Add resource for managing audit logging webhooks and Kafka targets

[aminueza]

Description:

MinIO supports sending audit logs to webhook endpoints and Kafka topics. Audit logging is critical for compliance, security monitoring, and forensic analysis.

Why it's important:

• Security compliance and audit requirements
• Centralized log management and SIEM integration
• Forensic analysis of access patterns
• Compliance with SOC 2, PCI-DSS, HIPAA
• Real-time security monitoring

Use cases:

• Send audit logs to SIEM (Splunk, ELK, etc.)
• Compliance audit trail
• Security incident investigation
• Access pattern analysis
• Automated alerting on suspicious activity
• Integration with log aggregation platforms

Technical details:

Audit logging supports multiple target types:

• Webhook: HTTP/HTTPS endpoints
• Kafka: Kafka topics

Configuration parameters for webhook:

• MINIO_AUDIT_WEBHOOK_ENABLE_[name] - Enable audit webhook
• MINIO_AUDIT_WEBHOOK_ENDPOINT_[name] - Endpoint URL
• MINIO_AUDIT_WEBHOOK_AUTH_TOKEN_[name] - Authentication token
• MINIO_AUDIT_WEBHOOK_CLIENT_CERT_[name] - mTLS client certificate
• MINIO_AUDIT_WEBHOOK_CLIENT_KEY_[name] - mTLS client key
• MINIO_AUDIT_WEBHOOK_QUEUE_SIZE_[name] - Event queue size (default: 100000)
• MINIO_AUDIT_WEBHOOK_BATCH_SIZE_[name] - Events per batch

Configuration via mc admin:

mc admin config set myminio audit_webhook:name1 \
  endpoint="http://audit-logger:8000/api/ingest" \
  auth_token="secret"

Example Terraform usage:

resource "minio_audit_webhook" "splunk" {
  name = "splunk"
  
  endpoint   = "https://splunk.example.com:8088/services/collector"
  auth_token = var.splunk_hec_token
  
  # Optional batching
  queue_size = 100000
  batch_size = 100
  
  # Optional mTLS
  client_cert = file("audit-client.crt")
  client_key  = file("audit-client.key")
}

resource "minio_audit_webhook" "elasticsearch" {
  name = "elk"
  
  endpoint   = "https://elasticsearch.example.com:9200/minio-audit/_doc"
  auth_token = "Basic ${base64encode("${var.es_user}:${var.es_password}")}"
  
  queue_size = 50000
}

# Multiple audit targets
resource "minio_audit_webhook" "primary" {
  name       = "primary"
  endpoint   = "https://audit-primary.example.com/ingest"
  auth_token = var.primary_token
}

resource "minio_audit_webhook" "backup" {
  name       = "backup"
  endpoint   = "https://audit-backup.example.com/ingest"
  auth_token = var.backup_token
}

# Kafka audit logging
resource "minio_audit_kafka" "compliance" {
  name = "compliance"
  
  brokers = ["kafka1:9092", "kafka2:9092", "kafka3:9092"]
  topic   = "minio-audit-logs"
  
  # Optional SASL authentication
  sasl_username = var.kafka_username
  sasl_password = var.kafka_password
  sasl_mechanism = "plain"  # or "scram-sha-256", "scram-sha-512"
  
  # Optional TLS
  tls_enabled       = true
  tls_skip_verify   = false
  tls_client_auth   = "none"  # or "request", "require"
}

# HTTP webhook to custom audit processor
resource "minio_audit_webhook" "custom_processor" {
  name = "processor"
  
  endpoint = "https://audit-processor.internal/api/minio"
  
  # Custom headers via auth_token
  auth_token = "Bearer ${var.api_token}"
  
  # High queue for burst activity
  queue_size = 200000
  batch_size = 500
}

References:

• Webhook Audit Logs
• Metrics and Logging Settings
• Audit logging discussion
• madmin-go: Configuration management functions

[github-actions]

This issue has been automatically marked as stale due to inactivity. It will be closed in 7 days if no further activity occurs. Please comment or remove the stale label to keep it open.