From e60aa718908ccf1c94784ed507aa4e3b9578131d Mon Sep 17 00:00:00 2001 From: SmoothDenis Date: Tue, 18 Mar 2025 19:01:54 +0700 Subject: [PATCH] fix: restore deletion audit of individual objects (#6644) --- docker/compose/fluent.conf | 8 ++++++++ docker/compose/local-auditlog-compose.yml | 4 +++- weed/s3api/s3api_object_handlers_delete.go | 11 +++++++++++ weed/s3api/s3err/audit_fluent.go | 7 ++++--- 4 files changed, 26 insertions(+), 4 deletions(-) create mode 100644 docker/compose/fluent.conf diff --git a/docker/compose/fluent.conf b/docker/compose/fluent.conf new file mode 100644 index 000000000..d4396dd4f --- /dev/null +++ b/docker/compose/fluent.conf @@ -0,0 +1,8 @@ + + @type forward + port 24224 + + + + @type stdout # Output logs to container's stdout (visible via `docker logs`) + diff --git a/docker/compose/local-auditlog-compose.yml b/docker/compose/local-auditlog-compose.yml index f57825f27..dc3fee948 100644 --- a/docker/compose/local-auditlog-compose.yml +++ b/docker/compose/local-auditlog-compose.yml @@ -19,7 +19,9 @@ services: depends_on: - fluent fluent: - image: fluent/fluentd:v1.14 + image: fluent/fluentd:v1.17 + volumes: + - ./fluent.conf:/fluentd/etc/fluent.conf ports: - 24224:24224 #s3tests: diff --git a/weed/s3api/s3api_object_handlers_delete.go b/weed/s3api/s3api_object_handlers_delete.go index db46d2707..802e82b5f 100644 --- a/weed/s3api/s3api_object_handlers_delete.go +++ b/weed/s3api/s3api_object_handlers_delete.go @@ -32,12 +32,23 @@ func (s3a *S3ApiServer) DeleteObjectHandler(w http.ResponseWriter, r *http.Reque target := util.FullPath(fmt.Sprintf("%s/%s%s", s3a.option.BucketsPath, bucket, object)) dir, name := target.DirAndName() + var auditLog *s3err.AccessLog + + if s3err.Logger != nil { + auditLog = s3err.GetAccessLog(r, http.StatusNoContent, s3err.ErrNone) + } + err := s3a.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error { if err := doDeleteEntry(client, dir, name, true, false); err != nil { return err } + if auditLog != nil { + auditLog.Key = name + s3err.PostAccessLog(*auditLog) + } + if s3a.option.AllowEmptyFolder { return nil } diff --git a/weed/s3api/s3err/audit_fluent.go b/weed/s3api/s3err/audit_fluent.go index 2e936020c..ef2459eac 100644 --- a/weed/s3api/s3err/audit_fluent.go +++ b/weed/s3api/s3err/audit_fluent.go @@ -3,12 +3,13 @@ package s3err import ( "encoding/json" "fmt" - "github.com/fluent/fluent-logger-golang/fluent" - "github.com/seaweedfs/seaweedfs/weed/glog" - "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants" "net/http" "os" "time" + + "github.com/fluent/fluent-logger-golang/fluent" + "github.com/seaweedfs/seaweedfs/weed/glog" + "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants" ) type AccessLogExtend struct {