Skip to content

Commit

Permalink
add validation logs for configured Logger/Audit HTTP targets (minio#1…
Browse files Browse the repository at this point in the history
…0274)

extra logs in-case of misconfiguration of audit/logger targets
  • Loading branch information
harshavardhana authored Aug 16, 2020
1 parent 01a2ccc commit f7c1a59
Show file tree
Hide file tree
Showing 7 changed files with 105 additions and 16 deletions.
12 changes: 8 additions & 4 deletions cmd/config-current.go
Original file line number Diff line number Diff line change
Expand Up @@ -455,28 +455,32 @@ func lookupConfigs(s config.Config, setDriveCount int) {
for _, l := range loggerCfg.HTTP {
if l.Enabled {
// Enable http logging
logger.AddTarget(
if err = logger.AddTarget(
http.New(http.WithEndpoint(l.Endpoint),
http.WithAuthToken(l.AuthToken),
http.WithUserAgent(loggerUserAgent),
http.WithLogKind(string(logger.All)),
http.WithTransport(NewGatewayHTTPTransport()),
),
)
); err != nil {
logger.LogIf(ctx, fmt.Errorf("Unable to initialize console HTTP target: %w", err))
}
}
}

for _, l := range loggerCfg.Audit {
if l.Enabled {
// Enable http audit logging
logger.AddAuditTarget(
if err = logger.AddAuditTarget(
http.New(http.WithEndpoint(l.Endpoint),
http.WithAuthToken(l.AuthToken),
http.WithUserAgent(loggerUserAgent),
http.WithLogKind(string(logger.All)),
http.WithTransport(NewGatewayHTTPTransport()),
),
)
); err != nil {
logger.LogIf(ctx, fmt.Errorf("Unable to initialize audit HTTP target: %w", err))
}
}
}

Expand Down
5 changes: 5 additions & 0 deletions cmd/consolelogger.go
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,11 @@ func (sys *HTTPConsoleLoggerSys) Subscribe(subCh chan interface{}, doneCh <-chan
sys.pubsub.Subscribe(subCh, doneCh, filter)
}

// Validate if HTTPConsoleLoggerSys is valid, always returns nil right now
func (sys *HTTPConsoleLoggerSys) Validate() error {
return nil
}

// Send log message 'e' to console and publish to console
// log pubsub system
func (sys *HTTPConsoleLoggerSys) Send(e interface{}, logKind string) error {
Expand Down
4 changes: 4 additions & 0 deletions cmd/data-update-tracker_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,10 @@ type testingLogger struct {
t testLoggerI
}

func (t *testingLogger) Validate() error {
return nil
}

func (t *testingLogger) Send(entry interface{}, errKind string) error {
t.mu.Lock()
defer t.mu.Unlock()
Expand Down
9 changes: 0 additions & 9 deletions cmd/logger/audit.go
Original file line number Diff line number Diff line change
Expand Up @@ -125,15 +125,6 @@ func (lrw *ResponseWriter) Size() int {
return lrw.bytesWritten
}

// AuditTargets is the list of enabled audit loggers
var AuditTargets = []Target{}

// AddAuditTarget adds a new audit logger target to the
// list of enabled loggers
func AddAuditTarget(t Target) {
AuditTargets = append(AuditTargets, t)
}

// AuditLog - logs audit logs to all audit targets.
func AuditLog(w http.ResponseWriter, r *http.Request, api string, reqClaims map[string]interface{}, filterKeys ...string) {
// Fast exit if there is not audit target configured
Expand Down
5 changes: 5 additions & 0 deletions cmd/logger/target/console/console.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,11 @@ import (
// in plain or json format to the standard output.
type Target struct{}

// Validate - validate if the tty can be written to
func (c *Target) Validate() error {
return nil
}

// Send log message 'e' to console
func (c *Target) Send(e interface{}, logKind string) error {
entry, ok := e.(log.Entry)
Expand Down
65 changes: 63 additions & 2 deletions cmd/logger/target/http/http.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,16 @@ package http

import (
"bytes"
"context"
"encoding/json"
"errors"
"fmt"
"net/http"
"strings"
"time"

xhttp "github.com/minio/minio/cmd/http"
"github.com/minio/minio/cmd/logger"
)

// Target implements logger.Target and sends the json
Expand All @@ -45,6 +49,47 @@ type Target struct {
client http.Client
}

// Validate validate the http target
func (h *Target) Validate() error {
ctx, cancel := context.WithTimeout(context.Background(), time.Second)
defer cancel()

req, err := http.NewRequestWithContext(ctx, http.MethodPost, h.endpoint, strings.NewReader(`{}`))
if err != nil {
return err
}

req.Header.Set(xhttp.ContentType, "application/json")

// Set user-agent to indicate MinIO release
// version to the configured log endpoint
req.Header.Set("User-Agent", h.userAgent)

if h.authToken != "" {
req.Header.Set("Authorization", h.authToken)
}

resp, err := h.client.Do(req)
if err != nil {
return err
}

// Drain any response.
xhttp.DrainBody(resp.Body)

if resp.StatusCode != http.StatusOK {
switch resp.StatusCode {
case http.StatusForbidden:
return fmt.Errorf("%s returned '%s', please check if your auth token is correctly set",
h.endpoint, resp.Status)
}
return fmt.Errorf("%s returned '%s', please check your endpoint configuration",
h.endpoint, resp.Status)
}

return nil
}

func (h *Target) startHTTPLogger() {
// Create a routine which sends json logs received
// from an internal channel.
Expand All @@ -55,8 +100,11 @@ func (h *Target) startHTTPLogger() {
continue
}

req, err := http.NewRequest(http.MethodPost, h.endpoint, bytes.NewReader(logJSON))
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
req, err := http.NewRequestWithContext(ctx, http.MethodPost,
h.endpoint, bytes.NewReader(logJSON))
if err != nil {
cancel()
continue
}
req.Header.Set(xhttp.ContentType, "application/json")
Expand All @@ -70,13 +118,26 @@ func (h *Target) startHTTPLogger() {
}

resp, err := h.client.Do(req)
cancel()
if err != nil {
h.client.CloseIdleConnections()
logger.LogIf(ctx, fmt.Errorf("%s returned '%w', please check your endpoint configuration\n",
h.endpoint, err))
continue
}

// Drain any response.
xhttp.DrainBody(resp.Body)

if resp.StatusCode != http.StatusOK {
switch resp.StatusCode {
case http.StatusForbidden:
logger.LogIf(ctx, fmt.Errorf("%s returned '%s', please check if your auth token is correctly set",
h.endpoint, resp.Status))
default:
logger.LogIf(ctx, fmt.Errorf("%s returned '%s', please check your endpoint configuration",
h.endpoint, resp.Status))
}
}
}
}()
}
Expand Down
21 changes: 20 additions & 1 deletion cmd/logger/targets.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,14 +20,33 @@ package logger
// a single log entry and Send it to the log target
// e.g. Send the log to a http server
type Target interface {
Validate() error
Send(entry interface{}, errKind string) error
}

// Targets is the set of enabled loggers
var Targets = []Target{}

// AuditTargets is the list of enabled audit loggers
var AuditTargets = []Target{}

// AddAuditTarget adds a new audit logger target to the
// list of enabled loggers
func AddAuditTarget(t Target) error {
if err := t.Validate(); err != nil {
return err
}

AuditTargets = append(AuditTargets, t)
return nil
}

// AddTarget adds a new logger target to the
// list of enabled loggers
func AddTarget(t Target) {
func AddTarget(t Target) error {
if err := t.Validate(); err != nil {
return err
}
Targets = append(Targets, t)
return nil
}

0 comments on commit f7c1a59

Please sign in to comment.