From 81eafc221b69be7fb499eedaaf2bfe405075d9d4 Mon Sep 17 00:00:00 2001
From: hc-github-team-consul-core <github-team-consul-core@hashicorp.com>
Date: Wed, 7 Jun 2023 19:01:05 -0400
Subject: [PATCH] Backport of Add writeAuditRPCEvent to agent_oss into
 release/1.16.x (#17608)

* backport of commit d77784ba51fd6a5d598ea2b87cb6e36e0fed8e72

* backport of commit f5a557dd7a5995094b3af96f1c522d49acfe795b

* backport of commit 1d782d63c437ab16e30d5bd00a6b8c3cbad08845

---------

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
---
 .changelog/_5740.txt   |  3 +++
 .changelog/_5750.txt   |  3 +++
 agent/agent.go         | 11 +++++++++++
 agent/agent_oss.go     |  4 ++++
 agent/config/config.go |  5 +++--
 5 files changed, 24 insertions(+), 2 deletions(-)
 create mode 100644 .changelog/_5740.txt
 create mode 100644 .changelog/_5750.txt

diff --git a/.changelog/_5740.txt b/.changelog/_5740.txt
new file mode 100644
index 000000000..4f1d6f644
--- /dev/null
+++ b/.changelog/_5740.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+api: (Enterprise only) Add `POST /v1/operator/audit-hash` endpoint to calculate the hash of the data used by the audit log hash function and salt.
+```
\ No newline at end of file
diff --git a/.changelog/_5750.txt b/.changelog/_5750.txt
new file mode 100644
index 000000000..027753c72
--- /dev/null
+++ b/.changelog/_5750.txt
@@ -0,0 +1,3 @@
+```release-note:feature
+cli: (Enterprise only) Add a new `consul operator audit hash` command to retrieve and compare the hash of the data used by the audit log hash function and salt.
+```
\ No newline at end of file
diff --git a/agent/agent.go b/agent/agent.go
index 678d110d5..0b06688c4 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -1621,7 +1621,18 @@ func (a *Agent) RPC(ctx context.Context, method string, args interface{}, reply
 			method = e + "." + p[1]
 		}
 	}
+
+	// audit log only on consul clients
+	_, ok := a.delegate.(*consul.Client)
+	if ok {
+		a.writeAuditRPCEvent(method, "OperationStart")
+	}
+
 	a.endpointsLock.RUnlock()
+
+	defer func() {
+		a.writeAuditRPCEvent(method, "OperationComplete")
+	}()
 	return a.delegate.RPC(ctx, method, args, reply)
 }
 
diff --git a/agent/agent_oss.go b/agent/agent_oss.go
index 93e633cc6..e8cfea681 100644
--- a/agent/agent_oss.go
+++ b/agent/agent_oss.go
@@ -69,3 +69,7 @@ func (a *Agent) AgentEnterpriseMeta() *acl.EnterpriseMeta {
 func (a *Agent) registerEntCache() {}
 
 func (*Agent) fillEnterpriseProxyDataSources(*proxycfg.DataSources) {}
+
+func (a *Agent) writeAuditRPCEvent(_ string, _ string) interface{} {
+	return nil
+}
diff --git a/agent/config/config.go b/agent/config/config.go
index e26d6edc4..d8d7149af 100644
--- a/agent/config/config.go
+++ b/agent/config/config.go
@@ -807,8 +807,9 @@ type ConfigEntries struct {
 
 // Audit allows us to enable and define destinations for auditing
 type Audit struct {
-	Enabled *bool                `mapstructure:"enabled"`
-	Sinks   map[string]AuditSink `mapstructure:"sink"`
+	Enabled    *bool                `mapstructure:"enabled"`
+	Sinks      map[string]AuditSink `mapstructure:"sink"`
+	RPCEnabled *bool                `mapstructure:"rpc_enabled"`
 }
 
 // AuditSink can be provided multiple times to define pipelines for auditing