yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: return 400 when audit log is disabled

This commit is contained in:
zhongwencool 2023-10-27 16:11:30 +08:00
parent 995948f0e8
commit 22223dc536
3 changed files with 80 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
apps/emqx_audit/src/emqx_audit_api.erl
View File

@ -35,6 +35,7 @@
{<<"gte_duration_ms">>, timestamp}, {<<"gte_duration_ms">>, timestamp},
{<<"lte_duration_ms">>, timestamp} {<<"lte_duration_ms">>, timestamp}
]). ]).
-define(DISABLE_MSG, <<"Audit is disabled">>).
namespace() -> "audit". namespace() -> "audit".
@ -151,6 +152,10 @@ schema("/audit") ->
emqx_dashboard_swagger:schema_with_example( emqx_dashboard_swagger:schema_with_example(
array(?REF(audit_list)), array(?REF(audit_list)),
audit_log_list_example() audit_log_list_example()
),
400 => emqx_dashboard_swagger:error_codes(
['BAD_REQUEST'],
?DISABLE_MSG
) )
} }
} }
@ -232,6 +237,10 @@ fields(http_request) ->
]. ].
audit(get, #{query_string := QueryString}) -> audit(get, #{query_string := QueryString}) ->
case emqx_config:get([log, audit, enable], false) of
false ->
{400, #{code => 'BAD_REQUEST', message => ?DISABLE_MSG}};
true ->
case case
emqx_mgmt_api:node_query( emqx_mgmt_api:node_query(
node(), node(),
@ -245,10 +254,13 @@ audit(get, #{query_string := QueryString}) ->
{error, page_limit_invalid} -> {error, page_limit_invalid} ->
{400, #{code => 'BAD_REQUEST', message => <<"page_limit_invalid">>}}; {400, #{code => 'BAD_REQUEST', message => <<"page_limit_invalid">>}};
{error, Node, Error} -> {error, Node, Error} ->
Message = list_to_binary(io_lib:format("bad rpc call ~p, Reason ~p", [Node, Error])), Message = list_to_binary(
io_lib:format("bad rpc call ~p, Reason ~p", [Node, Error])
),
{500, #{code => <<"NODE_DOWN">>, message => Message}}; {500, #{code => <<"NODE_DOWN">>, message => Message}};
Result -> Result ->
{200, Result} {200, Result}
end
end. end.
qs2ms(_Tab, {Qs, _}) -> qs2ms(_Tab, {Qs, _}) ->

52
apps/emqx_audit/test/emqx_audit_api_SUITE.erl
View File

@ -19,6 +19,21 @@
-include_lib("eunit/include/eunit.hrl"). -include_lib("eunit/include/eunit.hrl").
all() ->
[
{group, enabled},
{group, disabled}
].
groups() ->
[
{enabled, [sequence], common_tests() -- [t_disabled]},
{disabled, [sequence], [t_disabled]}
].
common_tests() ->
emqx_common_test_helpers:all(?MODULE).
-define(CONF_DEFAULT, #{ -define(CONF_DEFAULT, #{
node => node =>
#{ #{
@ -40,9 +55,6 @@
} }
}). }).
all() ->
emqx_common_test_helpers:all(?MODULE).
init_per_suite(Config) -> init_per_suite(Config) ->
_ = application:load(emqx_conf), _ = application:load(emqx_conf),
emqx_config:erase_all(), emqx_config:erase_all(),
@ -90,6 +102,40 @@ t_http_api(_) ->
), ),
ok. ok.
t_disabled(_) ->
Enable = [log, audit, enable],
?assertEqual(true, emqx:get_config(Enable)),
AuditPath = emqx_mgmt_api_test_util:api_path(["audit"]),
AuthHeader = emqx_mgmt_api_test_util:auth_header_(),
{ok, _} = emqx_mgmt_api_test_util:request_api(get, AuditPath, "limit=1", AuthHeader),
Size1 = mnesia:table_info(emqx_audit, size),
{ok, Logs} = emqx_mgmt_api_configs_SUITE:get_config("log"),
Logs1 = emqx_utils_maps:deep_put([<<"audit">>, <<"max_filter_size">>], Logs, 100),
NewLogs = emqx_utils_maps:deep_put([<<"audit">>, <<"enable">>], Logs1, false),
{ok, _} = emqx_mgmt_api_configs_SUITE:update_config("log", NewLogs),
?assertMatch(
{error, _},
emqx_mgmt_api_test_util:request_api(get, AuditPath, "limit=1", AuthHeader)
),
Size2 = mnesia:table_info(emqx_audit, size),
%% Record the audit disable action, so the size + 1
?assertEqual(Size1 + 1, Size2),
{ok, Zones} = emqx_mgmt_api_configs_SUITE:get_global_zone(),
NewZones = emqx_utils_maps:deep_put([<<"mqtt">>, <<"max_topic_levels">>], Zones, 111),
{ok, #{<<"mqtt">> := Res}} = emqx_mgmt_api_configs_SUITE:update_global_zone(NewZones),
?assertMatch(#{<<"max_topic_levels">> := 111}, Res),
Size3 = mnesia:table_info(emqx_audit, size),
%% Don't record mqtt update request.
?assertEqual(Size2, Size3),
%% enabled again
{ok, _} = emqx_mgmt_api_configs_SUITE:update_config("log", Logs1),
Size4 = mnesia:table_info(emqx_audit, size),
?assertEqual(Size3 + 1, Size4),
ok.
t_cli(_Config) -> t_cli(_Config) ->
ok = emqx_ctl:run_command(["conf", "show", "log"]), ok = emqx_ctl:run_command(["conf", "show", "log"]),
AuditPath = emqx_mgmt_api_test_util:api_path(["audit"]), AuditPath = emqx_mgmt_api_test_util:api_path(["audit"]),

2
rel/i18n/emqx_audit_api.hocon
View File

@ -16,7 +16,7 @@ filter_from.desc:
`dashboard`: Dashboard request logs, requiring the use of a jwt_token. `dashboard`: Dashboard request logs, requiring the use of a jwt_token.
`rest_api`: API KEY request logs. `rest_api`: API KEY request logs.
`cli`: The emqx command line logs. `cli`: The emqx command line logs.
`erlang_console`: The emqx remote_console run function logs. `erlang_console`: The emqx remote_console run function logs."""
filter_source.desc: filter_source.desc:
""""Filter logs based on source, Possible values are: """"Filter logs based on source, Possible values are: