From 12779aa90796fc72b52e44d6c971537bd5d81ba3 Mon Sep 17 00:00:00 2001
From: Thy Tran <58045538+ThyTran1402@users.noreply.github.com>
Date: Wed, 18 Mar 2026 17:21:22 -0400
Subject: [PATCH 1/2] fixed plugins unknown setting and
 disabled_rest_categories

Signed-off-by: Thy Tran <58045538+ThyTran1402@users.noreply.github.com>
---
 .../security/auditlog/config/AuditConfig.java   |  7 ++++---
 .../security/auditlog/impl/AuditCategory.java   |  3 +++
 .../auditlog/config/AuditConfigFilterTest.java  | 17 +++++++++++++++++
 3 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/opensearch/security/auditlog/config/AuditConfig.java b/src/main/java/org/opensearch/security/auditlog/config/AuditConfig.java
index 3beb956209..b943786b90 100644
--- a/src/main/java/org/opensearch/security/auditlog/config/AuditConfig.java
+++ b/src/main/java/org/opensearch/security/auditlog/config/AuditConfig.java
@@ -256,9 +256,10 @@ public static Filter from(Map<String, Object> properties) throws JsonProcessingE
                     ConfigConstants.OPENDISTRO_SECURITY_AUDIT_DISABLED_CATEGORIES_DEFAULT
                 )
             );
-            final Set<String> ignoredAuditUsers = ImmutableSet.copyOf(
-                getOrDefault(properties, FilterEntries.IGNORE_USERS.getKey(), DEFAULT_IGNORED_USERS)
-            );
+            final List<String> rawIgnoredUsers = getOrDefault(properties, FilterEntries.IGNORE_USERS.getKey(), DEFAULT_IGNORED_USERS);
+            final Set<String> ignoredAuditUsers = rawIgnoredUsers.size() == 1 && "NONE".equalsIgnoreCase(rawIgnoredUsers.get(0))
+                ? Collections.emptySet()
+                : ImmutableSet.copyOf(rawIgnoredUsers);
             final Set<String> ignoreAuditRequests = ImmutableSet.copyOf(
                 getOrDefault(properties, FilterEntries.IGNORE_REQUESTS.getKey(), Collections.emptyList())
             );
diff --git a/src/main/java/org/opensearch/security/auditlog/impl/AuditCategory.java b/src/main/java/org/opensearch/security/auditlog/impl/AuditCategory.java
index caf6938b14..463762e068 100644
--- a/src/main/java/org/opensearch/security/auditlog/impl/AuditCategory.java
+++ b/src/main/java/org/opensearch/security/auditlog/impl/AuditCategory.java
@@ -34,6 +34,9 @@ public enum AuditCategory {
 
     public static Set<AuditCategory> parse(final Collection<String> categories) {
         if (categories.isEmpty()) return Collections.emptySet();
+        if (categories.size() == 1 && "NONE".equalsIgnoreCase(categories.iterator().next())) {
+            return Collections.emptySet();
+        }
 
         return categories.stream().map(String::toUpperCase).map(AuditCategory::valueOf).collect(ImmutableSet.toImmutableSet());
     }
diff --git a/src/test/java/org/opensearch/security/auditlog/config/AuditConfigFilterTest.java b/src/test/java/org/opensearch/security/auditlog/config/AuditConfigFilterTest.java
index 3f0a5a57fc..71e837f2ce 100644
--- a/src/test/java/org/opensearch/security/auditlog/config/AuditConfigFilterTest.java
+++ b/src/test/java/org/opensearch/security/auditlog/config/AuditConfigFilterTest.java
@@ -13,7 +13,9 @@
 
 import java.util.Collections;
 import java.util.EnumSet;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 import java.util.function.Function;
 
@@ -118,6 +120,21 @@ public void testNone() {
         assertTrue(auditConfigFilter.getDisabledTransportCategories().isEmpty());
     }
 
+    @Test
+    public void testNoneViaMap() throws Exception {
+        // "NONE" sentinel should clear disabled categories and ignored users when set via the REST/Map path
+        final Map<String, Object> properties = new HashMap<>();
+        properties.put(FilterEntries.IGNORE_USERS.getKey(), List.of("NONE"));
+        properties.put(FilterEntries.DISABLE_REST_CATEGORIES.getKey(), List.of("None"));
+        properties.put(FilterEntries.DISABLE_TRANSPORT_CATEGORIES.getKey(), List.of("none"));
+
+        final AuditConfig.Filter auditConfigFilter = AuditConfig.Filter.from(properties);
+
+        assertSame(WildcardMatcher.NONE, auditConfigFilter.getIgnoredAuditUsersMatcher());
+        assertTrue(auditConfigFilter.getDisabledRestCategories().isEmpty());
+        assertTrue(auditConfigFilter.getDisabledTransportCategories().isEmpty());
+    }
+
     @Test
     public void testEmpty() {
         // arrange

From 2a503623b8aedbfebd452c58f7f56185ebb1ec4a Mon Sep 17 00:00:00 2001
From: Thy Tran <58045538+ThyTran1402@users.noreply.github.com>
Date: Wed, 18 Mar 2026 17:33:01 -0400
Subject: [PATCH 2/2] updated changelog.md

Signed-off-by: Thy Tran <58045538+ThyTran1402@users.noreply.github.com>
---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a5d71f284a..9f5fea5aeb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ### Bug Fixes
 - Fix the issue of unprocessed X-Request-Id ([#5954](https://github.com/opensearch-project/security/pull/5954))
+- Fix audit log `NONE` sentinel not respected for `disabled_rest_categories`, `disabled_transport_categories`, and `ignore_users` in dynamic configuration ([#6021](https://github.com/opensearch-project/security/pull/6021))
 ### Refactoring
 
 ### Maintenance