Add check on the audit log forward and skip audit log database (#17575)

fixes #17524 Signed-off-by: stonezdj <stonezdj@gmail.com>
2025-01-12 19:00:50 +01:00 · 2022-09-21 15:24:57 +08:00 · 2022-09-21 15:24:57 +08:00 · b08b5fe617
commit b08b5fe617
parent 3d8959be49
2 changed files with 19 additions and 6 deletions
--- a/src/controller/config/controller.go
+++ b/src/controller/config/controller.go
@ -138,13 +138,21 @@ func (c *controller) validateCfg(ctx context.Context, cfgs map[string]interface{
 }

 func verifySkipAuditLogCfg(ctx context.Context, cfgs map[string]interface{}, mgr config.Manager) error {
+	updated := false
+	endPoint := mgr.Get(ctx, common.AuditLogForwardEndpoint).GetString()
+	skipAuditDB := mgr.Get(ctx, common.SkipAuditLogDatabase).GetBool()
+
 	if skip, exist := cfgs[common.SkipAuditLogDatabase]; exist {
-		endPoint := mgr.Get(ctx, common.AuditLogForwardEndpoint).GetString()
-		if edp, found := cfgs[common.AuditLogForwardEndpoint]; found {
-			endPoint = edp.(string)
-		}
-		skipAuditDB := skip.(bool)
-		if len(endPoint) == 0 && skipAuditDB {
+		skipAuditDB = skip.(bool)
+		updated = true
+	}
+	if endpoint, exist := cfgs[common.AuditLogForwardEndpoint]; exist {
+		endPoint = endpoint.(string)
+		updated = true
+	}
+
+	if updated {
+		if skipAuditDB && len(endPoint) == 0 {
 			return errors.BadRequestError(errors.New("audit log forward endpoint should be configured before enable skip audit log in database"))
 		}
 	}
--- a/src/controller/config/controller_test.go
+++ b/src/controller/config/controller_test.go
@ -29,6 +29,8 @@ func Test_verifySkipAuditLogCfg(t *testing.T) {
 	cfgManager := &testCfg.Manager{}
 	cfgManager.On("Get", mock.Anything, common.AuditLogForwardEndpoint).
 		Return(&metadata.ConfigureValue{Name: common.AuditLogForwardEndpoint, Value: ""})
+	cfgManager.On("Get", mock.Anything, common.SkipAuditLogDatabase).
+		Return(&metadata.ConfigureValue{Name: common.SkipAuditLogDatabase, Value: "true"})
 	type args struct {
 		ctx  context.Context
 		cfgs map[string]interface{}
@ -49,6 +51,9 @@ func Test_verifySkipAuditLogCfg(t *testing.T) {
 		{name: "none configured", args: args{ctx: context.TODO(),
 			cfgs: map[string]interface{}{},
 			mgr:  cfgManager}, wantErr: false},
+		{name: "enabled skip audit log database, but change log forward endpoint to empty", args: args{ctx: context.TODO(),
+			cfgs: map[string]interface{}{common.AuditLogForwardEndpoint: ""},
+			mgr:  cfgManager}, wantErr: true},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {