Merge pull request #10200 from hashicorp/dnephin/backport-audit-log-config-changes

config: backport audit log config changes from enterprise
2021-05-19 10:58:28 -04:00 · 2021-05-19 10:58:28 -04:00 · d9959ba811
parent dd040e13d6 1cb8d5e476
commit d9959ba811
5 changed files with 8 additions and 8 deletions
--- a/agent/config/builder.go
+++ b/agent/config/builder.go
@ -332,9 +332,11 @@ func (b *builder) Build() (rt RuntimeConfig, err error) {

 		var unusedErr error
 		for _, k := range md.Unused {
-			switch k {
-			case "acl_enforce_version_8":
+			switch {
+			case k == "acl_enforce_version_8":
 				b.warn("config key %q is deprecated and should be removed", k)
+			case strings.HasPrefix(k, "audit.sink[") && strings.HasSuffix(k, "].name"):
+				b.warn("config key audit.sink[].name is deprecated and should be removed")
 			default:
 				unusedErr = multierror.Append(unusedErr, fmt.Errorf("invalid config key %s", k))
 			}
--- a/agent/config/builder_oss.go
+++ b/agent/config/builder_oss.go
@ -46,9 +46,8 @@ func validateEnterpriseConfigKeys(config *Config) []error {
 		add("acl.tokens.managed_service_provider")
 		config.ACL.Tokens.ManagedServiceProvider = nil
 	}
-	if config.Audit != nil {
+	if boolVal(config.Audit.Enabled) || len(config.Audit.Sinks) > 0 {
 		add("audit")
-		config.Audit = nil
 	}

 	return result
--- a/agent/config/config.go
+++ b/agent/config/config.go
@ -282,7 +282,7 @@ type Config struct {
 	VersionPrerelease          *string  `mapstructure:"version_prerelease"`

 	// Enterprise Only
-	Audit *Audit `mapstructure:"audit"`
+	Audit Audit `mapstructure:"audit"`
 	// Enterprise Only
 	ReadReplica *bool `mapstructure:"read_replica" alias:"non_voting_server"`
 	// Enterprise Only
@ -761,7 +761,6 @@ type Audit struct {

 // AuditSink can be provided multiple times to define pipelines for auditing
 type AuditSink struct {
-	Name              *string `mapstructure:"name"`
 	Type              *string `mapstructure:"type"`
 	Format            *string `mapstructure:"format"`
 	Path              *string `mapstructure:"path"`
--- a/agent/config/testdata/full-config.hcl
+++ b/agent/config/testdata/full-config.hcl
@ -47,7 +47,7 @@ advertise_addr = "17.99.29.16"
 advertise_addr_wan = "78.63.37.19"
 advertise_reconnect_timeout = "0s"
 audit = {
-    enabled = false
+    enabled = true
 }
 auto_config = {
    enabled = false
--- a/agent/config/testdata/full-config.json
+++ b/agent/config/testdata/full-config.json
@ -48,7 +48,7 @@
  "advertise_addr_wan": "78.63.37.19",
  "advertise_reconnect_timeout": "0s",
  "audit": {
-    "enabled": false
+    "enabled": true
  },
  "auto_config": {
    "enabled": false,