From 0707dc3d6b875df6647e29f4d03bc25bf92f9796 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 6 May 2021 17:09:18 -0400 Subject: [PATCH 1/2] Backport audit log config changes from enterprise --- agent/config/builder_oss.go | 3 +-- agent/config/config.go | 3 +-- agent/config/testdata/full-config.hcl | 2 +- agent/config/testdata/full-config.json | 2 +- 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/agent/config/builder_oss.go b/agent/config/builder_oss.go index 68e6f53ee..e55a0f990 100644 --- a/agent/config/builder_oss.go +++ b/agent/config/builder_oss.go @@ -46,9 +46,8 @@ func validateEnterpriseConfigKeys(config *Config) []error { add("acl.tokens.managed_service_provider") config.ACL.Tokens.ManagedServiceProvider = nil } - if config.Audit != nil { + if boolVal(config.Audit.Enabled) || len(config.Audit.Sinks) > 0 { add("audit") - config.Audit = nil } return result diff --git a/agent/config/config.go b/agent/config/config.go index 149d7f16f..50dce655c 100644 --- a/agent/config/config.go +++ b/agent/config/config.go @@ -282,7 +282,7 @@ type Config struct { VersionPrerelease *string `mapstructure:"version_prerelease"` // Enterprise Only - Audit *Audit `mapstructure:"audit"` + Audit Audit `mapstructure:"audit"` // Enterprise Only ReadReplica *bool `mapstructure:"read_replica" alias:"non_voting_server"` // Enterprise Only @@ -761,7 +761,6 @@ type Audit struct { // AuditSink can be provided multiple times to define pipelines for auditing type AuditSink struct { - Name *string `mapstructure:"name"` Type *string `mapstructure:"type"` Format *string `mapstructure:"format"` Path *string `mapstructure:"path"` diff --git a/agent/config/testdata/full-config.hcl b/agent/config/testdata/full-config.hcl index a54ca3090..05a7a071c 100644 --- a/agent/config/testdata/full-config.hcl +++ b/agent/config/testdata/full-config.hcl @@ -47,7 +47,7 @@ advertise_addr = "17.99.29.16" advertise_addr_wan = "78.63.37.19" advertise_reconnect_timeout = "0s" audit = { - enabled = false + enabled = true } auto_config = { enabled = false diff --git a/agent/config/testdata/full-config.json b/agent/config/testdata/full-config.json index 06d8966e2..7a817c538 100644 --- a/agent/config/testdata/full-config.json +++ b/agent/config/testdata/full-config.json @@ -48,7 +48,7 @@ "advertise_addr_wan": "78.63.37.19", "advertise_reconnect_timeout": "0s", "audit": { - "enabled": false + "enabled": true }, "auto_config": { "enabled": false, From 1cb8d5e47602397c8c275296289f6465a8bb6536 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 8 Apr 2021 14:07:32 -0400 Subject: [PATCH 2/2] config: handled deprecated config key with a warning --- agent/config/builder.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/agent/config/builder.go b/agent/config/builder.go index f4e0c33b8..b17df1197 100644 --- a/agent/config/builder.go +++ b/agent/config/builder.go @@ -332,9 +332,11 @@ func (b *builder) Build() (rt RuntimeConfig, err error) { var unusedErr error for _, k := range md.Unused { - switch k { - case "acl_enforce_version_8": + switch { + case k == "acl_enforce_version_8": b.warn("config key %q is deprecated and should be removed", k) + case strings.HasPrefix(k, "audit.sink[") && strings.HasSuffix(k, "].name"): + b.warn("config key audit.sink[].name is deprecated and should be removed") default: unusedErr = multierror.Append(unusedErr, fmt.Errorf("invalid config key %s", k)) }