, securityAdmin, initiatingUser, request);
}
}

@Override
public void logSucceededLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, SecurityRequest request) {
new Exception("&&& logSucceededLogin").printStackTrace();
if (enabled) {
super.logSucceededLogin(effectiveUser, securityAdmin, initiatingUser, request);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -592,15 +592,15 @@ private User impersonate(final SecurityRequestChannel request, final User origin
}

if (adminDns.isAdminDN(impersonatedUserHeader)) {
System.out.println("@607 - impersonate, 403");

throw new OpenSearchSecurityException(
"It is not allowed to impersonate as an adminuser '" + impersonatedUserHeader + "'",
RestStatus.FORBIDDEN
);
}

if (!adminDns.isRestImpersonationAllowed(originalUser.getName(), impersonatedUserHeader)) {
System.out.println("@615 - impersonate, 403");

throw new OpenSearchSecurityException(
"'" + originalUser.getName() + "' is not allowed to impersonate as '" + impersonatedUserHeader + "'",
RestStatus.FORBIDDEN
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -373,7 +373,7 @@ protected final ValidationResult<SecurityDynamicConfiguration<?>> loadConfigurat
) {
final var configuration = load(cType, logComplianceEvent);
if (configuration.getSeqNo() < 0) {
System.out.println("@374 - abstract API action, 403");

return ValidationResult.error(
RestStatus.FORBIDDEN,
forbiddenMessage(
Expand Down Expand Up @@ -414,19 +414,19 @@ public RestApiAdminPrivilegesEvaluator restApiAdminPrivilegesEvaluator() {

@Override
public ValidationResult<SecurityConfiguration> onConfigDelete(SecurityConfiguration securityConfiguration) throws IOException {
System.out.println("@415 - abstract API action, 403");

return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied"));
}

@Override
public ValidationResult<SecurityConfiguration> onConfigLoad(SecurityConfiguration securityConfiguration) throws IOException {
System.out.println("@421 - abstract API action, 403");

return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied"));
}

@Override
public ValidationResult<SecurityConfiguration> onConfigChange(SecurityConfiguration securityConfiguration) throws IOException {
System.out.println("@427 - abstract API action, 403");

return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied"));
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ public RestApiAdminPrivilegesEvaluator restApiAdminPrivilegesEvaluator() {
public ValidationResult<SecurityConfiguration> isAllowedToChangeImmutableEntity(SecurityConfiguration securityConfiguration)
throws IOException {
if (STATIC_OPENSEARCH_YML_NODES_DN.equals(securityConfiguration.entityName())) {
System.out.println("@142 - nodes dn API action, 403");

return ValidationResult.error(
RestStatus.FORBIDDEN,
forbiddenMessage("Resource '" + STATIC_OPENSEARCH_YML_NODES_DN + "' is read-only.")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ public static void response(RestChannel channel, RestStatus status, String messa
public static void response(final RestChannel channel, final RestStatus status, final ToXContent toXContent) {
try (final var builder = channel.newBuilder()) {
toXContent.toXContent(builder, ToXContent.EMPTY_PARAMS);
System.out.println("@76 - responses " + status.getStatus());

channel.sendResponse(new BytesRestResponse(status, builder));
} catch (final IOException ioe) {
throw ExceptionsHelper.convertToOpenSearchException(ioe);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ default boolean isCurrentUserAdmin() {

default ValidationResult<String> withRequiredEntityName(final String entityName) {
if (entityName == null) {
System.out.println("@152 - Endpoint validator 400");

return ValidationResult.error(RestStatus.BAD_REQUEST, badRequestMessage("No " + resourceName() + " specified."));
}
return ValidationResult.success(entityName);
Expand Down Expand Up @@ -105,7 +105,7 @@ default ValidationResult<SecurityConfiguration> entityStatic(final SecurityConfi
final var configuration = securityConfiguration.configuration();
final var entityName = securityConfiguration.entityName();
if (configuration.isStatic(entityName)) {
System.out.println("@107 - Endpoint validator 403");

return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Resource '" + entityName + "' is static."));
}
return ValidationResult.success(securityConfiguration);
Expand All @@ -115,11 +115,6 @@ default ValidationResult<SecurityConfiguration> entityReserved(final SecurityCon
final var configuration = securityConfiguration.configuration();
final var entityName = securityConfiguration.entityName();
if (configuration.isReserved(entityName)) {
System.out.println("@117 - Endpoint validator 403");
// TODO: Remove
new Exception("&&& entityReserved denied calling stack trace").printStackTrace();


return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Resource '" + entityName + "' is reserved."));
}
return ValidationResult.success(securityConfiguration);
Expand All @@ -129,7 +124,7 @@ default ValidationResult<SecurityConfiguration> entityHidden(final SecurityConfi
final var configuration = securityConfiguration.configuration();
final var entityName = securityConfiguration.entityName();
if (configuration.isHidden(entityName)) {
System.out.println("@152 - Endpoint validator 404");

return ValidationResult.error(RestStatus.NOT_FOUND, notFoundMessage("Resource '" + entityName + "' is not available."));
}
return ValidationResult.success(securityConfiguration);
Expand Down Expand Up @@ -157,7 +152,7 @@ default ValidationResult<SecurityConfiguration> isAllowedToChangeEntityWithRestA
final var configuration = securityConfiguration.configuration();
final var existingEntity = configuration.getCEntry(securityConfiguration.entityName());
if (restApiAdminPrivilegesEvaluator().containsRestApiAdminPermissions(existingEntity)) {
System.out.println("@152 - Endpoint validator 403");

return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied"));
}
} else {
Expand All @@ -167,7 +162,7 @@ default ValidationResult<SecurityConfiguration> isAllowedToChangeEntityWithRestA
configuration.getImplementingClass()
);
if (restApiAdminPrivilegesEvaluator().containsRestApiAdminPermissions(configEntityContent)) {
System.out.println("@162 - Endpoint validator 403");

return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied"));
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,7 @@ public boolean hasCompleted() {

@Override
public boolean completeWithResponse(final SecurityResponse response) {
System.out.println("@32 - completeWithResponse" + response.getStatus());
// TODO: Remove
new Exception("&&& completeWithResponse calling stack trace").printStackTrace();


if (underlyingChannel == null) {
throw new UnsupportedOperationException("Channel was not defined");
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -464,7 +464,7 @@ public void onFailure(Exception e) {
: String.format("no permissions for %s and %s", pres.getMissingPrivileges(), user);
}
log.debug(err);
System.out.println("@467 - apply0, 403");

listener.onFailure(new OpenSearchSecurityException(err, RestStatus.FORBIDDEN));
}
} catch (OpenSearchException e) {
Expand Down Expand Up @@ -515,7 +515,7 @@ private boolean checkImmutableIndices(Object request, ActionListener listener) {
|| request instanceof IndicesAliasesRequest;

if (isModifyIndexRequest && isRequestIndexImmutable(request)) {
System.out.println("@517 - checkImmutableIndices, 403");

listener.onFailure(new OpenSearchSecurityException("Index is immutable", RestStatus.FORBIDDEN));
return true;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,7 @@ private void authorizeRequest(RestHandler original, SecurityRequestChannel reque
err = String.format("no permissions for %s and %s", pres.getMissingPrivileges(), user);
}
log.debug(err);
System.out.println("@206 - authorizeRequest 401");

request.completeWithResponse(new SecurityResponse(HttpStatus.SC_UNAUTHORIZED, null, err));
return;
}
Expand All @@ -220,7 +220,7 @@ public void checkAndAuthenticateRequest(SecurityRequestChannel requestChannel) t
final OpenSearchException exception = ExceptionUtils.createBadHeaderException();
log.error(exception.toString());
auditLog.logBadHeaders(requestChannel);
System.out.println("@220 - checkAndAuthenticateRequest 403");

requestChannel.completeWithResponse(new SecurityResponse(HttpStatus.SC_FORBIDDEN, null, exception.toString()));
return;
}
Expand All @@ -229,7 +229,7 @@ public void checkAndAuthenticateRequest(SecurityRequestChannel requestChannel) t
final OpenSearchException exception = ExceptionUtils.createBadHeaderException();
log.error(exception.toString());
auditLog.logBadHeaders(requestChannel);
System.out.println("@229 - checkAndAuthenticateRequest 403");

requestChannel.completeWithResponse(new SecurityResponse(HttpStatus.SC_FORBIDDEN, null, exception.toString()));
return;
}
Expand All @@ -250,7 +250,7 @@ public void checkAndAuthenticateRequest(SecurityRequestChannel requestChannel) t
} catch (SSLPeerUnverifiedException e) {
log.error("No ssl info", e);
auditLog.logSSLException(requestChannel, e);
System.out.println("@250 - authorizeRequest 403");

requestChannel.completeWithResponse(new SecurityResponse(HttpStatus.SC_FORBIDDEN, null, null));
return;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli
SSLRequestHelper.SSLInfo sslInfo = SSLRequestHelper.getSSLInfo(settings, configPath, securityRequest, principalExtractor);

if (sslInfo == null) {
System.out.println("@84 - update config action 403");

channel.sendResponse(new BytesRestResponse(RestStatus.FORBIDDEN, ""));
return;
}
Expand All @@ -90,7 +90,7 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli

// only allowed for admins
if (user == null || !adminDns.isAdmin(user)) {
System.out.println("@93 - update config action 403");

channel.sendResponse(new BytesRestResponse(RestStatus.FORBIDDEN, ""));
return;
} else {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ public void accept(RestChannel channel) throws Exception {
SSLInfo sslInfo = SSLRequestHelper.getSSLInfo(settings, configPath, securityRequest, principalExtractor);

if (sslInfo == null) {
System.out.println("@104 - who am i action, 403");

response = new BytesRestResponse(RestStatus.FORBIDDEN, "No security data");
} else {

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ public void accept(RestChannel channel) throws Exception {

// only allowed for admins or the kibanaserveruser
if (!isAuthorized()) {
System.out.println("@117 - tenant info action, 403");

response = new BytesRestResponse(RestStatus.FORBIDDEN, "");
} else {

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ private boolean requestIsAllowlisted(RestRequest request) {
public boolean checkRequestIsAllowed(RestRequest request, RestChannel channel, NodeClient client) throws IOException {
// if allowlisting is enabled but the request is not allowlisted, then return false, otherwise true.
if (this.enabled && !requestIsAllowlisted(request)) {
System.out.println("@113 - checkRequestIsAllowed 403");

channel.sendResponse(
new BytesRestResponse(
RestStatus.FORBIDDEN,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ private boolean requestIsWhitelisted(RestRequest request) {
public boolean checkRequestIsAllowed(RestRequest request, RestChannel channel, NodeClient client) throws IOException {
// if whitelisting is enabled but the request is not whitelisted, then return false, otherwise true.
if (this.enabled && !requestIsWhitelisted(request)) {
System.out.println("@114 - checkRequestIsAllowed 403");

channel.sendResponse(
new BytesRestResponse(
RestStatus.FORBIDDEN,
Expand Down

0 comments on commit 33aa863

Please sign in to comment.