diff --git a/command/agent/agent.go b/command/agent/agent.go index 19c82bee1..42f21322f 100644 --- a/command/agent/agent.go +++ b/command/agent/agent.go @@ -1,6 +1,7 @@ package agent import ( + "context" "fmt" "io" "io/ioutil" @@ -1005,10 +1006,16 @@ func (a *Agent) Reload(newConfig *Config) error { // Update eventer config if newConfig.Audit != nil { - if err := a.entReloadEventer(a.config.Audit); err != nil { + if err := a.entReloadEventer(newConfig.Audit); err != nil { return err } } + // Allow auditor to call reopen regardless of config changes + // This is primarily for enterprise audit logging to allow the underlying + // file to be reopened if necessary + if err := a.auditor.Reopen(); err != nil { + return err + } fullUpdateTLSConfig := func() { // Completely reload the agent's TLS configuration (moving from non-TLS to @@ -1081,3 +1088,26 @@ func (a *Agent) setupConsul(consulConfig *config.ConsulConfig) error { go a.consulService.Run() return nil } + +// noOpAuditor is a no-op Auditor that fulfills the +// event.Auditor interface. +type noOpAuditor struct{} + +// Ensure noOpAuditor is an Auditor +var _ event.Auditor = &noOpAuditor{} + +func (e *noOpAuditor) Event(ctx context.Context, eventType string, payload interface{}) error { + return nil +} + +func (e *noOpAuditor) Enabled() bool { + return false +} + +func (e *noOpAuditor) Reopen() error { + return nil +} + +func (e *noOpAuditor) SetEnabled(enabled bool) {} + +func (e *noOpAuditor) DeliveryEnforced() bool { return false } diff --git a/command/agent/agent_oss.go b/command/agent/agent_oss.go index 3ad179d0b..255d21f39 100644 --- a/command/agent/agent_oss.go +++ b/command/agent/agent_oss.go @@ -3,34 +3,10 @@ package agent import ( - "context" - hclog "github.com/hashicorp/go-hclog" - "github.com/hashicorp/nomad/command/agent/event" "github.com/hashicorp/nomad/nomad/structs/config" ) -type noOpAuditor struct{} - -// Ensure noOpAuditor is an Eventer -var _ event.Auditor = &noOpAuditor{} - -func (e *noOpAuditor) Event(ctx context.Context, eventType string, payload interface{}) error { - return nil -} - -func (e *noOpAuditor) Enabled() bool { - return false -} - -func (e *noOpAuditor) Reopen() error { - return nil -} - -func (e *noOpAuditor) SetEnabled(enabled bool) {} - -func (e *noOpAuditor) DeliveryEnforced() bool { return false } - func (a *Agent) setupEnterpriseAgent(log hclog.Logger) error { // configure eventer a.auditor = &noOpAuditor{} diff --git a/command/agent/agent_test.go b/command/agent/agent_test.go index 6950da55b..c5d5e232f 100644 --- a/command/agent/agent_test.go +++ b/command/agent/agent_test.go @@ -657,7 +657,8 @@ func TestServer_Reload_TLS_Certificate(t *testing.T) { } agent := &Agent{ - config: agentConfig, + auditor: &noOpAuditor{}, + config: agentConfig, } newConfig := &Config{ @@ -705,7 +706,8 @@ func TestServer_Reload_TLS_Certificate_Invalid(t *testing.T) { } agent := &Agent{ - config: agentConfig, + auditor: &noOpAuditor{}, + config: agentConfig, } newConfig := &Config{ @@ -784,8 +786,9 @@ func TestServer_Reload_TLS_UpgradeToTLS(t *testing.T) { } agent := &Agent{ - logger: logger, - config: agentConfig, + auditor: &noOpAuditor{}, + logger: logger, + config: agentConfig, } newConfig := &Config{ diff --git a/command/agent/http.go b/command/agent/http.go index 82d689d72..cb31a76a8 100644 --- a/command/agent/http.go +++ b/command/agent/http.go @@ -513,7 +513,7 @@ func (s *HTTPServer) wrapNonJSON(handler func(resp http.ResponseWriter, req *htt defer func() { s.logger.Debug("request complete", "method", req.Method, "path", reqURL, "duration", time.Now().Sub(start)) }() - obj, err := s.auditByteHandler(handler)(resp, req) + obj, err := s.auditNonJSONHandler(handler)(resp, req) // Check for an error if err != nil { diff --git a/command/agent/http_oss.go b/command/agent/http_oss.go index 71d73e8fa..b99fe79c6 100644 --- a/command/agent/http_oss.go +++ b/command/agent/http_oss.go @@ -27,7 +27,7 @@ func (s HTTPServer) auditHandler(h handlerFn) handlerFn { return h } -func (s *HTTPServer) auditByteHandler(h handlerByteFn) handlerByteFn { +func (s *HTTPServer) auditNonJSONHandler(h handlerByteFn) handlerByteFn { return h }