mirror of
https://github.com/minio/minio.git
synced 2025-01-11 23:13:23 -05:00
Enable audit log for global handlers (#16964)
Signed-off-by: Shubhendu Ram Tripathi <shubhendu@minio.io>
This commit is contained in:
Shubhendu
GitHub
parent
ceebd35ef7
commit
d3f70ea340
@ -594,6 +594,7 @@ func setAuthHandler(h http.Handler) http.Handler {
|
|||||||
// All our internal APIs are sensitive towards Date
|
// All our internal APIs are sensitive towards Date
|
||||||
// header, for all requests where Date header is not
|
// header, for all requests where Date header is not
|
||||||
// present we will reject such clients.
|
// present we will reject such clients.
|
||||||
|
defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
|
||||||
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(errCode), r.URL)
|
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(errCode), r.URL)
|
||||||
atomic.AddUint64(&globalHTTPStats.rejectedRequestsTime, 1)
|
atomic.AddUint64(&globalHTTPStats.rejectedRequestsTime, 1)
|
||||||
return
|
return
|
||||||
@ -607,6 +608,7 @@ func setAuthHandler(h http.Handler) http.Handler {
|
|||||||
tc.ResponseRecorder.LogErrBody = true
|
tc.ResponseRecorder.LogErrBody = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
|
||||||
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrRequestTimeTooSkewed), r.URL)
|
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrRequestTimeTooSkewed), r.URL)
|
||||||
atomic.AddUint64(&globalHTTPStats.rejectedRequestsTime, 1)
|
atomic.AddUint64(&globalHTTPStats.rejectedRequestsTime, 1)
|
||||||
return
|
return
|
||||||
@ -622,6 +624,7 @@ func setAuthHandler(h http.Handler) http.Handler {
|
|||||||
tc.ResponseRecorder.LogErrBody = true
|
tc.ResponseRecorder.LogErrBody = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
|
||||||
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrSignatureVersionNotSupported), r.URL)
|
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrSignatureVersionNotSupported), r.URL)
|
||||||
atomic.AddUint64(&globalHTTPStats.rejectedRequestsAuth, 1)
|
atomic.AddUint64(&globalHTTPStats.rejectedRequestsAuth, 1)
|
||||||
})
|
})
|
||||||
|
|||||||
@ -112,6 +112,7 @@ func setRequestLimitHandler(h http.Handler) http.Handler {
|
|||||||
tc.ResponseRecorder.LogErrBody = true
|
tc.ResponseRecorder.LogErrBody = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
|
||||||
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrUnsupportedMetadata), r.URL)
|
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrUnsupportedMetadata), r.URL)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -122,6 +123,7 @@ func setRequestLimitHandler(h http.Handler) http.Handler {
|
|||||||
tc.ResponseRecorder.LogErrBody = true
|
tc.ResponseRecorder.LogErrBody = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
|
||||||
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrMetadataTooLarge), r.URL)
|
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrMetadataTooLarge), r.URL)
|
||||||
atomic.AddUint64(&globalHTTPStats.rejectedRequestsHeader, 1)
|
atomic.AddUint64(&globalHTTPStats.rejectedRequestsHeader, 1)
|
||||||
return
|
return
|
||||||
@ -389,6 +391,7 @@ func setRequestValidityHandler(h http.Handler) http.Handler {
|
|||||||
tc.ResponseRecorder.LogErrBody = true
|
tc.ResponseRecorder.LogErrBody = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
|
||||||
invalidReq := errorCodes.ToAPIErr(ErrInvalidRequest)
|
invalidReq := errorCodes.ToAPIErr(ErrInvalidRequest)
|
||||||
invalidReq.Description = fmt.Sprintf("%s (%s)", invalidReq.Description, err)
|
invalidReq.Description = fmt.Sprintf("%s (%s)", invalidReq.Description, err)
|
||||||
writeErrorResponse(r.Context(), w, invalidReq, r.URL)
|
writeErrorResponse(r.Context(), w, invalidReq, r.URL)
|
||||||
@ -403,6 +406,7 @@ func setRequestValidityHandler(h http.Handler) http.Handler {
|
|||||||
tc.ResponseRecorder.LogErrBody = true
|
tc.ResponseRecorder.LogErrBody = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
|
||||||
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrInvalidResourceName), r.URL)
|
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrInvalidResourceName), r.URL)
|
||||||
atomic.AddUint64(&globalHTTPStats.rejectedRequestsInvalid, 1)
|
atomic.AddUint64(&globalHTTPStats.rejectedRequestsInvalid, 1)
|
||||||
return
|
return
|
||||||
@ -416,6 +420,7 @@ func setRequestValidityHandler(h http.Handler) http.Handler {
|
|||||||
tc.ResponseRecorder.LogErrBody = true
|
tc.ResponseRecorder.LogErrBody = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
|
||||||
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrInvalidResourceName), r.URL)
|
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrInvalidResourceName), r.URL)
|
||||||
atomic.AddUint64(&globalHTTPStats.rejectedRequestsInvalid, 1)
|
atomic.AddUint64(&globalHTTPStats.rejectedRequestsInvalid, 1)
|
||||||
return
|
return
|
||||||
@ -428,6 +433,7 @@ func setRequestValidityHandler(h http.Handler) http.Handler {
|
|||||||
tc.ResponseRecorder.LogErrBody = true
|
tc.ResponseRecorder.LogErrBody = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
|
||||||
invalidReq := errorCodes.ToAPIErr(ErrInvalidRequest)
|
invalidReq := errorCodes.ToAPIErr(ErrInvalidRequest)
|
||||||
invalidReq.Description = fmt.Sprintf("%s (request has multiple authentication types, please use one)", invalidReq.Description)
|
invalidReq.Description = fmt.Sprintf("%s (request has multiple authentication types, please use one)", invalidReq.Description)
|
||||||
writeErrorResponse(r.Context(), w, invalidReq, r.URL)
|
writeErrorResponse(r.Context(), w, invalidReq, r.URL)
|
||||||
@ -442,6 +448,7 @@ func setRequestValidityHandler(h http.Handler) http.Handler {
|
|||||||
tc.FuncName = "handler.ValidRequest"
|
tc.FuncName = "handler.ValidRequest"
|
||||||
tc.ResponseRecorder.LogErrBody = true
|
tc.ResponseRecorder.LogErrBody = true
|
||||||
}
|
}
|
||||||
|
defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
|
||||||
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrAllAccessDisabled), r.URL)
|
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrAllAccessDisabled), r.URL)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -454,6 +461,7 @@ func setRequestValidityHandler(h http.Handler) http.Handler {
|
|||||||
tc.ResponseRecorder.LogErrBody = false
|
tc.ResponseRecorder.LogErrBody = false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
|
||||||
writeErrorResponseHeadersOnly(w, errorCodes.ToAPIErr(ErrInsecureSSECustomerRequest))
|
writeErrorResponseHeadersOnly(w, errorCodes.ToAPIErr(ErrInsecureSSECustomerRequest))
|
||||||
} else {
|
} else {
|
||||||
if ok {
|
if ok {
|
||||||
@ -461,6 +469,7 @@ func setRequestValidityHandler(h http.Handler) http.Handler {
|
|||||||
tc.ResponseRecorder.LogErrBody = true
|
tc.ResponseRecorder.LogErrBody = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
|
||||||
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrInsecureSSECustomerRequest), r.URL)
|
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrInsecureSSECustomerRequest), r.URL)
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
@ -511,6 +520,7 @@ func setBucketForwardingHandler(h http.Handler) http.Handler {
|
|||||||
}
|
}
|
||||||
sr, err := globalDNSConfig.Get(bucket)
|
sr, err := globalDNSConfig.Get(bucket)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
|
||||||
if err == dns.ErrNoEntriesFound {
|
if err == dns.ErrNoEntriesFound {
|
||||||
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrNoSuchBucket), r.URL)
|
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrNoSuchBucket), r.URL)
|
||||||
} else {
|
} else {
|
||||||
@ -593,6 +603,7 @@ func setUploadForwardingHandler(h http.Handler) http.Handler {
|
|||||||
h.ServeHTTP(w, r)
|
h.ServeHTTP(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
bucket, object := request2BucketObjectName(r)
|
bucket, object := request2BucketObjectName(r)
|
||||||
uploadID := r.Form.Get(xhttp.UploadID)
|
uploadID := r.Form.Get(xhttp.UploadID)
|
||||||
|
|
||||||
@ -609,6 +620,7 @@ func setUploadForwardingHandler(h http.Handler) http.Handler {
|
|||||||
}
|
}
|
||||||
// forward request to peer handling this upload
|
// forward request to peer handling this upload
|
||||||
if globalBucketTargetSys.isOffline(remote.EndpointURL) {
|
if globalBucketTargetSys.isOffline(remote.EndpointURL) {
|
||||||
|
defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
|
||||||
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrReplicationRemoteConnectionError), r.URL)
|
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrReplicationRemoteConnectionError), r.URL)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user