From a2b51b5565b33e13641f9586c9df08e91b96e0fc Mon Sep 17 00:00:00 2001 From: kobelb Date: Fri, 1 Jun 2018 07:58:24 -0400 Subject: [PATCH] Logging args during audit failures --- x-pack/plugins/security/server/lib/audit_logger.js | 5 +++-- .../plugins/security/server/lib/audit_logger.test.js | 10 +++++++--- .../secure_saved_objects_client.js | 2 +- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/x-pack/plugins/security/server/lib/audit_logger.js b/x-pack/plugins/security/server/lib/audit_logger.js index 4debbe59fc6fe3..22cf207e3d363a 100644 --- a/x-pack/plugins/security/server/lib/audit_logger.js +++ b/x-pack/plugins/security/server/lib/audit_logger.js @@ -10,7 +10,7 @@ export class SecurityAuditLogger { this._auditLogger = auditLogger; } - savedObjectsAuthorizationFailure(username, action, types, missing) { + savedObjectsAuthorizationFailure(username, action, types, missing, args) { if (!this._enabled) { return; } @@ -22,7 +22,8 @@ export class SecurityAuditLogger { username, action, types, - missing + missing, + args } ); } diff --git a/x-pack/plugins/security/server/lib/audit_logger.test.js b/x-pack/plugins/security/server/lib/audit_logger.test.js index 2c2ac7bac28ef2..da727552aae58a 100644 --- a/x-pack/plugins/security/server/lib/audit_logger.test.js +++ b/x-pack/plugins/security/server/lib/audit_logger.test.js @@ -49,8 +49,12 @@ describe(`#savedObjectsAuthorizationFailure`, () => { const action = 'foo-action'; const types = [ 'foo-type-1', 'foo-type-2' ]; const missing = [`action:saved-objects/${types[0]}/foo-action`, `action:saved-objects/${types[1]}/foo-action`]; + const args = { + 'foo': 'bar', + 'baz': 'quz', + }; - securityAuditLogger.savedObjectsAuthorizationFailure(username, action, types, missing); + securityAuditLogger.savedObjectsAuthorizationFailure(username, action, types, missing, args); expect(auditLogger.log).toHaveBeenCalledWith( 'saved_objects_authorization_failure', @@ -60,6 +64,7 @@ describe(`#savedObjectsAuthorizationFailure`, () => { action, types, missing, + args, } ); }); @@ -89,8 +94,7 @@ describe(`#savedObjectsAuthorizationSuccess`, () => { const types = [ 'foo-type-1', 'foo-type-2' ]; const args = { 'foo': 'bar', - 'dude': 'yup', - 'women': 'yay!', + 'baz': 'quz', }; securityAuditLogger.savedObjectsAuthorizationSuccess(username, action, types, args); diff --git a/x-pack/plugins/security/server/lib/saved_objects_client/secure_saved_objects_client.js b/x-pack/plugins/security/server/lib/saved_objects_client/secure_saved_objects_client.js index d39464bafaa39c..08ee87d5f281bf 100644 --- a/x-pack/plugins/security/server/lib/saved_objects_client/secure_saved_objects_client.js +++ b/x-pack/plugins/security/server/lib/saved_objects_client/secure_saved_objects_client.js @@ -103,7 +103,7 @@ export class SecureSavedObjectsClient { if (result.success) { this._auditLogger.savedObjectsAuthorizationSuccess(result.username, action, types, args); } else { - this._auditLogger.savedObjectsAuthorizationFailure(result.username, action, types, result.missing); + this._auditLogger.savedObjectsAuthorizationFailure(result.username, action, types, result.missing, args); const msg = `Unable to ${action} ${types.join(',')}, missing ${result.missing.join(',')}`; throw this._client.errors.decorateForbiddenError(new Error(msg)); }