Add configure item for audit_log_disable (#21368)

Add configure item audit_log_disable Signed-off-by: stonezdj <stone.zhang@broadcom.com>
goharbor · Jan 6, 2025 · 875f43b · 875f43b
1 parent 6001359
commit 875f43b
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 0 deletions.
diff --git a/src/common/const.go b/src/common/const.go
@@ -220,6 +220,9 @@ const (
 	// ScannerSkipUpdatePullTime
 	ScannerSkipUpdatePullTime = "scanner_skip_update_pulltime"
 
+	// AuditLogEventsDisabled
+	AuditLogEventsDisabled = "audit_log_events_disabled"
+
 	// SessionTimeout defines the web session timeout
 	SessionTimeout = "session_timeout"
 

diff --git a/src/lib/config/metadata/metadatalist.go b/src/lib/config/metadata/metadatalist.go
@@ -191,6 +191,7 @@ var (
 		{Name: common.AuditLogForwardEndpoint, Scope: UserScope, Group: BasicGroup, EnvKey: "AUDIT_LOG_FORWARD_ENDPOINT", DefaultValue: "", ItemType: &StringType{}, Editable: false, Description: `The endpoint to forward the audit log.`},
 		{Name: common.SkipAuditLogDatabase, Scope: UserScope, Group: BasicGroup, EnvKey: "SKIP_LOG_AUDIT_DATABASE", DefaultValue: "false", ItemType: &BoolType{}, Editable: false, Description: `The option to skip audit log in database`},
 		{Name: common.ScannerSkipUpdatePullTime, Scope: UserScope, Group: BasicGroup, EnvKey: "SCANNER_SKIP_UPDATE_PULL_TIME", DefaultValue: "false", ItemType: &BoolType{}, Editable: false, Description: `The option to skip update pull time for scanner`},
+		{Name: common.AuditLogEventsDisabled, Scope: UserScope, Group: BasicGroup, EnvKey: "AUDIT_LOG_EVENTS_DISABLED", DefaultValue: "", ItemType: &StringType{}, Editable: false, Description: `The option to skip audit log for some operations, the key is <operation>_<resource_type> like create_user, delete_user, separated by comma`},
 
 		{Name: common.SessionTimeout, Scope: UserScope, Group: BasicGroup, EnvKey: "SESSION_TIMEOUT", DefaultValue: "60", ItemType: &Int64Type{}, Editable: true, Description: `The session timeout in minutes`},
 

diff --git a/src/lib/config/userconfig.go b/src/lib/config/userconfig.go
@@ -261,3 +261,16 @@ func ScannerSkipUpdatePullTime(ctx context.Context) bool {
 func BannerMessage(ctx context.Context) string {
 	return DefaultMgr().Get(ctx, common.BannerMessage).GetString()
 }
+
+// AuditLogEventEnabled returns the audit log enabled setting for a specific event_type, such as delete_user, create_user
+func AuditLogEventEnabled(ctx context.Context, eventType string) bool {
+	disableListStr := DefaultMgr().Get(ctx, common.AuditLogEventsDisabled).GetString()
+	disableList := strings.Split(disableListStr, ",")
+	for _, t := range disableList {
+		tName := strings.TrimSpace(t)
+		if strings.EqualFold(tName, eventType) {
+			return false
+		}
+	}
+	return true
+}