2021-04-18 21:41:13 +02:00
|
|
|
// Copyright (c) 2015-2021 MinIO, Inc.
|
|
|
|
|
//
|
|
|
|
|
// This file is part of MinIO Object Storage stack
|
|
|
|
|
//
|
|
|
|
|
// This program is free software: you can redistribute it and/or modify
|
|
|
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
// (at your option) any later version.
|
|
|
|
|
//
|
|
|
|
|
// This program is distributed in the hope that it will be useful
|
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
// GNU Affero General Public License for more details.
|
|
|
|
|
//
|
|
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
|
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
2019-10-08 07:47:56 +02:00
|
|
|
|
|
|
|
|
package logger
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"strings"
|
|
|
|
|
|
2019-10-23 07:59:13 +02:00
|
|
|
"github.com/minio/minio/cmd/config"
|
2019-10-08 07:47:56 +02:00
|
|
|
"github.com/minio/minio/pkg/env"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Console logger target
|
|
|
|
|
type Console struct {
|
|
|
|
|
Enabled bool `json:"enabled"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// HTTP logger target
|
|
|
|
|
type HTTP struct {
|
2021-03-01 18:19:13 +01:00
|
|
|
Enabled bool `json:"enabled"`
|
|
|
|
|
Endpoint string `json:"endpoint"`
|
|
|
|
|
AuthToken string `json:"authToken"`
|
|
|
|
|
ClientCert string `json:"clientCert"`
|
|
|
|
|
ClientKey string `json:"clientKey"`
|
2019-10-08 07:47:56 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Config console and http logger targets
|
|
|
|
|
type Config struct {
|
|
|
|
|
Console Console `json:"console"`
|
|
|
|
|
HTTP map[string]HTTP `json:"http"`
|
|
|
|
|
Audit map[string]HTTP `json:"audit"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// HTTP endpoint logger
|
|
|
|
|
const (
|
2021-03-01 18:19:13 +01:00
|
|
|
Endpoint = "endpoint"
|
|
|
|
|
AuthToken = "auth_token"
|
|
|
|
|
ClientCert = "client_cert"
|
|
|
|
|
ClientKey = "client_key"
|
2019-10-23 07:59:13 +02:00
|
|
|
|
2020-04-28 12:40:51 +02:00
|
|
|
EnvLoggerWebhookEnable = "MINIO_LOGGER_WEBHOOK_ENABLE"
|
2019-11-14 02:38:05 +01:00
|
|
|
EnvLoggerWebhookEndpoint = "MINIO_LOGGER_WEBHOOK_ENDPOINT"
|
|
|
|
|
EnvLoggerWebhookAuthToken = "MINIO_LOGGER_WEBHOOK_AUTH_TOKEN"
|
2019-10-23 07:59:13 +02:00
|
|
|
|
2021-03-01 18:19:13 +01:00
|
|
|
EnvAuditWebhookEnable = "MINIO_AUDIT_WEBHOOK_ENABLE"
|
|
|
|
|
EnvAuditWebhookEndpoint = "MINIO_AUDIT_WEBHOOK_ENDPOINT"
|
|
|
|
|
EnvAuditWebhookAuthToken = "MINIO_AUDIT_WEBHOOK_AUTH_TOKEN"
|
|
|
|
|
EnvAuditWebhookClientCert = "MINIO_AUDIT_WEBHOOK_CLIENT_CERT"
|
|
|
|
|
EnvAuditWebhookClientKey = "MINIO_AUDIT_WEBHOOK_CLIENT_KEY"
|
2019-10-08 07:47:56 +02:00
|
|
|
)
|
|
|
|
|
|
2019-10-23 07:59:13 +02:00
|
|
|
// Default KVS for loggerHTTP and loggerAuditHTTP
|
|
|
|
|
var (
|
|
|
|
|
DefaultKVS = config.KVS{
|
2019-11-21 00:10:24 +01:00
|
|
|
config.KV{
|
2019-12-05 00:32:37 +01:00
|
|
|
Key: config.Enable,
|
|
|
|
|
Value: config.EnableOff,
|
2019-11-21 00:10:24 +01:00
|
|
|
},
|
|
|
|
|
config.KV{
|
|
|
|
|
Key: Endpoint,
|
|
|
|
|
Value: "",
|
|
|
|
|
},
|
|
|
|
|
config.KV{
|
|
|
|
|
Key: AuthToken,
|
|
|
|
|
Value: "",
|
|
|
|
|
},
|
2019-10-23 07:59:13 +02:00
|
|
|
}
|
|
|
|
|
DefaultAuditKVS = config.KVS{
|
2019-11-21 00:10:24 +01:00
|
|
|
config.KV{
|
2019-12-05 00:32:37 +01:00
|
|
|
Key: config.Enable,
|
|
|
|
|
Value: config.EnableOff,
|
2019-11-21 00:10:24 +01:00
|
|
|
},
|
|
|
|
|
config.KV{
|
|
|
|
|
Key: Endpoint,
|
|
|
|
|
Value: "",
|
|
|
|
|
},
|
|
|
|
|
config.KV{
|
|
|
|
|
Key: AuthToken,
|
|
|
|
|
Value: "",
|
|
|
|
|
},
|
2021-03-01 18:19:13 +01:00
|
|
|
config.KV{
|
|
|
|
|
Key: ClientCert,
|
|
|
|
|
Value: "",
|
|
|
|
|
},
|
|
|
|
|
config.KV{
|
|
|
|
|
Key: ClientKey,
|
|
|
|
|
Value: "",
|
|
|
|
|
},
|
2019-10-23 07:59:13 +02:00
|
|
|
}
|
2019-10-08 07:47:56 +02:00
|
|
|
)
|
|
|
|
|
|
2019-10-09 08:11:15 +02:00
|
|
|
// NewConfig - initialize new logger config.
|
|
|
|
|
func NewConfig() Config {
|
|
|
|
|
cfg := Config{
|
|
|
|
|
// Console logging is on by default
|
|
|
|
|
Console: Console{
|
|
|
|
|
Enabled: true,
|
|
|
|
|
},
|
|
|
|
|
HTTP: make(map[string]HTTP),
|
|
|
|
|
Audit: make(map[string]HTTP),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Create an example HTTP logger
|
2019-10-23 07:59:13 +02:00
|
|
|
cfg.HTTP[config.Default] = HTTP{
|
2019-10-09 08:11:15 +02:00
|
|
|
Endpoint: "https://username:password@example.com/api",
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Create an example Audit logger
|
2019-10-23 07:59:13 +02:00
|
|
|
cfg.Audit[config.Default] = HTTP{
|
2019-10-09 08:11:15 +02:00
|
|
|
Endpoint: "https://username:password@example.com/api/audit",
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return cfg
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-29 00:20:40 +02:00
|
|
|
func lookupLegacyConfig() (Config, error) {
|
|
|
|
|
cfg := NewConfig()
|
|
|
|
|
|
|
|
|
|
var loggerTargets []string
|
|
|
|
|
envs := env.List(legacyEnvLoggerHTTPEndpoint)
|
|
|
|
|
for _, k := range envs {
|
|
|
|
|
target := strings.TrimPrefix(k, legacyEnvLoggerHTTPEndpoint+config.Default)
|
|
|
|
|
if target == legacyEnvLoggerHTTPEndpoint {
|
|
|
|
|
target = config.Default
|
|
|
|
|
}
|
|
|
|
|
loggerTargets = append(loggerTargets, target)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Load HTTP logger from the environment if found
|
|
|
|
|
for _, target := range loggerTargets {
|
|
|
|
|
endpointEnv := legacyEnvLoggerHTTPEndpoint
|
|
|
|
|
if target != config.Default {
|
|
|
|
|
endpointEnv = legacyEnvLoggerHTTPEndpoint + config.Default + target
|
|
|
|
|
}
|
|
|
|
|
endpoint := env.Get(endpointEnv, "")
|
|
|
|
|
if endpoint == "" {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
cfg.HTTP[target] = HTTP{
|
|
|
|
|
Enabled: true,
|
|
|
|
|
Endpoint: endpoint,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// List legacy audit ENVs if any.
|
|
|
|
|
var loggerAuditTargets []string
|
|
|
|
|
envs = env.List(legacyEnvAuditLoggerHTTPEndpoint)
|
|
|
|
|
for _, k := range envs {
|
|
|
|
|
target := strings.TrimPrefix(k, legacyEnvAuditLoggerHTTPEndpoint+config.Default)
|
|
|
|
|
if target == legacyEnvAuditLoggerHTTPEndpoint {
|
|
|
|
|
target = config.Default
|
|
|
|
|
}
|
|
|
|
|
loggerAuditTargets = append(loggerAuditTargets, target)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, target := range loggerAuditTargets {
|
|
|
|
|
endpointEnv := legacyEnvAuditLoggerHTTPEndpoint
|
|
|
|
|
if target != config.Default {
|
|
|
|
|
endpointEnv = legacyEnvAuditLoggerHTTPEndpoint + config.Default + target
|
|
|
|
|
}
|
|
|
|
|
endpoint := env.Get(endpointEnv, "")
|
|
|
|
|
if endpoint == "" {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
cfg.Audit[target] = HTTP{
|
|
|
|
|
Enabled: true,
|
|
|
|
|
Endpoint: endpoint,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return cfg, nil
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-08 07:47:56 +02:00
|
|
|
// LookupConfig - lookup logger config, override with ENVs if set.
|
2019-10-23 07:59:13 +02:00
|
|
|
func LookupConfig(scfg config.Config) (Config, error) {
|
2020-04-29 00:20:40 +02:00
|
|
|
// Lookup for legacy environment variables first
|
|
|
|
|
cfg, err := lookupLegacyConfig()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return cfg, err
|
|
|
|
|
}
|
2019-10-23 07:59:13 +02:00
|
|
|
|
2019-11-14 02:38:05 +01:00
|
|
|
envs := env.List(EnvLoggerWebhookEndpoint)
|
2019-10-23 07:59:13 +02:00
|
|
|
var loggerTargets []string
|
2019-10-12 03:21:04 +02:00
|
|
|
for _, k := range envs {
|
2019-11-14 02:38:05 +01:00
|
|
|
target := strings.TrimPrefix(k, EnvLoggerWebhookEndpoint+config.Default)
|
|
|
|
|
if target == EnvLoggerWebhookEndpoint {
|
2019-10-23 07:59:13 +02:00
|
|
|
target = config.Default
|
2019-10-08 07:47:56 +02:00
|
|
|
}
|
2019-10-23 07:59:13 +02:00
|
|
|
loggerTargets = append(loggerTargets, target)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var loggerAuditTargets []string
|
2019-11-14 02:38:05 +01:00
|
|
|
envs = env.List(EnvAuditWebhookEndpoint)
|
2019-10-23 07:59:13 +02:00
|
|
|
for _, k := range envs {
|
2019-11-14 02:38:05 +01:00
|
|
|
target := strings.TrimPrefix(k, EnvAuditWebhookEndpoint+config.Default)
|
|
|
|
|
if target == EnvAuditWebhookEndpoint {
|
2019-10-23 07:59:13 +02:00
|
|
|
target = config.Default
|
2019-10-08 07:47:56 +02:00
|
|
|
}
|
2019-10-23 07:59:13 +02:00
|
|
|
loggerAuditTargets = append(loggerAuditTargets, target)
|
2019-10-08 07:47:56 +02:00
|
|
|
}
|
2019-10-23 07:59:13 +02:00
|
|
|
|
2020-04-28 12:40:51 +02:00
|
|
|
// Load HTTP logger from the environment if found
|
|
|
|
|
for _, target := range loggerTargets {
|
2020-04-29 00:20:40 +02:00
|
|
|
if v, ok := cfg.HTTP[target]; ok && v.Enabled {
|
|
|
|
|
// This target is already enabled using the
|
|
|
|
|
// legacy environment variables, ignore.
|
|
|
|
|
continue
|
|
|
|
|
}
|
2020-04-28 12:40:51 +02:00
|
|
|
enableEnv := EnvLoggerWebhookEnable
|
|
|
|
|
if target != config.Default {
|
|
|
|
|
enableEnv = EnvLoggerWebhookEnable + config.Default + target
|
2019-10-08 07:47:56 +02:00
|
|
|
}
|
2020-04-29 00:20:40 +02:00
|
|
|
enable, err := config.ParseBool(env.Get(enableEnv, ""))
|
2020-04-28 12:40:51 +02:00
|
|
|
if err != nil || !enable {
|
2019-10-23 07:59:13 +02:00
|
|
|
continue
|
|
|
|
|
}
|
2019-11-14 02:38:05 +01:00
|
|
|
endpointEnv := EnvLoggerWebhookEndpoint
|
2020-04-28 12:40:51 +02:00
|
|
|
if target != config.Default {
|
|
|
|
|
endpointEnv = EnvLoggerWebhookEndpoint + config.Default + target
|
2019-10-23 07:59:13 +02:00
|
|
|
}
|
2019-11-14 02:38:05 +01:00
|
|
|
authTokenEnv := EnvLoggerWebhookAuthToken
|
2020-04-28 12:40:51 +02:00
|
|
|
if target != config.Default {
|
|
|
|
|
authTokenEnv = EnvLoggerWebhookAuthToken + config.Default + target
|
2019-10-23 07:59:13 +02:00
|
|
|
}
|
2020-04-28 12:40:51 +02:00
|
|
|
cfg.HTTP[target] = HTTP{
|
2019-10-23 07:59:13 +02:00
|
|
|
Enabled: true,
|
2020-04-28 12:40:51 +02:00
|
|
|
Endpoint: env.Get(endpointEnv, ""),
|
|
|
|
|
AuthToken: env.Get(authTokenEnv, ""),
|
2019-10-23 07:59:13 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-28 12:40:51 +02:00
|
|
|
for _, target := range loggerAuditTargets {
|
2020-04-29 00:20:40 +02:00
|
|
|
if v, ok := cfg.Audit[target]; ok && v.Enabled {
|
|
|
|
|
// This target is already enabled using the
|
|
|
|
|
// legacy environment variables, ignore.
|
|
|
|
|
continue
|
|
|
|
|
}
|
2020-04-28 12:40:51 +02:00
|
|
|
enableEnv := EnvAuditWebhookEnable
|
|
|
|
|
if target != config.Default {
|
|
|
|
|
enableEnv = EnvAuditWebhookEnable + config.Default + target
|
2019-10-23 07:59:13 +02:00
|
|
|
}
|
2020-04-29 00:20:40 +02:00
|
|
|
enable, err := config.ParseBool(env.Get(enableEnv, ""))
|
2020-04-28 12:40:51 +02:00
|
|
|
if err != nil || !enable {
|
2019-10-23 07:59:13 +02:00
|
|
|
continue
|
|
|
|
|
}
|
2019-11-14 02:38:05 +01:00
|
|
|
endpointEnv := EnvAuditWebhookEndpoint
|
2020-04-28 12:40:51 +02:00
|
|
|
if target != config.Default {
|
|
|
|
|
endpointEnv = EnvAuditWebhookEndpoint + config.Default + target
|
2019-10-23 07:59:13 +02:00
|
|
|
}
|
2019-11-14 02:38:05 +01:00
|
|
|
authTokenEnv := EnvAuditWebhookAuthToken
|
2020-04-28 12:40:51 +02:00
|
|
|
if target != config.Default {
|
|
|
|
|
authTokenEnv = EnvAuditWebhookAuthToken + config.Default + target
|
2019-10-23 07:59:13 +02:00
|
|
|
}
|
2021-03-01 18:19:13 +01:00
|
|
|
clientCertEnv := EnvAuditWebhookClientCert
|
|
|
|
|
if target != config.Default {
|
|
|
|
|
clientCertEnv = EnvAuditWebhookClientCert + config.Default + target
|
|
|
|
|
}
|
|
|
|
|
clientKeyEnv := EnvAuditWebhookClientKey
|
|
|
|
|
if target != config.Default {
|
|
|
|
|
clientKeyEnv = EnvAuditWebhookClientKey + config.Default + target
|
|
|
|
|
}
|
|
|
|
|
err = config.EnsureCertAndKey(env.Get(clientCertEnv, ""), env.Get(clientKeyEnv, ""))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return cfg, err
|
|
|
|
|
}
|
2020-04-28 12:40:51 +02:00
|
|
|
cfg.Audit[target] = HTTP{
|
2021-03-01 18:19:13 +01:00
|
|
|
Enabled: true,
|
|
|
|
|
Endpoint: env.Get(endpointEnv, ""),
|
|
|
|
|
AuthToken: env.Get(authTokenEnv, ""),
|
|
|
|
|
ClientCert: env.Get(clientCertEnv, ""),
|
|
|
|
|
ClientKey: env.Get(clientKeyEnv, ""),
|
2019-10-23 07:59:13 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-28 12:40:51 +02:00
|
|
|
for starget, kv := range scfg[config.LoggerWebhookSubSys] {
|
|
|
|
|
if l, ok := cfg.HTTP[starget]; ok && l.Enabled {
|
|
|
|
|
// Ignore this HTTP logger config since there is
|
|
|
|
|
// a target with the same name loaded and enabled
|
|
|
|
|
// from the environment.
|
|
|
|
|
continue
|
2019-10-23 07:59:13 +02:00
|
|
|
}
|
2020-04-28 12:40:51 +02:00
|
|
|
subSysTarget := config.LoggerWebhookSubSys
|
|
|
|
|
if starget != config.Default {
|
|
|
|
|
subSysTarget = config.LoggerWebhookSubSys + config.SubSystemSeparator + starget
|
2019-10-23 07:59:13 +02:00
|
|
|
}
|
2020-04-28 12:40:51 +02:00
|
|
|
if err := config.CheckValidKeys(subSysTarget, kv, DefaultKVS); err != nil {
|
|
|
|
|
return cfg, err
|
|
|
|
|
}
|
|
|
|
|
enabled, err := config.ParseBool(kv.Get(config.Enable))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return cfg, err
|
|
|
|
|
}
|
|
|
|
|
if !enabled {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
cfg.HTTP[starget] = HTTP{
|
2019-10-23 07:59:13 +02:00
|
|
|
Enabled: true,
|
2020-04-28 12:40:51 +02:00
|
|
|
Endpoint: kv.Get(Endpoint),
|
|
|
|
|
AuthToken: kv.Get(AuthToken),
|
2019-10-23 07:59:13 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-28 12:40:51 +02:00
|
|
|
for starget, kv := range scfg[config.AuditWebhookSubSys] {
|
|
|
|
|
if l, ok := cfg.Audit[starget]; ok && l.Enabled {
|
|
|
|
|
// Ignore this audit config since another target
|
|
|
|
|
// with the same name is already loaded and enabled
|
|
|
|
|
// in the shell environment.
|
|
|
|
|
continue
|
2019-10-23 07:59:13 +02:00
|
|
|
}
|
2020-04-28 12:40:51 +02:00
|
|
|
subSysTarget := config.AuditWebhookSubSys
|
|
|
|
|
if starget != config.Default {
|
|
|
|
|
subSysTarget = config.AuditWebhookSubSys + config.SubSystemSeparator + starget
|
2019-10-23 07:59:13 +02:00
|
|
|
}
|
2020-04-28 12:40:51 +02:00
|
|
|
if err := config.CheckValidKeys(subSysTarget, kv, DefaultAuditKVS); err != nil {
|
|
|
|
|
return cfg, err
|
2019-10-23 07:59:13 +02:00
|
|
|
}
|
2020-04-28 12:40:51 +02:00
|
|
|
enabled, err := config.ParseBool(kv.Get(config.Enable))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return cfg, err
|
2019-10-23 07:59:13 +02:00
|
|
|
}
|
2020-04-28 12:40:51 +02:00
|
|
|
if !enabled {
|
|
|
|
|
continue
|
|
|
|
|
}
|
2021-03-01 18:19:13 +01:00
|
|
|
err = config.EnsureCertAndKey(kv.Get(ClientCert), kv.Get(ClientKey))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return cfg, err
|
|
|
|
|
}
|
2020-04-28 12:40:51 +02:00
|
|
|
cfg.Audit[starget] = HTTP{
|
2021-03-01 18:19:13 +01:00
|
|
|
Enabled: true,
|
|
|
|
|
Endpoint: kv.Get(Endpoint),
|
|
|
|
|
AuthToken: kv.Get(AuthToken),
|
|
|
|
|
ClientCert: kv.Get(ClientCert),
|
|
|
|
|
ClientKey: kv.Get(ClientKey),
|
2019-10-08 07:47:56 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return cfg, nil
|
|
|
|
|
}
|
