MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-01-22 20:23:14 -05:00
Code Issues Packages Projects Releases Wiki Activity

Audit dangling object removal (#15933)

Browse Source
This commit is contained in:
Anis Elleuch 2022-10-24 19:35:07 +01:00 committed by GitHub
parent 2e33b99c6b
commit fc6c794972
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 52 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/bucket-replication.go
View File

@ -372,9 +372,11 @@ func replicateDelete(ctx context.Context, dobj DeletedObjectReplicationInfo, obj
defer func() { defer func() {
replStatus := string(replicationStatus) replStatus := string(replicationStatus)
auditLogInternal(context.Background(), bucket, dobj.ObjectName, AuditLogOptions{ auditLogInternal(context.Background(), AuditLogOptions{
Event: dobj.EventType, Event: dobj.EventType,
APIName: ReplicateDeleteAPI, APIName: ReplicateDeleteAPI,
Bucket: bucket,
Object: dobj.ObjectName,
VersionID: versionID, VersionID: versionID,
Status: replStatus, Status: replStatus,
}) })
@ -903,9 +905,11 @@ func replicateObject(ctx context.Context, ri ReplicateObjectInfo, objectAPI Obje
// on disk. // on disk.
replicationStatus = ri.ReplicationStatus replicationStatus = ri.ReplicationStatus
} }
auditLogInternal(ctx, ri.Bucket, ri.Name, AuditLogOptions{ auditLogInternal(ctx, AuditLogOptions{
Event: ri.EventType, Event: ri.EventType,
APIName: ReplicateObjectAPI, APIName: ReplicateObjectAPI,
Bucket: ri.Bucket,
Object: ri.Name,
VersionID: ri.VersionID, VersionID: ri.VersionID,
Status: replicationStatus.String(), Status: replicationStatus.String(),
}) })

4
cmd/data-scanner.go
View File

@ -1441,9 +1441,11 @@ func auditLogLifecycle(ctx context.Context, oi ObjectInfo, event string) {
case ILMTransition: case ILMTransition:
apiName = "ILMTransition" apiName = "ILMTransition"
} }
auditLogInternal(ctx, oi.Bucket, oi.Name, AuditLogOptions{ auditLogInternal(ctx, AuditLogOptions{
Event: event, Event: event,
APIName: apiName, APIName: apiName,
Bucket: oi.Bucket,
Object: oi.Name,
VersionID: oi.VersionID, VersionID: oi.VersionID,
}) })
} }

22
cmd/erasure-object.go
View File

@ -439,10 +439,32 @@ func (er erasureObjects) GetObjectInfo(ctx context.Context, bucket, object strin
return er.getObjectInfo(ctx, bucket, object, opts) return er.getObjectInfo(ctx, bucket, object, opts)
} }
func auditDanglingObjectDeletion(ctx context.Context, bucket, object, versionID string, pool, set, objectParity int) {
if len(logger.AuditTargets()) == 0 {
return
}
tags := make(map[string]interface{})
tags["pool"] = pool
tags["set"] = set
tags["objectParity"] = objectParity
opts := AuditLogOptions{
Event: "DeleteDanglingObject",
Bucket: bucket,
Object: object,
VersionID: versionID,
Tags: tags,
}
auditLogInternal(ctx, opts)
}
func (er erasureObjects) deleteIfDangling(ctx context.Context, bucket, object string, metaArr []FileInfo, errs []error, dataErrs []error, opts ObjectOptions) (FileInfo, error) { func (er erasureObjects) deleteIfDangling(ctx context.Context, bucket, object string, metaArr []FileInfo, errs []error, dataErrs []error, opts ObjectOptions) (FileInfo, error) {
var err error var err error
m, ok := isObjectDangling(metaArr, errs, dataErrs) m, ok := isObjectDangling(metaArr, errs, dataErrs)
if ok { if ok {
defer auditDanglingObjectDeletion(ctx, bucket, object, m.VersionID, er.poolIndex, er.setIndex, m.Erasure.ParityBlocks)
err = errFileNotFound err = errFileNotFound
if opts.VersionID != "" { if opts.VersionID != "" {
err = errFileVersionNotFound err = errFileVersionNotFound

4
cmd/erasure-server-pool-decom.go
View File

@ -1274,9 +1274,11 @@ func auditLogDecom(ctx context.Context, apiName, bucket, object, versionID strin
if err != nil { if err != nil {
errStr = err.Error() errStr = err.Error()
} }
auditLogInternal(ctx, bucket, object, AuditLogOptions{ auditLogInternal(ctx, AuditLogOptions{
Event: "decommission", Event: "decommission",
APIName: apiName, APIName: apiName,
Bucket: bucket,
Object: object,
VersionID: versionID, VersionID: versionID,
Error: errStr, Error: errStr,
}) })

26
cmd/utils.go
View File

@ -1026,28 +1026,38 @@ type AuditLogOptions struct {
Event string Event string
APIName string APIName string
Status string Status string
Bucket string
Object string
VersionID string VersionID string
Error string Error string
Tags map[string]interface{}
} }
// sends audit logs for internal subsystem activity // sends audit logs for internal subsystem activity
func auditLogInternal(ctx context.Context, bucket, object string, opts AuditLogOptions) { func auditLogInternal(ctx context.Context, opts AuditLogOptions) {
if len(logger.AuditTargets()) == 0 {
return
}
entry := audit.NewEntry(globalDeploymentID) entry := audit.NewEntry(globalDeploymentID)
entry.Trigger = opts.Event entry.Trigger = opts.Event
entry.Event = opts.Event entry.Event = opts.Event
entry.Error = opts.Error entry.Error = opts.Error
entry.API.Name = opts.APIName entry.API.Name = opts.APIName
entry.API.Bucket = bucket entry.API.Bucket = opts.Bucket
entry.API.Object = object entry.API.Objects = []audit.ObjectVersion{{ObjectName: opts.Object, VersionID: opts.VersionID}}
if opts.VersionID != "" {
entry.ReqQuery = make(map[string]string)
entry.ReqQuery[xhttp.VersionID] = opts.VersionID
}
entry.API.Status = opts.Status entry.API.Status = opts.Status
entry.Tags = opts.Tags
// Merge tag information if found - this is currently needed for tags // Merge tag information if found - this is currently needed for tags
// set during decommissioning. // set during decommissioning.
if reqInfo := logger.GetReqInfo(ctx); reqInfo != nil { if reqInfo := logger.GetReqInfo(ctx); reqInfo != nil {
entry.Tags = reqInfo.GetTagsMap() if tags := reqInfo.GetTagsMap(); len(tags) > 0 {
if entry.Tags == nil {
entry.Tags = make(map[string]interface{}, len(tags))
}
for k, v := range tags {
entry.Tags[k] = v
}
}
} }
ctx = logger.SetAuditEntry(ctx, &entry) ctx = logger.SetAuditEntry(ctx, &entry)
logger.AuditLog(ctx, nil, nil, nil) logger.AuditLog(ctx, nil, nil, nil)