diff --git a/lib/auth/auth.go b/lib/auth/auth.go index d4054db33bd2f..6f03aa42c9713 100644 --- a/lib/auth/auth.go +++ b/lib/auth/auth.go @@ -1205,6 +1205,13 @@ func (a *Server) SetEmitter(emitter apievents.Emitter) { a.emitter = emitter } +// EmitAuditEvent implements [apievents.Emitter] by delegating to its dedicated +// emitter rather than falling back to the implementation from [Services] (using +// the audit log directly, which is almost never what you want). +func (a *Server) EmitAuditEvent(ctx context.Context, e apievents.AuditEvent) error { + return trace.Wrap(a.emitter.EmitAuditEvent(ctx, e)) +} + // SetUsageReporter sets the server's usage reporter. Note that this is only // safe to use before server start. func (a *Server) SetUsageReporter(reporter usagereporter.UsageReporter) { diff --git a/lib/auth/helpers.go b/lib/auth/helpers.go index 0018454a99186..ba8874c321583 100644 --- a/lib/auth/helpers.go +++ b/lib/auth/helpers.go @@ -142,7 +142,7 @@ func NewTestServer(cfg TestServerConfig) (*TestServer, error) { tlsCfg.APIConfig.AuditLog = authServer.AuditLog } if tlsCfg.APIConfig.Emitter == nil { - tlsCfg.APIConfig.Emitter = authServer.AuthServer.emitter + tlsCfg.APIConfig.Emitter = authServer.AuthServer } if tlsCfg.AcceptedUsage == nil { tlsCfg.AcceptedUsage = authServer.AcceptedUsage @@ -583,7 +583,7 @@ func (a *TestAuthServer) NewTestTLSServer() (*TestTLSServer, error) { AuthServer: a.AuthServer, Authorizer: a.Authorizer, AuditLog: a.AuditLog, - Emitter: a.AuthServer.emitter, + Emitter: a.AuthServer, } srv, err := NewTestTLSServer(TestTLSServerConfig{ APIConfig: apiConfig, diff --git a/lib/service/service.go b/lib/service/service.go index 6dc4f08a725a4..c7eb0c3c69499 100644 --- a/lib/service/service.go +++ b/lib/service/service.go @@ -1714,7 +1714,7 @@ func (process *TeleportProcess) initAuthService() error { Authorizer: authorizer, AuditLog: process.auditLog, PluginRegistry: process.PluginRegistry, - Emitter: checkingEmitter, + Emitter: authServer, MetadataGetter: uploadHandler, }