Changes the way policies are reported in audit logs (#4747)

* This changes the way policies are reported in audit logs. Previously, only policies tied to tokens would be reported. This could make it difficult to perform after-the-fact analysis based on both the initial response entry and further requests. Now, the full set of applicable policies from both the token and any derived policies from Identity are reported. To keep things consistent, token authentications now also return the full set of policies in api.Secret.Auth responses, so this both makes it easier for users to understand their actual full set, and it matches what the audit logs now report.
2025-10-30 18:17:55 +00:00 · 2018-06-14 09:49:33 -04:00
parent 050ab805a7
commit 765fe529d6
13 changed files with 426 additions and 109 deletions
--- a/command/util.go
+++ b/command/util.go
@@ -34,6 +34,10 @@ func RawField(secret *api.Secret, field string) interface{} {
 		case "token_renewable":
 			val = secret.Auth.Renewable
 		case "token_policies":
+			val = secret.Auth.TokenPolicies
+		case "identity_policies":
+			val = secret.Auth.IdentityPolicies
+		case "policies":
 			val = secret.Auth.Policies
 		default:
 			val = secret.Data[field]