Add the policy name to the audit logs tags when doing policy-based API calls. Add retention settings to tags (#20638)

* Add the policy name to the audit log tags when doing policy-based API calls * Audit log the retention settings requested in the API call * Audit log of retention on PutObjectRetention API path too
2025-11-07 12:52:58 -05:00 · 2024-11-26 04:17:12 +11:00
parent c07e5b49d4
commit d202fdd022
5 changed files with 112 additions and 1 deletions
--- a/internal/bucket/object/lock/lock.go
+++ b/internal/bucket/object/lock/lock.go
@@ -237,6 +237,25 @@ type Config struct {
 	} `xml:"Rule,omitempty"`
 }

+// String returns the human readable format of object lock configuration, used in audit logs.
+func (config Config) String() string {
+	parts := []string{
+		fmt.Sprintf("Enabled: %v", config.Enabled()),
+	}
+	if config.Rule != nil {
+		if config.Rule.DefaultRetention.Mode != "" {
+			parts = append(parts, fmt.Sprintf("Mode: %s", config.Rule.DefaultRetention.Mode))
+		}
+		if config.Rule.DefaultRetention.Days != nil {
+			parts = append(parts, fmt.Sprintf("Days: %d", *config.Rule.DefaultRetention.Days))
+		}
+		if config.Rule.DefaultRetention.Years != nil {
+			parts = append(parts, fmt.Sprintf("Years: %d", *config.Rule.DefaultRetention.Years))
+		}
+	}
+	return strings.Join(parts, ", ")
+}
+
 // Enabled returns true if config.ObjectLockEnabled is set to Enabled
 func (config *Config) Enabled() bool {
 	return config.ObjectLockEnabled == Enabled
@@ -349,6 +368,10 @@ type ObjectRetention struct {
 	RetainUntilDate RetentionDate `xml:"RetainUntilDate,omitempty"`
 }

+func (o ObjectRetention) String() string {
+	return fmt.Sprintf("Mode: %s, RetainUntilDate: %s", o.Mode, o.RetainUntilDate.Time)
+}
+
 // Maximum 4KiB size per object retention config.
 const maxObjectRetentionSize = 1 << 12

--- a/internal/bucket/object/lock/lock_test.go
+++ b/internal/bucket/object/lock/lock_test.go
@@ -611,3 +611,72 @@ func TestFilterObjectLockMetadata(t *testing.T) {
 		}
 	}
 }
+
+func TestToString(t *testing.T) {
+	days := uint64(30)
+	daysPtr := &days
+	years := uint64(2)
+	yearsPtr := &years
+
+	tests := []struct {
+		name string
+		c    Config
+		want string
+	}{
+		{
+			name: "happy case",
+			c: Config{
+				ObjectLockEnabled: "Enabled",
+			},
+			want: "Enabled: true",
+		},
+		{
+			name: "with default retention days",
+			c: Config{
+				ObjectLockEnabled: "Enabled",
+				Rule: &struct {
+					DefaultRetention DefaultRetention `xml:"DefaultRetention"`
+				}{
+					DefaultRetention: DefaultRetention{
+						Mode: RetGovernance,
+						Days: daysPtr,
+					},
+				},
+			},
+			want: "Enabled: true, Mode: GOVERNANCE, Days: 30",
+		},
+		{
+			name: "with default retention years",
+			c: Config{
+				ObjectLockEnabled: "Enabled",
+				Rule: &struct {
+					DefaultRetention DefaultRetention `xml:"DefaultRetention"`
+				}{
+					DefaultRetention: DefaultRetention{
+						Mode:  RetCompliance,
+						Years: yearsPtr,
+					},
+				},
+			},
+			want: "Enabled: true, Mode: COMPLIANCE, Years: 2",
+		},
+		{
+			name: "disabled case",
+			c: Config{
+				ObjectLockEnabled: "Disabled",
+			},
+			want: "Enabled: false",
+		},
+		{
+			name: "empty case",
+			c:    Config{},
+			want: "Enabled: false",
+		},
+	}
+	for _, tt := range tests {
+		got := tt.c.String()
+		if got != tt.want {
+			t.Errorf("test: %s, got: '%v', want: '%v'", tt.name, got, tt.want)
+		}
+	}
+}