-
-
Save mpalmi/8cbb375f8616a8b1237e5189490ff23e to your computer and use it in GitHub Desktop.
ActivityLog/Reporting Backports - 1.12.x
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/vault/activity/activity_log.pb.go b/vault/activity/activity_log.pb.go | |
index 3fe3f2faca..9e0e01b356 100644 | |
--- a/vault/activity/activity_log.pb.go | |
+++ b/vault/activity/activity_log.pb.go | |
@@ -1,7 +1,10 @@ | |
+// Copyright (c) HashiCorp, Inc. | |
+// SPDX-License-Identifier: MPL-2.0 | |
+ | |
// Code generated by protoc-gen-go. DO NOT EDIT. | |
// versions: | |
// protoc-gen-go v1.28.1 | |
-// protoc v3.21.5 | |
+// protoc v3.21.12 | |
// source: vault/activity/activity_log.proto | |
package activity | |
@@ -39,6 +42,9 @@ type EntityRecord struct { | |
// MountAccessor is the auth mount accessor of the token used to perform the | |
// activity. | |
MountAccessor string `protobuf:"bytes,5,opt,name=mount_accessor,json=mountAccessor,proto3" json:"mount_accessor,omitempty"` | |
+ // client_type identifies the source of the entity record (entity, | |
+ // non-entity, acme, etc.) | |
+ ClientType string `protobuf:"bytes,6,opt,name=client_type,json=clientType,proto3" json:"client_type,omitempty"` | |
} | |
func (x *EntityRecord) Reset() { | |
@@ -108,6 +114,13 @@ func (x *EntityRecord) GetMountAccessor() string { | |
return "" | |
} | |
+func (x *EntityRecord) GetClientType() string { | |
+ if x != nil { | |
+ return x.ClientType | |
+ } | |
+ return "" | |
+} | |
+ | |
type LogFragment struct { | |
state protoimpl.MessageState | |
sizeCache protoimpl.SizeCache | |
@@ -315,7 +328,7 @@ var File_vault_activity_activity_log_proto protoreflect.FileDescriptor | |
var file_vault_activity_activity_log_proto_rawDesc = []byte{ | |
0x0a, 0x21, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x2f, 0x61, 0x63, 0x74, 0x69, 0x76, 0x69, 0x74, 0x79, | |
0x2f, 0x61, 0x63, 0x74, 0x69, 0x76, 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x6f, 0x67, 0x2e, 0x70, 0x72, | |
- 0x6f, 0x74, 0x6f, 0x12, 0x08, 0x61, 0x63, 0x74, 0x69, 0x76, 0x69, 0x74, 0x79, 0x22, 0xb2, 0x01, | |
+ 0x6f, 0x74, 0x6f, 0x12, 0x08, 0x61, 0x63, 0x74, 0x69, 0x76, 0x69, 0x74, 0x79, 0x22, 0xd3, 0x01, | |
0x0a, 0x0c, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x12, 0x1b, | |
0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, | |
0x09, 0x52, 0x08, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x21, 0x0a, 0x0c, 0x6e, | |
@@ -327,44 +340,46 @@ var file_vault_activity_activity_log_proto_rawDesc = []byte{ | |
0x52, 0x09, 0x6e, 0x6f, 0x6e, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x25, 0x0a, 0x0e, 0x6d, | |
0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x18, 0x05, 0x20, | |
0x01, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, | |
- 0x6f, 0x72, 0x22, 0x86, 0x02, 0x0a, 0x0b, 0x4c, 0x6f, 0x67, 0x46, 0x72, 0x61, 0x67, 0x6d, 0x65, | |
- 0x6e, 0x74, 0x12, 0x29, 0x0a, 0x10, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6e, | |
- 0x67, 0x5f, 0x6e, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6f, 0x72, | |
- 0x69, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6e, 0x67, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x30, 0x0a, | |
- 0x07, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, | |
- 0x2e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x69, 0x74, 0x79, 0x2e, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, | |
- 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x52, 0x07, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73, 0x12, | |
- 0x56, 0x0a, 0x11, 0x6e, 0x6f, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x74, 0x6f, | |
- 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x61, 0x63, 0x74, | |
- 0x69, 0x76, 0x69, 0x74, 0x79, 0x2e, 0x4c, 0x6f, 0x67, 0x46, 0x72, 0x61, 0x67, 0x6d, 0x65, 0x6e, | |
- 0x74, 0x2e, 0x4e, 0x6f, 0x6e, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x54, 0x6f, 0x6b, 0x65, 0x6e, | |
- 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x6e, 0x6f, 0x6e, 0x45, 0x6e, 0x74, 0x69, 0x74, | |
- 0x79, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x1a, 0x42, 0x0a, 0x14, 0x4e, 0x6f, 0x6e, 0x45, 0x6e, | |
- 0x74, 0x69, 0x74, 0x79, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, | |
- 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, | |
- 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, | |
- 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x45, 0x0a, 0x11, 0x45, | |
- 0x6e, 0x74, 0x69, 0x74, 0x79, 0x41, 0x63, 0x74, 0x69, 0x76, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x67, | |
- 0x12, 0x30, 0x0a, 0x07, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, | |
- 0x0b, 0x32, 0x16, 0x2e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x69, 0x74, 0x79, 0x2e, 0x45, 0x6e, 0x74, | |
- 0x69, 0x74, 0x79, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x52, 0x07, 0x63, 0x6c, 0x69, 0x65, 0x6e, | |
- 0x74, 0x73, 0x22, 0xb4, 0x01, 0x0a, 0x0a, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x43, 0x6f, 0x75, 0x6e, | |
- 0x74, 0x12, 0x5f, 0x0a, 0x15, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x62, 0x79, 0x5f, 0x6e, 0x61, | |
- 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, | |
- 0x32, 0x2c, 0x2e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x69, 0x74, 0x79, 0x2e, 0x54, 0x6f, 0x6b, 0x65, | |
- 0x6e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, | |
- 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x49, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x12, | |
- 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, | |
- 0x49, 0x64, 0x1a, 0x45, 0x0a, 0x17, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, 0x6d, | |
- 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x49, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, | |
- 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, | |
- 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, | |
- 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x15, 0x0a, 0x13, 0x4c, 0x6f, 0x67, | |
- 0x46, 0x72, 0x61, 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, | |
- 0x42, 0x2b, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, | |
- 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x2f, 0x76, | |
- 0x61, 0x75, 0x6c, 0x74, 0x2f, 0x61, 0x63, 0x74, 0x69, 0x76, 0x69, 0x74, 0x79, 0x62, 0x06, 0x70, | |
- 0x72, 0x6f, 0x74, 0x6f, 0x33, | |
+ 0x6f, 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x74, 0x79, 0x70, | |
+ 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, | |
+ 0x79, 0x70, 0x65, 0x22, 0x86, 0x02, 0x0a, 0x0b, 0x4c, 0x6f, 0x67, 0x46, 0x72, 0x61, 0x67, 0x6d, | |
+ 0x65, 0x6e, 0x74, 0x12, 0x29, 0x0a, 0x10, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, | |
+ 0x6e, 0x67, 0x5f, 0x6e, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6f, | |
+ 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6e, 0x67, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x30, | |
+ 0x0a, 0x07, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, | |
+ 0x16, 0x2e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x69, 0x74, 0x79, 0x2e, 0x45, 0x6e, 0x74, 0x69, 0x74, | |
+ 0x79, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x52, 0x07, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73, | |
+ 0x12, 0x56, 0x0a, 0x11, 0x6e, 0x6f, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x74, | |
+ 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x61, 0x63, | |
+ 0x74, 0x69, 0x76, 0x69, 0x74, 0x79, 0x2e, 0x4c, 0x6f, 0x67, 0x46, 0x72, 0x61, 0x67, 0x6d, 0x65, | |
+ 0x6e, 0x74, 0x2e, 0x4e, 0x6f, 0x6e, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x54, 0x6f, 0x6b, 0x65, | |
+ 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x6e, 0x6f, 0x6e, 0x45, 0x6e, 0x74, 0x69, | |
+ 0x74, 0x79, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x1a, 0x42, 0x0a, 0x14, 0x4e, 0x6f, 0x6e, 0x45, | |
+ 0x6e, 0x74, 0x69, 0x74, 0x79, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, | |
+ 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, | |
+ 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, | |
+ 0x04, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x45, 0x0a, 0x11, | |
+ 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x41, 0x63, 0x74, 0x69, 0x76, 0x69, 0x74, 0x79, 0x4c, 0x6f, | |
+ 0x67, 0x12, 0x30, 0x0a, 0x07, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, | |
+ 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x69, 0x74, 0x79, 0x2e, 0x45, 0x6e, | |
+ 0x74, 0x69, 0x74, 0x79, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x52, 0x07, 0x63, 0x6c, 0x69, 0x65, | |
+ 0x6e, 0x74, 0x73, 0x22, 0xb4, 0x01, 0x0a, 0x0a, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x43, 0x6f, 0x75, | |
+ 0x6e, 0x74, 0x12, 0x5f, 0x0a, 0x15, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x62, 0x79, 0x5f, 0x6e, | |
+ 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x03, 0x28, | |
+ 0x0b, 0x32, 0x2c, 0x2e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x69, 0x74, 0x79, 0x2e, 0x54, 0x6f, 0x6b, | |
+ 0x65, 0x6e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, | |
+ 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x49, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, | |
+ 0x12, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, | |
+ 0x65, 0x49, 0x64, 0x1a, 0x45, 0x0a, 0x17, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, | |
+ 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x49, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, | |
+ 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, | |
+ 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, | |
+ 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x15, 0x0a, 0x13, 0x4c, 0x6f, | |
+ 0x67, 0x46, 0x72, 0x61, 0x67, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, | |
+ 0x65, 0x42, 0x2b, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, | |
+ 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x2f, | |
+ 0x76, 0x61, 0x75, 0x6c, 0x74, 0x2f, 0x61, 0x63, 0x74, 0x69, 0x76, 0x69, 0x74, 0x79, 0x62, 0x06, | |
+ 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, | |
} | |
var ( | |
diff --git a/vault/activity/activity_log.proto b/vault/activity/activity_log.proto | |
index 70f7e918ce..42a61bb4eb 100644 | |
--- a/vault/activity/activity_log.proto | |
+++ b/vault/activity/activity_log.proto | |
@@ -1,3 +1,6 @@ | |
+// Copyright (c) HashiCorp, Inc. | |
+// SPDX-License-Identifier: MPL-2.0 | |
+ | |
syntax = "proto3"; | |
option go_package = "github.com/hashicorp/vault/vault/activity"; | |
@@ -19,6 +22,9 @@ message EntityRecord { | |
// MountAccessor is the auth mount accessor of the token used to perform the | |
// activity. | |
string mount_accessor = 5; | |
+ // client_type identifies the source of the entity record (entity, | |
+ // non-entity, acme, etc.) | |
+ string client_type = 6; | |
} | |
message LogFragment { | |
diff --git a/vault/activity/query.go b/vault/activity/query.go | |
index 98ec4aad85..5541cea12a 100644 | |
--- a/vault/activity/query.go | |
+++ b/vault/activity/query.go | |
@@ -1,3 +1,6 @@ | |
+// Copyright (c) HashiCorp, Inc. | |
+// SPDX-License-Identifier: MPL-2.0 | |
+ | |
package activity | |
import ( | |
diff --git a/vault/activity/query_test.go b/vault/activity/query_test.go | |
index 3c81ef568f..c10ab1bd18 100644 | |
--- a/vault/activity/query_test.go | |
+++ b/vault/activity/query_test.go | |
@@ -1,3 +1,6 @@ | |
+// Copyright (c) HashiCorp, Inc. | |
+// SPDX-License-Identifier: MPL-2.0 | |
+ | |
package activity | |
import ( | |
diff --git a/vault/activity_log.go b/vault/activity_log.go | |
index 30430accb3..f003b9460b 100644 | |
--- a/vault/activity_log.go | |
+++ b/vault/activity_log.go | |
@@ -1,3 +1,6 @@ | |
+// Copyright (c) HashiCorp, Inc. | |
+// SPDX-License-Identifier: MPL-2.0 | |
+ | |
package vault | |
import ( | |
@@ -75,6 +78,12 @@ const ( | |
// all fragments and segments no longer storing token counts in the directtokens | |
// storage path. | |
trackedTWESegmentPeriod = 35 * 24 | |
+ | |
+ // Known types of activity events; there's presently two internal event | |
+ // types (tokens/clients with and without entities), but we're beginning | |
+ // to support additional buckets for e.g., ACME requests. | |
+ nonEntityTokenActivityType = "non-entity-token" | |
+ entityActivityType = "entity" | |
) | |
type segmentInfo struct { | |
@@ -1442,12 +1451,36 @@ func (a *ActivityLog) AddEntityToFragment(entityID string, namespaceID string, t | |
// AddClientToFragment checks a client ID for uniqueness and | |
// if not already present, adds it to the current fragment. | |
-// The timestamp is a Unix timestamp *without* nanoseconds, as that | |
-// is what token.CreationTime uses. | |
+// | |
+// See note below about AddActivityToFragment. | |
func (a *ActivityLog) AddClientToFragment(clientID string, namespaceID string, timestamp int64, isTWE bool, mountAccessor string) { | |
+ // TWE == token without entity | |
+ if isTWE { | |
+ a.AddActivityToFragment(clientID, namespaceID, timestamp, nonEntityTokenActivityType, mountAccessor) | |
+ return | |
+ } | |
+ | |
+ a.AddActivityToFragment(clientID, namespaceID, timestamp, entityActivityType, mountAccessor) | |
+} | |
+ | |
+// AddActivityToFragment adds a client count event of any type to | |
+// add to the current fragment. ClientIDs must be unique across | |
+// all types; if not already present, we will add it to the current | |
+// fragment. The timestamp is a Unix timestamp *without* nanoseconds, | |
+// as that is what token.CreationTime uses. | |
+func (a *ActivityLog) AddActivityToFragment(clientID string, namespaceID string, timestamp int64, activityType string, mountAccessor string) { | |
// Check whether entity ID already recorded | |
var present bool | |
+ // TODO: This hack enables separate tracking of events without handling | |
+ // separate storage buckets for counting these event types. Consider | |
+ // removing if the event type is otherwise clear; notably though, this | |
+ // does help ensure clientID uniqueness across different types of tokens, | |
+ // assuming it does not break any other downstream systems. | |
+ if activityType != nonEntityTokenActivityType && activityType != entityActivityType { | |
+ clientID = activityType + "." + clientID | |
+ } | |
+ | |
a.fragmentLock.RLock() | |
if a.enabled { | |
_, present = a.partialMonthClientTracker[clientID] | |
@@ -1476,12 +1509,16 @@ func (a *ActivityLog) AddClientToFragment(clientID string, namespaceID string, t | |
NamespaceID: namespaceID, | |
Timestamp: timestamp, | |
MountAccessor: mountAccessor, | |
+ ClientType: activityType, | |
} | |
// Track whether the clientID corresponds to a token without an entity or not. | |
// This field is backward compatible, as the default is 0, so records created | |
// from pre-1.9 activityLog code will automatically be marked as having an entity. | |
- if isTWE { | |
+ if activityType != entityActivityType { | |
+ // TODO: This part needs to be modified potentially for separate | |
+ // storage buckets of custom event types. Consider setting the above | |
+ // condition to activityType == nonEntityTokenEventType in the future. | |
clientRecord.NonEntity = true | |
} | |
diff --git a/vault/activity_log_test.go b/vault/activity_log_test.go | |
index 47e7307e6d..839bf26b31 100644 | |
--- a/vault/activity_log_test.go | |
+++ b/vault/activity_log_test.go | |
@@ -1,3 +1,6 @@ | |
+// Copyright (c) HashiCorp, Inc. | |
+// SPDX-License-Identifier: MPL-2.0 | |
+ | |
package vault | |
import ( | |
diff --git a/vault/activity_log_testing_util.go b/vault/activity_log_testing_util.go | |
index a935fdbf21..25e0c900c1 100644 | |
--- a/vault/activity_log_testing_util.go | |
+++ b/vault/activity_log_testing_util.go | |
@@ -1,3 +1,6 @@ | |
+// Copyright (c) HashiCorp, Inc. | |
+// SPDX-License-Identifier: MPL-2.0 | |
+ | |
package vault | |
import ( | |
diff --git a/vault/activity_log_util.go b/vault/activity_log_util.go | |
index 35625ac5b0..4c1b7eda36 100644 | |
--- a/vault/activity_log_util.go | |
+++ b/vault/activity_log_util.go | |
@@ -1,3 +1,6 @@ | |
+// Copyright (c) HashiCorp, Inc. | |
+// SPDX-License-Identifier: MPL-2.0 | |
+ | |
//go:build !enterprise | |
package vault | |
diff --git a/vault/activity_log_util_common.go b/vault/activity_log_util_common.go | |
index ec5272c15a..10a3735e6f 100644 | |
--- a/vault/activity_log_util_common.go | |
+++ b/vault/activity_log_util_common.go | |
@@ -1,3 +1,6 @@ | |
+// Copyright (c) HashiCorp, Inc. | |
+// SPDX-License-Identifier: MPL-2.0 | |
+ | |
package vault | |
import ( | |
@@ -295,7 +298,6 @@ type singleTypeSegmentReader struct { | |
currentPathIndex int | |
a *ActivityLog | |
} | |
- | |
type segmentReader struct { | |
tokens *singleTypeSegmentReader | |
entities *singleTypeSegmentReader | |
diff --git a/vault/activity_log_util_common_test.go b/vault/activity_log_util_common_test.go | |
index e4d1ba4e39..817dbf398a 100644 | |
--- a/vault/activity_log_util_common_test.go | |
+++ b/vault/activity_log_util_common_test.go | |
@@ -1,3 +1,6 @@ | |
+// Copyright (c) HashiCorp, Inc. | |
+// SPDX-License-Identifier: MPL-2.0 | |
+ | |
package vault | |
import ( | |
diff --git a/vault/logical_system_activity.go b/vault/logical_system_activity.go | |
index 3fc9487bf1..9ad930b5df 100644 | |
--- a/vault/logical_system_activity.go | |
+++ b/vault/logical_system_activity.go | |
@@ -1,3 +1,6 @@ | |
+// Copyright (c) HashiCorp, Inc. | |
+// SPDX-License-Identifier: MPL-2.0 | |
+ | |
package vault | |
import ( | |
@@ -18,6 +21,13 @@ import ( | |
func (b *SystemBackend) activityQueryPath() *framework.Path { | |
return &framework.Path{ | |
Pattern: "internal/counters/activity$", | |
+ | |
+ DisplayAttrs: &framework.DisplayAttributes{ | |
+ OperationPrefix: "internal-client-activity", | |
+ OperationVerb: "report", | |
+ OperationSuffix: "counts", | |
+ }, | |
+ | |
Fields: map[string]*framework.FieldSchema{ | |
"current_billing_period": { | |
Type: framework.TypeBool, | |
@@ -52,7 +62,14 @@ func (b *SystemBackend) activityQueryPath() *framework.Path { | |
// monthlyActivityCountPath is available in every namespace | |
func (b *SystemBackend) monthlyActivityCountPath() *framework.Path { | |
return &framework.Path{ | |
- Pattern: "internal/counters/activity/monthly$", | |
+ Pattern: "internal/counters/activity/monthly$", | |
+ | |
+ DisplayAttrs: &framework.DisplayAttributes{ | |
+ OperationPrefix: "internal-client-activity", | |
+ OperationVerb: "report", | |
+ OperationSuffix: "counts-this-month", | |
+ }, | |
+ | |
HelpSynopsis: strings.TrimSpace(sysHelp["activity-monthly"][0]), | |
HelpDescription: strings.TrimSpace(sysHelp["activity-monthly"][1]), | |
Operations: map[logical.Operation]framework.OperationHandler{ | |
@@ -78,6 +95,11 @@ func (b *SystemBackend) rootActivityPaths() []*framework.Path { | |
b.monthlyActivityCountPath(), | |
{ | |
Pattern: "internal/counters/config$", | |
+ | |
+ DisplayAttrs: &framework.DisplayAttributes{ | |
+ OperationPrefix: "internal-client-activity", | |
+ }, | |
+ | |
Fields: map[string]*framework.FieldSchema{ | |
"default_report_months": { | |
Type: framework.TypeInt, | |
@@ -100,16 +122,29 @@ func (b *SystemBackend) rootActivityPaths() []*framework.Path { | |
Operations: map[logical.Operation]framework.OperationHandler{ | |
logical.ReadOperation: &framework.PathOperation{ | |
Callback: b.handleActivityConfigRead, | |
- Summary: "Read the client count tracking configuration.", | |
+ DisplayAttrs: &framework.DisplayAttributes{ | |
+ OperationVerb: "read", | |
+ OperationSuffix: "configuration", | |
+ }, | |
+ Summary: "Read the client count tracking configuration.", | |
}, | |
logical.UpdateOperation: &framework.PathOperation{ | |
Callback: b.handleActivityConfigUpdate, | |
- Summary: "Enable or disable collection of client count, set retention period, or set default reporting period.", | |
+ DisplayAttrs: &framework.DisplayAttributes{ | |
+ OperationVerb: "configure", | |
+ }, | |
+ Summary: "Enable or disable collection of client count, set retention period, or set default reporting period.", | |
}, | |
}, | |
}, | |
{ | |
Pattern: "internal/counters/activity/export$", | |
+ | |
+ DisplayAttrs: &framework.DisplayAttributes{ | |
+ OperationPrefix: "internal-client-activity", | |
+ OperationVerb: "export", | |
+ }, | |
+ | |
Fields: map[string]*framework.FieldSchema{ | |
"start_time": { | |
Type: framework.TypeTime, | |
@@ -125,6 +160,7 @@ func (b *SystemBackend) rootActivityPaths() []*framework.Path { | |
Default: "json", | |
}, | |
}, | |
+ | |
HelpSynopsis: strings.TrimSpace(sysHelp["activity-export"][0]), | |
HelpDescription: strings.TrimSpace(sysHelp["activity-export"][1]), | |
diff --git a/vault/logical_system_activity_write_testonly.go b/vault/logical_system_activity_write_testonly.go | |
index 1ddca629b7..aa89770928 100644 | |
--- a/vault/logical_system_activity_write_testonly.go | |
+++ b/vault/logical_system_activity_write_testonly.go | |
@@ -182,12 +182,17 @@ func (s *singleMonthActivityClients) addNewClients(c *generation.Client, mountAc | |
if c.Count > 1 { | |
count = int(c.Count) | |
} | |
+ clientType := entityActivityType | |
+ if c.NonEntity { | |
+ clientType = nonEntityTokenActivityType | |
+ } | |
for i := 0; i < count; i++ { | |
record := &activity.EntityRecord{ | |
ClientID: c.Id, | |
NamespaceID: c.Namespace, | |
NonEntity: c.NonEntity, | |
MountAccessor: mountAccessor, | |
+ ClientType: clientType, | |
} | |
if record.ClientID == "" { | |
var err error |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment