Skip to content

Add tenant to audit log (#5709)#6181

Open
quangdutran wants to merge 2 commits into
opensearch-project:mainfrom
quangdutran:main
Open

Add tenant to audit log (#5709)#6181
quangdutran wants to merge 2 commits into
opensearch-project:mainfrom
quangdutran:main

Conversation

@quangdutran

Copy link
Copy Markdown

Description

Add tenant info to audit log

  • Category (Enhancement)
  • Why these changes are required? Informative log
  • What is the old behavior before changes and new behavior after changes? Just new field in the audit log

Issues Resolved

#5709

Testing

New test cases cover the verification of the new tenant field are in BasicAuditlogTest

Check List

  • New functionality includes testing
  • New functionality has been documented
  • New Roles/Permissions have a corresponding security dashboards plugin PR
  • API changes companion pull request created
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Signed-off-by: Du Tran <quangdutran809@gmail.com>
@github-actions

github-actions Bot commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

PR Reviewer Guide 🔍

(Review updated until commit 18e4b72)

Here are some key observations to aid the review process:

🧪 PR contains tests
🔒 No security concerns identified
✅ No TODO sections
🔀 No multiple PR themes
⚡ Recommended focus areas for review

Hardcoded Header Name

getTenant(SecurityRequest request) reads the tenant via the literal header name "securitytenant". This duplicates a value that should come from a constant (e.g., a ConfigConstants field) and risks drifting from the canonical header name if it changes elsewhere. Also, header lookup may be case-sensitive depending on the SecurityRequest implementation, while HTTP headers are typically case-insensitive — clients sending Securitytenant or SECURITYTENANT may not be captured.

private String getTenant(SecurityRequest request) {
    final String fromUser = getTenant();
    if (fromUser != null) {
        return fromUser;
    }
    if (request == null) {
        return null;
    }
    return request.header("securitytenant");
}

@github-actions

Copy link
Copy Markdown
Contributor

Persistent review updated to latest commit 18e4b72

@github-actions

Copy link
Copy Markdown
Contributor

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
General
Treat empty tenant as missing for fallback

getTenant() returns null when the user has no requested tenant, but may also return
an empty string from User.getRequestedTenant(). The current null-only check would
cause an empty tenant from the user to mask a valid securitytenant header. Treat
empty tenant the same as null to fall back to the request header.

src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java [1113-1122]

 private String getTenant(SecurityRequest request) {
     final String fromUser = getTenant();
-    if (fromUser != null) {
+    if (fromUser != null && !fromUser.isEmpty()) {
         return fromUser;
     }
     if (request == null) {
         return null;
     }
     return request.header("securitytenant");
 }
Suggestion importance[1-10]: 6

__

Why: Valid concern: User.getRequestedTenant() could return an empty string, which would prevent fallback to the securitytenant header. The fix is small but improves correctness of tenant resolution.

Low
Deduplicate user retrieval logic

getTenant() and getUser() duplicate the logic to resolve the User from the thread
context. Extract a helper method to avoid divergence and double deserialization when
both are called for the same audit message.

src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java [1103-1111]

-private String getTenant() {
+private User getCurrentUser() {
     User user = threadPool.getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_USER);
     if (user == null && threadPool.getThreadContext().getHeader(ConfigConstants.OPENDISTRO_SECURITY_USER_HEADER) != null) {
         user = this.userFactory.fromSerializedBase64(
             threadPool.getThreadContext().getHeader(ConfigConstants.OPENDISTRO_SECURITY_USER_HEADER)
         );
     }
+    return user;
+}
+
+private String getTenant() {
+    User user = getCurrentUser();
     return user == null ? null : user.getRequestedTenant();
 }
Suggestion importance[1-10]: 4

__

Why: Reasonable refactor to reduce duplication between getUser() and getTenant(), but it's a minor maintainability improvement with no functional impact.

Low

@codecov

codecov Bot commented Jun 23, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 87.50000% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 75.07%. Comparing base (0a85c75) to head (18e4b72).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
...earch/security/auditlog/impl/AbstractAuditLog.java 89.28% 2 Missing and 1 partial ⚠️
...pensearch/security/auditlog/impl/AuditMessage.java 66.66% 0 Missing and 1 partial ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #6181      +/-   ##
==========================================
+ Coverage   75.03%   75.07%   +0.04%     
==========================================
  Files         451      451              
  Lines       29249    29280      +31     
  Branches     4407     4411       +4     
==========================================
+ Hits        21946    21981      +35     
+ Misses       5264     5261       -3     
+ Partials     2039     2038       -1     
Files with missing lines Coverage Δ
...search/security/auditlog/impl/RequestResolver.java 79.34% <100.00%> (+0.11%) ⬆️
...pensearch/security/auditlog/impl/AuditMessage.java 81.57% <66.66%> (-0.18%) ⬇️
...earch/security/auditlog/impl/AbstractAuditLog.java 77.09% <89.28%> (+0.56%) ⬆️

... and 8 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants