From a3b266761ecde8ab6e9e000ab2ed549e34b48340 Mon Sep 17 00:00:00 2001 From: Anis Elleuch Date: Tue, 28 Apr 2020 11:40:51 +0100 Subject: [PATCH] Fix audit loading from the env and consider enable env variable (#9467) Audit was not working properly when enabled from the environment caused by a typo in the code. This commit fixes that but also consider the following variables: `MINIO_LOGGER_WEBHOOK_ENABLE_*` and `MINIO_AUDIT_WEBHOOK_ENABLE_*` so the user can use this latter to temporarily disable a logger or audit configuration. --- cmd/logger/config.go | 144 ++++++++++++++++++++++--------------------- 1 file changed, 74 insertions(+), 70 deletions(-) diff --git a/cmd/logger/config.go b/cmd/logger/config.go index 446c65cdc..bcb73f6a7 100644 --- a/cmd/logger/config.go +++ b/cmd/logger/config.go @@ -47,9 +47,11 @@ const ( Endpoint = "endpoint" AuthToken = "auth_token" + EnvLoggerWebhookEnable = "MINIO_LOGGER_WEBHOOK_ENABLE" EnvLoggerWebhookEndpoint = "MINIO_LOGGER_WEBHOOK_ENDPOINT" EnvLoggerWebhookAuthToken = "MINIO_LOGGER_WEBHOOK_AUTH_TOKEN" + EnvAuditWebhookEnable = "MINIO_AUDIT_WEBHOOK_ENABLE" EnvAuditWebhookEndpoint = "MINIO_AUDIT_WEBHOOK_ENDPOINT" EnvAuditWebhookAuthToken = "MINIO_AUDIT_WEBHOOK_AUTH_TOKEN" ) @@ -144,115 +146,117 @@ func LookupConfig(scfg config.Config) (Config, error) { loggerAuditTargets = append(loggerAuditTargets, target) } - for starget, kv := range scfg[config.LoggerWebhookSubSys] { - subSysTarget := config.LoggerWebhookSubSys - if starget != config.Default { - subSysTarget = config.LoggerWebhookSubSys + config.SubSystemSeparator + starget - } - if err := config.CheckValidKeys(subSysTarget, kv, DefaultKVS); err != nil { - return cfg, err - } - - enabled, err := config.ParseBool(kv.Get(config.Enable)) - if err != nil { - return cfg, err + // Load HTTP logger from the environment if found + for _, target := range loggerTargets { + enableEnv := EnvLoggerWebhookEnable + if target != config.Default { + enableEnv = EnvLoggerWebhookEnable + config.Default + target } - if !enabled { + enable, err := config.ParseBool(env.Get(enableEnv, config.EnableOn)) + if err != nil || !enable { continue } - endpointEnv := EnvLoggerWebhookEndpoint - if starget != config.Default { - endpointEnv = EnvLoggerWebhookEndpoint + config.Default + starget + if target != config.Default { + endpointEnv = EnvLoggerWebhookEndpoint + config.Default + target } authTokenEnv := EnvLoggerWebhookAuthToken - if starget != config.Default { - authTokenEnv = EnvLoggerWebhookAuthToken + config.Default + starget + if target != config.Default { + authTokenEnv = EnvLoggerWebhookAuthToken + config.Default + target } - cfg.HTTP[starget] = HTTP{ + cfg.HTTP[target] = HTTP{ Enabled: true, - Endpoint: env.Get(endpointEnv, kv.Get(Endpoint)), - AuthToken: env.Get(authTokenEnv, kv.Get(AuthToken)), + Endpoint: env.Get(endpointEnv, ""), + AuthToken: env.Get(authTokenEnv, ""), } } - for starget, kv := range scfg[config.AuditWebhookSubSys] { - subSysTarget := config.AuditWebhookSubSys - if starget != config.Default { - subSysTarget = config.AuditWebhookSubSys + config.SubSystemSeparator + starget - } - if err := config.CheckValidKeys(subSysTarget, kv, DefaultAuditKVS); err != nil { - return cfg, err - } - - enabled, err := config.ParseBool(kv.Get(config.Enable)) - if err != nil { - return cfg, err + for _, target := range loggerAuditTargets { + enableEnv := EnvAuditWebhookEnable + if target != config.Default { + enableEnv = EnvAuditWebhookEnable + config.Default + target } - if !enabled { + enable, err := config.ParseBool(env.Get(enableEnv, config.EnableOn)) + if err != nil || !enable { continue } - endpointEnv := EnvAuditWebhookEndpoint - if starget != config.Default { - endpointEnv = EnvAuditWebhookEndpoint + config.Default + starget + if target != config.Default { + endpointEnv = EnvAuditWebhookEndpoint + config.Default + target } legacyEndpointEnv := EnvAuditLoggerHTTPEndpoint - if starget != config.Default { - legacyEndpointEnv = EnvAuditLoggerHTTPEndpoint + config.Default + starget + if target != config.Default { + legacyEndpointEnv = EnvAuditLoggerHTTPEndpoint + config.Default + target } endpoint := env.Get(legacyEndpointEnv, "") if endpoint == "" { - endpoint = env.Get(endpointEnv, kv.Get(Endpoint)) + endpoint = env.Get(endpointEnv, "") } authTokenEnv := EnvAuditWebhookAuthToken - if starget != config.Default { - authTokenEnv = EnvAuditWebhookAuthToken + config.Default + starget + if target != config.Default { + authTokenEnv = EnvAuditWebhookAuthToken + config.Default + target } - cfg.Audit[starget] = HTTP{ + cfg.Audit[target] = HTTP{ Enabled: true, Endpoint: endpoint, - AuthToken: env.Get(authTokenEnv, kv.Get(AuthToken)), + AuthToken: env.Get(authTokenEnv, ""), } } - for _, target := range loggerTargets { - endpointEnv := EnvLoggerWebhookEndpoint - if target != config.Default { - endpointEnv = EnvLoggerWebhookEndpoint + config.Default + target + for starget, kv := range scfg[config.LoggerWebhookSubSys] { + if l, ok := cfg.HTTP[starget]; ok && l.Enabled { + // Ignore this HTTP logger config since there is + // a target with the same name loaded and enabled + // from the environment. + continue } - authTokenEnv := EnvLoggerWebhookAuthToken - if target != config.Default { - authTokenEnv = EnvLoggerWebhookAuthToken + config.Default + target + subSysTarget := config.LoggerWebhookSubSys + if starget != config.Default { + subSysTarget = config.LoggerWebhookSubSys + config.SubSystemSeparator + starget } - cfg.HTTP[target] = HTTP{ + if err := config.CheckValidKeys(subSysTarget, kv, DefaultKVS); err != nil { + return cfg, err + } + + enabled, err := config.ParseBool(kv.Get(config.Enable)) + if err != nil { + return cfg, err + } + if !enabled { + continue + } + cfg.HTTP[starget] = HTTP{ Enabled: true, - Endpoint: env.Get(endpointEnv, ""), - AuthToken: env.Get(authTokenEnv, ""), + Endpoint: kv.Get(Endpoint), + AuthToken: kv.Get(AuthToken), } } - for _, target := range loggerAuditTargets { - endpointEnv := EnvLoggerWebhookEndpoint - if target != config.Default { - endpointEnv = EnvLoggerWebhookEndpoint + config.Default + target + for starget, kv := range scfg[config.AuditWebhookSubSys] { + if l, ok := cfg.Audit[starget]; ok && l.Enabled { + // Ignore this audit config since another target + // with the same name is already loaded and enabled + // in the shell environment. + continue } - legacyEndpointEnv := EnvAuditLoggerHTTPEndpoint - if target != config.Default { - legacyEndpointEnv = EnvAuditLoggerHTTPEndpoint + config.Default + target + subSysTarget := config.AuditWebhookSubSys + if starget != config.Default { + subSysTarget = config.AuditWebhookSubSys + config.SubSystemSeparator + starget } - endpoint := env.Get(legacyEndpointEnv, "") - if endpoint == "" { - endpoint = env.Get(endpointEnv, "") + if err := config.CheckValidKeys(subSysTarget, kv, DefaultAuditKVS); err != nil { + return cfg, err } - authTokenEnv := EnvLoggerWebhookAuthToken - if target != config.Default { - authTokenEnv = EnvLoggerWebhookAuthToken + config.Default + target + enabled, err := config.ParseBool(kv.Get(config.Enable)) + if err != nil { + return cfg, err } - cfg.Audit[target] = HTTP{ + if !enabled { + continue + } + cfg.Audit[starget] = HTTP{ Enabled: true, - Endpoint: endpoint, - AuthToken: env.Get(authTokenEnv, ""), + Endpoint: kv.Get(Endpoint), + AuthToken: kv.Get(AuthToken), } }