Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enabling audit logging causes configuration parse failure #2898

Closed
krarey opened this issue Sep 5, 2023 · 1 comment · Fixed by #2905
Closed

Enabling audit logging causes configuration parse failure #2898

krarey opened this issue Sep 5, 2023 · 1 comment · Fixed by #2905
Labels
type/bug Something isn't working

Comments

@krarey
Copy link
Member

krarey commented Sep 5, 2023
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Overview of the Issue

Enabling the server.auditLogs setting causes a crash loop for Consul Server pods due to invalid type conversion. The rotate_max_files and rotate_bytes settings must be integer-typed in JSON config, however the helm chart converts all values to string on line 207 here:

consul-k8s/charts/consul/templates/server-config-configmap.yaml

Lines 193 to 215 in af16373

{{- if and .Values.server.auditLogs.enabled .Values.global.acls.manageSystemACLs }}
audit-logging.json: |-
{
"audit": {
"enabled": true,
"sink": {
{{- range $index, $element := .Values.server.auditLogs.sinks }}
{{- if ne $index 0 }},{{end}}
"{{ $element.name }}": {
{{- $firstKeyValuePair := false }}
{{- range $k, $v := $element }}
{{- if ne $k "name" }}
{{- if ne $firstKeyValuePair false }},{{end}}
{{- $firstKeyValuePair = true }}
"{{ $k }}": "{{ $v }}"
{{- end }}
{{- end }}
}
{{- end }}
}
}
}
{{- end }}

This leads to the following parse error at agent start:

==> failed to parse /consul/config/..2023_09_05_14_47_57.100611978/audit-logging.json: 2 error(s) decoding:

* 'audit.sink[My Sink].rotate_bytes' expected type 'int', got unconvertible type 'string', value: '2.5165824e+07'
* 'audit.sink[My Sink].rotate_max_files' expected type 'int', got unconvertible type 'string', value: '15'

Reproduction Steps

  1. Install with some variant of the following helm config:
global:
  name: consul
  image: hashicorp/consul-enterprise:1.16-ent
  imageK8S: hashicorp/consul-k8s-control-plane:1.2.1
  gossipEncryption:
    autoGenerate: true
  tls:
    enabled: true
  enableConsulNamespaces: true
  acls:
    manageSystemACLs: true
  enterpriseLicense:
    secretName: consul-license
    secretKey: key
server:
  updatePartition: 0
  auditLogs:
    enabled: true
    sinks:
      - name: My Sink
        type: file
        format: json
        path: /tmp/audit.json
        delivery_guarantee: best-effort
        rotate_duration: 24h
        rotate_max_files: 15
        rotate_bytes: 25165824
  1. Observe logs upon deployment, as consul-server pods fail to start
@krarey krarey added the type/bug Something isn't working label Sep 5, 2023
@Ganeshrockz
Copy link
Contributor

Thanks for reporting the issue @krarey. #2905 should fix this

@david-yu david-yu linked a pull request Sep 6, 2023 that will close this issue
Fix audit log parse error #2905
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix audit log parse error hashicorp/consul-k8s
2 participants
@krarey @Ganeshrockz