[TEST] update audit logging parsing

Original commit: elastic/x-pack-elasticsearch@041cb09e2b
2017-12-05 23:00:28 +01:00 · 2017-12-05 23:00:28 +01:00 · 4e84a1d658
parent 915d95bca1
commit 4e84a1d658
1 changed files with 2 additions and 1 deletions
--- a/qa/sql/security/src/test/java/org/elasticsearch/xpack/qa/sql/security/SqlSecurityTestCase.java
+++ b/qa/sql/security/src/test/java/org/elasticsearch/xpack/qa/sql/security/SqlSecurityTestCase.java
@ -526,7 +526,7 @@ public abstract class SqlSecurityTestCase extends ESRestTestCase {
                    Pattern logPattern = Pattern.compile(
                            ("PART PART PART origin_type=PART, origin_address=PART, "
                            + "principal=PART, (?:run_as_principal=PART, )?(?:run_by_principal=PART, )?"
-                            + "action=\\[(.*?)\\], (?:indices=PART, )?request=PART")
+                            + "roles=PART, action=\\[(.*?)\\], (?:indices=PART, )?request=PART")
                                .replace(" ", "\\s+").replace("PART", "\\[([^\\]]*)\\]"));
                    // fail(logPattern.toString());
                    while ((line = logReader.readLine()) != null) {
@ -551,6 +551,7 @@ public abstract class SqlSecurityTestCase extends ESRestTestCase {
                        log.put("principal", principal);
                        log.put("run_as_principal", m.group(i++));
                        log.put("run_by_principal", m.group(i++));
+                        log.put("roles", m.group(i++));
                        String action = m.group(i++);
                        if (false == (SQL_ACTION_NAME.equals(action) || GetIndexAction.NAME.equals(action))) {
                            //TODO we may want to extend this and the assertions to SearchAction.NAME as well