Backport of Add writeAuditRPCEvent to agent_oss into release/1.16.x (#17608)
* backport of commit d77784ba51fd6a5d598ea2b87cb6e36e0fed8e72 * backport of commit f5a557dd7a5995094b3af96f1c522d49acfe795b * backport of commit 1d782d63c437ab16e30d5bd00a6b8c3cbad08845 --------- Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
This commit is contained in:
parent
c9143cff36
commit
81eafc221b
|
@ -0,0 +1,3 @@
|
|||
```release-note:feature
|
||||
api: (Enterprise only) Add `POST /v1/operator/audit-hash` endpoint to calculate the hash of the data used by the audit log hash function and salt.
|
||||
```
|
|
@ -0,0 +1,3 @@
|
|||
```release-note:feature
|
||||
cli: (Enterprise only) Add a new `consul operator audit hash` command to retrieve and compare the hash of the data used by the audit log hash function and salt.
|
||||
```
|
|
@ -1621,7 +1621,18 @@ func (a *Agent) RPC(ctx context.Context, method string, args interface{}, reply
|
|||
method = e + "." + p[1]
|
||||
}
|
||||
}
|
||||
|
||||
// audit log only on consul clients
|
||||
_, ok := a.delegate.(*consul.Client)
|
||||
if ok {
|
||||
a.writeAuditRPCEvent(method, "OperationStart")
|
||||
}
|
||||
|
||||
a.endpointsLock.RUnlock()
|
||||
|
||||
defer func() {
|
||||
a.writeAuditRPCEvent(method, "OperationComplete")
|
||||
}()
|
||||
return a.delegate.RPC(ctx, method, args, reply)
|
||||
}
|
||||
|
||||
|
|
|
@ -69,3 +69,7 @@ func (a *Agent) AgentEnterpriseMeta() *acl.EnterpriseMeta {
|
|||
func (a *Agent) registerEntCache() {}
|
||||
|
||||
func (*Agent) fillEnterpriseProxyDataSources(*proxycfg.DataSources) {}
|
||||
|
||||
func (a *Agent) writeAuditRPCEvent(_ string, _ string) interface{} {
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -807,8 +807,9 @@ type ConfigEntries struct {
|
|||
|
||||
// Audit allows us to enable and define destinations for auditing
|
||||
type Audit struct {
|
||||
Enabled *bool `mapstructure:"enabled"`
|
||||
Sinks map[string]AuditSink `mapstructure:"sink"`
|
||||
Enabled *bool `mapstructure:"enabled"`
|
||||
Sinks map[string]AuditSink `mapstructure:"sink"`
|
||||
RPCEnabled *bool `mapstructure:"rpc_enabled"`
|
||||
}
|
||||
|
||||
// AuditSink can be provided multiple times to define pipelines for auditing
|
||||
|
|
Loading…
Reference in New Issue