minio/internal/logger/message/audit/entry.go

// Copyright (c) 2015-2021 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package audit

import (
	"net/http"
	"strings"
	"time"

	"github.com/minio/minio/internal/handlers"
	xhttp "github.com/minio/minio/internal/http"
)

// Version - represents the current version of audit log structure.
const Version = "1"

// ObjectVersion object version key/versionId
type ObjectVersion struct {
	ObjectName string `json:"objectName"`
	VersionID  string `json:"versionId,omitempty"`
}

// Entry - audit entry logs.
type Entry struct {
	Version      string    `json:"version"`
	DeploymentID string    `json:"deploymentid,omitempty"`
	Time         time.Time `json:"time"`
	Event        string    `json:"event"`
	// deprecated replaced by 'Event', kept here for some
	// time for backward compatibility with k8s Operator.
	Trigger string `json:"trigger"`
	API     struct {
		Name            string          `json:"name,omitempty"`
		Bucket          string          `json:"bucket,omitempty"`
		Object          string          `json:"object,omitempty"`
		Objects         []ObjectVersion `json:"objects,omitempty"`
		Status          string          `json:"status,omitempty"`
		StatusCode      int             `json:"statusCode,omitempty"`
		InputBytes      int64           `json:"rx"`
		OutputBytes     int64           `json:"tx"`
		HeaderBytes     int64           `json:"txHeaders,omitempty"`
		TimeToFirstByte string          `json:"timeToFirstByte,omitempty"`
		TimeToResponse  string          `json:"timeToResponse,omitempty"`
	} `json:"api"`
	RemoteHost string                 `json:"remotehost,omitempty"`
	RequestID  string                 `json:"requestID,omitempty"`
	UserAgent  string                 `json:"userAgent,omitempty"`
	ReqClaims  map[string]interface{} `json:"requestClaims,omitempty"`
	ReqQuery   map[string]string      `json:"requestQuery,omitempty"`
	ReqHeader  map[string]string      `json:"requestHeader,omitempty"`
	RespHeader map[string]string      `json:"responseHeader,omitempty"`
	Tags       map[string]interface{} `json:"tags,omitempty"`

	AccessKey  string `json:"accessKey,omitempty"`
	ParentUser string `json:"parentUser,omitempty"`

	Error string `json:"error,omitempty"`
}

// NewEntry - constructs an audit entry object with some fields filled
func NewEntry(deploymentID string) Entry {
	return Entry{
		Version:      Version,
		DeploymentID: deploymentID,
		Time:         time.Now().UTC(),
	}
}

// ToEntry - constructs an audit entry from a http request
func ToEntry(w http.ResponseWriter, r *http.Request, reqClaims map[string]interface{}, deploymentID string) Entry {
	entry := NewEntry(deploymentID)

	entry.RemoteHost = handlers.GetSourceIP(r)
	entry.UserAgent = r.UserAgent()
	entry.ReqClaims = reqClaims

	q := r.URL.Query()
	reqQuery := make(map[string]string, len(q))
	for k, v := range q {
		reqQuery[k] = strings.Join(v, ",")
	}
	entry.ReqQuery = reqQuery

	reqHeader := make(map[string]string, len(r.Header))
	for k, v := range r.Header {
		reqHeader[k] = strings.Join(v, ",")
	}
	entry.ReqHeader = reqHeader

	wh := w.Header()
	entry.RequestID = wh.Get(xhttp.AmzRequestID)
	respHeader := make(map[string]string, len(wh))
	for k, v := range wh {
		respHeader[k] = strings.Join(v, ",")
	}
	entry.RespHeader = respHeader

	if etag := respHeader[xhttp.ETag]; etag != "" {
		respHeader[xhttp.ETag] = strings.Trim(etag, `"`)
	}

	return entry
}
update license change for MinIO Signed-off-by: Harshavardhana <harsha@minio.io> 2021-04-18 15:41:13 -04:00			`// Copyright (c) 2015-2021 MinIO, Inc.`
			`//`
			`// This file is part of MinIO Object Storage stack`
			`//`
			`// This program is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU Affero General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
			`// This program is distributed in the hope that it will be useful`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU Affero General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Affero General Public License`
			`// along with this program. If not, see <http://www.gnu.org/licenses/>.`
Refactor logging in more Go idiomatic style (#6816) This refactor brings a change which allows targets to be added in a cleaner way and also audit is now moved out. This PR also simplifies logger dependency for auditing 2018-11-19 17:47:03 -05:00
			`package audit`

			`import (`
			`"net/http"`
			`"strings"`
			`"time"`

rename all remaining packages to internal/ (#12418) This is to ensure that there are no projects that try to import `minio/minio/pkg` into their own repo. Any such common packages should go to `https://github.com/minio/pkg` 2021-06-01 17:59:40 -04:00			`"github.com/minio/minio/internal/handlers"`
			`xhttp "github.com/minio/minio/internal/http"`
Refactor logging in more Go idiomatic style (#6816) This refactor brings a change which allows targets to be added in a cleaner way and also audit is now moved out. This PR also simplifies logger dependency for auditing 2018-11-19 17:47:03 -05:00			`)`

			`// Version - represents the current version of audit log structure.`
			`const Version = "1"`

fix: audit log to support object names in multipleObjectNames() handler (#14017) 2022-01-03 04:28:52 -05:00			`// ObjectVersion object version key/versionId`
			`type ObjectVersion struct {`
			ObjectName string `json:"objectName"`
typo: Low capital in some JSON field names in log/audit output (#14020) Use a low capital in some fields in JSON log/audit output to follow other fields names. 2022-01-03 12:26:26 -05:00			VersionID string `json:"versionId,omitempty"`
fix: audit log to support object names in multipleObjectNames() handler (#14017) 2022-01-03 04:28:52 -05:00			`}`

Refactor logging in more Go idiomatic style (#6816) This refactor brings a change which allows targets to be added in a cleaner way and also audit is now moved out. This PR also simplifies logger dependency for auditing 2018-11-19 17:47:03 -05:00			`// Entry - audit entry logs.`
			`type Entry struct {`
simplify logger time and avoid possible crashes (#13986) time.Format() is not necessary prematurely for JSON marshalling, since JSON marshalling indeed defaults to RFC3339Nano. This also ensures the 'time' is remembered until its logged and it is the same time when the 'caller' invoked 'log' functions. 2021-12-23 18:33:54 -05:00			Version string `json:"version"`
			DeploymentID string `json:"deploymentid,omitempty"`
			Time time.Time `json:"time"`
fix: simplify passing auditLog eventType (#15278) Rename Trigger -> Event to be a more appropriate name for the audit event. Bonus: fixes a bug in AddMRFWorker() it did not cancel the waitgroup, leading to waitgroup leaks. 2022-07-12 13:43:32 -04:00			Event string `json:"event"`
			`// deprecated replaced by 'Event', kept here for some`
			`// time for backward compatibility with k8s Operator.`
			Trigger string `json:"trigger"`
			`API struct {`
fix: audit log to support object names in multipleObjectNames() handler (#14017) 2022-01-03 04:28:52 -05:00			Name string `json:"name,omitempty"`
			Bucket string `json:"bucket,omitempty"`
			Object string `json:"object,omitempty"`
			Objects []ObjectVersion `json:"objects,omitempty"`
			Status string `json:"status,omitempty"`
			StatusCode int `json:"statusCode,omitempty"`
			InputBytes int64 `json:"rx"`
			OutputBytes int64 `json:"tx"`
audit: account for response headers separately (#15610) 2022-09-01 15:51:04 -04:00			HeaderBytes int64 `json:"txHeaders,omitempty"`
fix: audit log to support object names in multipleObjectNames() handler (#14017) 2022-01-03 04:28:52 -05:00			TimeToFirstByte string `json:"timeToFirstByte,omitempty"`
			TimeToResponse string `json:"timeToResponse,omitempty"`
Refactor logging in more Go idiomatic style (#6816) This refactor brings a change which allows targets to be added in a cleaner way and also audit is now moved out. This PR also simplifies logger dependency for auditing 2018-11-19 17:47:03 -05:00			} `json:"api"`
Audit log claims from token (#6847) 2018-11-21 23:03:24 -05:00			RemoteHost string `json:"remotehost,omitempty"`
			RequestID string `json:"requestID,omitempty"`
			UserAgent string `json:"userAgent,omitempty"`
			ReqClaims map[string]interface{} `json:"requestClaims,omitempty"`
			ReqQuery map[string]string `json:"requestQuery,omitempty"`
			ReqHeader map[string]string `json:"requestHeader,omitempty"`
			RespHeader map[string]string `json:"responseHeader,omitempty"`
audit: per object send pool number, set number and servers per operation (#11233) 2021-01-26 16:21:51 -05:00			Tags map[string]interface{} `json:"tags,omitempty"`
Add audit log for decommissioning (#14858) 2022-05-04 03:45:27 -04:00
Add the access key and parent user in the audit log (#16572) 2023-02-08 14:05:26 -05:00			AccessKey string `json:"accessKey,omitempty"`
			ParentUser string `json:"parentUser,omitempty"`

Add audit log for decommissioning (#14858) 2022-05-04 03:45:27 -04:00			Error string `json:"error,omitempty"`
Refactor logging in more Go idiomatic style (#6816) This refactor brings a change which allows targets to be added in a cleaner way and also audit is now moved out. This PR also simplifies logger dependency for auditing 2018-11-19 17:47:03 -05:00			`}`

audit: Add field to know who triggered the operation (#12129) This is for now needed to know if an external S3 request deleted a file or it was the scanner. Signed-off-by: Anis Elleuch <anis@min.io> 2021-04-23 12:51:12 -04:00			`// NewEntry - constructs an audit entry object with some fields filled`
			`func NewEntry(deploymentID string) Entry {`
			`return Entry{`
			`Version: Version,`
			`DeploymentID: deploymentID,`
simplify logger time and avoid possible crashes (#13986) time.Format() is not necessary prematurely for JSON marshalling, since JSON marshalling indeed defaults to RFC3339Nano. This also ensures the 'time' is remembered until its logged and it is the same time when the 'caller' invoked 'log' functions. 2021-12-23 18:33:54 -05:00			`Time: time.Now().UTC(),`
audit: Add field to know who triggered the operation (#12129) This is for now needed to know if an external S3 request deleted a file or it was the scanner. Signed-off-by: Anis Elleuch <anis@min.io> 2021-04-23 12:51:12 -04:00			`}`
			`}`

			`// ToEntry - constructs an audit entry from a http request`
Enhance audit logging to capture responseTimes (#8067) Audit logging requires to have - timeToFirstByte - timeToResponse timing information 2019-08-12 23:32:34 -04:00			`func ToEntry(w http.ResponseWriter, r *http.Request, reqClaims map[string]interface{}, deploymentID string) Entry {`
audit: Add field to know who triggered the operation (#12129) This is for now needed to know if an external S3 request deleted a file or it was the scanner. Signed-off-by: Anis Elleuch <anis@min.io> 2021-04-23 12:51:12 -04:00			`entry := NewEntry(deploymentID)`

			`entry.RemoteHost = handlers.GetSourceIP(r)`
			`entry.UserAgent = r.UserAgent()`
			`entry.ReqClaims = reqClaims`

Copy metadata before spawning goroutine + prealloc maps (#10458) In `(*cacheObjects).GetObjectNInfo` copy the metadata before spawning a goroutine. Clean up a few map[string]string copies as well, reducing allocs and simplifying the code. Fixes #10426 2020-09-10 14:37:22 -04:00			`q := r.URL.Query()`
			`reqQuery := make(map[string]string, len(q))`
			`for k, v := range q {`
Refactor logging in more Go idiomatic style (#6816) This refactor brings a change which allows targets to be added in a cleaner way and also audit is now moved out. This PR also simplifies logger dependency for auditing 2018-11-19 17:47:03 -05:00			`reqQuery[k] = strings.Join(v, ",")`
			`}`
audit: Add field to know who triggered the operation (#12129) This is for now needed to know if an external S3 request deleted a file or it was the scanner. Signed-off-by: Anis Elleuch <anis@min.io> 2021-04-23 12:51:12 -04:00			`entry.ReqQuery = reqQuery`

Copy metadata before spawning goroutine + prealloc maps (#10458) In `(*cacheObjects).GetObjectNInfo` copy the metadata before spawning a goroutine. Clean up a few map[string]string copies as well, reducing allocs and simplifying the code. Fixes #10426 2020-09-10 14:37:22 -04:00			`reqHeader := make(map[string]string, len(r.Header))`
Refactor logging in more Go idiomatic style (#6816) This refactor brings a change which allows targets to be added in a cleaner way and also audit is now moved out. This PR also simplifies logger dependency for auditing 2018-11-19 17:47:03 -05:00			`for k, v := range r.Header {`
			`reqHeader[k] = strings.Join(v, ",")`
			`}`
audit: Add field to know who triggered the operation (#12129) This is for now needed to know if an external S3 request deleted a file or it was the scanner. Signed-off-by: Anis Elleuch <anis@min.io> 2021-04-23 12:51:12 -04:00			`entry.ReqHeader = reqHeader`

Copy metadata before spawning goroutine + prealloc maps (#10458) In `(*cacheObjects).GetObjectNInfo` copy the metadata before spawning a goroutine. Clean up a few map[string]string copies as well, reducing allocs and simplifying the code. Fixes #10426 2020-09-10 14:37:22 -04:00			`wh := w.Header()`
audit: Add field to know who triggered the operation (#12129) This is for now needed to know if an external S3 request deleted a file or it was the scanner. Signed-off-by: Anis Elleuch <anis@min.io> 2021-04-23 12:51:12 -04:00			`entry.RequestID = wh.Get(xhttp.AmzRequestID)`
Copy metadata before spawning goroutine + prealloc maps (#10458) In `(*cacheObjects).GetObjectNInfo` copy the metadata before spawning a goroutine. Clean up a few map[string]string copies as well, reducing allocs and simplifying the code. Fixes #10426 2020-09-10 14:37:22 -04:00			`respHeader := make(map[string]string, len(wh))`
			`for k, v := range wh {`
Refactor logging in more Go idiomatic style (#6816) This refactor brings a change which allows targets to be added in a cleaner way and also audit is now moved out. This PR also simplifies logger dependency for auditing 2018-11-19 17:47:03 -05:00			`respHeader[k] = strings.Join(v, ",")`
			`}`
audit: Add field to know who triggered the operation (#12129) This is for now needed to know if an external S3 request deleted a file or it was the scanner. Signed-off-by: Anis Elleuch <anis@min.io> 2021-04-23 12:51:12 -04:00			`entry.RespHeader = respHeader`

fix: rename audit log docs and datastructure 2021-01-26 16:39:55 -05:00			`if etag := respHeader[xhttp.ETag]; etag != "" {`
			respHeader[xhttp.ETag] = strings.Trim(etag, `"`)
			`}`
Refactor logging in more Go idiomatic style (#6816) This refactor brings a change which allows targets to be added in a cleaner way and also audit is now moved out. This PR also simplifies logger dependency for auditing 2018-11-19 17:47:03 -05:00
			`return entry`
			`}`