add auditing for healing objects (#19379)

2025-01-27 06:33:18 -05:00 · 2024-03-28 16:46:19 -07:00 · 2024-03-28 16:46:19 -07:00 · feb9d8480b
commit feb9d8480b
parent 4e670458b8
2 changed files with 26 additions and 9 deletions
--- a/cmd/erasure-healing.go
+++ b/cmd/erasure-healing.go
@ -210,6 +210,24 @@ func (fi FileInfo) DataMov() bool {
 	return ok
 }

+func auditHealObject(ctx context.Context, bucket, object, versionID string, err error) {
+	if len(logger.AuditTargets()) == 0 {
+		return
+	}
+
+	opts := AuditLogOptions{
+		Event:     "HealObject",
+		Bucket:    bucket,
+		Object:    object,
+		VersionID: versionID,
+	}
+	if err != nil {
+		opts.Error = err.Error()
+	}
+
+	auditLogInternal(ctx, opts)
+}
+
 // Heals an object by re-writing corrupt/missing erasure blocks.
 func (er *erasureObjects) healObject(ctx context.Context, bucket string, object string, versionID string, opts madmin.HealOpts) (result madmin.HealResultItem, err error) {
 	dryRun := opts.DryRun
@ -218,6 +236,8 @@ func (er *erasureObjects) healObject(ctx context.Context, bucket string, object
 	storageDisks := er.getDisks()
 	storageEndpoints := er.getEndpoints()

+	defer auditHealObject(ctx, bucket, object, versionID, err)
+
 	if globalTrace.NumSubscribers(madmin.TraceHealing) > 0 {
 		startTime := time.Now()
 		defer func() {
--- a/cmd/utils.go
+++ b/cmd/utils.go
@ -60,7 +60,7 @@ import (
 	"github.com/minio/mux"
 	"github.com/minio/pkg/v2/certs"
 	"github.com/minio/pkg/v2/env"
-	pkgAudit "github.com/minio/pkg/v2/logger/message/audit"
+	xaudit "github.com/minio/pkg/v2/logger/message/audit"
 	xnet "github.com/minio/pkg/v2/net"
 	"golang.org/x/oauth2"
 )
@ -946,21 +946,18 @@ func auditLogInternal(ctx context.Context, opts AuditLogOptions) {
 	if len(logger.AuditTargets()) == 0 {
 		return
 	}
+
 	entry := audit.NewEntry(globalDeploymentID())
 	entry.Trigger = opts.Event
 	entry.Event = opts.Event
 	entry.Error = opts.Error
 	entry.API.Name = opts.APIName
 	entry.API.Bucket = opts.Bucket
-	entry.API.Objects = []pkgAudit.ObjectVersion{{ObjectName: opts.Object, VersionID: opts.VersionID}}
+	entry.API.Objects = []xaudit.ObjectVersion{{ObjectName: opts.Object, VersionID: opts.VersionID}}
 	entry.API.Status = opts.Status
-	if len(opts.Tags) > 0 {
-		entry.Tags = make(map[string]interface{}, len(opts.Tags))
-		for k, v := range opts.Tags {
-			entry.Tags[k] = v
-		}
-	} else {
-		entry.Tags = make(map[string]interface{})
+	entry.Tags = make(map[string]interface{}, len(opts.Tags))
+	for k, v := range opts.Tags {
+		entry.Tags[k] = v
 	}

 	// Merge tag information if found - this is currently needed for tags