audit: Drop not required events #1206
11 changed files with 26 additions and 659 deletions
|
@ -20,16 +20,15 @@ func initAccountingService(ctx context.Context, c *cfg) {
|
|||
balanceMorphWrapper, err := balance.NewFromMorph(c.cfgMorph.client, c.cfgAccounting.scriptHash, 0)
|
||||
fatalOnErr(err)
|
||||
|
||||
service := accountingService.NewSignService(
|
||||
&c.key.PrivateKey,
|
||||
accountingService.NewExecutionService(
|
||||
accounting.NewExecutor(balanceMorphWrapper),
|
||||
c.respSvc,
|
||||
server := accountingTransportGRPC.New(
|
||||
accountingService.NewSignService(
|
||||
&c.key.PrivateKey,
|
||||
accountingService.NewExecutionService(
|
||||
accounting.NewExecutor(balanceMorphWrapper),
|
||||
c.respSvc,
|
||||
),
|
||||
),
|
||||
)
|
||||
service = accountingService.NewAuditService(service, c.log, c.audit)
|
||||
|
||||
server := accountingTransportGRPC.New(service)
|
||||
|
||||
c.cfgGRPC.performAndSave(func(_ string, _ net.Listener, s *grpc.Server) {
|
||||
accountingGRPC.RegisterAccountingServiceServer(s, server)
|
||||
|
|
|
@ -30,8 +30,8 @@ func initControlService(c *cfg) {
|
|||
for i := range pubs {
|
||||
rawPubs = append(rawPubs, pubs[i].Bytes())
|
||||
}
|
||||
var ctlSvc control.ControlServiceServer
|
||||
ctlSvc = controlSvc.New(
|
||||
|
||||
ctlSvc := controlSvc.New(
|
||||
controlSvc.WithKey(&c.key.PrivateKey),
|
||||
controlSvc.WithAuthorizedKeys(rawPubs),
|
||||
controlSvc.WithHealthChecker(c),
|
||||
|
@ -43,7 +43,6 @@ func initControlService(c *cfg) {
|
|||
controlSvc.WithTreeService(c.treeService),
|
||||
controlSvc.WithLocalOverrideStorage(c.cfgObject.cfgAccessPolicyEngine.accessPolicyEngine),
|
||||
)
|
||||
ctlSvc = controlSvc.NewAuditService(ctlSvc, c.log, c.audit)
|
||||
|
||||
lis, err := net.Listen("tcp", endpoint)
|
||||
if err != nil {
|
||||
|
|
|
@ -147,22 +147,22 @@ func initNetmapService(ctx context.Context, c *cfg) {
|
|||
|
||||
initNetmapState(c)
|
||||
|
||||
svc := netmapService.NewSignService(
|
||||
&c.key.PrivateKey,
|
||||
netmapService.NewExecutionService(
|
||||
c,
|
||||
c.apiVersion,
|
||||
&netInfo{
|
||||
netState: c.cfgNetmap.state,
|
||||
magic: c.cfgMorph.client,
|
||||
morphClientNetMap: c.cfgNetmap.wrapper,
|
||||
msPerBlockRdr: c.cfgMorph.client.MsPerBlock,
|
||||
},
|
||||
c.respSvc,
|
||||
server := netmapTransportGRPC.New(
|
||||
netmapService.NewSignService(
|
||||
&c.key.PrivateKey,
|
||||
netmapService.NewExecutionService(
|
||||
c,
|
||||
c.apiVersion,
|
||||
&netInfo{
|
||||
netState: c.cfgNetmap.state,
|
||||
magic: c.cfgMorph.client,
|
||||
morphClientNetMap: c.cfgNetmap.wrapper,
|
||||
msPerBlockRdr: c.cfgMorph.client.MsPerBlock,
|
||||
},
|
||||
c.respSvc,
|
||||
),
|
||||
),
|
||||
)
|
||||
svc = netmapService.NewAuditService(svc, c.log, c.audit)
|
||||
server := netmapTransportGRPC.New(svc)
|
||||
|
||||
c.cfgGRPC.performAndSave(func(_ string, _ net.Listener, s *grpc.Server) {
|
||||
netmapGRPC.RegisterNetmapServiceServer(s, server)
|
||||
|
|
|
@ -52,13 +52,12 @@ func initSessionService(c *cfg) {
|
|||
c.privateTokenStore.RemoveOld(ev.(netmap.NewEpoch).EpochNumber())
|
||||
})
|
||||
|
||||
svc := sessionSvc.NewAuditService(
|
||||
server := sessionTransportGRPC.New(
|
||||
sessionSvc.NewSignService(
|
||||
&c.key.PrivateKey,
|
||||
sessionSvc.NewExecutionService(c.privateTokenStore, c.respSvc, c.log),
|
||||
),
|
||||
c.log, c.audit)
|
||||
server := sessionTransportGRPC.New(svc)
|
||||
)
|
||||
|
||||
c.cfgGRPC.performAndSave(func(_ string, _ net.Listener, s *grpc.Server) {
|
||||
sessionGRPC.RegisterSessionServiceServer(s, server)
|
||||
|
|
|
@ -70,7 +70,7 @@ func initTreeService(c *cfg) {
|
|||
)
|
||||
|
||||
c.cfgGRPC.performAndSave(func(_ string, _ net.Listener, s *grpc.Server) {
|
||||
tree.RegisterTreeServiceServer(s, tree.NewAuditService(c.treeService, c.log, c.audit))
|
||||
tree.RegisterTreeServiceServer(s, c.treeService)
|
||||
})
|
||||
|
||||
c.workers = append(c.workers, newWorkerFromFunc(func(ctx context.Context) {
|
||||
|
|
|
@ -6,7 +6,6 @@ import (
|
|||
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
|
||||
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
||||
oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
|
||||
"github.com/mr-tron/base58"
|
||||
)
|
||||
|
||||
type ModelType[T any] interface {
|
||||
|
@ -61,24 +60,6 @@ func TargetFromString(s string) Target {
|
|||
return stringTarget{s: s}
|
||||
}
|
||||
|
||||
func TargetFromStringSlice(s []string) Target {
|
||||
if len(s) == 0 {
|
||||
return stringTarget{s: NotDefined}
|
||||
}
|
||||
sb := &strings.Builder{}
|
||||
for i, v := range s {
|
||||
if i > 0 {
|
||||
sb.WriteString(";")
|
||||
}
|
||||
if len(v) == 0 {
|
||||
sb.WriteString(Empty)
|
||||
} else {
|
||||
sb.WriteString(v)
|
||||
}
|
||||
}
|
||||
return sb
|
||||
}
|
||||
|
||||
func TargetFromChainID(chainTargetType, chainTargetName string, chainID []byte) Target {
|
||||
if len(chainTargetType) == 0 && len(chainTargetName) == 0 && len(chainID) == 0 {
|
||||
return stringTarget{s: NotDefined}
|
||||
|
@ -96,43 +77,6 @@ func TargetFromChainID(chainTargetType, chainTargetName string, chainID []byte)
|
|||
return stringTarget{s: t + ":" + n + ":" + c}
|
||||
}
|
||||
|
||||
func TargetFromShardIDs(v [][]byte) Target {
|
||||
if len(v) == 0 {
|
||||
return stringTarget{s: NotDefined}
|
||||
}
|
||||
sb := &strings.Builder{}
|
||||
for i, s := range v {
|
||||
if i > 0 {
|
||||
sb.WriteString(";")
|
||||
}
|
||||
if len(s) == 0 {
|
||||
sb.WriteString(Empty)
|
||||
} else {
|
||||
sb.WriteString(base58.Encode(s))
|
||||
}
|
||||
}
|
||||
return sb
|
||||
}
|
||||
|
||||
func TargetFromTreeID(containerID []byte, treeID string) Target {
|
||||
if len(containerID) == 0 && len(treeID) == 0 {
|
||||
return stringTarget{s: NotDefined}
|
||||
}
|
||||
c, t := Empty, Empty
|
||||
if len(containerID) > 0 {
|
||||
var cnr cid.ID
|
||||
if err := cnr.Decode(containerID); err != nil {
|
||||
c = InvalidValue
|
||||
} else {
|
||||
c = cnr.EncodeToString()
|
||||
}
|
||||
}
|
||||
if len(treeID) > 0 {
|
||||
t = treeID
|
||||
}
|
||||
return stringTarget{s: c + ":" + t}
|
||||
}
|
||||
|
||||
func TargetFromContainerIDObjectID(containerID *refs.ContainerID, objectID *refs.ObjectID) Target {
|
||||
if containerID == nil && objectID == nil {
|
||||
return stringTarget{s: NotDefined}
|
||||
|
|
|
@ -1,42 +0,0 @@
|
|||
package accounting
|
||||
|
||||
import (
|
||||
"context"
|
||||
"sync/atomic"
|
||||
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/accounting"
|
||||
acc_grpc "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/accounting/grpc"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/internal/audit"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/logger"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
|
||||
)
|
||||
|
||||
var _ Server = (*auditService)(nil)
|
||||
|
||||
type auditService struct {
|
||||
next Server
|
||||
log *logger.Logger
|
||||
enabled *atomic.Bool
|
||||
}
|
||||
|
||||
func NewAuditService(next Server, log *logger.Logger, enabled *atomic.Bool) Server {
|
||||
return &auditService{
|
||||
next: next,
|
||||
log: log,
|
||||
enabled: enabled,
|
||||
}
|
||||
}
|
||||
|
||||
// Balance implements Server.
|
||||
func (l *auditService) Balance(ctx context.Context, req *accounting.BalanceRequest) (*accounting.BalanceResponse, error) {
|
||||
res, err := l.next.Balance(ctx, req)
|
||||
|
||||
if !l.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
|
||||
audit.LogRequest(l.log, acc_grpc.AccountingService_Balance_FullMethodName, req,
|
||||
audit.TargetFromRef(req.GetBody().GetOwnerID(), &user.ID{}), err == nil)
|
||||
|
||||
return res, err
|
||||
}
|
|
@ -1,298 +0,0 @@
|
|||
package control
|
||||
|
||||
import (
|
||||
"context"
|
||||
"sync/atomic"
|
||||
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/internal/audit"
|
||||
ctl "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/logger"
|
||||
oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
|
||||
)
|
||||
|
||||
var _ ctl.ControlServiceServer = (*auditService)(nil)
|
||||
|
||||
type auditService struct {
|
||||
next ctl.ControlServiceServer
|
||||
log *logger.Logger
|
||||
enabled *atomic.Bool
|
||||
}
|
||||
|
||||
func NewAuditService(next ctl.ControlServiceServer, log *logger.Logger, enabled *atomic.Bool) ctl.ControlServiceServer {
|
||||
return &auditService{
|
||||
next: next,
|
||||
log: log,
|
||||
enabled: enabled,
|
||||
}
|
||||
}
|
||||
|
||||
// AddChainLocalOverride implements control.ControlServiceServer.
|
||||
func (a *auditService) AddChainLocalOverride(ctx context.Context, req *ctl.AddChainLocalOverrideRequest) (*ctl.AddChainLocalOverrideResponse, error) {
|
||||
res, err := a.next.AddChainLocalOverride(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_AddChainLocalOverride_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromChainID(req.GetBody().GetTarget().GetType().String(),
|
||||
req.GetBody().GetTarget().GetName(),
|
||||
res.GetBody().GetChainId()),
|
||||
err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// DetachShards implements control.ControlServiceServer.
|
||||
func (a *auditService) DetachShards(ctx context.Context, req *ctl.DetachShardsRequest) (*ctl.DetachShardsResponse, error) {
|
||||
res, err := a.next.DetachShards(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_DetachShards_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromShardIDs(req.GetBody().GetShard_ID()), err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// Doctor implements control.ControlServiceServer.
|
||||
func (a *auditService) Doctor(ctx context.Context, req *ctl.DoctorRequest) (*ctl.DoctorResponse, error) {
|
||||
res, err := a.next.Doctor(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_Doctor_FullMethodName, req.GetSignature().GetKey(), nil, err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// DropObjects implements control.ControlServiceServer.
|
||||
func (a *auditService) DropObjects(ctx context.Context, req *ctl.DropObjectsRequest) (*ctl.DropObjectsResponse, error) {
|
||||
res, err := a.next.DropObjects(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
var list []string
|
||||
for _, v := range req.GetBody().GetAddressList() {
|
||||
if len(v) == 0 {
|
||||
list = append(list, audit.Empty)
|
||||
continue
|
||||
}
|
||||
var a oid.Address
|
||||
if e := a.DecodeString(string(v)); e != nil {
|
||||
list = append(list, audit.InvalidValue)
|
||||
} else {
|
||||
list = append(list, a.EncodeToString())
|
||||
}
|
||||
}
|
||||
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_DropObjects_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromStringSlice(list), err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// EvacuateShard implements control.ControlServiceServer.
|
||||
func (a *auditService) EvacuateShard(ctx context.Context, req *ctl.EvacuateShardRequest) (*ctl.EvacuateShardResponse, error) {
|
||||
res, err := a.next.EvacuateShard(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_EvacuateShard_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromShardIDs(req.GetBody().GetShard_ID()), err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// FlushCache implements control.ControlServiceServer.
|
||||
func (a *auditService) FlushCache(ctx context.Context, req *ctl.FlushCacheRequest) (*ctl.FlushCacheResponse, error) {
|
||||
res, err := a.next.FlushCache(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_FlushCache_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromShardIDs(req.GetBody().GetShard_ID()), err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// GetChainLocalOverride implements control.ControlServiceServer.
|
||||
func (a *auditService) GetChainLocalOverride(ctx context.Context, req *ctl.GetChainLocalOverrideRequest) (*ctl.GetChainLocalOverrideResponse, error) {
|
||||
res, err := a.next.GetChainLocalOverride(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_GetChainLocalOverride_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromChainID(
|
||||
req.GetBody().GetTarget().GetType().String(),
|
||||
req.GetBody().GetTarget().GetName(),
|
||||
req.GetBody().GetChainId()),
|
||||
err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// GetShardEvacuationStatus implements control.ControlServiceServer.
|
||||
func (a *auditService) GetShardEvacuationStatus(ctx context.Context, req *ctl.GetShardEvacuationStatusRequest) (*ctl.GetShardEvacuationStatusResponse, error) {
|
||||
res, err := a.next.GetShardEvacuationStatus(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_GetShardEvacuationStatus_FullMethodName, req.GetSignature().GetKey(),
|
||||
nil, err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// HealthCheck implements control.ControlServiceServer.
|
||||
func (a *auditService) HealthCheck(ctx context.Context, req *ctl.HealthCheckRequest) (*ctl.HealthCheckResponse, error) {
|
||||
res, err := a.next.HealthCheck(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_HealthCheck_FullMethodName, req.GetSignature().GetKey(),
|
||||
nil, err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// ListChainLocalOverrides implements control.ControlServiceServer.
|
||||
func (a *auditService) ListChainLocalOverrides(ctx context.Context, req *ctl.ListChainLocalOverridesRequest) (*ctl.ListChainLocalOverridesResponse, error) {
|
||||
res, err := a.next.ListChainLocalOverrides(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_ListChainLocalOverrides_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromChainID(req.GetBody().GetTarget().GetType().String(),
|
||||
req.GetBody().GetTarget().GetName(),
|
||||
nil),
|
||||
err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// ListShards implements control.ControlServiceServer.
|
||||
func (a *auditService) ListShards(ctx context.Context, req *ctl.ListShardsRequest) (*ctl.ListShardsResponse, error) {
|
||||
res, err := a.next.ListShards(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_ListShards_FullMethodName, req.GetSignature().GetKey(),
|
||||
nil, err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// ListTargetsLocalOverrides implements control.ControlServiceServer.
|
||||
func (a *auditService) ListTargetsLocalOverrides(ctx context.Context, req *ctl.ListTargetsLocalOverridesRequest) (*ctl.ListTargetsLocalOverridesResponse, error) {
|
||||
res, err := a.next.ListTargetsLocalOverrides(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_ListTargetsLocalOverrides_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromString(req.GetBody().GetChainName()), err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// RemoveChainLocalOverride implements control.ControlServiceServer.
|
||||
func (a *auditService) RemoveChainLocalOverride(ctx context.Context, req *ctl.RemoveChainLocalOverrideRequest) (*ctl.RemoveChainLocalOverrideResponse, error) {
|
||||
res, err := a.next.RemoveChainLocalOverride(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_RemoveChainLocalOverride_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromChainID(req.GetBody().GetTarget().GetType().String(),
|
||||
req.GetBody().GetTarget().GetName(),
|
||||
req.GetBody().GetChainId()),
|
||||
err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// RemoveChainLocalOverridesByTarget implements control.ControlServiceServer.
|
||||
func (a *auditService) RemoveChainLocalOverridesByTarget(ctx context.Context, req *ctl.RemoveChainLocalOverridesByTargetRequest) (*ctl.RemoveChainLocalOverridesByTargetResponse, error) {
|
||||
res, err := a.next.RemoveChainLocalOverridesByTarget(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_RemoveChainLocalOverridesByTarget_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromChainID(req.GetBody().GetTarget().GetType().String(),
|
||||
req.GetBody().GetTarget().GetName(),
|
||||
nil),
|
||||
err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// ResetShardEvacuationStatus implements control.ControlServiceServer.
|
||||
func (a *auditService) ResetShardEvacuationStatus(ctx context.Context, req *ctl.ResetShardEvacuationStatusRequest) (*ctl.ResetShardEvacuationStatusResponse, error) {
|
||||
res, err := a.next.ResetShardEvacuationStatus(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_ResetShardEvacuationStatus_FullMethodName, req.GetSignature().GetKey(),
|
||||
nil, err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// SealWriteCache implements control.ControlServiceServer.
|
||||
func (a *auditService) SealWriteCache(ctx context.Context, req *ctl.SealWriteCacheRequest) (*ctl.SealWriteCacheResponse, error) {
|
||||
res, err := a.next.SealWriteCache(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_SealWriteCache_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromShardIDs(req.GetBody().GetShard_ID()), err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// SetNetmapStatus implements control.ControlServiceServer.
|
||||
func (a *auditService) SetNetmapStatus(ctx context.Context, req *ctl.SetNetmapStatusRequest) (*ctl.SetNetmapStatusResponse, error) {
|
||||
res, err := a.next.SetNetmapStatus(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_SetNetmapStatus_FullMethodName, req.GetSignature().GetKey(),
|
||||
nil, err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// GetNetmapStatus implements control.ControlServiceServer.
|
||||
func (a *auditService) GetNetmapStatus(ctx context.Context, req *ctl.GetNetmapStatusRequest) (*ctl.GetNetmapStatusResponse, error) {
|
||||
res, err := a.next.GetNetmapStatus(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_GetNetmapStatus_FullMethodName, req.GetSignature().GetKey(),
|
||||
nil, err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// SetShardMode implements control.ControlServiceServer.
|
||||
func (a *auditService) SetShardMode(ctx context.Context, req *ctl.SetShardModeRequest) (*ctl.SetShardModeResponse, error) {
|
||||
res, err := a.next.SetShardMode(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_SetShardMode_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromShardIDs(req.GetBody().GetShard_ID()), err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// StartShardEvacuation implements control.ControlServiceServer.
|
||||
func (a *auditService) StartShardEvacuation(ctx context.Context, req *ctl.StartShardEvacuationRequest) (*ctl.StartShardEvacuationResponse, error) {
|
||||
res, err := a.next.StartShardEvacuation(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_StartShardEvacuation_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromShardIDs(req.GetBody().GetShard_ID()), err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// StopShardEvacuation implements control.ControlServiceServer.
|
||||
func (a *auditService) StopShardEvacuation(ctx context.Context, req *ctl.StopShardEvacuationRequest) (*ctl.StopShardEvacuationResponse, error) {
|
||||
res, err := a.next.StopShardEvacuation(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_StopShardEvacuation_FullMethodName, req.GetSignature().GetKey(),
|
||||
nil, err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// SynchronizeTree implements control.ControlServiceServer.
|
||||
func (a *auditService) SynchronizeTree(ctx context.Context, req *ctl.SynchronizeTreeRequest) (*ctl.SynchronizeTreeResponse, error) {
|
||||
res, err := a.next.SynchronizeTree(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, ctl.ControlService_SynchronizeTree_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromTreeID(req.GetBody().GetContainerId(), req.GetBody().GetTreeId()), err == nil)
|
||||
return res, err
|
||||
}
|
|
@ -1,60 +0,0 @@
|
|||
package netmap
|
||||
|
||||
import (
|
||||
"context"
|
||||
"sync/atomic"
|
||||
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/netmap"
|
||||
netmapGRPC "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/netmap/grpc"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/internal/audit"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/logger"
|
||||
)
|
||||
|
||||
var _ Server = (*auditService)(nil)
|
||||
|
||||
type auditService struct {
|
||||
next Server
|
||||
log *logger.Logger
|
||||
enabled *atomic.Bool
|
||||
}
|
||||
|
||||
func NewAuditService(next Server, log *logger.Logger, enabled *atomic.Bool) Server {
|
||||
return &auditService{
|
||||
next: next,
|
||||
log: log,
|
||||
enabled: enabled,
|
||||
}
|
||||
}
|
||||
|
||||
// LocalNodeInfo implements Server.
|
||||
func (a *auditService) LocalNodeInfo(ctx context.Context, req *netmap.LocalNodeInfoRequest) (*netmap.LocalNodeInfoResponse, error) {
|
||||
res, err := a.next.LocalNodeInfo(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequest(a.log, netmapGRPC.NetmapService_LocalNodeInfo_FullMethodName, req,
|
||||
nil, err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// NetworkInfo implements Server.
|
||||
func (a *auditService) NetworkInfo(ctx context.Context, req *netmap.NetworkInfoRequest) (*netmap.NetworkInfoResponse, error) {
|
||||
res, err := a.next.NetworkInfo(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequest(a.log, netmapGRPC.NetmapService_NetworkInfo_FullMethodName, req,
|
||||
nil, err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// Snapshot implements Server.
|
||||
func (a *auditService) Snapshot(ctx context.Context, req *netmap.SnapshotRequest) (*netmap.SnapshotResponse, error) {
|
||||
res, err := a.next.Snapshot(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequest(a.log, netmapGRPC.NetmapService_NetmapSnapshot_FullMethodName, req,
|
||||
nil, err == nil)
|
||||
return res, err
|
||||
}
|
|
@ -1,39 +0,0 @@
|
|||
package session
|
||||
|
||||
import (
|
||||
"context"
|
||||
"sync/atomic"
|
||||
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
|
||||
sessionGRPC "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session/grpc"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/internal/audit"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/logger"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
|
||||
)
|
||||
|
||||
var _ Server = (*auditService)(nil)
|
||||
|
||||
type auditService struct {
|
||||
next Server
|
||||
log *logger.Logger
|
||||
enabled *atomic.Bool
|
||||
}
|
||||
|
||||
func NewAuditService(next Server, log *logger.Logger, enabled *atomic.Bool) Server {
|
||||
return &auditService{
|
||||
next: next,
|
||||
log: log,
|
||||
enabled: enabled,
|
||||
}
|
||||
}
|
||||
|
||||
// Create implements Server.
|
||||
func (a *auditService) Create(ctx context.Context, req *session.CreateRequest) (*session.CreateResponse, error) {
|
||||
res, err := a.next.Create(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequest(a.log, sessionGRPC.SessionService_Create_FullMethodName, req,
|
||||
audit.TargetFromRef(req.GetBody().GetOwnerID(), &user.ID{}), err == nil)
|
||||
return res, err
|
||||
}
|
|
@ -1,135 +0,0 @@
|
|||
package tree
|
||||
|
||||
import (
|
||||
"context"
|
||||
"sync/atomic"
|
||||
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/internal/audit"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/logger"
|
||||
)
|
||||
|
||||
var _ TreeServiceServer = (*auditService)(nil)
|
||||
|
||||
type auditService struct {
|
||||
next TreeServiceServer
|
||||
log *logger.Logger
|
||||
enabled *atomic.Bool
|
||||
}
|
||||
|
||||
func NewAuditService(next TreeServiceServer, log *logger.Logger, enabled *atomic.Bool) TreeServiceServer {
|
||||
return &auditService{
|
||||
next: next,
|
||||
log: log,
|
||||
enabled: enabled,
|
||||
}
|
||||
}
|
||||
|
||||
// Add implements TreeServiceServer.
|
||||
func (a *auditService) Add(ctx context.Context, req *AddRequest) (*AddResponse, error) {
|
||||
res, err := a.next.Add(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, TreeService_Add_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromTreeID(req.GetBody().GetContainerId(), req.GetBody().GetTreeId()), err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// AddByPath implements TreeServiceServer.
|
||||
func (a *auditService) AddByPath(ctx context.Context, req *AddByPathRequest) (*AddByPathResponse, error) {
|
||||
res, err := a.next.AddByPath(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, TreeService_AddByPath_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromTreeID(req.GetBody().GetContainerId(), req.GetBody().GetTreeId()), err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// Apply implements TreeServiceServer.
|
||||
func (a *auditService) Apply(ctx context.Context, req *ApplyRequest) (*ApplyResponse, error) {
|
||||
res, err := a.next.Apply(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, TreeService_Apply_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromTreeID(req.GetBody().GetContainerId(), req.GetBody().GetTreeId()), err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// GetNodeByPath implements TreeServiceServer.
|
||||
func (a *auditService) GetNodeByPath(ctx context.Context, req *GetNodeByPathRequest) (*GetNodeByPathResponse, error) {
|
||||
res, err := a.next.GetNodeByPath(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, TreeService_GetNodeByPath_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromTreeID(req.GetBody().GetContainerId(), req.GetBody().GetTreeId()), err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// GetOpLog implements TreeServiceServer.
|
||||
func (a *auditService) GetOpLog(req *GetOpLogRequest, srv TreeService_GetOpLogServer) error {
|
||||
err := a.next.GetOpLog(req, srv)
|
||||
if !a.enabled.Load() {
|
||||
return err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, TreeService_GetOpLog_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromTreeID(req.GetBody().GetContainerId(), req.GetBody().GetTreeId()), err == nil)
|
||||
return err
|
||||
}
|
||||
|
||||
// GetSubTree implements TreeServiceServer.
|
||||
func (a *auditService) GetSubTree(req *GetSubTreeRequest, srv TreeService_GetSubTreeServer) error {
|
||||
err := a.next.GetSubTree(req, srv)
|
||||
if !a.enabled.Load() {
|
||||
return err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, TreeService_GetSubTree_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromTreeID(req.GetBody().GetContainerId(), req.GetBody().GetTreeId()), err == nil)
|
||||
return err
|
||||
}
|
||||
|
||||
// Healthcheck implements TreeServiceServer.
|
||||
func (a *auditService) Healthcheck(ctx context.Context, req *HealthcheckRequest) (*HealthcheckResponse, error) {
|
||||
res, err := a.next.Healthcheck(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, TreeService_Healthcheck_FullMethodName, req.GetSignature().GetKey(),
|
||||
nil, err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// Move implements TreeServiceServer.
|
||||
func (a *auditService) Move(ctx context.Context, req *MoveRequest) (*MoveResponse, error) {
|
||||
res, err := a.next.Move(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, TreeService_Move_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromTreeID(req.GetBody().GetContainerId(), req.GetBody().GetTreeId()), err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// Remove implements TreeServiceServer.
|
||||
func (a *auditService) Remove(ctx context.Context, req *RemoveRequest) (*RemoveResponse, error) {
|
||||
res, err := a.next.Remove(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, TreeService_Remove_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromTreeID(req.GetBody().GetContainerId(), req.GetBody().GetTreeId()), err == nil)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// TreeList implements TreeServiceServer.
|
||||
func (a *auditService) TreeList(ctx context.Context, req *TreeListRequest) (*TreeListResponse, error) {
|
||||
res, err := a.next.TreeList(ctx, req)
|
||||
if !a.enabled.Load() {
|
||||
return res, err
|
||||
}
|
||||
audit.LogRequestWithKey(a.log, TreeService_TreeList_FullMethodName, req.GetSignature().GetKey(),
|
||||
audit.TargetFromTreeID(req.GetBody().GetContainerId(), ""), err == nil)
|
||||
return res, err
|
||||
}
|
Loading…
Reference in a new issue