VAULT-24449: Migrate 'audit filtering' feature to Enterprise (#25711)

* Fix an audit filtering test
Move configureFilterNode to ent-specific files and add non-ent stubs
Update tests for file audit devices
Add tests for socket audit device
Add syslog audit device tests
Prevent enabling an audit device with 'enterprise only' options in CE
Check enterprise only audit options on db load (unseal)
newAuditBackend test

* Fix assignment of audit broker to core during audit setup

* Removed Enterprise only audit feature tests (maintained in Enterprise repo)

* Replace enterprise filtering tests with ones for CE

* Remove redundant temp file creation calls in CE tests for filtering

---------

Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>

builtin/audit/socket/backend_test.go

@@ -115,75 +115,6 @@ func TestBackend_formatterConfig(t *testing.T) {
 	}
 }
 
-// TestBackend_configureFilterNode ensures that configureFilterNode handles various
-// filter values as expected. Empty (including whitespace) strings should return
-// no error but skip configuration of the node.
-func TestBackend_configureFilterNode(t *testing.T) {
-	t.Parallel()
-
-	tests := map[string]struct {
-		filter           string
-		shouldSkipNode   bool
-		wantErr          bool
-		expectedErrorMsg string
-	}{
-		"happy": {
-			filter: "mount_point == \"/auth/token\"",
-		},
-		"empty": {
-			filter:         "",
-			shouldSkipNode: true,
-		},
-		"spacey": {
-			filter:         "    ",
-			shouldSkipNode: true,
-		},
-		"bad": {
-			filter:           "___qwerty",
-			wantErr:          true,
-			expectedErrorMsg: "socket.(Backend).configureFilterNode: error creating filter node: audit.NewEntryFilter: cannot create new audit filter",
-		},
-		"unsupported-field": {
-			filter:           "foo == bar",
-			wantErr:          true,
-			expectedErrorMsg: "filter references an unsupported field: foo == bar",
-		},
-	}
-	for name, tc := range tests {
-		name := name
-		tc := tc
-		t.Run(name, func(t *testing.T) {
-			t.Parallel()
-
-			b := &Backend{
-				nodeIDList: []eventlogger.NodeID{},
-				nodeMap:    map[eventlogger.NodeID]eventlogger.Node{},
-			}
-
-			err := b.configureFilterNode(tc.filter)
-
-			switch {
-			case tc.wantErr:
-				require.Error(t, err)
-				require.ErrorContains(t, err, tc.expectedErrorMsg)
-				require.Len(t, b.nodeIDList, 0)
-				require.Len(t, b.nodeMap, 0)
-			case tc.shouldSkipNode:
-				require.NoError(t, err)
-				require.Len(t, b.nodeIDList, 0)
-				require.Len(t, b.nodeMap, 0)
-			default:
-				require.NoError(t, err)
-				require.Len(t, b.nodeIDList, 1)
-				require.Len(t, b.nodeMap, 1)
-				id := b.nodeIDList[0]
-				node := b.nodeMap[id]
-				require.Equal(t, eventlogger.NodeTypeFilter, node.Type())
-			}
-		})
-	}
-}
-
 // TestBackend_configureFormatterNode ensures that configureFormatterNode
 // populates the nodeIDList and nodeMap on Backend when given valid formatConfig.
 func TestBackend_configureFormatterNode(t *testing.T) {
@@ -300,46 +231,6 @@ func TestBackend_configureSinkNode(t *testing.T) {
 	}
 }
 
-// TestBackend_configureFilterFormatterSink ensures that configuring all three
-// types of nodes on a Backend works as expected, i.e. we have all three nodes
-// at the end and nothing gets overwritten. The order of calls influences the
-// slice of IDs on the Backend.
-func TestBackend_configureFilterFormatterSink(t *testing.T) {
-	t.Parallel()
-
-	b := &Backend{
-		nodeIDList: []eventlogger.NodeID{},
-		nodeMap:    map[eventlogger.NodeID]eventlogger.Node{},
-	}
-
-	formatConfig, err := audit.NewFormatterConfig()
-	require.NoError(t, err)
-
-	err = b.configureFilterNode("mount_type == kv")
-	require.NoError(t, err)
-
-	err = b.configureFormatterNode("juan", formatConfig, hclog.NewNullLogger())
-	require.NoError(t, err)
-
-	err = b.configureSinkNode("foo", "https://hashicorp.com", "json")
-	require.NoError(t, err)
-
-	require.Len(t, b.nodeIDList, 3)
-	require.Len(t, b.nodeMap, 3)
-
-	id := b.nodeIDList[0]
-	node := b.nodeMap[id]
-	require.Equal(t, eventlogger.NodeTypeFilter, node.Type())
-
-	id = b.nodeIDList[1]
-	node = b.nodeMap[id]
-	require.Equal(t, eventlogger.NodeTypeFormatter, node.Type())
-
-	id = b.nodeIDList[2]
-	node = b.nodeMap[id]
-	require.Equal(t, eventlogger.NodeTypeSink, node.Type())
-}
-
 // TestBackend_Factory_Conf is used to ensure that any configuration which is
 // supplied, is validated and tested.
 func TestBackend_Factory_Conf(t *testing.T) {