mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-29 17:52:32 +00:00
move noop audit to audit package (#26448)
This commit is contained in:
Peter Wilson
350
audit/backend_noop.go
Normal file
350
audit/backend_noop.go
Normal file
@@ -0,0 +1,350 @@
|
||||
// Copyright (c) HashiCorp, Inc.
|
||||
// SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
package audit
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/sha256"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"strings"
|
||||
"sync"
|
||||
"testing"
|
||||
|
||||
"github.com/hashicorp/eventlogger"
|
||||
"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
|
||||
"github.com/hashicorp/vault/internal/observability/event"
|
||||
"github.com/hashicorp/vault/sdk/helper/salt"
|
||||
"github.com/hashicorp/vault/sdk/logical"
|
||||
)
|
||||
|
||||
var (
|
||||
_ Backend = (*NoopAudit)(nil)
|
||||
_ eventlogger.Node = (*noopWrapper)(nil)
|
||||
)
|
||||
|
||||
// noopWrapper is designed to wrap a formatter node in order to allow access to
|
||||
// bytes formatted, headers formatted and parts of the logical.LogInput.
|
||||
// Some older tests relied on being able to query this information so while those
|
||||
// tests stick around we should look after them.
|
||||
type noopWrapper struct {
|
||||
format string
|
||||
node eventlogger.Node
|
||||
backend *NoopAudit
|
||||
}
|
||||
|
||||
// NoopAuditEventListener is a callback used by noopWrapper.Process() to notify
|
||||
// of each received audit event.
|
||||
type NoopAuditEventListener func(*AuditEvent)
|
||||
|
||||
func (n *NoopAudit) SetListener(listener NoopAuditEventListener) {
|
||||
n.listener = listener
|
||||
}
|
||||
|
||||
type NoopAudit struct {
|
||||
Config *BackendConfig
|
||||
|
||||
ReqErr error
|
||||
ReqAuth []*logical.Auth
|
||||
Req []*logical.Request
|
||||
ReqHeaders []map[string][]string
|
||||
ReqNonHMACKeys []string
|
||||
ReqErrs []error
|
||||
|
||||
RespErr error
|
||||
RespAuth []*logical.Auth
|
||||
RespReq []*logical.Request
|
||||
Resp []*logical.Response
|
||||
RespNonHMACKeys [][]string
|
||||
RespReqNonHMACKeys [][]string
|
||||
RespErrs []error
|
||||
records [][]byte
|
||||
l sync.RWMutex
|
||||
salt *salt.Salt
|
||||
saltMutex sync.RWMutex
|
||||
|
||||
nodeIDList []eventlogger.NodeID
|
||||
nodeMap map[eventlogger.NodeID]eventlogger.Node
|
||||
|
||||
listener NoopAuditEventListener
|
||||
}
|
||||
|
||||
// NoopHeaderFormatter can be used within no-op audit devices to do nothing when
|
||||
// it comes to only allow configured headers to appear in the result.
|
||||
// Whatever is passed in will be returned (nil becomes an empty map) in lowercase.
|
||||
type NoopHeaderFormatter struct{}
|
||||
|
||||
// ApplyConfig implements the relevant interface to make NoopHeaderFormatter an HeaderFormatter.
|
||||
func (f *NoopHeaderFormatter) ApplyConfig(_ context.Context, headers map[string][]string, _ Salter) (result map[string][]string, retErr error) {
|
||||
if len(headers) < 1 {
|
||||
return map[string][]string{}, nil
|
||||
}
|
||||
|
||||
// Make a copy of the incoming headers with everything lower so we can
|
||||
// case-insensitively compare
|
||||
lowerHeaders := make(map[string][]string, len(headers))
|
||||
for k, v := range headers {
|
||||
lowerHeaders[strings.ToLower(k)] = v
|
||||
}
|
||||
|
||||
return lowerHeaders, nil
|
||||
}
|
||||
|
||||
// NewNoopAudit should be used to create a NoopAudit as it handles creation of a
|
||||
// predictable salt and wraps eventlogger nodes so information can be retrieved on
|
||||
// what they've seen or formatted.
|
||||
func NewNoopAudit(config *BackendConfig) (*NoopAudit, error) {
|
||||
view := &logical.InmemStorage{}
|
||||
|
||||
// Create the salt with a known key for predictable hmac values.
|
||||
se := &logical.StorageEntry{Key: "salt", Value: []byte("foo")}
|
||||
err := view.Put(context.Background(), se)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Override the salt related config settings.
|
||||
backendConfig := &BackendConfig{
|
||||
SaltView: view,
|
||||
SaltConfig: &salt.Config{
|
||||
HMAC: sha256.New,
|
||||
HMACType: "hmac-sha256",
|
||||
},
|
||||
Config: config.Config,
|
||||
MountPath: config.MountPath,
|
||||
}
|
||||
|
||||
noopBackend := &NoopAudit{
|
||||
Config: backendConfig,
|
||||
nodeIDList: make([]eventlogger.NodeID, 2),
|
||||
nodeMap: make(map[eventlogger.NodeID]eventlogger.Node, 2),
|
||||
}
|
||||
|
||||
cfg, err := NewFormatterConfig(&NoopHeaderFormatter{})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
formatterNodeID, err := event.GenerateNodeID()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error generating random NodeID for formatter node: %w", err)
|
||||
}
|
||||
|
||||
formatterNode, err := NewEntryFormatter(config.MountPath, cfg, noopBackend, config.Logger)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error creating formatter: %w", err)
|
||||
}
|
||||
|
||||
// Wrap the formatting node, so we can get any bytes that were formatted etc.
|
||||
wrappedFormatter := &noopWrapper{format: "json", node: formatterNode, backend: noopBackend}
|
||||
|
||||
noopBackend.nodeIDList[0] = formatterNodeID
|
||||
noopBackend.nodeMap[formatterNodeID] = wrappedFormatter
|
||||
|
||||
sinkNode := event.NewNoopSink()
|
||||
sinkNodeID, err := event.GenerateNodeID()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error generating random NodeID for sink node: %w", err)
|
||||
}
|
||||
|
||||
noopBackend.nodeIDList[1] = sinkNodeID
|
||||
noopBackend.nodeMap[sinkNodeID] = sinkNode
|
||||
|
||||
return noopBackend, nil
|
||||
}
|
||||
|
||||
// NoopAuditFactory should be used when the test needs a way to access bytes that
|
||||
// have been formatted by the pipeline during audit requests.
|
||||
// The records parameter will be repointed to the one used within the pipeline.
|
||||
func NoopAuditFactory(records **[][]byte) Factory {
|
||||
return func(config *BackendConfig, _ HeaderFormatter) (Backend, error) {
|
||||
n, err := NewNoopAudit(config)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if records != nil {
|
||||
*records = &n.records
|
||||
}
|
||||
|
||||
return n, nil
|
||||
}
|
||||
}
|
||||
|
||||
// Process handles the contortions required by older test code to ensure behavior.
|
||||
// It will attempt to do some pre/post processing of the logical.LogInput that should
|
||||
// form part of the event's payload data, as well as capturing the resulting headers
|
||||
// that were formatted and track the overall bytes that a formatted event uses when
|
||||
// it's ready to head down the pipeline to the sink node (a noop for us).
|
||||
func (n *noopWrapper) Process(ctx context.Context, e *eventlogger.Event) (*eventlogger.Event, error) {
|
||||
n.backend.l.Lock()
|
||||
defer n.backend.l.Unlock()
|
||||
|
||||
var err error
|
||||
|
||||
// We're expecting audit events since this is an audit device.
|
||||
a, ok := e.Payload.(*AuditEvent)
|
||||
if !ok {
|
||||
return nil, errors.New("cannot parse payload as an audit event")
|
||||
}
|
||||
|
||||
if n.backend.listener != nil {
|
||||
n.backend.listener(a)
|
||||
}
|
||||
|
||||
in := a.Data
|
||||
|
||||
// Depending on the type of the audit event (request or response) we need to
|
||||
// track different things.
|
||||
switch a.Subtype {
|
||||
case RequestType:
|
||||
n.backend.ReqAuth = append(n.backend.ReqAuth, in.Auth)
|
||||
n.backend.Req = append(n.backend.Req, in.Request)
|
||||
n.backend.ReqNonHMACKeys = in.NonHMACReqDataKeys
|
||||
n.backend.ReqErrs = append(n.backend.ReqErrs, in.OuterErr)
|
||||
|
||||
if n.backend.ReqErr != nil {
|
||||
return nil, n.backend.ReqErr
|
||||
}
|
||||
case ResponseType:
|
||||
n.backend.RespAuth = append(n.backend.RespAuth, in.Auth)
|
||||
n.backend.RespReq = append(n.backend.RespReq, in.Request)
|
||||
n.backend.Resp = append(n.backend.Resp, in.Response)
|
||||
n.backend.RespErrs = append(n.backend.RespErrs, in.OuterErr)
|
||||
|
||||
if in.Response != nil {
|
||||
n.backend.RespNonHMACKeys = append(n.backend.RespNonHMACKeys, in.NonHMACRespDataKeys)
|
||||
n.backend.RespReqNonHMACKeys = append(n.backend.RespReqNonHMACKeys, in.NonHMACReqDataKeys)
|
||||
}
|
||||
|
||||
if n.backend.RespErr != nil {
|
||||
return nil, n.backend.RespErr
|
||||
}
|
||||
default:
|
||||
return nil, fmt.Errorf("unknown audit event type: %q", a.Subtype)
|
||||
}
|
||||
|
||||
// Once we've taken note of the relevant properties of the event, we get the
|
||||
// underlying (wrapped) node to process it as normal.
|
||||
e, err = n.node.Process(ctx, e)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error processing wrapped node: %w", err)
|
||||
}
|
||||
|
||||
// Once processing has been carried out, the underlying node (a formatter node)
|
||||
// should contain the output ready for the sink node. We'll get that in order
|
||||
// to track how many bytes we formatted.
|
||||
b, ok := e.Format(n.format)
|
||||
if ok {
|
||||
n.backend.records = append(n.backend.records, b)
|
||||
}
|
||||
|
||||
// Finally, the last bit of post-processing is to make sure that we track the
|
||||
// formatted headers that would have made it to the logs via the sink node.
|
||||
// They only appear in requests.
|
||||
if a.Subtype == RequestType {
|
||||
reqEntry := &RequestEntry{}
|
||||
err = json.Unmarshal(b, &reqEntry)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("unable to parse formatted audit entry data: %w", err)
|
||||
}
|
||||
|
||||
n.backend.ReqHeaders = append(n.backend.ReqHeaders, reqEntry.Request.Headers)
|
||||
}
|
||||
|
||||
// Return the event and no error in order to let the pipeline continue on.
|
||||
return e, nil
|
||||
}
|
||||
|
||||
func (n *noopWrapper) Reopen() error {
|
||||
return n.node.Reopen()
|
||||
}
|
||||
|
||||
func (n *noopWrapper) Type() eventlogger.NodeType {
|
||||
return n.node.Type()
|
||||
}
|
||||
|
||||
// LogTestMessage will manually crank the handle on the nodes associated with this backend.
|
||||
func (n *NoopAudit) LogTestMessage(ctx context.Context, in *logical.LogInput) error {
|
||||
if len(n.nodeIDList) > 0 {
|
||||
return ProcessManual(ctx, in, n.nodeIDList, n.nodeMap)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (n *NoopAudit) Salt(ctx context.Context) (*salt.Salt, error) {
|
||||
n.saltMutex.RLock()
|
||||
if n.salt != nil {
|
||||
defer n.saltMutex.RUnlock()
|
||||
return n.salt, nil
|
||||
}
|
||||
n.saltMutex.RUnlock()
|
||||
n.saltMutex.Lock()
|
||||
defer n.saltMutex.Unlock()
|
||||
if n.salt != nil {
|
||||
return n.salt, nil
|
||||
}
|
||||
s, err := salt.NewSalt(ctx, n.Config.SaltView, n.Config.SaltConfig)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
n.salt = s
|
||||
return s, nil
|
||||
}
|
||||
|
||||
func (n *NoopAudit) GetHash(ctx context.Context, data string) (string, error) {
|
||||
s, err := n.Salt(ctx)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return s.GetIdentifiedHMAC(data), nil
|
||||
}
|
||||
|
||||
func (n *NoopAudit) Reload() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (n *NoopAudit) Invalidate(_ context.Context) {
|
||||
n.saltMutex.Lock()
|
||||
defer n.saltMutex.Unlock()
|
||||
n.salt = nil
|
||||
}
|
||||
|
||||
func (n *NoopAudit) EventType() eventlogger.EventType {
|
||||
return event.AuditType.AsEventType()
|
||||
}
|
||||
|
||||
func (n *NoopAudit) HasFiltering() bool {
|
||||
return false
|
||||
}
|
||||
|
||||
func (n *NoopAudit) Name() string {
|
||||
return n.Config.MountPath
|
||||
}
|
||||
|
||||
func (n *NoopAudit) Nodes() map[eventlogger.NodeID]eventlogger.Node {
|
||||
return n.nodeMap
|
||||
}
|
||||
|
||||
func (n *NoopAudit) NodeIDs() []eventlogger.NodeID {
|
||||
return n.nodeIDList
|
||||
}
|
||||
|
||||
func (n *NoopAudit) IsFallback() bool {
|
||||
return false
|
||||
}
|
||||
|
||||
func TestNoopAudit(t *testing.T, path string, config map[string]string) *NoopAudit {
|
||||
cfg := &BackendConfig{
|
||||
Config: config,
|
||||
MountPath: path,
|
||||
Logger: corehelpers.NewTestLogger(t),
|
||||
}
|
||||
n, err := NewNoopAudit(cfg)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
return n
|
||||
}
|
||||
@@ -36,7 +36,7 @@ type Backend interface {
|
||||
LogTestMessage(context.Context, *logical.LogInput) error
|
||||
|
||||
// Reload is called on SIGHUP for supporting backends.
|
||||
Reload(context.Context) error
|
||||
Reload() error
|
||||
|
||||
// Invalidate is called for path invalidation
|
||||
Invalidate(context.Context)
|
||||
@@ -203,4 +203,4 @@ type BackendConfig struct {
|
||||
}
|
||||
|
||||
// Factory is the factory function to create an audit backend.
|
||||
type Factory func(context.Context, *BackendConfig, HeaderFormatter) (Backend, error)
|
||||
type Factory func(*BackendConfig, HeaderFormatter) (Backend, error)
|
||||
|
||||
@@ -44,7 +44,7 @@ type Backend struct {
|
||||
saltView logical.Storage
|
||||
}
|
||||
|
||||
func Factory(_ context.Context, conf *audit.BackendConfig, headersConfig audit.HeaderFormatter) (audit.Backend, error) {
|
||||
func Factory(conf *audit.BackendConfig, headersConfig audit.HeaderFormatter) (audit.Backend, error) {
|
||||
if conf.SaltConfig == nil {
|
||||
return nil, fmt.Errorf("nil salt config: %w", audit.ErrInvalidParameter)
|
||||
}
|
||||
@@ -164,7 +164,7 @@ func (b *Backend) LogTestMessage(ctx context.Context, in *logical.LogInput) erro
|
||||
return nil
|
||||
}
|
||||
|
||||
func (b *Backend) Reload(_ context.Context) error {
|
||||
func (b *Backend) Reload() error {
|
||||
for _, n := range b.nodeMap {
|
||||
if n.Type() == eventlogger.NodeTypeSink {
|
||||
return n.Reopen()
|
||||
|
||||
@@ -11,7 +11,6 @@ import (
|
||||
"github.com/hashicorp/eventlogger"
|
||||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/vault/audit"
|
||||
"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
@@ -75,7 +74,7 @@ func TestBackend_configureFilterFormatterSink(t *testing.T) {
|
||||
nodeMap: map[eventlogger.NodeID]eventlogger.Node{},
|
||||
}
|
||||
|
||||
formatConfig, err := audit.NewFormatterConfig(&corehelpers.NoopHeaderFormatter{})
|
||||
formatConfig, err := audit.NewFormatterConfig(&audit.NoopHeaderFormatter{})
|
||||
require.NoError(t, err)
|
||||
|
||||
err = b.configureFilterNode("path == bar")
|
||||
|
||||
@@ -4,7 +4,6 @@
|
||||
package file
|
||||
|
||||
import (
|
||||
"context"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strconv"
|
||||
@@ -13,7 +12,6 @@ import (
|
||||
"github.com/hashicorp/eventlogger"
|
||||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/vault/audit"
|
||||
"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
|
||||
"github.com/hashicorp/vault/internal/observability/event"
|
||||
"github.com/hashicorp/vault/sdk/helper/salt"
|
||||
"github.com/hashicorp/vault/sdk/logical"
|
||||
@@ -41,7 +39,7 @@ func TestAuditFile_fileModeNew(t *testing.T) {
|
||||
SaltView: &logical.InmemStorage{},
|
||||
Logger: hclog.NewNullLogger(),
|
||||
}
|
||||
_, err = Factory(context.Background(), backendConfig, &corehelpers.NoopHeaderFormatter{})
|
||||
_, err = Factory(backendConfig, &audit.NoopHeaderFormatter{})
|
||||
require.NoError(t, err)
|
||||
|
||||
info, err := os.Stat(file)
|
||||
@@ -74,7 +72,7 @@ func TestAuditFile_fileModeExisting(t *testing.T) {
|
||||
Logger: hclog.NewNullLogger(),
|
||||
}
|
||||
|
||||
_, err = Factory(context.Background(), backendConfig, &corehelpers.NoopHeaderFormatter{})
|
||||
_, err = Factory(backendConfig, &audit.NoopHeaderFormatter{})
|
||||
require.NoError(t, err)
|
||||
|
||||
info, err := os.Stat(f.Name())
|
||||
@@ -108,7 +106,7 @@ func TestAuditFile_fileMode0000(t *testing.T) {
|
||||
Logger: hclog.NewNullLogger(),
|
||||
}
|
||||
|
||||
_, err = Factory(context.Background(), backendConfig, &corehelpers.NoopHeaderFormatter{})
|
||||
_, err = Factory(backendConfig, &audit.NoopHeaderFormatter{})
|
||||
require.NoError(t, err)
|
||||
|
||||
info, err := os.Stat(f.Name())
|
||||
@@ -137,7 +135,7 @@ func TestAuditFile_EventLogger_fileModeNew(t *testing.T) {
|
||||
Logger: hclog.NewNullLogger(),
|
||||
}
|
||||
|
||||
_, err = Factory(context.Background(), backendConfig, &corehelpers.NoopHeaderFormatter{})
|
||||
_, err = Factory(backendConfig, &audit.NoopHeaderFormatter{})
|
||||
require.NoError(t, err)
|
||||
|
||||
info, err := os.Stat(file)
|
||||
@@ -243,7 +241,7 @@ func TestBackend_newFormatterConfig(t *testing.T) {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
got, err := newFormatterConfig(&corehelpers.NoopHeaderFormatter{}, tc.config)
|
||||
got, err := newFormatterConfig(&audit.NoopHeaderFormatter{}, tc.config)
|
||||
if tc.wantErr {
|
||||
require.Error(t, err)
|
||||
require.EqualError(t, err, tc.expectedMessage)
|
||||
@@ -270,7 +268,7 @@ func TestBackend_configureFormatterNode(t *testing.T) {
|
||||
nodeMap: map[eventlogger.NodeID]eventlogger.Node{},
|
||||
}
|
||||
|
||||
formatConfig, err := audit.NewFormatterConfig(&corehelpers.NoopHeaderFormatter{})
|
||||
formatConfig, err := audit.NewFormatterConfig(&audit.NoopHeaderFormatter{})
|
||||
require.NoError(t, err)
|
||||
|
||||
err = b.configureFormatterNode("juan", formatConfig, hclog.NewNullLogger())
|
||||
@@ -425,8 +423,6 @@ func TestBackend_configureSinkNode(t *testing.T) {
|
||||
func TestBackend_Factory_Conf(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
ctx := context.Background()
|
||||
|
||||
tests := map[string]struct {
|
||||
backendConfig *audit.BackendConfig
|
||||
isErrorExpected bool
|
||||
@@ -493,7 +489,7 @@ func TestBackend_Factory_Conf(t *testing.T) {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
be, err := Factory(ctx, tc.backendConfig, &corehelpers.NoopHeaderFormatter{})
|
||||
be, err := Factory(tc.backendConfig, &audit.NoopHeaderFormatter{})
|
||||
|
||||
switch {
|
||||
case tc.isErrorExpected:
|
||||
@@ -512,8 +508,6 @@ func TestBackend_Factory_Conf(t *testing.T) {
|
||||
func TestBackend_IsFallback(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
ctx := context.Background()
|
||||
|
||||
tests := map[string]struct {
|
||||
backendConfig *audit.BackendConfig
|
||||
isFallbackExpected bool
|
||||
@@ -552,7 +546,7 @@ func TestBackend_IsFallback(t *testing.T) {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
be, err := Factory(ctx, tc.backendConfig, &corehelpers.NoopHeaderFormatter{})
|
||||
be, err := Factory(tc.backendConfig, &audit.NoopHeaderFormatter{})
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, be)
|
||||
require.Equal(t, tc.isFallbackExpected, be.IsFallback())
|
||||
|
||||
@@ -34,7 +34,7 @@ type Backend struct {
|
||||
saltView logical.Storage
|
||||
}
|
||||
|
||||
func Factory(_ context.Context, conf *audit.BackendConfig, headersConfig audit.HeaderFormatter) (audit.Backend, error) {
|
||||
func Factory(conf *audit.BackendConfig, headersConfig audit.HeaderFormatter) (audit.Backend, error) {
|
||||
if conf.SaltConfig == nil {
|
||||
return nil, fmt.Errorf("nil salt config: %w", audit.ErrInvalidParameter)
|
||||
}
|
||||
@@ -129,7 +129,7 @@ func (b *Backend) LogTestMessage(ctx context.Context, in *logical.LogInput) erro
|
||||
return nil
|
||||
}
|
||||
|
||||
func (b *Backend) Reload(ctx context.Context) error {
|
||||
func (b *Backend) Reload() error {
|
||||
for _, n := range b.nodeMap {
|
||||
if n.Type() == eventlogger.NodeTypeSink {
|
||||
return n.Reopen()
|
||||
|
||||
@@ -11,7 +11,6 @@ import (
|
||||
"github.com/hashicorp/eventlogger"
|
||||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/vault/audit"
|
||||
"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
@@ -75,7 +74,7 @@ func TestBackend_configureFilterFormatterSink(t *testing.T) {
|
||||
nodeMap: map[eventlogger.NodeID]eventlogger.Node{},
|
||||
}
|
||||
|
||||
formatConfig, err := audit.NewFormatterConfig(&corehelpers.NoopHeaderFormatter{})
|
||||
formatConfig, err := audit.NewFormatterConfig(&audit.NoopHeaderFormatter{})
|
||||
require.NoError(t, err)
|
||||
|
||||
err = b.configureFilterNode("path == bar")
|
||||
|
||||
@@ -4,13 +4,11 @@
|
||||
package socket
|
||||
|
||||
import (
|
||||
"context"
|
||||
"testing"
|
||||
|
||||
"github.com/hashicorp/eventlogger"
|
||||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/vault/audit"
|
||||
"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
|
||||
"github.com/hashicorp/vault/internal/observability/event"
|
||||
"github.com/hashicorp/vault/sdk/helper/salt"
|
||||
"github.com/hashicorp/vault/sdk/logical"
|
||||
@@ -115,7 +113,7 @@ func TestBackend_newFormatterConfig(t *testing.T) {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
got, err := newFormatterConfig(&corehelpers.NoopHeaderFormatter{}, tc.config)
|
||||
got, err := newFormatterConfig(&audit.NoopHeaderFormatter{}, tc.config)
|
||||
if tc.wantErr {
|
||||
require.Error(t, err)
|
||||
require.EqualError(t, err, tc.expectedErrMsg)
|
||||
@@ -142,7 +140,7 @@ func TestBackend_configureFormatterNode(t *testing.T) {
|
||||
nodeMap: map[eventlogger.NodeID]eventlogger.Node{},
|
||||
}
|
||||
|
||||
formatConfig, err := audit.NewFormatterConfig(&corehelpers.NoopHeaderFormatter{})
|
||||
formatConfig, err := audit.NewFormatterConfig(&audit.NoopHeaderFormatter{})
|
||||
require.NoError(t, err)
|
||||
|
||||
err = b.configureFormatterNode("juan", formatConfig, hclog.NewNullLogger())
|
||||
@@ -253,8 +251,6 @@ func TestBackend_configureSinkNode(t *testing.T) {
|
||||
func TestBackend_Factory_Conf(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
ctx := context.Background()
|
||||
|
||||
tests := map[string]struct {
|
||||
backendConfig *audit.BackendConfig
|
||||
isErrorExpected bool
|
||||
@@ -387,7 +383,7 @@ func TestBackend_Factory_Conf(t *testing.T) {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
be, err := Factory(ctx, tc.backendConfig, &corehelpers.NoopHeaderFormatter{})
|
||||
be, err := Factory(tc.backendConfig, &audit.NoopHeaderFormatter{})
|
||||
|
||||
switch {
|
||||
case tc.isErrorExpected:
|
||||
@@ -406,8 +402,6 @@ func TestBackend_Factory_Conf(t *testing.T) {
|
||||
func TestBackend_IsFallback(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
ctx := context.Background()
|
||||
|
||||
tests := map[string]struct {
|
||||
backendConfig *audit.BackendConfig
|
||||
isFallbackExpected bool
|
||||
@@ -448,7 +442,7 @@ func TestBackend_IsFallback(t *testing.T) {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
be, err := Factory(ctx, tc.backendConfig, &corehelpers.NoopHeaderFormatter{})
|
||||
be, err := Factory(tc.backendConfig, &audit.NoopHeaderFormatter{})
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, be)
|
||||
require.Equal(t, tc.isFallbackExpected, be.IsFallback())
|
||||
|
||||
@@ -34,7 +34,7 @@ type Backend struct {
|
||||
saltView logical.Storage
|
||||
}
|
||||
|
||||
func Factory(_ context.Context, conf *audit.BackendConfig, headersConfig audit.HeaderFormatter) (audit.Backend, error) {
|
||||
func Factory(conf *audit.BackendConfig, headersConfig audit.HeaderFormatter) (audit.Backend, error) {
|
||||
if conf.SaltConfig == nil {
|
||||
return nil, fmt.Errorf("nil salt config: %w", audit.ErrInvalidParameter)
|
||||
}
|
||||
@@ -127,7 +127,7 @@ func (b *Backend) LogTestMessage(ctx context.Context, in *logical.LogInput) erro
|
||||
return nil
|
||||
}
|
||||
|
||||
func (b *Backend) Reload(_ context.Context) error {
|
||||
func (b *Backend) Reload() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
@@ -11,7 +11,6 @@ import (
|
||||
"github.com/hashicorp/eventlogger"
|
||||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/vault/audit"
|
||||
"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
@@ -75,7 +74,7 @@ func TestBackend_configureFilterFormatterSink(t *testing.T) {
|
||||
nodeMap: map[eventlogger.NodeID]eventlogger.Node{},
|
||||
}
|
||||
|
||||
formatConfig, err := audit.NewFormatterConfig(&corehelpers.NoopHeaderFormatter{})
|
||||
formatConfig, err := audit.NewFormatterConfig(&audit.NoopHeaderFormatter{})
|
||||
require.NoError(t, err)
|
||||
|
||||
err = b.configureFilterNode("path == bar")
|
||||
|
||||
@@ -4,13 +4,11 @@
|
||||
package syslog
|
||||
|
||||
import (
|
||||
"context"
|
||||
"testing"
|
||||
|
||||
"github.com/hashicorp/eventlogger"
|
||||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/vault/audit"
|
||||
"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
|
||||
"github.com/hashicorp/vault/internal/observability/event"
|
||||
"github.com/hashicorp/vault/sdk/helper/salt"
|
||||
"github.com/hashicorp/vault/sdk/logical"
|
||||
@@ -115,7 +113,7 @@ func TestBackend_newFormatterConfig(t *testing.T) {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
got, err := newFormatterConfig(&corehelpers.NoopHeaderFormatter{}, tc.config)
|
||||
got, err := newFormatterConfig(&audit.NoopHeaderFormatter{}, tc.config)
|
||||
if tc.wantErr {
|
||||
require.Error(t, err)
|
||||
require.EqualError(t, err, tc.expectedErrMsg)
|
||||
@@ -142,7 +140,7 @@ func TestBackend_configureFormatterNode(t *testing.T) {
|
||||
nodeMap: map[eventlogger.NodeID]eventlogger.Node{},
|
||||
}
|
||||
|
||||
formatConfig, err := audit.NewFormatterConfig(&corehelpers.NoopHeaderFormatter{})
|
||||
formatConfig, err := audit.NewFormatterConfig(&audit.NoopHeaderFormatter{})
|
||||
require.NoError(t, err)
|
||||
|
||||
err = b.configureFormatterNode("juan", formatConfig, hclog.NewNullLogger())
|
||||
@@ -235,8 +233,6 @@ func TestBackend_configureSinkNode(t *testing.T) {
|
||||
func TestBackend_Factory_Conf(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
ctx := context.Background()
|
||||
|
||||
tests := map[string]struct {
|
||||
backendConfig *audit.BackendConfig
|
||||
isErrorExpected bool
|
||||
@@ -291,7 +287,7 @@ func TestBackend_Factory_Conf(t *testing.T) {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
be, err := Factory(ctx, tc.backendConfig, &corehelpers.NoopHeaderFormatter{})
|
||||
be, err := Factory(tc.backendConfig, &audit.NoopHeaderFormatter{})
|
||||
|
||||
switch {
|
||||
case tc.isErrorExpected:
|
||||
@@ -310,8 +306,6 @@ func TestBackend_Factory_Conf(t *testing.T) {
|
||||
func TestBackend_IsFallback(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
ctx := context.Background()
|
||||
|
||||
tests := map[string]struct {
|
||||
backendConfig *audit.BackendConfig
|
||||
isFallbackExpected bool
|
||||
@@ -348,7 +342,7 @@ func TestBackend_IsFallback(t *testing.T) {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
be, err := Factory(ctx, tc.backendConfig, &corehelpers.NoopHeaderFormatter{})
|
||||
be, err := Factory(tc.backendConfig, &audit.NoopHeaderFormatter{})
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, be)
|
||||
require.Equal(t, tc.isFallbackExpected, be.IsFallback())
|
||||
|
||||
@@ -10,7 +10,6 @@ import (
|
||||
"github.com/hashicorp/vault/api"
|
||||
"github.com/hashicorp/vault/audit"
|
||||
logicalDb "github.com/hashicorp/vault/builtin/logical/database"
|
||||
"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
|
||||
vaulthttp "github.com/hashicorp/vault/http"
|
||||
"github.com/hashicorp/vault/sdk/helper/consts"
|
||||
"github.com/hashicorp/vault/sdk/logical"
|
||||
@@ -48,7 +47,7 @@ func TestBuiltinPluginsWork(t *testing.T) {
|
||||
// Specifying at least one audit backend factory will prevent NewTestCluster
|
||||
// from attempting to enable a noop audit, and audit isn't required for this test.
|
||||
AuditBackends: map[string]audit.Factory{
|
||||
"noop": corehelpers.NoopAuditFactory(nil),
|
||||
"noop": audit.NoopAuditFactory(nil),
|
||||
},
|
||||
},
|
||||
&vault.TestClusterOptions{
|
||||
|
||||
@@ -7,35 +7,20 @@ package corehelpers
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/sha256"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/eventlogger"
|
||||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/vault/audit"
|
||||
"github.com/hashicorp/vault/builtin/credential/approle"
|
||||
"github.com/hashicorp/vault/internal/observability/event"
|
||||
"github.com/hashicorp/vault/plugins/database/mysql"
|
||||
"github.com/hashicorp/vault/sdk/framework"
|
||||
"github.com/hashicorp/vault/sdk/helper/consts"
|
||||
"github.com/hashicorp/vault/sdk/helper/salt"
|
||||
"github.com/hashicorp/vault/sdk/logical"
|
||||
"github.com/mitchellh/go-testing-interface"
|
||||
)
|
||||
|
||||
var (
|
||||
_ audit.Backend = (*NoopAudit)(nil)
|
||||
_ eventlogger.Node = (*noopWrapper)(nil)
|
||||
)
|
||||
|
||||
var externalPlugins = []string{"transform", "kmip", "keymgmt"}
|
||||
|
||||
// RetryUntil runs f until it returns a nil result or the timeout is reached.
|
||||
@@ -217,324 +202,6 @@ func (m *mockBuiltinRegistry) DeprecationStatus(name string, pluginType consts.P
|
||||
return consts.Unknown, false
|
||||
}
|
||||
|
||||
func TestNoopAudit(t testing.T, path string, config map[string]string) *NoopAudit {
|
||||
cfg := &audit.BackendConfig{
|
||||
Config: config,
|
||||
MountPath: path,
|
||||
Logger: NewTestLogger(t),
|
||||
}
|
||||
n, err := NewNoopAudit(cfg)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
return n
|
||||
}
|
||||
|
||||
// NoopHeaderFormatter can be used within no-op audit devices to do nothing when
|
||||
// it comes to only allow configured headers to appear in the result.
|
||||
// Whatever is passed in will be returned (nil becomes an empty map) in lowercase.
|
||||
type NoopHeaderFormatter struct{}
|
||||
|
||||
// ApplyConfig implements the relevant interface to make NoopHeaderFormatter an audit.HeaderFormatter.
|
||||
func (f *NoopHeaderFormatter) ApplyConfig(_ context.Context, headers map[string][]string, _ audit.Salter) (result map[string][]string, retErr error) {
|
||||
if len(headers) < 1 {
|
||||
return map[string][]string{}, nil
|
||||
}
|
||||
|
||||
// Make a copy of the incoming headers with everything lower so we can
|
||||
// case-insensitively compare
|
||||
lowerHeaders := make(map[string][]string, len(headers))
|
||||
for k, v := range headers {
|
||||
lowerHeaders[strings.ToLower(k)] = v
|
||||
}
|
||||
|
||||
return lowerHeaders, nil
|
||||
}
|
||||
|
||||
// NewNoopAudit should be used to create a NoopAudit as it handles creation of a
|
||||
// predictable salt and wraps eventlogger nodes so information can be retrieved on
|
||||
// what they've seen or formatted.
|
||||
func NewNoopAudit(config *audit.BackendConfig) (*NoopAudit, error) {
|
||||
view := &logical.InmemStorage{}
|
||||
|
||||
// Create the salt with a known key for predictable hmac values.
|
||||
se := &logical.StorageEntry{Key: "salt", Value: []byte("foo")}
|
||||
err := view.Put(context.Background(), se)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Override the salt related config settings.
|
||||
backendConfig := &audit.BackendConfig{
|
||||
SaltView: view,
|
||||
SaltConfig: &salt.Config{
|
||||
HMAC: sha256.New,
|
||||
HMACType: "hmac-sha256",
|
||||
},
|
||||
Config: config.Config,
|
||||
MountPath: config.MountPath,
|
||||
}
|
||||
|
||||
noopBackend := &NoopAudit{
|
||||
Config: backendConfig,
|
||||
nodeIDList: make([]eventlogger.NodeID, 2),
|
||||
nodeMap: make(map[eventlogger.NodeID]eventlogger.Node, 2),
|
||||
}
|
||||
|
||||
cfg, err := audit.NewFormatterConfig(&NoopHeaderFormatter{})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
formatterNodeID, err := event.GenerateNodeID()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error generating random NodeID for formatter node: %w", err)
|
||||
}
|
||||
|
||||
formatterNode, err := audit.NewEntryFormatter(config.MountPath, cfg, noopBackend, config.Logger)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error creating formatter: %w", err)
|
||||
}
|
||||
|
||||
// Wrap the formatting node, so we can get any bytes that were formatted etc.
|
||||
wrappedFormatter := &noopWrapper{format: "json", node: formatterNode, backend: noopBackend}
|
||||
|
||||
noopBackend.nodeIDList[0] = formatterNodeID
|
||||
noopBackend.nodeMap[formatterNodeID] = wrappedFormatter
|
||||
|
||||
sinkNode := event.NewNoopSink()
|
||||
sinkNodeID, err := event.GenerateNodeID()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error generating random NodeID for sink node: %w", err)
|
||||
}
|
||||
|
||||
noopBackend.nodeIDList[1] = sinkNodeID
|
||||
noopBackend.nodeMap[sinkNodeID] = sinkNode
|
||||
|
||||
return noopBackend, nil
|
||||
}
|
||||
|
||||
// NoopAuditFactory should be used when the test needs a way to access bytes that
|
||||
// have been formatted by the pipeline during audit requests.
|
||||
// The records parameter will be repointed to the one used within the pipeline.
|
||||
func NoopAuditFactory(records **[][]byte) audit.Factory {
|
||||
return func(_ context.Context, config *audit.BackendConfig, _ audit.HeaderFormatter) (audit.Backend, error) {
|
||||
n, err := NewNoopAudit(config)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if records != nil {
|
||||
*records = &n.records
|
||||
}
|
||||
|
||||
return n, nil
|
||||
}
|
||||
}
|
||||
|
||||
// noopWrapper is designed to wrap a formatter node in order to allow access to
|
||||
// bytes formatted, headers formatted and parts of the logical.LogInput.
|
||||
// Some older tests relied on being able to query this information so while those
|
||||
// tests stick around we should look after them.
|
||||
type noopWrapper struct {
|
||||
format string
|
||||
node eventlogger.Node
|
||||
backend *NoopAudit
|
||||
}
|
||||
|
||||
// NoopAuditEventListener is a callback used by noopWrapper.Process() to notify
|
||||
// of each received audit event.
|
||||
type NoopAuditEventListener func(*audit.AuditEvent)
|
||||
|
||||
type NoopAudit struct {
|
||||
Config *audit.BackendConfig
|
||||
|
||||
ReqErr error
|
||||
ReqAuth []*logical.Auth
|
||||
Req []*logical.Request
|
||||
ReqHeaders []map[string][]string
|
||||
ReqNonHMACKeys []string
|
||||
ReqErrs []error
|
||||
|
||||
RespErr error
|
||||
RespAuth []*logical.Auth
|
||||
RespReq []*logical.Request
|
||||
Resp []*logical.Response
|
||||
RespNonHMACKeys [][]string
|
||||
RespReqNonHMACKeys [][]string
|
||||
RespErrs []error
|
||||
records [][]byte
|
||||
l sync.RWMutex
|
||||
salt *salt.Salt
|
||||
saltMutex sync.RWMutex
|
||||
|
||||
nodeIDList []eventlogger.NodeID
|
||||
nodeMap map[eventlogger.NodeID]eventlogger.Node
|
||||
|
||||
listener NoopAuditEventListener
|
||||
}
|
||||
|
||||
// Process handles the contortions required by older test code to ensure behavior.
|
||||
// It will attempt to do some pre/post processing of the logical.LogInput that should
|
||||
// form part of the event's payload data, as well as capturing the resulting headers
|
||||
// that were formatted and track the overall bytes that a formatted event uses when
|
||||
// it's ready to head down the pipeline to the sink node (a noop for us).
|
||||
func (n *noopWrapper) Process(ctx context.Context, e *eventlogger.Event) (*eventlogger.Event, error) {
|
||||
n.backend.l.Lock()
|
||||
defer n.backend.l.Unlock()
|
||||
|
||||
var err error
|
||||
|
||||
// We're expecting audit events since this is an audit device.
|
||||
a, ok := e.Payload.(*audit.AuditEvent)
|
||||
if !ok {
|
||||
return nil, errors.New("cannot parse payload as an audit event")
|
||||
}
|
||||
|
||||
if n.backend.listener != nil {
|
||||
n.backend.listener(a)
|
||||
}
|
||||
|
||||
in := a.Data
|
||||
|
||||
// Depending on the type of the audit event (request or response) we need to
|
||||
// track different things.
|
||||
switch a.Subtype {
|
||||
case audit.RequestType:
|
||||
n.backend.ReqAuth = append(n.backend.ReqAuth, in.Auth)
|
||||
n.backend.Req = append(n.backend.Req, in.Request)
|
||||
n.backend.ReqNonHMACKeys = in.NonHMACReqDataKeys
|
||||
n.backend.ReqErrs = append(n.backend.ReqErrs, in.OuterErr)
|
||||
|
||||
if n.backend.ReqErr != nil {
|
||||
return nil, n.backend.ReqErr
|
||||
}
|
||||
case audit.ResponseType:
|
||||
n.backend.RespAuth = append(n.backend.RespAuth, in.Auth)
|
||||
n.backend.RespReq = append(n.backend.RespReq, in.Request)
|
||||
n.backend.Resp = append(n.backend.Resp, in.Response)
|
||||
n.backend.RespErrs = append(n.backend.RespErrs, in.OuterErr)
|
||||
|
||||
if in.Response != nil {
|
||||
n.backend.RespNonHMACKeys = append(n.backend.RespNonHMACKeys, in.NonHMACRespDataKeys)
|
||||
n.backend.RespReqNonHMACKeys = append(n.backend.RespReqNonHMACKeys, in.NonHMACReqDataKeys)
|
||||
}
|
||||
|
||||
if n.backend.RespErr != nil {
|
||||
return nil, n.backend.RespErr
|
||||
}
|
||||
default:
|
||||
return nil, fmt.Errorf("unknown audit event type: %q", a.Subtype)
|
||||
}
|
||||
|
||||
// Once we've taken note of the relevant properties of the event, we get the
|
||||
// underlying (wrapped) node to process it as normal.
|
||||
e, err = n.node.Process(ctx, e)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error processing wrapped node: %w", err)
|
||||
}
|
||||
|
||||
// Once processing has been carried out, the underlying node (a formatter node)
|
||||
// should contain the output ready for the sink node. We'll get that in order
|
||||
// to track how many bytes we formatted.
|
||||
b, ok := e.Format(n.format)
|
||||
if ok {
|
||||
n.backend.records = append(n.backend.records, b)
|
||||
}
|
||||
|
||||
// Finally, the last bit of post-processing is to make sure that we track the
|
||||
// formatted headers that would have made it to the logs via the sink node.
|
||||
// They only appear in requests.
|
||||
if a.Subtype == audit.RequestType {
|
||||
reqEntry := &audit.RequestEntry{}
|
||||
err = json.Unmarshal(b, &reqEntry)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("unable to parse formatted audit entry data: %w", err)
|
||||
}
|
||||
|
||||
n.backend.ReqHeaders = append(n.backend.ReqHeaders, reqEntry.Request.Headers)
|
||||
}
|
||||
|
||||
// Return the event and no error in order to let the pipeline continue on.
|
||||
return e, nil
|
||||
}
|
||||
|
||||
func (n *noopWrapper) Reopen() error {
|
||||
return n.node.Reopen()
|
||||
}
|
||||
|
||||
func (n *noopWrapper) Type() eventlogger.NodeType {
|
||||
return n.node.Type()
|
||||
}
|
||||
|
||||
// LogTestMessage will manually crank the handle on the nodes associated with this backend.
|
||||
func (n *NoopAudit) LogTestMessage(ctx context.Context, in *logical.LogInput) error {
|
||||
if len(n.nodeIDList) > 0 {
|
||||
return audit.ProcessManual(ctx, in, n.nodeIDList, n.nodeMap)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (n *NoopAudit) Salt(ctx context.Context) (*salt.Salt, error) {
|
||||
n.saltMutex.RLock()
|
||||
if n.salt != nil {
|
||||
defer n.saltMutex.RUnlock()
|
||||
return n.salt, nil
|
||||
}
|
||||
n.saltMutex.RUnlock()
|
||||
n.saltMutex.Lock()
|
||||
defer n.saltMutex.Unlock()
|
||||
if n.salt != nil {
|
||||
return n.salt, nil
|
||||
}
|
||||
s, err := salt.NewSalt(ctx, n.Config.SaltView, n.Config.SaltConfig)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
n.salt = s
|
||||
return s, nil
|
||||
}
|
||||
|
||||
func (n *NoopAudit) GetHash(ctx context.Context, data string) (string, error) {
|
||||
s, err := n.Salt(ctx)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return s.GetIdentifiedHMAC(data), nil
|
||||
}
|
||||
|
||||
func (n *NoopAudit) Reload(_ context.Context) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (n *NoopAudit) Invalidate(_ context.Context) {
|
||||
n.saltMutex.Lock()
|
||||
defer n.saltMutex.Unlock()
|
||||
n.salt = nil
|
||||
}
|
||||
|
||||
// RegisterNodesAndPipeline registers the nodes and a pipeline as required by
|
||||
// the audit.Backend interface.
|
||||
func (n *NoopAudit) RegisterNodesAndPipeline(broker *eventlogger.Broker, name string) error {
|
||||
for id, node := range n.nodeMap {
|
||||
if err := broker.RegisterNode(id, node); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
pipeline := eventlogger.Pipeline{
|
||||
PipelineID: eventlogger.PipelineID(name),
|
||||
EventType: event.AuditType.AsEventType(),
|
||||
NodeIDs: n.nodeIDList,
|
||||
}
|
||||
|
||||
return broker.RegisterPipeline(pipeline)
|
||||
}
|
||||
|
||||
func (n *NoopAudit) SetListener(listener NoopAuditEventListener) {
|
||||
n.listener = listener
|
||||
}
|
||||
|
||||
type TestLogger struct {
|
||||
hclog.InterceptLogger
|
||||
Path string
|
||||
@@ -598,27 +265,3 @@ func NewTestLogger(t testing.T) *TestLogger {
|
||||
func (tl *TestLogger) StopLogging() {
|
||||
tl.InterceptLogger.DeregisterSink(tl.sink)
|
||||
}
|
||||
|
||||
func (n *NoopAudit) EventType() eventlogger.EventType {
|
||||
return event.AuditType.AsEventType()
|
||||
}
|
||||
|
||||
func (n *NoopAudit) HasFiltering() bool {
|
||||
return false
|
||||
}
|
||||
|
||||
func (n *NoopAudit) Name() string {
|
||||
return n.Config.MountPath
|
||||
}
|
||||
|
||||
func (n *NoopAudit) Nodes() map[eventlogger.NodeID]eventlogger.Node {
|
||||
return n.nodeMap
|
||||
}
|
||||
|
||||
func (n *NoopAudit) NodeIDs() []eventlogger.NodeID {
|
||||
return n.nodeIDList
|
||||
}
|
||||
|
||||
func (n *NoopAudit) IsFallback() bool {
|
||||
return false
|
||||
}
|
||||
|
||||
@@ -20,7 +20,6 @@ import (
|
||||
logicalDb "github.com/hashicorp/vault/builtin/logical/database"
|
||||
"github.com/hashicorp/vault/builtin/plugin"
|
||||
"github.com/hashicorp/vault/helper/namespace"
|
||||
"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
|
||||
vaulthttp "github.com/hashicorp/vault/http"
|
||||
"github.com/hashicorp/vault/internalshared/configutil"
|
||||
"github.com/hashicorp/vault/physical/raft"
|
||||
@@ -324,7 +323,7 @@ func ClusterSetup(conf *vault.CoreConfig, opts *vault.TestClusterOptions, setup
|
||||
"file": auditFile.Factory,
|
||||
"socket": auditSocket.Factory,
|
||||
"syslog": auditSyslog.Factory,
|
||||
"noop": corehelpers.NoopAuditFactory(nil),
|
||||
"noop": audit.NoopAuditFactory(nil),
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -569,10 +569,10 @@ func TestLogical_RespondWithStatusCode(t *testing.T) {
|
||||
|
||||
func TestLogical_Audit_invalidWrappingToken(t *testing.T) {
|
||||
// Create a noop audit backend
|
||||
noop := corehelpers.TestNoopAudit(t, "noop/", nil)
|
||||
noop := audit.TestNoopAudit(t, "noop/", nil)
|
||||
c, _, root := vault.TestCoreUnsealedWithConfig(t, &vault.CoreConfig{
|
||||
AuditBackends: map[string]audit.Factory{
|
||||
"noop": func(ctx context.Context, config *audit.BackendConfig, _ audit.HeaderFormatter) (audit.Backend, error) {
|
||||
"noop": func(config *audit.BackendConfig, _ audit.HeaderFormatter) (audit.Backend, error) {
|
||||
return noop, nil
|
||||
},
|
||||
},
|
||||
|
||||
@@ -231,7 +231,7 @@ func testCoreUnsealedWithAudit(t *testing.T, records **[][]byte) (*vault.Core, [
|
||||
conf := &vault.CoreConfig{
|
||||
BuiltinRegistry: corehelpers.NewMockBuiltinRegistry(),
|
||||
AuditBackends: map[string]audit.Factory{
|
||||
"noop": corehelpers.NoopAuditFactory(records),
|
||||
"noop": audit.NoopAuditFactory(records),
|
||||
},
|
||||
}
|
||||
core, keys, token := vault.TestCoreUnsealedWithConfig(t, conf)
|
||||
|
||||
@@ -545,15 +545,13 @@ func (c *Core) newAuditBackend(ctx context.Context, entry *MountEntry, view logi
|
||||
}
|
||||
auditLogger := c.baseLogger.Named("audit")
|
||||
|
||||
be, err := f(
|
||||
ctx, &audit.BackendConfig{
|
||||
SaltView: view,
|
||||
SaltConfig: saltConfig,
|
||||
Config: conf,
|
||||
MountPath: entry.Path,
|
||||
Logger: auditLogger,
|
||||
},
|
||||
c.auditedHeaders)
|
||||
be, err := f(&audit.BackendConfig{
|
||||
SaltView: view,
|
||||
SaltConfig: saltConfig,
|
||||
Config: conf,
|
||||
MountPath: entry.Path,
|
||||
Logger: auditLogger,
|
||||
}, c.auditedHeaders)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("unable to create new audit backend: %w", err)
|
||||
}
|
||||
@@ -576,7 +574,7 @@ func (c *Core) newAuditBackend(ctx context.Context, entry *MountEntry, view logi
|
||||
|
||||
c.reloadFuncs[key] = append(c.reloadFuncs[key], func() error {
|
||||
auditLogger.Info("reloading file audit backend", "path", entry.Path)
|
||||
return be.Reload(ctx)
|
||||
return be.Reload()
|
||||
})
|
||||
|
||||
c.reloadFuncsLock.Unlock()
|
||||
|
||||
@@ -47,7 +47,7 @@ func testAuditBackend(t *testing.T, path string, config map[string]string) audit
|
||||
MountPath: path,
|
||||
}
|
||||
|
||||
be, err := syslog.Factory(context.Background(), cfg, headersCfg)
|
||||
be, err := syslog.Factory(cfg, headersCfg)
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, be)
|
||||
|
||||
@@ -118,7 +118,7 @@ func BenchmarkAuditBroker_File_Request_DevNull(b *testing.B) {
|
||||
Logger: hclog.NewNullLogger(),
|
||||
}
|
||||
|
||||
sink, err := file.Factory(context.Background(), backendConfig, nil)
|
||||
sink, err := file.Factory(backendConfig, nil)
|
||||
require.NoError(b, err)
|
||||
|
||||
broker, err := NewAuditBroker(nil)
|
||||
|
||||
@@ -18,7 +18,6 @@ import (
|
||||
"github.com/hashicorp/vault/audit"
|
||||
"github.com/hashicorp/vault/helper/constants"
|
||||
"github.com/hashicorp/vault/helper/namespace"
|
||||
"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
|
||||
"github.com/hashicorp/vault/sdk/helper/jsonutil"
|
||||
"github.com/hashicorp/vault/sdk/helper/logging"
|
||||
"github.com/hashicorp/vault/sdk/logical"
|
||||
@@ -28,16 +27,16 @@ import (
|
||||
|
||||
func TestAudit_ReadOnlyViewDuringMount(t *testing.T) {
|
||||
c, _, _ := TestCoreUnsealed(t)
|
||||
c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig, _ audit.HeaderFormatter) (audit.Backend, error) {
|
||||
err := config.SaltView.Put(ctx, &logical.StorageEntry{
|
||||
c.auditBackends["noop"] = func(config *audit.BackendConfig, _ audit.HeaderFormatter) (audit.Backend, error) {
|
||||
err := config.SaltView.Put(context.Background(), &logical.StorageEntry{
|
||||
Key: "bar",
|
||||
Value: []byte("baz"),
|
||||
})
|
||||
if err == nil || !strings.Contains(err.Error(), logical.ErrSetupReadOnly.Error()) {
|
||||
t.Fatalf("expected a read-only error")
|
||||
}
|
||||
factory := corehelpers.NoopAuditFactory(nil)
|
||||
return factory(ctx, config, nil)
|
||||
factory := audit.NoopAuditFactory(nil)
|
||||
return factory(config, nil)
|
||||
}
|
||||
|
||||
me := &MountEntry{
|
||||
@@ -53,7 +52,7 @@ func TestAudit_ReadOnlyViewDuringMount(t *testing.T) {
|
||||
|
||||
func TestCore_EnableAudit(t *testing.T) {
|
||||
c, keys, _ := TestCoreUnsealed(t)
|
||||
c.auditBackends["noop"] = corehelpers.NoopAuditFactory(nil)
|
||||
c.auditBackends["noop"] = audit.NoopAuditFactory(nil)
|
||||
|
||||
me := &MountEntry{
|
||||
Table: auditTableType,
|
||||
@@ -74,7 +73,7 @@ func TestCore_EnableAudit(t *testing.T) {
|
||||
AuditBackends: make(map[string]audit.Factory),
|
||||
DisableMlock: true,
|
||||
}
|
||||
conf.AuditBackends["noop"] = corehelpers.NoopAuditFactory(nil)
|
||||
conf.AuditBackends["noop"] = audit.NoopAuditFactory(nil)
|
||||
c2, err := NewCore(conf)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
@@ -103,8 +102,8 @@ func TestCore_EnableAudit(t *testing.T) {
|
||||
|
||||
func TestCore_EnableAudit_MixedFailures(t *testing.T) {
|
||||
c, _, _ := TestCoreUnsealed(t)
|
||||
c.auditBackends["noop"] = corehelpers.NoopAuditFactory(nil)
|
||||
c.auditBackends["fail"] = func(ctx context.Context, config *audit.BackendConfig, _ audit.HeaderFormatter) (audit.Backend, error) {
|
||||
c.auditBackends["noop"] = audit.NoopAuditFactory(nil)
|
||||
c.auditBackends["fail"] = func(config *audit.BackendConfig, _ audit.HeaderFormatter) (audit.Backend, error) {
|
||||
return nil, fmt.Errorf("failing enabling")
|
||||
}
|
||||
|
||||
@@ -152,8 +151,8 @@ func TestCore_EnableAudit_MixedFailures(t *testing.T) {
|
||||
// correctly
|
||||
func TestCore_EnableAudit_Local(t *testing.T) {
|
||||
c, _, _ := TestCoreUnsealed(t)
|
||||
c.auditBackends["noop"] = corehelpers.NoopAuditFactory(nil)
|
||||
c.auditBackends["fail"] = func(ctx context.Context, config *audit.BackendConfig, _ audit.HeaderFormatter) (audit.Backend, error) {
|
||||
c.auditBackends["noop"] = audit.NoopAuditFactory(nil)
|
||||
c.auditBackends["fail"] = func(config *audit.BackendConfig, _ audit.HeaderFormatter) (audit.Backend, error) {
|
||||
return nil, fmt.Errorf("failing enabling")
|
||||
}
|
||||
|
||||
@@ -238,7 +237,7 @@ func TestCore_EnableAudit_Local(t *testing.T) {
|
||||
|
||||
func TestCore_DisableAudit(t *testing.T) {
|
||||
c, keys, _ := TestCoreUnsealed(t)
|
||||
c.auditBackends["noop"] = corehelpers.NoopAuditFactory(nil)
|
||||
c.auditBackends["noop"] = audit.NoopAuditFactory(nil)
|
||||
|
||||
existed, err := c.disableAudit(namespace.RootContext(context.Background()), "foo", true)
|
||||
if existed && err != nil {
|
||||
@@ -346,8 +345,8 @@ func TestAuditBroker_LogRequest(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
a1 := corehelpers.TestNoopAudit(t, "foo", nil)
|
||||
a2 := corehelpers.TestNoopAudit(t, "bar", nil)
|
||||
a1 := audit.TestNoopAudit(t, "foo", nil)
|
||||
a2 := audit.TestNoopAudit(t, "bar", nil)
|
||||
err = b.Register("foo", a1, false)
|
||||
require.NoError(t, err)
|
||||
err = b.Register("bar", a2, false)
|
||||
@@ -399,7 +398,7 @@ func TestAuditBroker_LogRequest(t *testing.T) {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
|
||||
for _, a := range []*corehelpers.NoopAudit{a1, a2} {
|
||||
for _, a := range []*audit.NoopAudit{a1, a2} {
|
||||
if !reflect.DeepEqual(a.ReqAuth[0], auth) {
|
||||
t.Fatalf("Bad: %#v", a.ReqAuth[0])
|
||||
}
|
||||
@@ -435,8 +434,8 @@ func TestAuditBroker_LogResponse(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
a1 := corehelpers.TestNoopAudit(t, "foo", nil)
|
||||
a2 := corehelpers.TestNoopAudit(t, "bar", nil)
|
||||
a1 := audit.TestNoopAudit(t, "foo", nil)
|
||||
a2 := audit.TestNoopAudit(t, "bar", nil)
|
||||
err = b.Register("foo", a1, false)
|
||||
require.NoError(t, err)
|
||||
err = b.Register("bar", a2, false)
|
||||
@@ -499,7 +498,7 @@ func TestAuditBroker_LogResponse(t *testing.T) {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
|
||||
for _, a := range []*corehelpers.NoopAudit{a1, a2} {
|
||||
for _, a := range []*audit.NoopAudit{a1, a2} {
|
||||
if !reflect.DeepEqual(a.RespAuth[0], auth) {
|
||||
t.Fatalf("Bad: %#v", a.ReqAuth[0])
|
||||
}
|
||||
@@ -540,8 +539,8 @@ func TestAuditBroker_AuditHeaders(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
a1 := corehelpers.TestNoopAudit(t, "foo", nil)
|
||||
a2 := corehelpers.TestNoopAudit(t, "bar", nil)
|
||||
a1 := audit.TestNoopAudit(t, "foo", nil)
|
||||
a2 := audit.TestNoopAudit(t, "bar", nil)
|
||||
|
||||
err = b.Register("foo", a1, false)
|
||||
require.NoError(t, err)
|
||||
@@ -589,7 +588,7 @@ func TestAuditBroker_AuditHeaders(t *testing.T) {
|
||||
"x-vault-header": {"bar"},
|
||||
}
|
||||
|
||||
for _, a := range []*corehelpers.NoopAudit{a1, a2} {
|
||||
for _, a := range []*audit.NoopAudit{a1, a2} {
|
||||
if !reflect.DeepEqual(a.ReqHeaders[0], expected) {
|
||||
t.Fatalf("Bad audited headers: %#v", a.ReqHeaders[0])
|
||||
}
|
||||
@@ -710,7 +709,7 @@ func TestAudit_enableAudit(t *testing.T) {
|
||||
defer cluster.Cleanup()
|
||||
|
||||
c := cluster.Cores[0]
|
||||
c.auditBackends["noop"] = corehelpers.NoopAuditFactory(nil)
|
||||
c.auditBackends["noop"] = audit.NoopAuditFactory(nil)
|
||||
|
||||
me := &MountEntry{
|
||||
Table: auditTableType,
|
||||
@@ -734,7 +733,7 @@ func TestAudit_newAuditBackend(t *testing.T) {
|
||||
defer cluster.Cleanup()
|
||||
|
||||
c := cluster.Cores[0]
|
||||
c.auditBackends["noop"] = corehelpers.NoopAuditFactory(nil)
|
||||
c.auditBackends["noop"] = audit.NoopAuditFactory(nil)
|
||||
|
||||
me := &MountEntry{
|
||||
Table: auditTableType,
|
||||
|
||||
@@ -1543,11 +1543,11 @@ func TestCore_HandleLogin_Token(t *testing.T) {
|
||||
|
||||
func TestCore_HandleRequest_AuditTrail(t *testing.T) {
|
||||
// Create a noop audit backend
|
||||
var noop *corehelpers.NoopAudit
|
||||
var noop *audit.NoopAudit
|
||||
c, _, root := TestCoreUnsealed(t)
|
||||
c.auditBackends["noop"] = func(_ context.Context, config *audit.BackendConfig, _ audit.HeaderFormatter) (audit.Backend, error) {
|
||||
c.auditBackends["noop"] = func(config *audit.BackendConfig, _ audit.HeaderFormatter) (audit.Backend, error) {
|
||||
var err error
|
||||
noop, err = corehelpers.NewNoopAudit(config)
|
||||
noop, err = audit.NewNoopAudit(config)
|
||||
return noop, err
|
||||
}
|
||||
|
||||
@@ -1606,11 +1606,11 @@ func TestCore_HandleRequest_AuditTrail(t *testing.T) {
|
||||
|
||||
func TestCore_HandleRequest_AuditTrail_noHMACKeys(t *testing.T) {
|
||||
// Create a noop audit backend
|
||||
var noop *corehelpers.NoopAudit
|
||||
var noop *audit.NoopAudit
|
||||
c, _, root := TestCoreUnsealed(t)
|
||||
c.auditBackends["noop"] = func(_ context.Context, config *audit.BackendConfig, _ audit.HeaderFormatter) (audit.Backend, error) {
|
||||
c.auditBackends["noop"] = func(config *audit.BackendConfig, _ audit.HeaderFormatter) (audit.Backend, error) {
|
||||
var err error
|
||||
noop, err = corehelpers.NewNoopAudit(config)
|
||||
noop, err = audit.NewNoopAudit(config)
|
||||
return noop, err
|
||||
}
|
||||
|
||||
@@ -1709,7 +1709,7 @@ func TestCore_HandleRequest_AuditTrail_noHMACKeys(t *testing.T) {
|
||||
|
||||
func TestCore_HandleLogin_AuditTrail(t *testing.T) {
|
||||
// Create a badass credential backend that always logs in as armon
|
||||
var noop *corehelpers.NoopAudit
|
||||
var noop *audit.NoopAudit
|
||||
noopBack := &NoopBackend{
|
||||
Login: []string{"login"},
|
||||
Response: &logical.Response{
|
||||
@@ -1729,9 +1729,9 @@ func TestCore_HandleLogin_AuditTrail(t *testing.T) {
|
||||
c.credentialBackends["noop"] = func(context.Context, *logical.BackendConfig) (logical.Backend, error) {
|
||||
return noopBack, nil
|
||||
}
|
||||
c.auditBackends["noop"] = func(_ context.Context, config *audit.BackendConfig, _ audit.HeaderFormatter) (audit.Backend, error) {
|
||||
c.auditBackends["noop"] = func(config *audit.BackendConfig, _ audit.HeaderFormatter) (audit.Backend, error) {
|
||||
var err error
|
||||
noop, err = corehelpers.NewNoopAudit(config)
|
||||
noop, err = audit.NewNoopAudit(config)
|
||||
return noop, err
|
||||
}
|
||||
|
||||
|
||||
@@ -17,7 +17,6 @@ import (
|
||||
"github.com/hashicorp/vault/builtin/credential/userpass"
|
||||
"github.com/hashicorp/vault/builtin/logical/totp"
|
||||
"github.com/hashicorp/vault/helper/testhelpers"
|
||||
"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
|
||||
vaulthttp "github.com/hashicorp/vault/http"
|
||||
"github.com/hashicorp/vault/sdk/logical"
|
||||
"github.com/hashicorp/vault/vault"
|
||||
@@ -51,7 +50,7 @@ func doTwoPhaseLogin(t *testing.T, client *api.Client, totpCodePath, methodID, u
|
||||
}
|
||||
|
||||
func TestLoginMfaGenerateTOTPTestAuditIncluded(t *testing.T) {
|
||||
noop := corehelpers.TestNoopAudit(t, "noop/", nil)
|
||||
noop := audit.TestNoopAudit(t, "noop/", nil)
|
||||
|
||||
cluster := vault.NewTestCluster(t, &vault.CoreConfig{
|
||||
CredentialBackends: map[string]logical.Factory{
|
||||
@@ -61,7 +60,7 @@ func TestLoginMfaGenerateTOTPTestAuditIncluded(t *testing.T) {
|
||||
"totp": totp.Factory,
|
||||
},
|
||||
AuditBackends: map[string]audit.Factory{
|
||||
"noop": func(ctx context.Context, config *audit.BackendConfig, _ audit.HeaderFormatter) (audit.Backend, error) {
|
||||
"noop": func(config *audit.BackendConfig, _ audit.HeaderFormatter) (audit.Backend, error) {
|
||||
return noop, nil
|
||||
},
|
||||
},
|
||||
|
||||
@@ -12,7 +12,6 @@ import (
|
||||
"github.com/hashicorp/vault/api"
|
||||
"github.com/hashicorp/vault/audit"
|
||||
"github.com/hashicorp/vault/helper/testhelpers"
|
||||
"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
|
||||
"github.com/hashicorp/vault/helper/testhelpers/minimal"
|
||||
vaulthttp "github.com/hashicorp/vault/http"
|
||||
"github.com/hashicorp/vault/sdk/logical"
|
||||
@@ -95,7 +94,7 @@ func TestWellKnownRedirect_HA(t *testing.T) {
|
||||
var records *[][]byte
|
||||
cluster := vault.NewTestCluster(t, &vault.CoreConfig{
|
||||
AuditBackends: map[string]audit.Factory{
|
||||
"noop": corehelpers.NoopAuditFactory(&records),
|
||||
"noop": audit.NoopAuditFactory(&records),
|
||||
},
|
||||
DisablePerformanceStandby: true,
|
||||
LogicalBackends: map[string]logical.Factory{
|
||||
|
||||
@@ -25,6 +25,7 @@ import (
|
||||
wrapping "github.com/hashicorp/go-kms-wrapping/v2"
|
||||
aeadwrapper "github.com/hashicorp/go-kms-wrapping/wrappers/aead/v2"
|
||||
"github.com/hashicorp/go-uuid"
|
||||
"github.com/hashicorp/vault/audit"
|
||||
credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"
|
||||
"github.com/hashicorp/vault/helper/builtinplugins"
|
||||
"github.com/hashicorp/vault/helper/experiments"
|
||||
@@ -2667,7 +2668,7 @@ func TestSystemBackend_policyCRUD(t *testing.T) {
|
||||
|
||||
func TestSystemBackend_enableAudit(t *testing.T) {
|
||||
c, b, _ := testCoreSystemBackend(t)
|
||||
c.auditBackends["noop"] = corehelpers.NoopAuditFactory(nil)
|
||||
c.auditBackends["noop"] = audit.NoopAuditFactory(nil)
|
||||
|
||||
req := logical.TestRequest(t, logical.UpdateOperation, "audit/foo")
|
||||
req.Data["type"] = "noop"
|
||||
@@ -2737,7 +2738,7 @@ func TestSystemBackend_decodeToken(t *testing.T) {
|
||||
|
||||
func TestSystemBackend_auditHash(t *testing.T) {
|
||||
c, b, _ := testCoreSystemBackend(t)
|
||||
c.auditBackends["noop"] = corehelpers.NoopAuditFactory(nil)
|
||||
c.auditBackends["noop"] = audit.NoopAuditFactory(nil)
|
||||
|
||||
req := logical.TestRequest(t, logical.UpdateOperation, "audit/foo")
|
||||
req.Data["type"] = "noop"
|
||||
@@ -2799,7 +2800,7 @@ func TestSystemBackend_enableAudit_invalid(t *testing.T) {
|
||||
|
||||
func TestSystemBackend_auditTable(t *testing.T) {
|
||||
c, b, _ := testCoreSystemBackend(t)
|
||||
c.auditBackends["noop"] = corehelpers.NoopAuditFactory(nil)
|
||||
c.auditBackends["noop"] = audit.NoopAuditFactory(nil)
|
||||
|
||||
req := logical.TestRequest(t, logical.UpdateOperation, "audit/foo")
|
||||
req.Data["type"] = "noop"
|
||||
@@ -2834,7 +2835,7 @@ func TestSystemBackend_auditTable(t *testing.T) {
|
||||
|
||||
func TestSystemBackend_disableAudit(t *testing.T) {
|
||||
c, b, _ := testCoreSystemBackend(t)
|
||||
c.auditBackends["noop"] = corehelpers.NoopAuditFactory(nil)
|
||||
c.auditBackends["noop"] = audit.NoopAuditFactory(nil)
|
||||
|
||||
req := logical.TestRequest(t, logical.UpdateOperation, "audit/foo")
|
||||
req.Data["type"] = "noop"
|
||||
|
||||
@@ -13,6 +13,7 @@ import (
|
||||
|
||||
"github.com/armon/go-metrics"
|
||||
"github.com/go-test/deep"
|
||||
"github.com/hashicorp/vault/audit"
|
||||
"github.com/hashicorp/vault/helper/metricsutil"
|
||||
"github.com/hashicorp/vault/helper/namespace"
|
||||
"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
|
||||
@@ -721,7 +722,7 @@ func TestDefaultMountTable(t *testing.T) {
|
||||
|
||||
func TestCore_MountTable_UpgradeToTyped(t *testing.T) {
|
||||
c, _, _ := TestCoreUnsealed(t)
|
||||
c.auditBackends["noop"] = corehelpers.NoopAuditFactory(nil)
|
||||
c.auditBackends["noop"] = audit.NoopAuditFactory(nil)
|
||||
|
||||
me := &MountEntry{
|
||||
Table: auditTableType,
|
||||
|
||||
@@ -273,7 +273,7 @@ func TestCoreWithSealAndUINoCleanup(t testing.T, opts *CoreConfig) *Core {
|
||||
func testCoreConfig(t testing.T, physicalBackend physical.Backend, logger log.Logger) *CoreConfig {
|
||||
t.Helper()
|
||||
noopAudits := map[string]audit.Factory{
|
||||
"noop": corehelpers.NoopAuditFactory(nil),
|
||||
"noop": audit.NoopAuditFactory(nil),
|
||||
}
|
||||
|
||||
noopBackends := make(map[string]logical.Factory)
|
||||
@@ -1539,7 +1539,7 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te
|
||||
|
||||
addAuditBackend := len(coreConfig.AuditBackends) == 0
|
||||
if addAuditBackend {
|
||||
coreConfig.AuditBackends["noop"] = corehelpers.NoopAuditFactory(nil)
|
||||
coreConfig.AuditBackends["noop"] = audit.NoopAuditFactory(nil)
|
||||
}
|
||||
|
||||
if coreConfig.Physical == nil && (opts == nil || opts.PhysicalFactory == nil) {
|
||||
|
||||
Reference in New Issue
Block a user