oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix audit loading from the env and consider enable env variable (#9467)

Browse Source 
Audit was not working properly when enabled from the environment
caused by a typo in the code.

This commit fixes that but also consider the following variables:
  `MINIO_LOGGER_WEBHOOK_ENABLE_*` and 
`MINIO_AUDIT_WEBHOOK_ENABLE_*` so the user can use 
this latter to temporarily disable a logger or audit configuration.
master
Anis Elleuch 5 years ago committed by GitHub
parent 498389123e
commit a3b266761e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 74 additions and 70 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 144
      cmd/logger/config.go

144
cmd/logger/config.go
Unescape View File

@ -47,9 +47,11 @@ const (
Endpoint = "endpoint" Endpoint = "endpoint"
AuthToken = "auth_token" AuthToken = "auth_token"
EnvLoggerWebhookEnable = "MINIO_LOGGER_WEBHOOK_ENABLE"
EnvLoggerWebhookEndpoint = "MINIO_LOGGER_WEBHOOK_ENDPOINT" EnvLoggerWebhookEndpoint = "MINIO_LOGGER_WEBHOOK_ENDPOINT"
EnvLoggerWebhookAuthToken = "MINIO_LOGGER_WEBHOOK_AUTH_TOKEN" EnvLoggerWebhookAuthToken = "MINIO_LOGGER_WEBHOOK_AUTH_TOKEN"
EnvAuditWebhookEnable = "MINIO_AUDIT_WEBHOOK_ENABLE"
EnvAuditWebhookEndpoint = "MINIO_AUDIT_WEBHOOK_ENDPOINT" EnvAuditWebhookEndpoint = "MINIO_AUDIT_WEBHOOK_ENDPOINT"
EnvAuditWebhookAuthToken = "MINIO_AUDIT_WEBHOOK_AUTH_TOKEN" EnvAuditWebhookAuthToken = "MINIO_AUDIT_WEBHOOK_AUTH_TOKEN"
) )
@ -144,115 +146,117 @@ func LookupConfig(scfg config.Config) (Config, error) {
loggerAuditTargets = append(loggerAuditTargets, target) loggerAuditTargets = append(loggerAuditTargets, target)
} }
for starget, kv := range scfg[config.LoggerWebhookSubSys] { // Load HTTP logger from the environment if found
subSysTarget := config.LoggerWebhookSubSys for _, target := range loggerTargets {
if starget != config.Default { enableEnv := EnvLoggerWebhookEnable
subSysTarget = config.LoggerWebhookSubSys + config.SubSystemSeparator + starget if target != config.Default {
} enableEnv = EnvLoggerWebhookEnable + config.Default + target
if err := config.CheckValidKeys(subSysTarget, kv, DefaultKVS); err != nil {
return cfg, err
}
enabled, err := config.ParseBool(kv.Get(config.Enable))
if err != nil {
return cfg, err
} }
if !enabled { enable, err := config.ParseBool(env.Get(enableEnv, config.EnableOn))
if err != nil || !enable {
continue continue
} }
endpointEnv := EnvLoggerWebhookEndpoint endpointEnv := EnvLoggerWebhookEndpoint
if starget != config.Default { if target != config.Default {
endpointEnv = EnvLoggerWebhookEndpoint + config.Default + starget endpointEnv = EnvLoggerWebhookEndpoint + config.Default + target
} }
authTokenEnv := EnvLoggerWebhookAuthToken authTokenEnv := EnvLoggerWebhookAuthToken
if starget != config.Default { if target != config.Default {
authTokenEnv = EnvLoggerWebhookAuthToken + config.Default + starget authTokenEnv = EnvLoggerWebhookAuthToken + config.Default + target
} }
cfg.HTTP[starget] = HTTP{ cfg.HTTP[target] = HTTP{
Enabled: true, Enabled: true,
Endpoint: env.Get(endpointEnv, kv.Get(Endpoint)), Endpoint: env.Get(endpointEnv, ""),
AuthToken: env.Get(authTokenEnv, kv.Get(AuthToken)), AuthToken: env.Get(authTokenEnv, ""),
}
}
for starget, kv := range scfg[config.AuditWebhookSubSys] {
subSysTarget := config.AuditWebhookSubSys
if starget != config.Default {
subSysTarget = config.AuditWebhookSubSys + config.SubSystemSeparator + starget
} }
if err := config.CheckValidKeys(subSysTarget, kv, DefaultAuditKVS); err != nil {
return cfg, err
} }
enabled, err := config.ParseBool(kv.Get(config.Enable)) for _, target := range loggerAuditTargets {
if err != nil { enableEnv := EnvAuditWebhookEnable
return cfg, err if target != config.Default {
enableEnv = EnvAuditWebhookEnable + config.Default + target
} }
if !enabled { enable, err := config.ParseBool(env.Get(enableEnv, config.EnableOn))
if err != nil || !enable {
continue continue
} }
endpointEnv := EnvAuditWebhookEndpoint endpointEnv := EnvAuditWebhookEndpoint
if starget != config.Default { if target != config.Default {
endpointEnv = EnvAuditWebhookEndpoint + config.Default + starget endpointEnv = EnvAuditWebhookEndpoint + config.Default + target
} }
legacyEndpointEnv := EnvAuditLoggerHTTPEndpoint legacyEndpointEnv := EnvAuditLoggerHTTPEndpoint
if starget != config.Default { if target != config.Default {
legacyEndpointEnv = EnvAuditLoggerHTTPEndpoint + config.Default + starget legacyEndpointEnv = EnvAuditLoggerHTTPEndpoint + config.Default + target
} }
endpoint := env.Get(legacyEndpointEnv, "") endpoint := env.Get(legacyEndpointEnv, "")
if endpoint == "" { if endpoint == "" {
endpoint = env.Get(endpointEnv, kv.Get(Endpoint)) endpoint = env.Get(endpointEnv, "")
} }
authTokenEnv := EnvAuditWebhookAuthToken authTokenEnv := EnvAuditWebhookAuthToken
if starget != config.Default { if target != config.Default {
authTokenEnv = EnvAuditWebhookAuthToken + config.Default + starget authTokenEnv = EnvAuditWebhookAuthToken + config.Default + target
} }
cfg.Audit[starget] = HTTP{ cfg.Audit[target] = HTTP{
Enabled: true, Enabled: true,
Endpoint: endpoint, Endpoint: endpoint,
AuthToken: env.Get(authTokenEnv, kv.Get(AuthToken)), AuthToken: env.Get(authTokenEnv, ""),
} }
} }
for _, target := range loggerTargets { for starget, kv := range scfg[config.LoggerWebhookSubSys] {
endpointEnv := EnvLoggerWebhookEndpoint if l, ok := cfg.HTTP[starget]; ok && l.Enabled {
if target != config.Default { // Ignore this HTTP logger config since there is
endpointEnv = EnvLoggerWebhookEndpoint + config.Default + target // a target with the same name loaded and enabled
// from the environment.
continue
} }
authTokenEnv := EnvLoggerWebhookAuthToken subSysTarget := config.LoggerWebhookSubSys
if target != config.Default { if starget != config.Default {
authTokenEnv = EnvLoggerWebhookAuthToken + config.Default + target subSysTarget = config.LoggerWebhookSubSys + config.SubSystemSeparator + starget
} }
cfg.HTTP[target] = HTTP{ if err := config.CheckValidKeys(subSysTarget, kv, DefaultKVS); err != nil {
return cfg, err
}
enabled, err := config.ParseBool(kv.Get(config.Enable))
if err != nil {
return cfg, err
}
if !enabled {
continue
}
cfg.HTTP[starget] = HTTP{
Enabled: true, Enabled: true,
Endpoint: env.Get(endpointEnv, ""), Endpoint: kv.Get(Endpoint),
AuthToken: env.Get(authTokenEnv, ""), AuthToken: kv.Get(AuthToken),
} }
} }
for _, target := range loggerAuditTargets { for starget, kv := range scfg[config.AuditWebhookSubSys] {
endpointEnv := EnvLoggerWebhookEndpoint if l, ok := cfg.Audit[starget]; ok && l.Enabled {
if target != config.Default { // Ignore this audit config since another target
endpointEnv = EnvLoggerWebhookEndpoint + config.Default + target // with the same name is already loaded and enabled
// in the shell environment.
continue
} }
legacyEndpointEnv := EnvAuditLoggerHTTPEndpoint subSysTarget := config.AuditWebhookSubSys
if target != config.Default { if starget != config.Default {
legacyEndpointEnv = EnvAuditLoggerHTTPEndpoint + config.Default + target subSysTarget = config.AuditWebhookSubSys + config.SubSystemSeparator + starget
} }
endpoint := env.Get(legacyEndpointEnv, "") if err := config.CheckValidKeys(subSysTarget, kv, DefaultAuditKVS); err != nil {
if endpoint == "" { return cfg, err
endpoint = env.Get(endpointEnv, "")
} }
authTokenEnv := EnvLoggerWebhookAuthToken enabled, err := config.ParseBool(kv.Get(config.Enable))
if target != config.Default { if err != nil {
authTokenEnv = EnvLoggerWebhookAuthToken + config.Default + target return cfg, err
} }
cfg.Audit[target] = HTTP{ if !enabled {
continue
}
cfg.Audit[starget] = HTTP{
Enabled: true, Enabled: true,
Endpoint: endpoint, Endpoint: kv.Get(Endpoint),
AuthToken: env.Get(authTokenEnv, ""), AuthToken: kv.Get(AuthToken),
} }
} }

Write Preview
Loading…
Cancel
Save