[AzPubSub] AzPubSubAclAuthorizer log fix

2021-12-28 13:02:07 -08:00 · 2021-12-28 13:02:07 -08:00 · b39b29f1cf
--- a/azpubsub/src/main/java/com/microsoft/azpubsub/security/auth/AzPubSubPrincipal.java
+++ b/azpubsub/src/main/java/com/microsoft/azpubsub/security/auth/AzPubSubPrincipal.java
@ -42,6 +42,11 @@ public class AzPubSubPrincipal extends KafkaPrincipal {
        return this.roles;
    }

+    @Override
+    public String toString() {
+        return getPrincipalType() + ":" + this.principalStr;
+    }
+
    @Override
    public boolean equals(Object o) {
        if (!(o instanceof AzPubSubPrincipal)) return false;
--- a/azpubsub/src/main/scala/com/microsoft/azpubsub/security/auth/AzPubSubAclAuthorizer.scala
+++ b/azpubsub/src/main/scala/com/microsoft/azpubsub/security/auth/AzPubSubAclAuthorizer.scala
@ -32,6 +32,9 @@ class AzPubSubAclAuthorizer extends AclAuthorizer with Logging {
    super.configure(javaConfigs)
  }

+  override def logAuditMessage(requestContext: AuthorizableRequestContext, action: Action, authorized: Boolean): Unit = {
+  }
+
  override def authorize(requestContext: AuthorizableRequestContext, actions: util.List[Action]): util.List[AuthorizationResult] = {
    actions.asScala.map { action => this.authorizeAction(requestContext, action) }.asJava
  }
@ -51,6 +54,7 @@ class AzPubSubAclAuthorizer extends AclAuthorizer with Logging {
      aclAuthorizerLogger.debug(s"AuthZ is disabled for resource: $resource")
      authorizerStats.allStats(action, principalName).successRate.mark()
      authorizerStats.allStats(action, principalName).disabledRate.mark()
+      super.logAuditMessage(requestContext, action, true)
      return AuthorizationResult.ALLOWED
    }

@ -75,6 +79,7 @@ class AzPubSubAclAuthorizer extends AclAuthorizer with Logging {
        val claimRequestContext = getClaimRequestContext(requestContext, claimPrincipal)
        if (!deniedRole && super.authorize(claimRequestContext, List(action).asJava).asScala.head == AuthorizationResult.ALLOWED) {
          authorizerStats.allStats(action, claimPrincipal.getName).successRate.mark()
+          super.logAuditMessage(claimRequestContext, action, true)
          return AuthorizationResult.ALLOWED
        }
        if (deniedRole) {
@ -83,10 +88,12 @@ class AzPubSubAclAuthorizer extends AclAuthorizer with Logging {
      }
    } else if (!authZConfig.isAnonymousBlocked(resource.name) && super.authorize(requestContext, List(action).asJava).asScala.head == AuthorizationResult.ALLOWED) {
      authorizerStats.allStats(action, principalName).successRate.mark()
+      super.logAuditMessage(requestContext, action, true)
      return AuthorizationResult.ALLOWED
    }

    authorizerStats.allStats(action, principalName).failureRate.mark()
+    super.logAuditMessage(requestContext, action, false)
    return AuthorizationResult.DENIED
  }
 }