Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backport of VAULT-9427: Add read support to sys/loggers endpoints into release/1.12.x #18127

Conversation

hc-github-team-secure-vault-core
Copy link
Collaborator

Backport

This PR is auto-generated from #17979 to be assessed for backporting due to the inclusion of the label backport/1.12.x.

WARNING automatic cherry-pick of commits failed. Commits will require human attention.

merge conflict error: POST https://api.github.com/repos/hashicorp/vault/merges: 409 Merge conflict []

The below text is copied from the body of the original PR.


PR #16111 added support to modify server logging verbosity both globally and for individual loggers. It did not, however, add the ability to read the current state of the logger verbosity levels. This PR introduces read handlers for the sys/loggers and sys/loggers/:name endpoints.

Additional more low-level changes:

  • Modified Core.SetLogLevelByName to account for the potential of Core.allLoggers including loggers that share the same name
  • Modified existing sys/loggers handlers to use ParseLogLevel from the logging helper package to remove redundant code
  • Added checks to ensure sys/loggers endpoints do not handle base logger (name == "")
  • Added a TranslateLoggerLevel func to the logging helper package to determine the logging verbosity of an hclog.Logger

Example output on a dev server (vault server -dev):

# Set policy logger to trace level
❯ curl -XPUT -H "X-Vault-Token: $VAULT_TOKEN" -d '{"level":"trace"}' "$VAULT_ADDR/v1/sys/loggers/policy"

# Fetch verbosity level of all loggers
❯ curl -s -XGET -H "X-Vault-Token: $VAULT_TOKEN" "$VAULT_ADDR/v1/sys/loggers" | jq .data
{
  "activity": "info",
  "audit": "info",
  "auth.token.auth_token_cf840257": "info",
  "core": "info",
  "core.cluster-listener": "info",
  "core.cluster-listener.tcp": "info",
  "core.router": "info",
  "expiration": "info",
  "expiration.job-manager": "info",
  "grpclogfaker": "info",
  "identity": "info",
  "identity.storagepacker.entities": "info",
  "identity.storagepacker.groups": "info",
  "identity.storagepacker.local-aliases": "info",
  "mfa": "info",
  "policy": "trace",
  "quotas": "info",
  "rollback": "info",
  "seal.shamir": "info",
  "secrets.cubbyhole.cubbyhole_079cd5ab": "info",
  "secrets.identity.identity_7b1c0163": "info",
  "secrets.kv.kv_efb8658b": "info",
  "secrets.system.system_3ae59f37": "info",
  "storage.cache": "info",
  "storage.inmem": "info",
  "storage.sealunwrapper": "info",
  "system": "info",
  "token": "info"
}

# Get verbosity level of just the policy logger
❯ curl -s -XGET -H "X-Vault-Token: $VAULT_TOKEN" "$VAULT_ADDR/v1/sys/loggers/policy" | jq .data
{
  "policy": "trace"
}

# Revert verbosity level of just the policy logger to what is provided in config
❯ curl -s -XDELETE -H "X-Vault-Token: $VAULT_TOKEN" "$VAULT_ADDR/v1/sys/loggers/policy"

# Get verbosity level of just the policy logger
❯ curl -s -XGET -H "X-Vault-Token: $VAULT_TOKEN" "$VAULT_ADDR/v1/sys/loggers/policy" | jq .data
{
  "policy": "info"
}

Overview of commits

@hashicorp-cla
Copy link

CLA assistant check

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes


temp seems not to be a GitHub user.
You need a GitHub account to be able to sign the CLA. If you already have a GitHub account, please add the email address used for this commit to your account.

Have you signed the CLA already but the status is still pending? Recheck it.

@ccapurso ccapurso closed this Nov 28, 2022
@ccapurso ccapurso deleted the backport/vault-9427-sys-loggers-read/precisely-generous-pig branch November 28, 2022 16:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants