luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Backport of Add writeAuditRPCEvent to agent_oss into release/1.16.x (#17608) 

* backport of commit d77784ba51fd6a5d598ea2b87cb6e36e0fed8e72

* backport of commit f5a557dd7a5995094b3af96f1c522d49acfe795b

* backport of commit 1d782d63c437ab16e30d5bd00a6b8c3cbad08845

---------

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
This commit is contained in:
hc-github-team-consul-core 2023-06-07 19:01:05 -04:00 committed by GitHub
parent c9143cff36
commit 81eafc221b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.changelog/_5740.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
api: (Enterprise only) Add `POST /v1/operator/audit-hash` endpoint to calculate the hash of the data used by the audit log hash function and salt.
```

3
.changelog/_5750.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
cli: (Enterprise only) Add a new `consul operator audit hash` command to retrieve and compare the hash of the data used by the audit log hash function and salt.
```

11
agent/agent.go
View File

@ -1621,7 +1621,18 @@ func (a *Agent) RPC(ctx context.Context, method string, args interface{}, reply
method = e + "." + p[1] method = e + "." + p[1]
} }
} }
// audit log only on consul clients
_, ok := a.delegate.(*consul.Client)
if ok {
a.writeAuditRPCEvent(method, "OperationStart")
}
a.endpointsLock.RUnlock() a.endpointsLock.RUnlock()
defer func() {
a.writeAuditRPCEvent(method, "OperationComplete")
}()
return a.delegate.RPC(ctx, method, args, reply) return a.delegate.RPC(ctx, method, args, reply)
} }

4
agent/agent_oss.go
View File

@ -69,3 +69,7 @@ func (a *Agent) AgentEnterpriseMeta() *acl.EnterpriseMeta {
func (a *Agent) registerEntCache() {} func (a *Agent) registerEntCache() {}
func (*Agent) fillEnterpriseProxyDataSources(*proxycfg.DataSources) {} func (*Agent) fillEnterpriseProxyDataSources(*proxycfg.DataSources) {}
func (a *Agent) writeAuditRPCEvent(_ string, _ string) interface{} {
return nil
}

5
agent/config/config.go
View File

@ -807,8 +807,9 @@ type ConfigEntries struct {
// Audit allows us to enable and define destinations for auditing // Audit allows us to enable and define destinations for auditing
type Audit struct { type Audit struct {
Enabled *bool `mapstructure:"enabled"` Enabled *bool `mapstructure:"enabled"`
Sinks map[string]AuditSink `mapstructure:"sink"` Sinks map[string]AuditSink `mapstructure:"sink"`
RPCEnabled *bool `mapstructure:"rpc_enabled"`
} }
// AuditSink can be provided multiple times to define pipelines for auditing // AuditSink can be provided multiple times to define pipelines for auditing