From 8118aae5c14e26c3c0bc2c2fd2687da2e091e0f3 Mon Sep 17 00:00:00 2001 From: Ronald Date: Wed, 7 Jun 2023 18:35:48 -0400 Subject: [PATCH] Add writeAuditRPCEvent to agent_oss (#17607) * Add writeAuditRPCEvent to agent_oss * fix the other diffs * backport change log --- .changelog/_5740.txt | 3 +++ .changelog/_5750.txt | 3 +++ agent/agent.go | 11 +++++++++++ agent/agent_oss.go | 4 ++++ agent/config/config.go | 5 +++-- 5 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 .changelog/_5740.txt create mode 100644 .changelog/_5750.txt diff --git a/.changelog/_5740.txt b/.changelog/_5740.txt new file mode 100644 index 0000000000..4f1d6f6448 --- /dev/null +++ b/.changelog/_5740.txt @@ -0,0 +1,3 @@ +```release-note:feature +api: (Enterprise only) Add `POST /v1/operator/audit-hash` endpoint to calculate the hash of the data used by the audit log hash function and salt. +``` \ No newline at end of file diff --git a/.changelog/_5750.txt b/.changelog/_5750.txt new file mode 100644 index 0000000000..027753c721 --- /dev/null +++ b/.changelog/_5750.txt @@ -0,0 +1,3 @@ +```release-note:feature +cli: (Enterprise only) Add a new `consul operator audit hash` command to retrieve and compare the hash of the data used by the audit log hash function and salt. +``` \ No newline at end of file diff --git a/agent/agent.go b/agent/agent.go index 678d110d53..0b06688c48 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -1621,7 +1621,18 @@ func (a *Agent) RPC(ctx context.Context, method string, args interface{}, reply method = e + "." + p[1] } } + + // audit log only on consul clients + _, ok := a.delegate.(*consul.Client) + if ok { + a.writeAuditRPCEvent(method, "OperationStart") + } + a.endpointsLock.RUnlock() + + defer func() { + a.writeAuditRPCEvent(method, "OperationComplete") + }() return a.delegate.RPC(ctx, method, args, reply) } diff --git a/agent/agent_oss.go b/agent/agent_oss.go index 93e633cc65..e8cfea681b 100644 --- a/agent/agent_oss.go +++ b/agent/agent_oss.go @@ -69,3 +69,7 @@ func (a *Agent) AgentEnterpriseMeta() *acl.EnterpriseMeta { func (a *Agent) registerEntCache() {} func (*Agent) fillEnterpriseProxyDataSources(*proxycfg.DataSources) {} + +func (a *Agent) writeAuditRPCEvent(_ string, _ string) interface{} { + return nil +} diff --git a/agent/config/config.go b/agent/config/config.go index e26d6edc4d..d8d7149afe 100644 --- a/agent/config/config.go +++ b/agent/config/config.go @@ -807,8 +807,9 @@ type ConfigEntries struct { // Audit allows us to enable and define destinations for auditing type Audit struct { - Enabled *bool `mapstructure:"enabled"` - Sinks map[string]AuditSink `mapstructure:"sink"` + Enabled *bool `mapstructure:"enabled"` + Sinks map[string]AuditSink `mapstructure:"sink"` + RPCEnabled *bool `mapstructure:"rpc_enabled"` } // AuditSink can be provided multiple times to define pipelines for auditing