Add writeAuditRPCEvent to agent_oss (#17607)

* Add writeAuditRPCEvent to agent_oss

* fix the other diffs

* backport change log
This commit is contained in:
Ronald 2023-06-07 18:35:48 -04:00 committed by GitHub
parent 1e920a7f01
commit 8118aae5c1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 24 additions and 2 deletions

3
.changelog/_5740.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
api: (Enterprise only) Add `POST /v1/operator/audit-hash` endpoint to calculate the hash of the data used by the audit log hash function and salt.
```

3
.changelog/_5750.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
cli: (Enterprise only) Add a new `consul operator audit hash` command to retrieve and compare the hash of the data used by the audit log hash function and salt.
```

View File

@ -1621,7 +1621,18 @@ func (a *Agent) RPC(ctx context.Context, method string, args interface{}, reply
method = e + "." + p[1]
}
}
// audit log only on consul clients
_, ok := a.delegate.(*consul.Client)
if ok {
a.writeAuditRPCEvent(method, "OperationStart")
}
a.endpointsLock.RUnlock()
defer func() {
a.writeAuditRPCEvent(method, "OperationComplete")
}()
return a.delegate.RPC(ctx, method, args, reply)
}

View File

@ -69,3 +69,7 @@ func (a *Agent) AgentEnterpriseMeta() *acl.EnterpriseMeta {
func (a *Agent) registerEntCache() {}
func (*Agent) fillEnterpriseProxyDataSources(*proxycfg.DataSources) {}
func (a *Agent) writeAuditRPCEvent(_ string, _ string) interface{} {
return nil
}

View File

@ -807,8 +807,9 @@ type ConfigEntries struct {
// Audit allows us to enable and define destinations for auditing
type Audit struct {
Enabled *bool `mapstructure:"enabled"`
Sinks map[string]AuditSink `mapstructure:"sink"`
Enabled *bool `mapstructure:"enabled"`
Sinks map[string]AuditSink `mapstructure:"sink"`
RPCEnabled *bool `mapstructure:"rpc_enabled"`
}
// AuditSink can be provided multiple times to define pipelines for auditing