Merge pull request #7878 from hashicorp/oss-sync/auditing-http
http: migrate from instrumentation in s.wrap() to an s.enterpriseHand…
This commit is contained in:
commit
70761a345f
|
@ -350,6 +350,7 @@ func (s *HTTPServer) handler(enableDebug bool) http.Handler {
|
||||||
if s.agent.config.DisableHTTPUnprintableCharFilter {
|
if s.agent.config.DisableHTTPUnprintableCharFilter {
|
||||||
h = mux
|
h = mux
|
||||||
}
|
}
|
||||||
|
h = s.enterpriseHandler(h)
|
||||||
return &wrappedMux{
|
return &wrappedMux{
|
||||||
mux: mux,
|
mux: mux,
|
||||||
handler: h,
|
handler: h,
|
||||||
|
@ -399,10 +400,6 @@ var (
|
||||||
func (s *HTTPServer) wrap(handler endpoint, methods []string) http.HandlerFunc {
|
func (s *HTTPServer) wrap(handler endpoint, methods []string) http.HandlerFunc {
|
||||||
httpLogger := s.agent.logger.Named(logging.HTTP)
|
httpLogger := s.agent.logger.Named(logging.HTTP)
|
||||||
return func(resp http.ResponseWriter, req *http.Request) {
|
return func(resp http.ResponseWriter, req *http.Request) {
|
||||||
|
|
||||||
// Audit log the request
|
|
||||||
reqPayload := s.auditReq(req)
|
|
||||||
|
|
||||||
setHeaders(resp, s.agent.config.HTTPResponseHeaders)
|
setHeaders(resp, s.agent.config.HTTPResponseHeaders)
|
||||||
setTranslateAddr(resp, s.agent.config.TranslateWANAddrs)
|
setTranslateAddr(resp, s.agent.config.TranslateWANAddrs)
|
||||||
|
|
||||||
|
@ -480,44 +477,33 @@ func (s *HTTPServer) wrap(handler endpoint, methods []string) http.HandlerFunc {
|
||||||
"from", req.RemoteAddr,
|
"from", req.RemoteAddr,
|
||||||
"error", err,
|
"error", err,
|
||||||
)
|
)
|
||||||
var httpCode int
|
|
||||||
switch {
|
switch {
|
||||||
case isForbidden(err):
|
case isForbidden(err):
|
||||||
httpCode = http.StatusForbidden
|
resp.WriteHeader(http.StatusForbidden)
|
||||||
resp.WriteHeader(httpCode)
|
|
||||||
fmt.Fprint(resp, err.Error())
|
fmt.Fprint(resp, err.Error())
|
||||||
case structs.IsErrRPCRateExceeded(err):
|
case structs.IsErrRPCRateExceeded(err):
|
||||||
httpCode = http.StatusTooManyRequests
|
resp.WriteHeader(http.StatusTooManyRequests)
|
||||||
resp.WriteHeader(httpCode)
|
|
||||||
case isMethodNotAllowed(err):
|
case isMethodNotAllowed(err):
|
||||||
// RFC2616 states that for 405 Method Not Allowed the response
|
// RFC2616 states that for 405 Method Not Allowed the response
|
||||||
// MUST include an Allow header containing the list of valid
|
// MUST include an Allow header containing the list of valid
|
||||||
// methods for the requested resource.
|
// methods for the requested resource.
|
||||||
// https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
|
// https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
|
||||||
addAllowHeader(err.(MethodNotAllowedError).Allow)
|
addAllowHeader(err.(MethodNotAllowedError).Allow)
|
||||||
httpCode = http.StatusMethodNotAllowed
|
resp.WriteHeader(http.StatusMethodNotAllowed) // 405
|
||||||
resp.WriteHeader(httpCode) // 405
|
|
||||||
fmt.Fprint(resp, err.Error())
|
fmt.Fprint(resp, err.Error())
|
||||||
case isBadRequest(err):
|
case isBadRequest(err):
|
||||||
httpCode = http.StatusBadRequest
|
resp.WriteHeader(http.StatusBadRequest)
|
||||||
resp.WriteHeader(httpCode)
|
|
||||||
fmt.Fprint(resp, err.Error())
|
fmt.Fprint(resp, err.Error())
|
||||||
case isNotFound(err):
|
case isNotFound(err):
|
||||||
httpCode = http.StatusNotFound
|
resp.WriteHeader(http.StatusNotFound)
|
||||||
resp.WriteHeader(httpCode)
|
|
||||||
fmt.Fprintf(resp, err.Error())
|
fmt.Fprintf(resp, err.Error())
|
||||||
case isTooManyRequests(err):
|
case isTooManyRequests(err):
|
||||||
httpCode = http.StatusTooManyRequests
|
resp.WriteHeader(http.StatusTooManyRequests)
|
||||||
resp.WriteHeader(httpCode)
|
|
||||||
fmt.Fprint(resp, err.Error())
|
fmt.Fprint(resp, err.Error())
|
||||||
default:
|
default:
|
||||||
httpCode = http.StatusInternalServerError
|
resp.WriteHeader(http.StatusInternalServerError)
|
||||||
resp.WriteHeader(httpCode)
|
|
||||||
fmt.Fprint(resp, err.Error())
|
fmt.Fprint(resp, err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
// Audit log the error response
|
|
||||||
s.auditResp(reqPayload, httpCode)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
start := time.Now()
|
start := time.Now()
|
||||||
|
@ -592,10 +578,6 @@ func (s *HTTPServer) wrap(handler endpoint, methods []string) http.HandlerFunc {
|
||||||
}
|
}
|
||||||
resp.Header().Set("Content-Type", contentType)
|
resp.Header().Set("Content-Type", contentType)
|
||||||
resp.WriteHeader(httpCode)
|
resp.WriteHeader(httpCode)
|
||||||
|
|
||||||
// Audit log the success response
|
|
||||||
s.auditResp(reqPayload, httpCode)
|
|
||||||
|
|
||||||
resp.Write(buf)
|
resp.Write(buf)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -53,13 +53,7 @@ func parseACLAuthMethodEnterpriseMeta(req *http.Request, _ *structs.ACLAuthMetho
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// auditReq is a noop stub for the corresponding func in http_ent.go
|
// enterpriseHandler is a noop for the enterprise implementation. we pass the original back
|
||||||
func (s *HTTPServer) auditReq(req *http.Request) interface{} {
|
func (s *HTTPServer) enterpriseHandler(next http.Handler) http.Handler {
|
||||||
// note(kit): We return an nil here so we can pass it to auditResp. Auditing the response requires the
|
return next
|
||||||
// request object for context, so we have it pass it even when it's disabled
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// auditResp is a noop stub for the corresponding func in http_ent.go
|
|
||||||
func (s *HTTPServer) auditResp(reqPayload interface{}, httpCode int) {
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue