From cb34dd6e9a33d77eec68d876aea3ec9e5ebd468e Mon Sep 17 00:00:00 2001
From: kobelb <brandon.kobel@elastic.co>
Date: Fri, 5 Oct 2018 07:43:50 -0700
Subject: [PATCH] Fixing the spaces audit logger when security is explicitly
 disabled

---
 .../spaces/server/lib/audit_logger.test.ts    | 36 ++++++++++++++++++-
 .../plugins/spaces/server/lib/audit_logger.ts |  3 +-
 2 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/x-pack/plugins/spaces/server/lib/audit_logger.test.ts b/x-pack/plugins/spaces/server/lib/audit_logger.test.ts
index 53d0befd01380..e3fcc5ccc43d2 100644
--- a/x-pack/plugins/spaces/server/lib/audit_logger.test.ts
+++ b/x-pack/plugins/spaces/server/lib/audit_logger.test.ts
@@ -5,12 +5,16 @@
  */
 import { SpacesAuditLogger } from './audit_logger';
 
-const createMockConfig = (settings: any) => {
+const createMockConfig = (settings: { [key: string]: any } = {}) => {
   const mockConfig = {
     get: jest.fn(),
   };
 
   mockConfig.get.mockImplementation(key => {
+    if (!settings.hasOwnProperty(key)) {
+      throw new Error('Undefined key, mock schema error');
+    }
+
     return settings[key];
   });
 
@@ -24,8 +28,21 @@ const createMockAuditLogger = () => {
 };
 
 describe(`#savedObjectsAuthorizationFailure`, () => {
+  test(`doesn't log anything when xpack.security.enabled is false`, () => {
+    const config = createMockConfig({
+      'xpack.security.enabled': false,
+    });
+    const auditLogger = createMockAuditLogger();
+
+    const securityAuditLogger = new SpacesAuditLogger(config, auditLogger);
+    securityAuditLogger.spacesAuthorizationFailure('foo-user', 'foo-action');
+
+    expect(auditLogger.log).toHaveBeenCalledTimes(0);
+  });
+
   test(`doesn't log anything when xpack.security.audit.enabled is false`, () => {
     const config = createMockConfig({
+      'xpack.security.enabled': true,
       'xpack.security.audit.enabled': false,
     });
     const auditLogger = createMockAuditLogger();
@@ -38,6 +55,7 @@ describe(`#savedObjectsAuthorizationFailure`, () => {
 
   test('logs with spaceIds via auditLogger when xpack.security.audit.enabled is true', () => {
     const config = createMockConfig({
+      'xpack.security.enabled': true,
       'xpack.security.audit.enabled': true,
     });
     const auditLogger = createMockAuditLogger();
@@ -61,6 +79,7 @@ describe(`#savedObjectsAuthorizationFailure`, () => {
 
   test('logs without spaceIds via auditLogger when xpack.security.audit.enabled is true', () => {
     const config = createMockConfig({
+      'xpack.security.enabled': true,
       'xpack.security.audit.enabled': true,
     });
     const auditLogger = createMockAuditLogger();
@@ -82,8 +101,21 @@ describe(`#savedObjectsAuthorizationFailure`, () => {
 });
 
 describe(`#savedObjectsAuthorizationSuccess`, () => {
+  test(`doesn't log anything when xpack.security.enabled is false`, () => {
+    const config = createMockConfig({
+      'xpack.security.enabled': false,
+    });
+    const auditLogger = createMockAuditLogger();
+
+    const securityAuditLogger = new SpacesAuditLogger(config, auditLogger);
+    securityAuditLogger.spacesAuthorizationSuccess('foo-user', 'foo-action');
+
+    expect(auditLogger.log).toHaveBeenCalledTimes(0);
+  });
+
   test(`doesn't log anything when xpack.security.audit.enabled is false`, () => {
     const config = createMockConfig({
+      'xpack.security.enabled': true,
       'xpack.security.audit.enabled': false,
     });
     const auditLogger = createMockAuditLogger();
@@ -96,6 +128,7 @@ describe(`#savedObjectsAuthorizationSuccess`, () => {
 
   test('logs with spaceIds via auditLogger when xpack.security.audit.enabled is true', () => {
     const config = createMockConfig({
+      'xpack.security.enabled': true,
       'xpack.security.audit.enabled': true,
     });
     const auditLogger = createMockAuditLogger();
@@ -119,6 +152,7 @@ describe(`#savedObjectsAuthorizationSuccess`, () => {
 
   test('logs without spaceIds via auditLogger when xpack.security.audit.enabled is true', () => {
     const config = createMockConfig({
+      'xpack.security.enabled': true,
       'xpack.security.audit.enabled': true,
     });
     const auditLogger = createMockAuditLogger();
diff --git a/x-pack/plugins/spaces/server/lib/audit_logger.ts b/x-pack/plugins/spaces/server/lib/audit_logger.ts
index b9bd3f5fe0399..27ad9c6e1369b 100644
--- a/x-pack/plugins/spaces/server/lib/audit_logger.ts
+++ b/x-pack/plugins/spaces/server/lib/audit_logger.ts
@@ -9,7 +9,8 @@ export class SpacesAuditLogger {
   private readonly auditLogger: any;
 
   constructor(config: any, auditLogger: any) {
-    this.enabled = config.get('xpack.security.audit.enabled');
+    this.enabled =
+      config.get('xpack.security.enabled') && config.get('xpack.security.audit.enabled');
     this.auditLogger = auditLogger;
   }
   public spacesAuthorizationFailure(username: string, action: string, spaceIds?: string[]) {