Audit: rewrite audit entry formatting to improve performance#27952
Merged
Audit: rewrite audit entry formatting to improve performance#27952
Conversation
peteski22
added
core/audit
hashicorp-contributed-pr
|
CI Results: |
|
Build Results: |
peteski22
force-pushed
the
peteski22/audit/zoomed-in-cloning
branch
from
63bd015 to
00fa861
Compare
Merged
6 tasks
peteski22
added a commit
that referenced
this pull request
Aug 2, 2024
* rewrite audit entry formatting to improve performance
peteski22
added a commit
that referenced
this pull request
Aug 2, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR is a bit of a re-write/refactor of the existing audit code, intended to improve performance. Various binaries/builds have been tested internally in collaboration with our Customer Engineering team to confirm the improvement on CPU, memory usage, barrier gets etc.
The 'guts' of the PR are in
audit/entry_formatter.go.Summary of larger changes:
audit/types.goRequestEntryandResponseEntryinto a single typeEntry(asomitemptyis set on fields it won't make a difference to the output).audit/hashstructure.go:audittypes vs. thelogicalones.audit/entry_formatter.go:newAuth,newRequestandnewResponsethat can be used early to translate the incomingLogInputcomponents into domain specific objects. These funcs will clone all the relevant parts (as opposed to the entire deep clone of theLogInputwhich had a significant performance impact).newResponsewill also handle elision of thedatafield at the time it's about to clone which is also an improvement.Processmethod no longer performs a deep clone on the entireLogInput.Processhas also done away with having to differentiate between a request and a response.eventlogger.Eventas before, but we don't need to create a newAuditEventas the only thing that matters is the (JSON/JSONx) bytes we store in theeventlogger.Event'sFormattedmap.Entrywhich will already have elided response data if required.NOTE: Enterprise PR: https://github.com/hashicorp/vault-enterprise/pull/6373
HashiCorp Checklist
getting backported to N-2, use the new style
backport/ent/x.x.x+entlabelsinstead of the old style
backport/x.x.xlabels.the normal
backport/x.x.xlabel (there should be only 1).of a public function, even if that change is in a CE file, double check that
applying the patch for this PR to the ENT repo and running tests doesn't
break any tests. Sometimes ENT only tests rely on public functions in CE
files.
in the PR description, commit message, or branch name.
description. Also, make sure the changelog is in this PR, not in your ENT PR.