From 875f43b93c684fbc7d548653a9af9dbff34b622e Mon Sep 17 00:00:00 2001
From: "stonezdj(Daojun Zhang)" <stonezdj@gmail.com>
Date: Mon, 6 Jan 2025 16:21:52 +0800
Subject: [PATCH] Add configure item for audit_log_disable (#21368)

Add configure item audit_log_disable

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
---
 src/common/const.go                     |  3 +++
 src/lib/config/metadata/metadatalist.go |  1 +
 src/lib/config/userconfig.go            | 13 +++++++++++++
 3 files changed, 17 insertions(+)

diff --git a/src/common/const.go b/src/common/const.go
index a8166cea3..8f3eca1b7 100644
--- a/src/common/const.go
+++ b/src/common/const.go
@@ -220,6 +220,9 @@ const (
 	// ScannerSkipUpdatePullTime
 	ScannerSkipUpdatePullTime = "scanner_skip_update_pulltime"
 
+	// AuditLogEventsDisabled
+	AuditLogEventsDisabled = "audit_log_events_disabled"
+
 	// SessionTimeout defines the web session timeout
 	SessionTimeout = "session_timeout"
 
diff --git a/src/lib/config/metadata/metadatalist.go b/src/lib/config/metadata/metadatalist.go
index aab4919fd..d93f71f77 100644
--- a/src/lib/config/metadata/metadatalist.go
+++ b/src/lib/config/metadata/metadatalist.go
@@ -191,6 +191,7 @@ var (
 		{Name: common.AuditLogForwardEndpoint, Scope: UserScope, Group: BasicGroup, EnvKey: "AUDIT_LOG_FORWARD_ENDPOINT", DefaultValue: "", ItemType: &StringType{}, Editable: false, Description: `The endpoint to forward the audit log.`},
 		{Name: common.SkipAuditLogDatabase, Scope: UserScope, Group: BasicGroup, EnvKey: "SKIP_LOG_AUDIT_DATABASE", DefaultValue: "false", ItemType: &BoolType{}, Editable: false, Description: `The option to skip audit log in database`},
 		{Name: common.ScannerSkipUpdatePullTime, Scope: UserScope, Group: BasicGroup, EnvKey: "SCANNER_SKIP_UPDATE_PULL_TIME", DefaultValue: "false", ItemType: &BoolType{}, Editable: false, Description: `The option to skip update pull time for scanner`},
+		{Name: common.AuditLogEventsDisabled, Scope: UserScope, Group: BasicGroup, EnvKey: "AUDIT_LOG_EVENTS_DISABLED", DefaultValue: "", ItemType: &StringType{}, Editable: false, Description: `The option to skip audit log for some operations, the key is <operation>_<resource_type> like create_user, delete_user, separated by comma`},
 
 		{Name: common.SessionTimeout, Scope: UserScope, Group: BasicGroup, EnvKey: "SESSION_TIMEOUT", DefaultValue: "60", ItemType: &Int64Type{}, Editable: true, Description: `The session timeout in minutes`},
 
diff --git a/src/lib/config/userconfig.go b/src/lib/config/userconfig.go
index 4012097c9..1937b3b7e 100644
--- a/src/lib/config/userconfig.go
+++ b/src/lib/config/userconfig.go
@@ -261,3 +261,16 @@ func ScannerSkipUpdatePullTime(ctx context.Context) bool {
 func BannerMessage(ctx context.Context) string {
 	return DefaultMgr().Get(ctx, common.BannerMessage).GetString()
 }
+
+// AuditLogEventEnabled returns the audit log enabled setting for a specific event_type, such as delete_user, create_user
+func AuditLogEventEnabled(ctx context.Context, eventType string) bool {
+	disableListStr := DefaultMgr().Get(ctx, common.AuditLogEventsDisabled).GetString()
+	disableList := strings.Split(disableListStr, ",")
+	for _, t := range disableList {
+		tName := strings.TrimSpace(t)
+		if strings.EqualFold(tName, eventType) {
+			return false
+		}
+	}
+	return true
+}