fixup! Address code review comments

elastic · Feb 23, 2024 · 7200f76 · 7200f76
1 parent c6de455
commit 7200f76
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 58 deletions.
diff --git a/docs/reference/index-modules/slowlog.asciidoc b/docs/reference/index-modules/slowlog.asciidoc
@@ -79,7 +79,7 @@ This will result in user information being included in the slow log.
   "@timestamp": "2024-02-21T12:42:37.255Z",
   "log.level": "WARN",
   "auth.type": "REALM",
-  "elasticsearch.slowlog.id": null,
+  "elasticsearch.slowlog.id": "1eb56087c321442e8c9040dbe51fbcdf",
   "elasticsearch.slowlog.message": "[index6][0]",
   "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH",
   "elasticsearch.slowlog.source": "{\"query\":{\"match_all\":{\"boost\":1.0}}}",
@@ -88,8 +88,6 @@ This will result in user information being included in the slow log.
   "elasticsearch.slowlog.took_millis": 0,
   "elasticsearch.slowlog.total_hits": "1 hits",
   "elasticsearch.slowlog.total_shards": 1,
-  "user.effective.name": "elastic",
-  "user.effective.realm": "reserved",
   "user.name": "elastic",
   "user.realm": "reserved",
   "ecs.version": "1.2.0",
@@ -106,40 +104,8 @@ This will result in user information being included in the slow log.
 ---------------------------
 // NOTCONSOLE
 
-If a call was initiated with an `X-Opaque-ID` header, then the ID is also included
-in Search Slow logs as an additional **elasticsearch.slowlog.id** field
-
-[source,js]
----------------------------
-{
-  "@timestamp": "2024-02-21T12:42:37.255Z",
-  "log.level": "WARN",
-  "auth.type": "REALM",
-  "elasticsearch.slowlog.id": "MY_USER_ID",
-  "elasticsearch.slowlog.message": "[index6][0]",
-  "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH",
-  "elasticsearch.slowlog.source": "{\"query\":{\"match_all\":{\"boost\":1.0}}}",
-  "elasticsearch.slowlog.stats": "[]",
-  "elasticsearch.slowlog.took": "747.3micros",
-  "elasticsearch.slowlog.took_millis": 0,
-  "elasticsearch.slowlog.total_hits": "1 hits",
-  "elasticsearch.slowlog.total_shards": 1,
-  "user.effective.name": "elastic",
-  "user.effective.realm": "reserved",
-  "user.name": "elastic",
-  "user.realm": "reserved",
-  "ecs.version": "1.2.0",
-  "service.name": "ES_ECS",
-  "event.dataset": "elasticsearch.index_search_slowlog",
-  "process.thread.name": "elasticsearch[runTask-0][search][T#5]",
-  "log.logger": "index.search.slowlog.query",
-  "elasticsearch.cluster.uuid": "Ui23kfF1SHKJwu_hI1iPPQ",
-  "elasticsearch.node.id": "JK-jn-XpQ3OsDUsq5ZtfGg",
-  "elasticsearch.node.name": "node-0",
-  "elasticsearch.cluster.name": "distribution_run"
-}
----------------------------
-// NOTCONSOLE
+If a call was initiated with an `X-Opaque-ID` header, then the ID is included
+in Search Slow logs in the **elasticsearch.slowlog.id** field.
 
 [discrete]
 [[index-slow-log]]

diff --git a/...log/src/javaRestTest/java/org/elasticsearch/xpack/security/slowlog/SecuritySlowLogIT.java b/...log/src/javaRestTest/java/org/elasticsearch/xpack/security/slowlog/SecuritySlowLogIT.java
@@ -83,18 +83,7 @@ public void testSlowLogWithApiUser() throws Exception {
             indexSomeData(testData.name);
         }
 
-        Map<String, Object> expectedUser = Map.of(
-            "user.name",
-            "api_user",
-            "user.effective.name",
-            "api_user",
-            "user.realm",
-            "default_file",
-            "user.effective.realm",
-            "default_file",
-            "auth.type",
-            "REALM"
-        );
+        Map<String, Object> expectedUser = Map.of("user.name", "api_user", "user.realm", "default_file", "auth.type", "REALM");
 
         verifySearchSlowLogMatchesTestData(testIndices, expectedUser);
         verifyIndexSlowLogMatchesTestData(testIndices, expectedUser);
@@ -123,12 +112,8 @@ public void testSlowLogWithApiKey() throws Exception {
         Map<String, Object> expectedUser = Map.of(
             "user.name",
             "admin_user",
-            "user.effective.name",
-            "admin_user",
             "user.realm",
             "_es_api_key",
-            "user.effective.realm",
-            "_es_api_key",
             "auth.type",
             "API_KEY",
             "apikey.id",
@@ -187,12 +172,8 @@ public void testSlowLogWithServiceAccount() throws Exception {
         Map<String, Object> expectedUser = Map.of(
             "user.name",
             "elastic/enterprise-search-server",
-            "user.effective.name",
-            "elastic/enterprise-search-server",
             "user.realm",
             "_service_account",
-            "user.effective.realm",
-            "_service_account",
             "auth.type",
             "TOKEN"
         );

diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java
@@ -2016,7 +2016,8 @@ public Map<String, String> getAuthContextForSlowLog() {
                 authContext.put("user.name", authenticatingSubject.getUser().principal());
                 authContext.put("user.realm", authenticatingSubject.getRealm().getName());
             }
-            if (effetctiveSubject.getUser() != null) {
+            // Only include effective user if different from authenticating user (run-as)
+            if (effetctiveSubject.getUser() != null && effetctiveSubject.equals(authenticatingSubject) == false) {
                 authContext.put("user.effective.name", effetctiveSubject.getUser().principal());
                 authContext.put("user.effective.realm", effetctiveSubject.getRealm().getName());
             }