adjust API authorization logging

legrego · legrego · commit cc4762ce84fe · 2020-04-13T09:45:34.000-04:00
diff --git a/x-pack/plugins/security/server/authorization/api_authorization.ts b/x-pack/plugins/security/server/authorization/api_authorization.ts
@@ -24,7 +24,6 @@ export function initAPIAuthorization(
 
     // if there are no tags starting with "access:", just continue
     if (actionTags.length === 0) {
-      logger.debug('API endpoint is not marked with "access:" tags, skipping.');
       return toolkit.next();
     }
 
@@ -34,11 +33,11 @@ export function initAPIAuthorization(
 
     // we've actually authorized the request
     if (checkPrivilegesResponse.hasAllRequested) {
-      logger.debug(`authorized for "${request.url.path}"`);
+      logger.debug(`User authorized for "${request.url.path}"`);
       return toolkit.next();
     }
 
-    logger.debug(`not authorized for "${request.url.path}"`);
+    logger.warn(`User not authorized for "${request.url.path}": responding with 404`);
     return response.notFound();
   });
 }

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,6 @@ export function initAPIAuthorization(`
`24`	`24`
`25`	`25`	`// if there are no tags starting with "access:", just continue`
`26`	`26`	`if (actionTags.length === 0) {`
`27`		`- logger.debug('API endpoint is not marked with "access:" tags, skipping.');`
`28`	`27`	`return toolkit.next();`
`29`	`28`	`}`
`30`	`29`
`@@ -34,11 +33,11 @@ export function initAPIAuthorization(`
`34`	`33`
`35`	`34`	`// we've actually authorized the request`
`36`	`35`	`if (checkPrivilegesResponse.hasAllRequested) {`
`37`		- logger.debug(`authorized for "${request.url.path}"`);
	`36`	+ logger.debug(`User authorized for "${request.url.path}"`);
`38`	`37`	`return toolkit.next();`
`39`	`38`	`}`
`40`	`39`
`41`		- logger.debug(`not authorized for "${request.url.path}"`);
	`40`	+ logger.warn(`User not authorized for "${request.url.path}": responding with 404`);
`42`	`41`	`return response.notFound();`
`43`	`42`	`});`
`44`	`43`	`}`