diff --git a/cmd/frostfs-node/config.go b/cmd/frostfs-node/config.go index cdfa2118..2b185cfc 100644 --- a/cmd/frostfs-node/config.go +++ b/cmd/frostfs-node/config.go @@ -18,6 +18,7 @@ import ( netmapV2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/netmap" "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config" apiclientconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/apiclient" + "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/audit" contractsconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/contracts" engineconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/engine" shardconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/engine/shard" @@ -375,6 +376,7 @@ type internals struct { healthStatus *atomic.Int32 // is node under maintenance isMaintenance atomic.Bool + audit *atomic.Bool sdNotify bool } @@ -722,6 +724,9 @@ func initInternals(appCfg *config.Config, log *logger.Logger) internals { var healthStatus atomic.Int32 healthStatus.Store(int32(control.HealthStatus_HEALTH_STATUS_UNDEFINED)) + var auditRequests atomic.Bool + auditRequests.Store(audit.Enabled(appCfg)) + return internals{ done: make(chan struct{}), appCfg: appCfg, @@ -730,6 +735,7 @@ func initInternals(appCfg *config.Config, log *logger.Logger) internals { apiVersion: version.Current(), healthStatus: &healthStatus, sdNotify: initSdNotify(appCfg), + audit: &auditRequests, } } @@ -1278,6 +1284,10 @@ func (c *cfg) reloadConfig(ctx context.Context) { setRuntimeParameters(c) return nil }}) + components = append(components, dCmp{"audit", func() error { + c.audit.Store(audit.Enabled(c.appCfg)) + return nil + }}) components = append(components, dCmp{"pools", c.reloadPools}) components = append(components, dCmp{"tracing", func() error { updated, err := tracing.Setup(ctx, *tracingconfig.ToTracingConfig(c.appCfg)) diff --git a/cmd/frostfs-node/config/audit/config.go b/cmd/frostfs-node/config/audit/config.go new file mode 100644 index 00000000..8f728c85 --- /dev/null +++ b/cmd/frostfs-node/config/audit/config.go @@ -0,0 +1,12 @@ +package audit + +import "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config" + +const ( + subsection = "audit" +) + +// Enabled returns the value of "enabled" config parameter from "audit" section. +func Enabled(c *config.Config) bool { + return config.BoolSafe(c.Sub(subsection), "enabled") +} diff --git a/cmd/frostfs-node/config/audit/config_test.go b/cmd/frostfs-node/config/audit/config_test.go new file mode 100644 index 00000000..7731cc8e --- /dev/null +++ b/cmd/frostfs-node/config/audit/config_test.go @@ -0,0 +1,28 @@ +package audit + +import ( + "testing" + + "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config" + configtest "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/test" + "github.com/stretchr/testify/require" +) + +func TestAuditSection(t *testing.T) { + t.Run("defaults", func(t *testing.T) { + empty := configtest.EmptyConfig() + require.Equal(t, false, Enabled(empty)) + }) + + const path = "../../../../config/example/node" + + fileConfigTest := func(c *config.Config) { + require.Equal(t, true, Enabled(c)) + } + + configtest.ForEachFileType(path, fileConfigTest) + + t.Run("ENV", func(t *testing.T) { + configtest.ForEnvFileType(t, path, fileConfigTest) + }) +} diff --git a/config/example/node.env b/config/example/node.env index eedbe501..72f56e96 100644 --- a/config/example/node.env +++ b/config/example/node.env @@ -202,3 +202,6 @@ FROSTFS_TRACING_ENDPOINT="localhost" FROSTFS_TRACING_EXPORTER="otlp_grpc" FROSTFS_RUNTIME_SOFT_MEMORY_LIMIT=1073741824 + +# AUDIT section +FROSTFS_AUDIT_ENABLED=true diff --git a/config/example/node.json b/config/example/node.json index 2589f2c3..b9dc6014 100644 --- a/config/example/node.json +++ b/config/example/node.json @@ -260,5 +260,8 @@ }, "runtime": { "soft_memory_limit": 1073741824 + }, + "audit": { + "enabled": true } } diff --git a/config/example/node.yaml b/config/example/node.yaml index 1a9516ef..bad67816 100644 --- a/config/example/node.yaml +++ b/config/example/node.yaml @@ -234,3 +234,6 @@ tracing: runtime: soft_memory_limit: 1gb + +audit: + enabled: true diff --git a/docs/storage-node-configuration.md b/docs/storage-node-configuration.md index 3a6969ab..5389bfbb 100644 --- a/docs/storage-node-configuration.md +++ b/docs/storage-node-configuration.md @@ -25,6 +25,7 @@ There are some custom types used for brevity: | `replicator` | [Replicator service configuration](#replicator-section) | | `storage` | [Storage engine configuration](#storage-section) | | `runtime` | [Runtime configuration](#runtime-section) | +| `audit` | [Audit configuration](#audit-section) | # `control` section @@ -428,3 +429,15 @@ runtime: | Parameter | Type | Default value | Description | |---------------------|--------|---------------|--------------------------------------------------------------------------| | `soft_memory_limit` | `size` | 0 | Soft memory limit for the runtime. Zero or no value stands for no limit. If `GOMEMLIMIT` environment variable is set, the value from the configuration file will be ignored. | + +# `audit` section +Contains audit parameters. + +```yaml +audit: + enabled: true +``` + +| Parameter | Type | Default value | Description | +|---------------------|--------|---------------|---------------------------------------------------| +| `soft_memory_limit` | `bool` | false | If `true` then audit event logs will be recorded. |