2021-04-18 15:41:13 -04:00
|
|
|
// Copyright (c) 2015-2021 MinIO, Inc.
|
|
|
|
//
|
|
|
|
// This file is part of MinIO Object Storage stack
|
|
|
|
//
|
|
|
|
// This program is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// This program is distributed in the hope that it will be useful
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU Affero General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
2018-11-19 17:47:03 -05:00
|
|
|
|
|
|
|
package logger
|
|
|
|
|
|
|
|
import (
|
2021-01-26 16:21:51 -05:00
|
|
|
"context"
|
2019-09-23 16:34:28 -04:00
|
|
|
"fmt"
|
2018-11-19 17:47:03 -05:00
|
|
|
"net/http"
|
2020-05-19 21:34:02 -04:00
|
|
|
"strconv"
|
2019-08-12 23:32:34 -04:00
|
|
|
"time"
|
2018-11-19 17:47:03 -05:00
|
|
|
|
2023-02-22 00:21:17 -05:00
|
|
|
internalAudit "github.com/minio/minio/internal/logger/message/audit"
|
2023-04-12 17:37:19 -04:00
|
|
|
"github.com/minio/minio/internal/mcontext"
|
2024-05-24 19:05:23 -04:00
|
|
|
"github.com/minio/pkg/v3/logger/message/audit"
|
2023-02-22 00:21:17 -05:00
|
|
|
|
2022-02-23 16:36:01 -05:00
|
|
|
xhttp "github.com/minio/minio/internal/http"
|
2018-11-19 17:47:03 -05:00
|
|
|
)
|
|
|
|
|
2021-04-23 12:51:12 -04:00
|
|
|
const contextAuditKey = contextKeyType("audit-entry")
|
|
|
|
|
|
|
|
// SetAuditEntry sets Audit info in the context.
|
|
|
|
func SetAuditEntry(ctx context.Context, audit *audit.Entry) context.Context {
|
|
|
|
if ctx == nil {
|
2024-04-04 08:04:40 -04:00
|
|
|
LogIf(context.Background(), "audit", fmt.Errorf("context is nil"))
|
2021-04-23 12:51:12 -04:00
|
|
|
return nil
|
2020-04-30 01:17:36 -04:00
|
|
|
}
|
2021-04-23 12:51:12 -04:00
|
|
|
return context.WithValue(ctx, contextAuditKey, audit)
|
|
|
|
}
|
2020-04-30 01:17:36 -04:00
|
|
|
|
2021-04-23 12:51:12 -04:00
|
|
|
// GetAuditEntry returns Audit entry if set.
|
|
|
|
func GetAuditEntry(ctx context.Context) *audit.Entry {
|
|
|
|
if ctx != nil {
|
|
|
|
r, ok := ctx.Value(contextAuditKey).(*audit.Entry)
|
|
|
|
if ok {
|
|
|
|
return r
|
|
|
|
}
|
2021-07-01 17:02:44 -04:00
|
|
|
r = &audit.Entry{
|
2023-02-22 00:21:17 -05:00
|
|
|
Version: internalAudit.Version,
|
2022-02-23 16:36:01 -05:00
|
|
|
DeploymentID: xhttp.GlobalDeploymentID,
|
2021-12-23 18:33:54 -05:00
|
|
|
Time: time.Now().UTC(),
|
2021-07-01 17:02:44 -04:00
|
|
|
}
|
2021-04-23 12:51:12 -04:00
|
|
|
return r
|
2018-11-19 17:47:03 -05:00
|
|
|
}
|
2021-04-23 12:51:12 -04:00
|
|
|
return nil
|
|
|
|
}
|
2019-08-12 23:32:34 -04:00
|
|
|
|
2021-04-23 12:51:12 -04:00
|
|
|
// AuditLog - logs audit logs to all audit targets.
|
|
|
|
func AuditLog(ctx context.Context, w http.ResponseWriter, r *http.Request, reqClaims map[string]interface{}, filterKeys ...string) {
|
2022-05-12 10:20:58 -04:00
|
|
|
auditTgts := AuditTargets()
|
|
|
|
if len(auditTgts) == 0 {
|
2021-01-26 16:21:51 -05:00
|
|
|
return
|
2020-02-11 22:38:02 -05:00
|
|
|
}
|
2019-08-12 23:32:34 -04:00
|
|
|
|
2021-04-23 12:51:12 -04:00
|
|
|
var entry audit.Entry
|
|
|
|
if w != nil && r != nil {
|
|
|
|
reqInfo := GetReqInfo(ctx)
|
|
|
|
if reqInfo == nil {
|
|
|
|
return
|
|
|
|
}
|
2022-06-30 13:48:50 -04:00
|
|
|
reqInfo.RLock()
|
|
|
|
defer reqInfo.RUnlock()
|
2021-04-23 12:51:12 -04:00
|
|
|
|
2023-02-22 00:21:17 -05:00
|
|
|
entry = internalAudit.ToEntry(w, r, reqClaims, xhttp.GlobalDeploymentID)
|
2021-07-01 17:02:44 -04:00
|
|
|
// indicates all requests for this API call are inbound
|
|
|
|
entry.Trigger = "incoming"
|
2021-04-23 12:51:12 -04:00
|
|
|
|
|
|
|
for _, filterKey := range filterKeys {
|
|
|
|
delete(entry.ReqClaims, filterKey)
|
|
|
|
delete(entry.ReqQuery, filterKey)
|
|
|
|
delete(entry.ReqHeader, filterKey)
|
|
|
|
delete(entry.RespHeader, filterKey)
|
|
|
|
}
|
|
|
|
|
|
|
|
var (
|
|
|
|
statusCode int
|
|
|
|
timeToResponse time.Duration
|
|
|
|
timeToFirstByte time.Duration
|
2021-10-27 12:29:42 -04:00
|
|
|
outputBytes int64 = -1 // -1: unknown output bytes
|
2022-09-01 15:51:04 -04:00
|
|
|
headerBytes int64
|
2021-04-23 12:51:12 -04:00
|
|
|
)
|
|
|
|
|
2023-04-12 17:37:19 -04:00
|
|
|
tc, ok := r.Context().Value(mcontext.ContextTraceKey).(*mcontext.TraceCtxt)
|
|
|
|
if ok {
|
|
|
|
statusCode = tc.ResponseRecorder.StatusCode
|
|
|
|
outputBytes = int64(tc.ResponseRecorder.Size())
|
|
|
|
headerBytes = int64(tc.ResponseRecorder.HeaderSize())
|
|
|
|
timeToResponse = time.Now().UTC().Sub(tc.ResponseRecorder.StartTime)
|
|
|
|
timeToFirstByte = tc.ResponseRecorder.TimeToFirstByte
|
2021-04-23 12:51:12 -04:00
|
|
|
}
|
|
|
|
|
2023-02-08 14:05:26 -05:00
|
|
|
entry.AccessKey = reqInfo.Cred.AccessKey
|
|
|
|
entry.ParentUser = reqInfo.Cred.ParentUser
|
|
|
|
|
2021-04-23 12:51:12 -04:00
|
|
|
entry.API.Name = reqInfo.API
|
|
|
|
entry.API.Bucket = reqInfo.BucketName
|
|
|
|
entry.API.Object = reqInfo.ObjectName
|
2022-01-03 04:28:52 -05:00
|
|
|
entry.API.Objects = make([]audit.ObjectVersion, 0, len(reqInfo.Objects))
|
|
|
|
for _, ov := range reqInfo.Objects {
|
|
|
|
entry.API.Objects = append(entry.API.Objects, audit.ObjectVersion{
|
|
|
|
ObjectName: ov.ObjectName,
|
|
|
|
VersionID: ov.VersionID,
|
|
|
|
})
|
|
|
|
}
|
2021-04-23 12:51:12 -04:00
|
|
|
entry.API.Status = http.StatusText(statusCode)
|
|
|
|
entry.API.StatusCode = statusCode
|
2021-10-07 22:03:46 -04:00
|
|
|
entry.API.InputBytes = r.ContentLength
|
2021-10-27 12:29:42 -04:00
|
|
|
entry.API.OutputBytes = outputBytes
|
2022-09-01 15:51:04 -04:00
|
|
|
entry.API.HeaderBytes = headerBytes
|
2021-04-23 12:51:12 -04:00
|
|
|
entry.API.TimeToResponse = strconv.FormatInt(timeToResponse.Nanoseconds(), 10) + "ns"
|
2023-03-14 01:50:19 -04:00
|
|
|
entry.API.TimeToResponseInNS = strconv.FormatInt(timeToResponse.Nanoseconds(), 10)
|
2023-05-09 11:11:32 -04:00
|
|
|
// We hold the lock, so we cannot call reqInfo.GetTagsMap().
|
|
|
|
tags := make(map[string]interface{}, len(reqInfo.tags))
|
|
|
|
for _, t := range reqInfo.tags {
|
|
|
|
tags[t.Key] = t.Val
|
|
|
|
}
|
|
|
|
entry.Tags = tags
|
2023-04-12 17:37:19 -04:00
|
|
|
// ignore cases for ttfb when its zero.
|
2021-04-23 12:51:12 -04:00
|
|
|
if timeToFirstByte != 0 {
|
|
|
|
entry.API.TimeToFirstByte = strconv.FormatInt(timeToFirstByte.Nanoseconds(), 10) + "ns"
|
2023-03-14 01:50:19 -04:00
|
|
|
entry.API.TimeToFirstByteInNS = strconv.FormatInt(timeToFirstByte.Nanoseconds(), 10)
|
2021-04-23 12:51:12 -04:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
auditEntry := GetAuditEntry(ctx)
|
|
|
|
if auditEntry != nil {
|
|
|
|
entry = *auditEntry
|
|
|
|
}
|
2020-05-19 21:34:02 -04:00
|
|
|
}
|
2020-04-30 01:17:36 -04:00
|
|
|
|
2018-11-19 17:47:03 -05:00
|
|
|
// Send audit logs only to http targets.
|
2022-05-12 10:20:58 -04:00
|
|
|
for _, t := range auditTgts {
|
2023-05-09 00:20:31 -04:00
|
|
|
if err := t.Send(ctx, entry); err != nil {
|
2024-09-08 08:15:09 -04:00
|
|
|
LogOnceIf(ctx, "logging", fmt.Errorf("Unable to send audit event(s) to the target `%v`: %v", t, err), "send-audit-event-failure")
|
2021-12-20 16:16:53 -05:00
|
|
|
}
|
2018-11-19 17:47:03 -05:00
|
|
|
}
|
|
|
|
}
|