Fix audit loading from the env and consider enable env variable (#9467)

Audit was not working properly when enabled from the environment caused by a typo in the code. This commit fixes that but also consider the following variables: `MINIO_LOGGER_WEBHOOK_ENABLE_*` and `MINIO_AUDIT_WEBHOOK_ENABLE_*` so the user can use this latter to temporarily disable a logger or audit configuration.
5 years ago · a3b266761e
parent 498389123e
commit a3b266761e
1 changed files with 74 additions and 70 deletions
--- a/cmd/logger/config.go
+++ b/cmd/logger/config.go
@ -47,9 +47,11 @@ const (
 	Endpoint  = "endpoint"
 	AuthToken = "auth_token"

+	EnvLoggerWebhookEnable    = "MINIO_LOGGER_WEBHOOK_ENABLE"
 	EnvLoggerWebhookEndpoint  = "MINIO_LOGGER_WEBHOOK_ENDPOINT"
 	EnvLoggerWebhookAuthToken = "MINIO_LOGGER_WEBHOOK_AUTH_TOKEN"

+	EnvAuditWebhookEnable    = "MINIO_AUDIT_WEBHOOK_ENABLE"
 	EnvAuditWebhookEndpoint  = "MINIO_AUDIT_WEBHOOK_ENDPOINT"
 	EnvAuditWebhookAuthToken = "MINIO_AUDIT_WEBHOOK_AUTH_TOKEN"
 )
@ -144,115 +146,117 @@ func LookupConfig(scfg config.Config) (Config, error) {
 		loggerAuditTargets = append(loggerAuditTargets, target)
 	}

-	for starget, kv := range scfg[config.LoggerWebhookSubSys] {
-		subSysTarget := config.LoggerWebhookSubSys
-		if starget != config.Default {
-			subSysTarget = config.LoggerWebhookSubSys + config.SubSystemSeparator + starget
-		}
-		if err := config.CheckValidKeys(subSysTarget, kv, DefaultKVS); err != nil {
-			return cfg, err
-		}
-
-		enabled, err := config.ParseBool(kv.Get(config.Enable))
-		if err != nil {
-			return cfg, err
+	// Load HTTP logger from the environment if found
+	for _, target := range loggerTargets {
+		enableEnv := EnvLoggerWebhookEnable
+		if target != config.Default {
+			enableEnv = EnvLoggerWebhookEnable + config.Default + target
 		}
-		if !enabled {
+		enable, err := config.ParseBool(env.Get(enableEnv, config.EnableOn))
+		if err != nil || !enable {
 			continue
 		}
-
 		endpointEnv := EnvLoggerWebhookEndpoint
-		if starget != config.Default {
-			endpointEnv = EnvLoggerWebhookEndpoint + config.Default + starget
+		if target != config.Default {
+			endpointEnv = EnvLoggerWebhookEndpoint + config.Default + target
 		}
 		authTokenEnv := EnvLoggerWebhookAuthToken
-		if starget != config.Default {
-			authTokenEnv = EnvLoggerWebhookAuthToken + config.Default + starget
+		if target != config.Default {
+			authTokenEnv = EnvLoggerWebhookAuthToken + config.Default + target
 		}
-		cfg.HTTP[starget] = HTTP{
+		cfg.HTTP[target] = HTTP{
 			Enabled:   true,
-			Endpoint:  env.Get(endpointEnv, kv.Get(Endpoint)),
-			AuthToken: env.Get(authTokenEnv, kv.Get(AuthToken)),
+			Endpoint:  env.Get(endpointEnv, ""),
+			AuthToken: env.Get(authTokenEnv, ""),
 		}
 	}

-	for starget, kv := range scfg[config.AuditWebhookSubSys] {
-		subSysTarget := config.AuditWebhookSubSys
-		if starget != config.Default {
-			subSysTarget = config.AuditWebhookSubSys + config.SubSystemSeparator + starget
-		}
-		if err := config.CheckValidKeys(subSysTarget, kv, DefaultAuditKVS); err != nil {
-			return cfg, err
-		}
-
-		enabled, err := config.ParseBool(kv.Get(config.Enable))
-		if err != nil {
-			return cfg, err
+	for _, target := range loggerAuditTargets {
+		enableEnv := EnvAuditWebhookEnable
+		if target != config.Default {
+			enableEnv = EnvAuditWebhookEnable + config.Default + target
 		}
-		if !enabled {
+		enable, err := config.ParseBool(env.Get(enableEnv, config.EnableOn))
+		if err != nil || !enable {
 			continue
 		}
-
 		endpointEnv := EnvAuditWebhookEndpoint
-		if starget != config.Default {
-			endpointEnv = EnvAuditWebhookEndpoint + config.Default + starget
+		if target != config.Default {
+			endpointEnv = EnvAuditWebhookEndpoint + config.Default + target
 		}
 		legacyEndpointEnv := EnvAuditLoggerHTTPEndpoint
-		if starget != config.Default {
-			legacyEndpointEnv = EnvAuditLoggerHTTPEndpoint + config.Default + starget
+		if target != config.Default {
+			legacyEndpointEnv = EnvAuditLoggerHTTPEndpoint + config.Default + target
 		}
 		endpoint := env.Get(legacyEndpointEnv, "")
 		if endpoint == "" {
-			endpoint = env.Get(endpointEnv, kv.Get(Endpoint))
+			endpoint = env.Get(endpointEnv, "")
 		}
 		authTokenEnv := EnvAuditWebhookAuthToken
-		if starget != config.Default {
-			authTokenEnv = EnvAuditWebhookAuthToken + config.Default + starget
+		if target != config.Default {
+			authTokenEnv = EnvAuditWebhookAuthToken + config.Default + target
 		}
-		cfg.Audit[starget] = HTTP{
+		cfg.Audit[target] = HTTP{
 			Enabled:   true,
 			Endpoint:  endpoint,
-			AuthToken: env.Get(authTokenEnv, kv.Get(AuthToken)),
+			AuthToken: env.Get(authTokenEnv, ""),
 		}
 	}

-	for _, target := range loggerTargets {
-		endpointEnv := EnvLoggerWebhookEndpoint
-		if target != config.Default {
-			endpointEnv = EnvLoggerWebhookEndpoint + config.Default + target
+	for starget, kv := range scfg[config.LoggerWebhookSubSys] {
+		if l, ok := cfg.HTTP[starget]; ok && l.Enabled {
+			// Ignore this HTTP logger config since there is
+			// a target with the same name loaded and enabled
+			// from the environment.
+			continue
 		}
-		authTokenEnv := EnvLoggerWebhookAuthToken
-		if target != config.Default {
-			authTokenEnv = EnvLoggerWebhookAuthToken + config.Default + target
+		subSysTarget := config.LoggerWebhookSubSys
+		if starget != config.Default {
+			subSysTarget = config.LoggerWebhookSubSys + config.SubSystemSeparator + starget
 		}
-		cfg.HTTP[target] = HTTP{
+		if err := config.CheckValidKeys(subSysTarget, kv, DefaultKVS); err != nil {
+			return cfg, err
+		}
+
+		enabled, err := config.ParseBool(kv.Get(config.Enable))
+		if err != nil {
+			return cfg, err
+		}
+		if !enabled {
+			continue
+		}
+		cfg.HTTP[starget] = HTTP{
 			Enabled:   true,
-			Endpoint:  env.Get(endpointEnv, ""),
-			AuthToken: env.Get(authTokenEnv, ""),
+			Endpoint:  kv.Get(Endpoint),
+			AuthToken: kv.Get(AuthToken),
 		}
 	}

-	for _, target := range loggerAuditTargets {
-		endpointEnv := EnvLoggerWebhookEndpoint
-		if target != config.Default {
-			endpointEnv = EnvLoggerWebhookEndpoint + config.Default + target
+	for starget, kv := range scfg[config.AuditWebhookSubSys] {
+		if l, ok := cfg.Audit[starget]; ok && l.Enabled {
+			// Ignore this audit config since another target
+			// with the same name is already loaded and enabled
+			// in the shell environment.
+			continue
 		}
-		legacyEndpointEnv := EnvAuditLoggerHTTPEndpoint
-		if target != config.Default {
-			legacyEndpointEnv = EnvAuditLoggerHTTPEndpoint + config.Default + target
+		subSysTarget := config.AuditWebhookSubSys
+		if starget != config.Default {
+			subSysTarget = config.AuditWebhookSubSys + config.SubSystemSeparator + starget
 		}
-		endpoint := env.Get(legacyEndpointEnv, "")
-		if endpoint == "" {
-			endpoint = env.Get(endpointEnv, "")
+		if err := config.CheckValidKeys(subSysTarget, kv, DefaultAuditKVS); err != nil {
+			return cfg, err
 		}
-		authTokenEnv := EnvLoggerWebhookAuthToken
-		if target != config.Default {
-			authTokenEnv = EnvLoggerWebhookAuthToken + config.Default + target
+		enabled, err := config.ParseBool(kv.Get(config.Enable))
+		if err != nil {
+			return cfg, err
 		}
-		cfg.Audit[target] = HTTP{
+		if !enabled {
+			continue
+		}
+		cfg.Audit[starget] = HTTP{
 			Enabled:   true,
-			Endpoint:  endpoint,
-			AuthToken: env.Get(authTokenEnv, ""),
+			Endpoint:  kv.Get(Endpoint),
+			AuthToken: kv.Get(AuthToken),
 		}
 	}