MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-09 05:34:56 -05:00
Code Issues Packages Projects Releases Wiki Activity

add audit logging for all admin calls (#9568)

Browse Source 
- add ServiceRestart/ServiceStop actions
- audit log appropriately in all admin handlers

fixes #9522
This commit is contained in:
Harshavardhana
2020-05-11 10:34:08 -07:00
committed by GitHub
parent 2d735144b9
commit 337c2a7cb4
6 changed files with 131 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/iam/policy/admin-action.go
View File

@@ -52,17 +52,16 @@ const (
// ServerUpdateAdminAction - allow MinIO binary update
ServerUpdateAdminAction = "admin:ServerUpdate"
//Config Actions
// ServiceRestartAdminAction - allow restart of MinIO service.
ServiceRestartAdminAction = "admin:ServiceRestart"
// ServiceStopAdminAction - allow stopping MinIO service.
ServiceStopAdminAction = "admin:ServiceStop"
// ConfigUpdateAdminAction - allow MinIO config management
ConfigUpdateAdminAction = "admin:ConfigUpdate"
// User Actions
// CreateUserAdminAction - allow creating MinIO user
CreateUserAdminAction = "admin:CreateUser"
// DeleteUserAdminAction - allow deleting MinIO user
DeleteUserAdminAction = "admin:DeleteUser"
// ListUsersAdminAction - allow list users permission
@@ -127,6 +126,8 @@ var supportedAdminActions = map[AdminAction]struct{}{
ConsoleLogAdminAction: {},
KMSKeyStatusAdminAction: {},
ServerUpdateAdminAction: {},
ServiceRestartAdminAction: {},
ServiceStopAdminAction: {},
ConfigUpdateAdminAction: {},
CreateUserAdminAction: {},
DeleteUserAdminAction: {},
@@ -177,6 +178,8 @@ var adminActionConditionKeyMap = map[Action]condition.KeySet{
ConsoleLogAdminAction: condition.NewKeySet(condition.AllSupportedAdminKeys...),
KMSKeyStatusAdminAction: condition.NewKeySet(condition.AllSupportedAdminKeys...),
ServerUpdateAdminAction: condition.NewKeySet(condition.AllSupportedAdminKeys...),
ServiceRestartAdminAction: condition.NewKeySet(condition.AllSupportedAdminKeys...),
ServiceStopAdminAction: condition.NewKeySet(condition.AllSupportedAdminKeys...),
ConfigUpdateAdminAction: condition.NewKeySet(condition.AllSupportedAdminKeys...),
CreateUserAdminAction: condition.NewKeySet(condition.AllSupportedAdminKeys...),
DeleteUserAdminAction: condition.NewKeySet(condition.AllSupportedAdminKeys...),