revert logging changes

Signed-off-by: Peter Nied <petern@amazon.com>

src/main/java/org/opensearch/security/auditlog/impl/AuditLogImpl.java

@@ -132,15 +132,13 @@ protected void save(final AuditMessage msg) {
 
     @Override
     public void logFailedLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, SecurityRequest request) {
-        new Exception("&&& logFailedLogin").printStackTrace();
         if (enabled) {
             super.logFailedLogin(effectiveUser, securityAdmin, initiatingUser, request);
         }
     }
 
     @Override
     public void logSucceededLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, SecurityRequest request) {
-        new Exception("&&& logSucceededLogin").printStackTrace();
         if (enabled) {
             super.logSucceededLogin(effectiveUser, securityAdmin, initiatingUser, request);
         }

src/main/java/org/opensearch/security/auth/BackendRegistry.java

@@ -592,15 +592,15 @@ private User impersonate(final SecurityRequestChannel request, final User origin
         }
 
         if (adminDns.isAdminDN(impersonatedUserHeader)) {
-            System.out.println("@607 - impersonate, 403");
+
             throw new OpenSearchSecurityException(
                 "It is not allowed to impersonate as an adminuser  '" + impersonatedUserHeader + "'",
                 RestStatus.FORBIDDEN
             );
         }
 
         if (!adminDns.isRestImpersonationAllowed(originalUser.getName(), impersonatedUserHeader)) {
-            System.out.println("@615 - impersonate, 403");
+
             throw new OpenSearchSecurityException(
                 "'" + originalUser.getName() + "' is not allowed to impersonate as '" + impersonatedUserHeader + "'",
                 RestStatus.FORBIDDEN

src/main/java/org/opensearch/security/dlic/rest/api/AbstractApiAction.java

@@ -373,7 +373,7 @@ protected final ValidationResult<SecurityDynamicConfiguration<?>> loadConfigurat
     ) {
         final var configuration = load(cType, logComplianceEvent);
         if (configuration.getSeqNo() < 0) {
-            System.out.println("@374 - abstract API action, 403");
+
             return ValidationResult.error(
                 RestStatus.FORBIDDEN,
                 forbiddenMessage(
@@ -414,19 +414,19 @@ public RestApiAdminPrivilegesEvaluator restApiAdminPrivilegesEvaluator() {
 
             @Override
             public ValidationResult<SecurityConfiguration> onConfigDelete(SecurityConfiguration securityConfiguration) throws IOException {
-                System.out.println("@415 - abstract API action, 403");
+
                 return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied"));
             }
 
             @Override
             public ValidationResult<SecurityConfiguration> onConfigLoad(SecurityConfiguration securityConfiguration) throws IOException {
-                System.out.println("@421 - abstract API action, 403");
+
                 return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied"));
             }
 
             @Override
             public ValidationResult<SecurityConfiguration> onConfigChange(SecurityConfiguration securityConfiguration) throws IOException {
-                System.out.println("@427 - abstract API action, 403");
+
                 return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied"));
             }
 

src/main/java/org/opensearch/security/dlic/rest/api/NodesDnApiAction.java

@@ -139,7 +139,7 @@ public RestApiAdminPrivilegesEvaluator restApiAdminPrivilegesEvaluator() {
             public ValidationResult<SecurityConfiguration> isAllowedToChangeImmutableEntity(SecurityConfiguration securityConfiguration)
                 throws IOException {
                 if (STATIC_OPENSEARCH_YML_NODES_DN.equals(securityConfiguration.entityName())) {
-                    System.out.println("@142 - nodes dn API action, 403");
+
                     return ValidationResult.error(
                         RestStatus.FORBIDDEN,
                         forbiddenMessage("Resource '" + STATIC_OPENSEARCH_YML_NODES_DN + "' is read-only.")

src/main/java/org/opensearch/security/dlic/rest/api/Responses.java

@@ -73,7 +73,7 @@ public static void response(RestChannel channel, RestStatus status, String messa
     public static void response(final RestChannel channel, final RestStatus status, final ToXContent toXContent) {
         try (final var builder = channel.newBuilder()) {
             toXContent.toXContent(builder, ToXContent.EMPTY_PARAMS);
-            System.out.println("@76 - responses " + status.getStatus());
+
             channel.sendResponse(new BytesRestResponse(status, builder));
         } catch (final IOException ioe) {
             throw ExceptionsHelper.convertToOpenSearchException(ioe);

src/main/java/org/opensearch/security/dlic/rest/validation/EndpointValidator.java

@@ -55,7 +55,7 @@ default boolean isCurrentUserAdmin() {
 
     default ValidationResult<String> withRequiredEntityName(final String entityName) {
         if (entityName == null) {
-            System.out.println("@152 - Endpoint validator 400");
+
             return ValidationResult.error(RestStatus.BAD_REQUEST, badRequestMessage("No " + resourceName() + " specified."));
         }
         return ValidationResult.success(entityName);
@@ -105,7 +105,7 @@ default ValidationResult<SecurityConfiguration> entityStatic(final SecurityConfi
         final var configuration = securityConfiguration.configuration();
         final var entityName = securityConfiguration.entityName();
         if (configuration.isStatic(entityName)) {
-            System.out.println("@107 - Endpoint validator 403");
+
             return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Resource '" + entityName + "' is static."));
         }
         return ValidationResult.success(securityConfiguration);
@@ -115,11 +115,6 @@ default ValidationResult<SecurityConfiguration> entityReserved(final SecurityCon
         final var configuration = securityConfiguration.configuration();
         final var entityName = securityConfiguration.entityName();
         if (configuration.isReserved(entityName)) {
-            System.out.println("@117 - Endpoint validator 403");
-            // TODO: Remove
-            new Exception("&&& entityReserved denied calling stack trace").printStackTrace();
-
-
             return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Resource '" + entityName + "' is reserved."));
         }
         return ValidationResult.success(securityConfiguration);
@@ -129,7 +124,7 @@ default ValidationResult<SecurityConfiguration> entityHidden(final SecurityConfi
         final var configuration = securityConfiguration.configuration();
         final var entityName = securityConfiguration.entityName();
         if (configuration.isHidden(entityName)) {
-            System.out.println("@152 - Endpoint validator 404");
+
             return ValidationResult.error(RestStatus.NOT_FOUND, notFoundMessage("Resource '" + entityName + "' is not available."));
         }
         return ValidationResult.success(securityConfiguration);
@@ -157,7 +152,7 @@ default ValidationResult<SecurityConfiguration> isAllowedToChangeEntityWithRestA
             final var configuration = securityConfiguration.configuration();
             final var existingEntity = configuration.getCEntry(securityConfiguration.entityName());
             if (restApiAdminPrivilegesEvaluator().containsRestApiAdminPermissions(existingEntity)) {
-                System.out.println("@152 - Endpoint validator 403");
+
                 return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied"));
             }
         } else {
@@ -167,7 +162,7 @@ default ValidationResult<SecurityConfiguration> isAllowedToChangeEntityWithRestA
                 configuration.getImplementingClass()
             );
             if (restApiAdminPrivilegesEvaluator().containsRestApiAdminPermissions(configEntityContent)) {
-                System.out.println("@162 - Endpoint validator 403");
+
                 return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied"));
             }
         }

src/main/java/org/opensearch/security/filter/OpenSearchRequestChannel.java

@@ -29,10 +29,7 @@ public boolean hasCompleted() {
 
     @Override
     public boolean completeWithResponse(final SecurityResponse response) {
-        System.out.println("@32 - completeWithResponse" + response.getStatus());
-        // TODO: Remove
-        new Exception("&&& completeWithResponse calling stack trace").printStackTrace();
-
+
         if (underlyingChannel == null) {
             throw new UnsupportedOperationException("Channel was not defined");
         }

src/main/java/org/opensearch/security/filter/SecurityFilter.java

@@ -464,7 +464,7 @@ public void onFailure(Exception e) {
                         : String.format("no permissions for %s and %s", pres.getMissingPrivileges(), user);
                 }
                 log.debug(err);
-                System.out.println("@467 - apply0, 403");
+
                 listener.onFailure(new OpenSearchSecurityException(err, RestStatus.FORBIDDEN));
             }
         } catch (OpenSearchException e) {
@@ -515,7 +515,7 @@ private boolean checkImmutableIndices(Object request, ActionListener listener) {
             || request instanceof IndicesAliasesRequest;
 
         if (isModifyIndexRequest && isRequestIndexImmutable(request)) {
-            System.out.println("@517 - checkImmutableIndices, 403");
+
             listener.onFailure(new OpenSearchSecurityException("Index is immutable", RestStatus.FORBIDDEN));
             return true;
         }

src/main/java/org/opensearch/security/filter/SecurityRestFilter.java

@@ -206,7 +206,7 @@ private void authorizeRequest(RestHandler original, SecurityRequestChannel reque
                     err = String.format("no permissions for %s and %s", pres.getMissingPrivileges(), user);
                 }
                 log.debug(err);
-                System.out.println("@206 - authorizeRequest 401");
+
                 request.completeWithResponse(new SecurityResponse(HttpStatus.SC_UNAUTHORIZED, null, err));
                 return;
             }
@@ -220,7 +220,7 @@ public void checkAndAuthenticateRequest(SecurityRequestChannel requestChannel) t
             final OpenSearchException exception = ExceptionUtils.createBadHeaderException();
             log.error(exception.toString());
             auditLog.logBadHeaders(requestChannel);
-            System.out.println("@220 - checkAndAuthenticateRequest 403");
+
             requestChannel.completeWithResponse(new SecurityResponse(HttpStatus.SC_FORBIDDEN, null, exception.toString()));
             return;
         }
@@ -229,7 +229,7 @@ public void checkAndAuthenticateRequest(SecurityRequestChannel requestChannel) t
             final OpenSearchException exception = ExceptionUtils.createBadHeaderException();
             log.error(exception.toString());
             auditLog.logBadHeaders(requestChannel);
-            System.out.println("@229 - checkAndAuthenticateRequest 403");
+
             requestChannel.completeWithResponse(new SecurityResponse(HttpStatus.SC_FORBIDDEN, null, exception.toString()));
             return;
         }
@@ -250,7 +250,7 @@ public void checkAndAuthenticateRequest(SecurityRequestChannel requestChannel) t
         } catch (SSLPeerUnverifiedException e) {
             log.error("No ssl info", e);
             auditLog.logSSLException(requestChannel, e);
-            System.out.println("@250 - authorizeRequest 403");
+
             requestChannel.completeWithResponse(new SecurityResponse(HttpStatus.SC_FORBIDDEN, null, null));
             return;
         }

src/main/java/org/opensearch/security/rest/SecurityConfigUpdateAction.java

@@ -81,7 +81,7 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli
             SSLRequestHelper.SSLInfo sslInfo = SSLRequestHelper.getSSLInfo(settings, configPath, securityRequest, principalExtractor);
 
             if (sslInfo == null) {
-                System.out.println("@84 - update config action 403");
+
                 channel.sendResponse(new BytesRestResponse(RestStatus.FORBIDDEN, ""));
                 return;
             }
@@ -90,7 +90,7 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli
 
             // only allowed for admins
             if (user == null || !adminDns.isAdmin(user)) {
-                System.out.println("@93 - update config action 403");
+
                 channel.sendResponse(new BytesRestResponse(RestStatus.FORBIDDEN, ""));
                 return;
             } else {

src/main/java/org/opensearch/security/rest/SecurityWhoAmIAction.java

@@ -103,7 +103,7 @@ public void accept(RestChannel channel) throws Exception {
                     SSLInfo sslInfo = SSLRequestHelper.getSSLInfo(settings, configPath, securityRequest, principalExtractor);
 
                     if (sslInfo == null) {
-                        System.out.println("@104 - who am i action, 403");
+
                         response = new BytesRestResponse(RestStatus.FORBIDDEN, "No security data");
                     } else {
 

src/main/java/org/opensearch/security/rest/TenantInfoAction.java

@@ -114,7 +114,7 @@ public void accept(RestChannel channel) throws Exception {
 
                     // only allowed for admins or the kibanaserveruser
                     if (!isAuthorized()) {
-                        System.out.println("@117 - tenant info action, 403");
+
                         response = new BytesRestResponse(RestStatus.FORBIDDEN, "");
                     } else {
 

src/main/java/org/opensearch/security/securityconf/impl/AllowlistingSettings.java

@@ -110,7 +110,7 @@ private boolean requestIsAllowlisted(RestRequest request) {
     public boolean checkRequestIsAllowed(RestRequest request, RestChannel channel, NodeClient client) throws IOException {
         // if allowlisting is enabled but the request is not allowlisted, then return false, otherwise true.
         if (this.enabled && !requestIsAllowlisted(request)) {
-            System.out.println("@113 - checkRequestIsAllowed 403");
+
             channel.sendResponse(
                 new BytesRestResponse(
                     RestStatus.FORBIDDEN,

src/main/java/org/opensearch/security/securityconf/impl/WhitelistingSettings.java

@@ -111,7 +111,7 @@ private boolean requestIsWhitelisted(RestRequest request) {
     public boolean checkRequestIsAllowed(RestRequest request, RestChannel channel, NodeClient client) throws IOException {
         // if whitelisting is enabled but the request is not whitelisted, then return false, otherwise true.
         if (this.enabled && !requestIsWhitelisted(request)) {
-            System.out.println("@114 - checkRequestIsAllowed 403");
+
             channel.sendResponse(
                 new BytesRestResponse(
                     RestStatus.FORBIDDEN,