mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-11-01 19:17:58 +00:00
updates to tidy up audit code (#24976)
* updates to tidy up audit code * updated error message in test
This commit is contained in:
Peter Wilson
@@ -13,7 +13,7 @@ import (
|
|||||||
// for audit events. It will generate an ID if no ID is supplied. Supported
|
// for audit events. It will generate an ID if no ID is supplied. Supported
|
||||||
// options: WithID, WithNow.
|
// options: WithID, WithNow.
|
||||||
func NewEvent(s subtype, opt ...Option) (*AuditEvent, error) {
|
func NewEvent(s subtype, opt ...Option) (*AuditEvent, error) {
|
||||||
const op = "audit.newEvent"
|
const op = "audit.NewEvent"
|
||||||
|
|
||||||
// Get the default options
|
// Get the default options
|
||||||
opts, err := getOpts(opt...)
|
opts, err := getOpts(opt...)
|
||||||
|
|||||||
@@ -29,21 +29,21 @@ func TestAuditEvent_new(t *testing.T) {
|
|||||||
Subtype: subtype(""),
|
Subtype: subtype(""),
|
||||||
Format: format(""),
|
Format: format(""),
|
||||||
IsErrorExpected: true,
|
IsErrorExpected: true,
|
||||||
ExpectedErrorMessage: "audit.newEvent: audit.(AuditEvent).validate: audit.(subtype).validate: '' is not a valid event subtype: invalid parameter",
|
ExpectedErrorMessage: "audit.NewEvent: audit.(AuditEvent).validate: audit.(subtype).validate: '' is not a valid event subtype: invalid parameter",
|
||||||
},
|
},
|
||||||
"empty-Option": {
|
"empty-Option": {
|
||||||
Options: []Option{},
|
Options: []Option{},
|
||||||
Subtype: subtype(""),
|
Subtype: subtype(""),
|
||||||
Format: format(""),
|
Format: format(""),
|
||||||
IsErrorExpected: true,
|
IsErrorExpected: true,
|
||||||
ExpectedErrorMessage: "audit.newEvent: audit.(AuditEvent).validate: audit.(subtype).validate: '' is not a valid event subtype: invalid parameter",
|
ExpectedErrorMessage: "audit.NewEvent: audit.(AuditEvent).validate: audit.(subtype).validate: '' is not a valid event subtype: invalid parameter",
|
||||||
},
|
},
|
||||||
"bad-id": {
|
"bad-id": {
|
||||||
Options: []Option{WithID("")},
|
Options: []Option{WithID("")},
|
||||||
Subtype: ResponseType,
|
Subtype: ResponseType,
|
||||||
Format: JSONFormat,
|
Format: JSONFormat,
|
||||||
IsErrorExpected: true,
|
IsErrorExpected: true,
|
||||||
ExpectedErrorMessage: "audit.newEvent: error applying options: id cannot be empty",
|
ExpectedErrorMessage: "audit.NewEvent: error applying options: id cannot be empty",
|
||||||
},
|
},
|
||||||
"good": {
|
"good": {
|
||||||
Options: []Option{
|
Options: []Option{
|
||||||
|
|||||||
@@ -36,7 +36,6 @@ type Backend struct {
|
|||||||
name string
|
name string
|
||||||
nodeIDList []eventlogger.NodeID
|
nodeIDList []eventlogger.NodeID
|
||||||
nodeMap map[eventlogger.NodeID]eventlogger.Node
|
nodeMap map[eventlogger.NodeID]eventlogger.Node
|
||||||
filePath string
|
|
||||||
salt *atomic.Value
|
salt *atomic.Value
|
||||||
saltConfig *salt.Config
|
saltConfig *salt.Config
|
||||||
saltMutex sync.RWMutex
|
saltMutex sync.RWMutex
|
||||||
@@ -89,7 +88,6 @@ func Factory(_ context.Context, conf *audit.BackendConfig, headersConfig audit.H
|
|||||||
|
|
||||||
b := &Backend{
|
b := &Backend{
|
||||||
fallback: fallback,
|
fallback: fallback,
|
||||||
filePath: filePath,
|
|
||||||
name: conf.MountPath,
|
name: conf.MountPath,
|
||||||
saltConfig: conf.SaltConfig,
|
saltConfig: conf.SaltConfig,
|
||||||
saltView: conf.SaltView,
|
saltView: conf.SaltView,
|
||||||
|
|||||||
@@ -6,11 +6,9 @@ package socket
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/hashicorp/eventlogger"
|
"github.com/hashicorp/eventlogger"
|
||||||
"github.com/hashicorp/go-secure-stdlib/parseutil"
|
"github.com/hashicorp/go-secure-stdlib/parseutil"
|
||||||
@@ -24,19 +22,14 @@ var _ audit.Backend = (*Backend)(nil)
|
|||||||
|
|
||||||
// Backend is the audit backend for the socket audit transport.
|
// Backend is the audit backend for the socket audit transport.
|
||||||
type Backend struct {
|
type Backend struct {
|
||||||
sync.Mutex
|
fallback bool
|
||||||
address string
|
name string
|
||||||
connection net.Conn
|
nodeIDList []eventlogger.NodeID
|
||||||
fallback bool
|
nodeMap map[eventlogger.NodeID]eventlogger.Node
|
||||||
name string
|
salt *salt.Salt
|
||||||
nodeIDList []eventlogger.NodeID
|
saltConfig *salt.Config
|
||||||
nodeMap map[eventlogger.NodeID]eventlogger.Node
|
saltMutex sync.RWMutex
|
||||||
salt *salt.Salt
|
saltView logical.Storage
|
||||||
saltConfig *salt.Config
|
|
||||||
saltMutex sync.RWMutex
|
|
||||||
saltView logical.Storage
|
|
||||||
socketType string
|
|
||||||
writeDuration time.Duration
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func Factory(_ context.Context, conf *audit.BackendConfig, headersConfig audit.HeaderFormatter) (audit.Backend, error) {
|
func Factory(_ context.Context, conf *audit.BackendConfig, headersConfig audit.HeaderFormatter) (audit.Backend, error) {
|
||||||
@@ -65,14 +58,10 @@ func Factory(_ context.Context, conf *audit.BackendConfig, headersConfig audit.H
|
|||||||
writeDeadline = "2s"
|
writeDeadline = "2s"
|
||||||
}
|
}
|
||||||
|
|
||||||
writeDuration, err := parseutil.ParseDurationSecond(writeDeadline)
|
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("%s: failed to parse 'write_timeout': %w", op, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
// The config options 'fallback' and 'filter' are mutually exclusive, a fallback
|
// The config options 'fallback' and 'filter' are mutually exclusive, a fallback
|
||||||
// device catches everything, so it cannot be allowed to filter.
|
// device catches everything, so it cannot be allowed to filter.
|
||||||
var fallback bool
|
var fallback bool
|
||||||
|
var err error
|
||||||
if fallbackRaw, ok := conf.Config["fallback"]; ok {
|
if fallbackRaw, ok := conf.Config["fallback"]; ok {
|
||||||
fallback, err = parseutil.ParseBool(fallbackRaw)
|
fallback, err = parseutil.ParseBool(fallbackRaw)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -85,15 +74,12 @@ func Factory(_ context.Context, conf *audit.BackendConfig, headersConfig audit.H
|
|||||||
}
|
}
|
||||||
|
|
||||||
b := &Backend{
|
b := &Backend{
|
||||||
fallback: fallback,
|
fallback: fallback,
|
||||||
address: address,
|
name: conf.MountPath,
|
||||||
name: conf.MountPath,
|
saltConfig: conf.SaltConfig,
|
||||||
saltConfig: conf.SaltConfig,
|
saltView: conf.SaltView,
|
||||||
saltView: conf.SaltView,
|
nodeIDList: []eventlogger.NodeID{},
|
||||||
socketType: socketType,
|
nodeMap: make(map[eventlogger.NodeID]eventlogger.Node),
|
||||||
writeDuration: writeDuration,
|
|
||||||
nodeIDList: []eventlogger.NodeID{},
|
|
||||||
nodeMap: make(map[eventlogger.NodeID]eventlogger.Node),
|
|
||||||
}
|
}
|
||||||
|
|
||||||
err = b.configureFilterNode(conf.Config["filter"])
|
err = b.configureFilterNode(conf.Config["filter"])
|
||||||
|
|||||||
@@ -417,7 +417,7 @@ func TestBackend_Factory_Conf(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
isErrorExpected: true,
|
isErrorExpected: true,
|
||||||
expectedErrorMessage: "socket.Factory: failed to parse 'write_timeout': time: invalid duration \"qwerty\"",
|
expectedErrorMessage: "socket.Factory: error configuring sink node: socket.(Backend).configureSinkNode: error creating socket sink node: event.NewSocketSink: error applying options: unable to parse max duration: time: invalid duration \"qwerty\"",
|
||||||
},
|
},
|
||||||
"non-fallback-device-with-filter": {
|
"non-fallback-device-with-filter": {
|
||||||
backendConfig: &audit.BackendConfig{
|
backendConfig: &audit.BackendConfig{
|
||||||
|
|||||||
@@ -12,7 +12,6 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/hashicorp/go-secure-stdlib/parseutil"
|
"github.com/hashicorp/go-secure-stdlib/parseutil"
|
||||||
|
|
||||||
"github.com/hashicorp/go-uuid"
|
"github.com/hashicorp/go-uuid"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -160,7 +159,7 @@ func WithMaxDuration(duration string) Option {
|
|||||||
|
|
||||||
parsed, err := parseutil.ParseDurationSecond(duration)
|
parsed, err := parseutil.ParseDurationSecond(duration)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return fmt.Errorf("unable to parse max duration: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
o.withMaxDuration = parsed
|
o.withMaxDuration = parsed
|
||||||
|
|||||||
@@ -324,12 +324,12 @@ func TestOptions_WithMaxDuration(t *testing.T) {
|
|||||||
"bad-value": {
|
"bad-value": {
|
||||||
Value: "juan",
|
Value: "juan",
|
||||||
IsErrorExpected: true,
|
IsErrorExpected: true,
|
||||||
ExpectedErrorMessage: "time: invalid duration \"juan\"",
|
ExpectedErrorMessage: "unable to parse max duration: time: invalid duration \"juan\"",
|
||||||
},
|
},
|
||||||
"bad-spacey-value": {
|
"bad-spacey-value": {
|
||||||
Value: " juan ",
|
Value: " juan ",
|
||||||
IsErrorExpected: true,
|
IsErrorExpected: true,
|
||||||
ExpectedErrorMessage: "time: invalid duration \"juan\"",
|
ExpectedErrorMessage: "unable to parse max duration: time: invalid duration \"juan\"",
|
||||||
},
|
},
|
||||||
"duration-2s": {
|
"duration-2s": {
|
||||||
Value: "2s",
|
Value: "2s",
|
||||||
|
|||||||
@@ -50,7 +50,7 @@ func TestNewSocketSink(t *testing.T) {
|
|||||||
format: "json",
|
format: "json",
|
||||||
opts: []Option{WithMaxDuration("bar")},
|
opts: []Option{WithMaxDuration("bar")},
|
||||||
wantErr: true,
|
wantErr: true,
|
||||||
expectedErrMsg: "event.NewSocketSink: error applying options: time: invalid duration \"bar\"",
|
expectedErrMsg: "event.NewSocketSink: error applying options: unable to parse max duration: time: invalid duration \"bar\"",
|
||||||
},
|
},
|
||||||
"happy": {
|
"happy": {
|
||||||
address: "wss://foo",
|
address: "wss://foo",
|
||||||
|
|||||||
Reference in New Issue
Block a user