opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-09-23 03:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

Gate data proxy audit logging behind audit_logging server setting

Browse Source
This commit is contained in:
Ricky Niemi
2017-01-11 07:22:57 -08:00
parent d9cbb994b8
commit 0fee7c863a
5 changed files with 22 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
conf/defaults.ini
View File

@ -47,6 +47,9 @@ root_url = %(protocol)s://%(domain)s:%(http_port)s/
# Log web requests # Log web requests
router_logging = false router_logging = false
# This enables query request audit logging, output at warn level, default is false
audit_logging = false
# the path relative working path # the path relative working path
static_root_path = public static_root_path = public

3
conf/sample.ini
View File

@ -49,6 +49,9 @@
# Log web requests # Log web requests
;router_logging = false ;router_logging = false
# This enables query request audit logging, output at warn level, default is false
audit_logging = false
# the path relative working path # the path relative working path
;static_root_path = public ;static_root_path = public

1
docs/sources/http_api/admin.md
View File

@ -143,6 +143,7 @@ with Grafana admin permission.
"protocol":"http", "protocol":"http",
"root_url":"%(protocol)s://%(domain)s:%(http_port)s/", "root_url":"%(protocol)s://%(domain)s:%(http_port)s/",
"router_logging":"true", "router_logging":"true",
"audit_logging":"true",
"static_root_path":"public" "static_root_path":"public"
}, },
"session":{ "session":{

10
pkg/api/dataproxy.go
View File

@ -118,8 +118,6 @@ func ProxyDataSourceRequest(c *middleware.Context) {
} }
} }
outputToAuditLog(ds.Type, c)
proxy := NewReverseProxy(ds, proxyPath, targetUrl) proxy := NewReverseProxy(ds, proxyPath, targetUrl)
proxy.Transport, err = ds.GetHttpTransport() proxy.Transport, err = ds.GetHttpTransport()
if err != nil { if err != nil {
@ -127,11 +125,14 @@ func ProxyDataSourceRequest(c *middleware.Context) {
return return
} }
auditLog(ds.Type, c)
proxy.ServeHTTP(c.Resp, c.Req.Request) proxy.ServeHTTP(c.Resp, c.Req.Request)
c.Resp.Header().Del("Set-Cookie") c.Resp.Header().Del("Set-Cookie")
} }
func outputToAuditLog(dataSourceType string, c *middleware.Context) { func auditLog(dataSourceType string, c *middleware.Context) {
if setting.AuditLogging {
auditLogger := log.New("data-proxy-audit", "userid", c.UserId, "orgid", c.OrgId, "username", c.Login) auditLogger := log.New("data-proxy-audit", "userid", c.UserId, "orgid", c.OrgId, "username", c.Login)
var body string var body string
@ -141,5 +142,6 @@ func outputToAuditLog(dataSourceType string, c *middleware.Context) {
body = string(buffer) body = string(buffer)
} }
auditLogger.Info("Proxying incoming request", "datasource", dataSourceType, "uri", c.Req.RequestURI, "method", c.Req.Request.Method, "body", body) auditLogger.Warn("Proxying incoming request", "datasource", dataSourceType, "uri", c.Req.RequestURI, "method", c.Req.Request.Method, "body", body)
}
} }

2
pkg/setting/setting.go
View File

@ -65,6 +65,7 @@ var (
SshPort int SshPort int
CertFile, KeyFile string CertFile, KeyFile string
RouterLogging bool RouterLogging bool
AuditLogging bool
StaticRootPath string StaticRootPath string
EnableGzip bool EnableGzip bool
EnforceDomain bool EnforceDomain bool
@ -490,6 +491,7 @@ func NewConfigContext(args *CommandLineArgs) error {
HttpAddr = server.Key("http_addr").MustString(DEFAULT_HTTP_ADDR) HttpAddr = server.Key("http_addr").MustString(DEFAULT_HTTP_ADDR)
HttpPort = server.Key("http_port").MustString("3000") HttpPort = server.Key("http_port").MustString("3000")
RouterLogging = server.Key("router_logging").MustBool(false) RouterLogging = server.Key("router_logging").MustBool(false)
AuditLogging = server.Key("audit_logging").MustBool(false)
EnableGzip = server.Key("enable_gzip").MustBool(false) EnableGzip = server.Key("enable_gzip").MustBool(false)
EnforceDomain = server.Key("enforce_domain").MustBool(false) EnforceDomain = server.Key("enforce_domain").MustBool(false)
StaticRootPath = makeAbsolute(server.Key("static_root_path").String(), HomePath) StaticRootPath = makeAbsolute(server.Key("static_root_path").String(), HomePath)