diff options
| author | SmoothDenis <syropyatov@tochka.com> | 2025-03-18 19:01:54 +0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-18 05:01:54 -0700 |
| commit | e60aa718908ccf1c94784ed507aa4e3b9578131d (patch) | |
| tree | 773b15d14abfb89128216d0aa7bdc94d638e41d1 | |
| parent | 7244a3d04719ecf1b52d58255424f77d87e9a43e (diff) | |
| download | seaweedfs-e60aa718908ccf1c94784ed507aa4e3b9578131d.tar.xz seaweedfs-e60aa718908ccf1c94784ed507aa4e3b9578131d.zip | |
fix: restore deletion audit of individual objects (#6644)
| -rw-r--r-- | docker/compose/fluent.conf | 8 | ||||
| -rw-r--r-- | docker/compose/local-auditlog-compose.yml | 4 | ||||
| -rw-r--r-- | weed/s3api/s3api_object_handlers_delete.go | 11 | ||||
| -rw-r--r-- | weed/s3api/s3err/audit_fluent.go | 7 |
4 files changed, 26 insertions, 4 deletions
diff --git a/docker/compose/fluent.conf b/docker/compose/fluent.conf new file mode 100644 index 000000000..d4396dd4f --- /dev/null +++ b/docker/compose/fluent.conf @@ -0,0 +1,8 @@ +<source> + @type forward + port 24224 +</source> + +<match **> + @type stdout # Output logs to container's stdout (visible via `docker logs`) +</match> diff --git a/docker/compose/local-auditlog-compose.yml b/docker/compose/local-auditlog-compose.yml index f57825f27..dc3fee948 100644 --- a/docker/compose/local-auditlog-compose.yml +++ b/docker/compose/local-auditlog-compose.yml @@ -19,7 +19,9 @@ services: depends_on: - fluent fluent: - image: fluent/fluentd:v1.14 + image: fluent/fluentd:v1.17 + volumes: + - ./fluent.conf:/fluentd/etc/fluent.conf ports: - 24224:24224 #s3tests: diff --git a/weed/s3api/s3api_object_handlers_delete.go b/weed/s3api/s3api_object_handlers_delete.go index db46d2707..802e82b5f 100644 --- a/weed/s3api/s3api_object_handlers_delete.go +++ b/weed/s3api/s3api_object_handlers_delete.go @@ -32,12 +32,23 @@ func (s3a *S3ApiServer) DeleteObjectHandler(w http.ResponseWriter, r *http.Reque target := util.FullPath(fmt.Sprintf("%s/%s%s", s3a.option.BucketsPath, bucket, object)) dir, name := target.DirAndName() + var auditLog *s3err.AccessLog + + if s3err.Logger != nil { + auditLog = s3err.GetAccessLog(r, http.StatusNoContent, s3err.ErrNone) + } + err := s3a.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error { if err := doDeleteEntry(client, dir, name, true, false); err != nil { return err } + if auditLog != nil { + auditLog.Key = name + s3err.PostAccessLog(*auditLog) + } + if s3a.option.AllowEmptyFolder { return nil } diff --git a/weed/s3api/s3err/audit_fluent.go b/weed/s3api/s3err/audit_fluent.go index 2e936020c..ef2459eac 100644 --- a/weed/s3api/s3err/audit_fluent.go +++ b/weed/s3api/s3err/audit_fluent.go @@ -3,12 +3,13 @@ package s3err import ( "encoding/json" "fmt" - "github.com/fluent/fluent-logger-golang/fluent" - "github.com/seaweedfs/seaweedfs/weed/glog" - "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants" "net/http" "os" "time" + + "github.com/fluent/fluent-logger-golang/fluent" + "github.com/seaweedfs/seaweedfs/weed/glog" + "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants" ) type AccessLogExtend struct { |