MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-01-23 20:53:18 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix audit loading from the env and consider enable env variable (#9467)

Browse Source 
Audit was not working properly when enabled from the environment
caused by a typo in the code.

This commit fixes that but also consider the following variables:
  `MINIO_LOGGER_WEBHOOK_ENABLE_*` and 
`MINIO_AUDIT_WEBHOOK_ENABLE_*` so the user can use 
this latter to temporarily disable a logger or audit configuration.
This commit is contained in:
Anis Elleuch 2020-04-28 11:40:51 +01:00 committed by GitHub
parent 498389123e
commit a3b266761e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 80 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

156
cmd/logger/config.go
View File

@ -47,9 +47,11 @@ const (
Endpoint = "endpoint" Endpoint = "endpoint"
AuthToken = "auth_token" AuthToken = "auth_token"
EnvLoggerWebhookEnable = "MINIO_LOGGER_WEBHOOK_ENABLE"
EnvLoggerWebhookEndpoint = "MINIO_LOGGER_WEBHOOK_ENDPOINT" EnvLoggerWebhookEndpoint = "MINIO_LOGGER_WEBHOOK_ENDPOINT"
EnvLoggerWebhookAuthToken = "MINIO_LOGGER_WEBHOOK_AUTH_TOKEN" EnvLoggerWebhookAuthToken = "MINIO_LOGGER_WEBHOOK_AUTH_TOKEN"
EnvAuditWebhookEnable = "MINIO_AUDIT_WEBHOOK_ENABLE"
EnvAuditWebhookEndpoint = "MINIO_AUDIT_WEBHOOK_ENDPOINT" EnvAuditWebhookEndpoint = "MINIO_AUDIT_WEBHOOK_ENDPOINT"
EnvAuditWebhookAuthToken = "MINIO_AUDIT_WEBHOOK_AUTH_TOKEN" EnvAuditWebhookAuthToken = "MINIO_AUDIT_WEBHOOK_AUTH_TOKEN"
) )
@ -144,79 +146,16 @@ func LookupConfig(scfg config.Config) (Config, error) {
loggerAuditTargets = append(loggerAuditTargets, target) loggerAuditTargets = append(loggerAuditTargets, target)
} }
for starget, kv := range scfg[config.LoggerWebhookSubSys] { // Load HTTP logger from the environment if found
subSysTarget := config.LoggerWebhookSubSys
if starget != config.Default {
subSysTarget = config.LoggerWebhookSubSys + config.SubSystemSeparator + starget
}
if err := config.CheckValidKeys(subSysTarget, kv, DefaultKVS); err != nil {
return cfg, err
}
enabled, err := config.ParseBool(kv.Get(config.Enable))
if err != nil {
return cfg, err
}
if !enabled {
continue
}
endpointEnv := EnvLoggerWebhookEndpoint
if starget != config.Default {
endpointEnv = EnvLoggerWebhookEndpoint + config.Default + starget
}
authTokenEnv := EnvLoggerWebhookAuthToken
if starget != config.Default {
authTokenEnv = EnvLoggerWebhookAuthToken + config.Default + starget
}
cfg.HTTP[starget] = HTTP{
Enabled: true,
Endpoint: env.Get(endpointEnv, kv.Get(Endpoint)),
AuthToken: env.Get(authTokenEnv, kv.Get(AuthToken)),
}
}
for starget, kv := range scfg[config.AuditWebhookSubSys] {
subSysTarget := config.AuditWebhookSubSys
if starget != config.Default {
subSysTarget = config.AuditWebhookSubSys + config.SubSystemSeparator + starget
}
if err := config.CheckValidKeys(subSysTarget, kv, DefaultAuditKVS); err != nil {
return cfg, err
}
enabled, err := config.ParseBool(kv.Get(config.Enable))
if err != nil {
return cfg, err
}
if !enabled {
continue
}
endpointEnv := EnvAuditWebhookEndpoint
if starget != config.Default {
endpointEnv = EnvAuditWebhookEndpoint + config.Default + starget
}
legacyEndpointEnv := EnvAuditLoggerHTTPEndpoint
if starget != config.Default {
legacyEndpointEnv = EnvAuditLoggerHTTPEndpoint + config.Default + starget
}
endpoint := env.Get(legacyEndpointEnv, "")
if endpoint == "" {
endpoint = env.Get(endpointEnv, kv.Get(Endpoint))
}
authTokenEnv := EnvAuditWebhookAuthToken
if starget != config.Default {
authTokenEnv = EnvAuditWebhookAuthToken + config.Default + starget
}
cfg.Audit[starget] = HTTP{
Enabled: true,
Endpoint: endpoint,
AuthToken: env.Get(authTokenEnv, kv.Get(AuthToken)),
}
}
for _, target := range loggerTargets { for _, target := range loggerTargets {
enableEnv := EnvLoggerWebhookEnable
if target != config.Default {
enableEnv = EnvLoggerWebhookEnable + config.Default + target
}
enable, err := config.ParseBool(env.Get(enableEnv, config.EnableOn))
if err != nil || !enable {
continue
}
endpointEnv := EnvLoggerWebhookEndpoint endpointEnv := EnvLoggerWebhookEndpoint
if target != config.Default { if target != config.Default {
endpointEnv = EnvLoggerWebhookEndpoint + config.Default + target endpointEnv = EnvLoggerWebhookEndpoint + config.Default + target
@ -233,9 +172,17 @@ func LookupConfig(scfg config.Config) (Config, error) {
} }
for _, target := range loggerAuditTargets { for _, target := range loggerAuditTargets {
endpointEnv := EnvLoggerWebhookEndpoint enableEnv := EnvAuditWebhookEnable
if target != config.Default { if target != config.Default {
endpointEnv = EnvLoggerWebhookEndpoint + config.Default + target enableEnv = EnvAuditWebhookEnable + config.Default + target
}
enable, err := config.ParseBool(env.Get(enableEnv, config.EnableOn))
if err != nil || !enable {
continue
}
endpointEnv := EnvAuditWebhookEndpoint
if target != config.Default {
endpointEnv = EnvAuditWebhookEndpoint + config.Default + target
} }
legacyEndpointEnv := EnvAuditLoggerHTTPEndpoint legacyEndpointEnv := EnvAuditLoggerHTTPEndpoint
if target != config.Default { if target != config.Default {
@ -245,9 +192,9 @@ func LookupConfig(scfg config.Config) (Config, error) {
if endpoint == "" { if endpoint == "" {
endpoint = env.Get(endpointEnv, "") endpoint = env.Get(endpointEnv, "")
} }
authTokenEnv := EnvLoggerWebhookAuthToken authTokenEnv := EnvAuditWebhookAuthToken
if target != config.Default { if target != config.Default {
authTokenEnv = EnvLoggerWebhookAuthToken + config.Default + target authTokenEnv = EnvAuditWebhookAuthToken + config.Default + target
} }
cfg.Audit[target] = HTTP{ cfg.Audit[target] = HTTP{
Enabled: true, Enabled: true,
@ -256,5 +203,62 @@ func LookupConfig(scfg config.Config) (Config, error) {
} }
} }
for starget, kv := range scfg[config.LoggerWebhookSubSys] {
if l, ok := cfg.HTTP[starget]; ok && l.Enabled {
// Ignore this HTTP logger config since there is
// a target with the same name loaded and enabled
// from the environment.
continue
}
subSysTarget := config.LoggerWebhookSubSys
if starget != config.Default {
subSysTarget = config.LoggerWebhookSubSys + config.SubSystemSeparator + starget
}
if err := config.CheckValidKeys(subSysTarget, kv, DefaultKVS); err != nil {
return cfg, err
}
enabled, err := config.ParseBool(kv.Get(config.Enable))
if err != nil {
return cfg, err
}
if !enabled {
continue
}
cfg.HTTP[starget] = HTTP{
Enabled: true,
Endpoint: kv.Get(Endpoint),
AuthToken: kv.Get(AuthToken),
}
}
for starget, kv := range scfg[config.AuditWebhookSubSys] {
if l, ok := cfg.Audit[starget]; ok && l.Enabled {
// Ignore this audit config since another target
// with the same name is already loaded and enabled
// in the shell environment.
continue
}
subSysTarget := config.AuditWebhookSubSys
if starget != config.Default {
subSysTarget = config.AuditWebhookSubSys + config.SubSystemSeparator + starget
}
if err := config.CheckValidKeys(subSysTarget, kv, DefaultAuditKVS); err != nil {
return cfg, err
}
enabled, err := config.ParseBool(kv.Get(config.Enable))
if err != nil {
return cfg, err
}
if !enabled {
continue
}
cfg.Audit[starget] = HTTP{
Enabled: true,
Endpoint: kv.Get(Endpoint),
AuthToken: kv.Get(AuthToken),
}
}
return cfg, nil return cfg, nil
} }