[#1184] config: Add audit.enabled parameter for node

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2024-06-18 12:34:42 +03:00 · 2024-06-18 12:34:42 +03:00 · 7b8937ec35
commit 7b8937ec35
parent 75eedf71f3
7 changed files with 72 additions and 0 deletions
--- a/cmd/frostfs-node/config.go
+++ b/cmd/frostfs-node/config.go
@ -18,6 +18,7 @@ import (
 	netmapV2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/netmap"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config"
 	apiclientconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/apiclient"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/audit"
 	contractsconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/contracts"
 	engineconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/engine"
 	shardconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/engine/shard"
@ -375,6 +376,7 @@ type internals struct {
 	healthStatus *atomic.Int32
 	// is node under maintenance
 	isMaintenance atomic.Bool
+	audit         *atomic.Bool

 	sdNotify bool
 }
@ -722,6 +724,9 @@ func initInternals(appCfg *config.Config, log *logger.Logger) internals {
 	var healthStatus atomic.Int32
 	healthStatus.Store(int32(control.HealthStatus_HEALTH_STATUS_UNDEFINED))

+	var auditRequests atomic.Bool
+	auditRequests.Store(audit.Enabled(appCfg))
+
 	return internals{
 		done:         make(chan struct{}),
 		appCfg:       appCfg,
@ -730,6 +735,7 @@ func initInternals(appCfg *config.Config, log *logger.Logger) internals {
 		apiVersion:   version.Current(),
 		healthStatus: &healthStatus,
 		sdNotify:     initSdNotify(appCfg),
+		audit:        &auditRequests,
 	}
 }

@ -1278,6 +1284,10 @@ func (c *cfg) reloadConfig(ctx context.Context) {
 		setRuntimeParameters(c)
 		return nil
 	}})
+	components = append(components, dCmp{"audit", func() error {
+		c.audit.Store(audit.Enabled(c.appCfg))
+		return nil
+	}})
 	components = append(components, dCmp{"pools", c.reloadPools})
 	components = append(components, dCmp{"tracing", func() error {
 		updated, err := tracing.Setup(ctx, *tracingconfig.ToTracingConfig(c.appCfg))
--- a/cmd/frostfs-node/config/audit/config.go
+++ b/cmd/frostfs-node/config/audit/config.go
@ -0,0 +1,12 @@
+package audit
+
+import "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config"
+
+const (
+	subsection = "audit"
+)
+
+// Enabled returns the  value of "enabled" config parameter from "audit" section.
+func Enabled(c *config.Config) bool {
+	return config.BoolSafe(c.Sub(subsection), "enabled")
+}
--- a/cmd/frostfs-node/config/audit/config_test.go
+++ b/cmd/frostfs-node/config/audit/config_test.go
@ -0,0 +1,28 @@
+package audit
+
+import (
+	"testing"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config"
+	configtest "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/test"
+	"github.com/stretchr/testify/require"
+)
+
+func TestAuditSection(t *testing.T) {
+	t.Run("defaults", func(t *testing.T) {
+		empty := configtest.EmptyConfig()
+		require.Equal(t, false, Enabled(empty))
+	})
+
+	const path = "../../../../config/example/node"
+
+	fileConfigTest := func(c *config.Config) {
+		require.Equal(t, true, Enabled(c))
+	}
+
+	configtest.ForEachFileType(path, fileConfigTest)
+
+	t.Run("ENV", func(t *testing.T) {
+		configtest.ForEnvFileType(t, path, fileConfigTest)
+	})
+}
--- a/config/example/node.env
+++ b/config/example/node.env
@ -202,3 +202,6 @@ FROSTFS_TRACING_ENDPOINT="localhost"
 FROSTFS_TRACING_EXPORTER="otlp_grpc"

 FROSTFS_RUNTIME_SOFT_MEMORY_LIMIT=1073741824
+
+# AUDIT section
+FROSTFS_AUDIT_ENABLED=true
--- a/config/example/node.json
+++ b/config/example/node.json
@ -260,5 +260,8 @@
  },
  "runtime": {
    "soft_memory_limit": 1073741824
+  },
+  "audit": {
+    "enabled": true
  }
 }
--- a/config/example/node.yaml
+++ b/config/example/node.yaml
@ -234,3 +234,6 @@ tracing:

 runtime:
  soft_memory_limit: 1gb
+
+audit:
+  enabled: true
--- a/docs/storage-node-configuration.md
+++ b/docs/storage-node-configuration.md
@ -25,6 +25,7 @@ There are some custom types used for brevity:
 | `replicator`           | [Replicator service configuration](#replicator-section)             |
 | `storage`              | [Storage engine configuration](#storage-section)                    |
 | `runtime`              | [Runtime configuration](#runtime-section)                           |
+| `audit`                | [Audit configuration](#audit-section)                           |


 # `control` section
@ -428,3 +429,15 @@ runtime:
 | Parameter           | Type   | Default value | Description                                                              |
 |---------------------|--------|---------------|--------------------------------------------------------------------------|
 | `soft_memory_limit` | `size` | 0             | Soft memory limit for the runtime. Zero or no value stands for no limit. If `GOMEMLIMIT` environment variable is set, the value from the configuration file will be ignored. |
+
+# `audit` section
+Contains audit parameters.
+
+```yaml
+audit:
+  enabled: true
+```
+
+| Parameter           | Type   | Default value | Description                                       |
+|---------------------|--------|---------------|---------------------------------------------------|
+| `soft_memory_limit` | `bool` | false         | If `true` then audit event logs will be recorded. |