VAULT-17079: Adding Hash Function and HeaderAdjuster to EntryFormatter (#22042)

* add hashfunc field to EntryFormatter struct and adjust NewEntryFormatter function and tests * add HeaderAdjuster interface and require it in EntryFormatter dquote> adjust all references to NewEntryFormatter to include a HeaderAdjuster parameter * replace use of hash function in AuditedHeadersConfig's ApplyConfig method with Salter interface instance * fixup! replace use of hash function in AuditedHeadersConfig's ApplyConfig method with Salter interface instance * review feedback * Go doc typo * add another test function --------- Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
2025-10-30 02:02:43 +00:00 · 2023-07-27 12:31:52 -04:00
parent a31c680b9c
commit 769fe0b67d
23 changed files with 257 additions and 163 deletions
--- a/audit/types.go
+++ b/audit/types.go
@@ -85,11 +85,21 @@ type Writer interface {
 	WriteResponse(io.Writer, *ResponseEntry) error
 }

+// HeaderFormatter is an interface defining the methods of the
+// vault.AuditedHeadersConfig structure needed in this package.
+type HeaderFormatter interface {
+	// ApplyConfig returns a map of header values that consists of the
+	// intersection of the provided set of header values with a configured
+	// set of headers and will hash headers that have been configured as such.
+	ApplyConfig(context.Context, map[string][]string, Salter) (map[string][]string, error)
+}
+
 // EntryFormatter should be used to format audit requests and responses.
 type EntryFormatter struct {
-	salter Salter
-	config FormatterConfig
-	prefix string
+	salter        Salter
+	headersConfig HeaderFormatter
+	config        FormatterConfig
+	prefix        string
 }

 // EntryFormatterWriter should be used to format and write out audit requests and responses.
@@ -255,6 +265,9 @@ type nonPersistentSalt struct{}
 // sink information to different backends such as logs, file, databases,
 // or other external services.
 type Backend interface {
+	// Salter interface must be implemented by anything implementing Backend.
+	Salter
+
 	// LogRequest is used to synchronously log a request. This is done after the
 	// request is authorized but before the request is executed. The arguments
 	// MUST not be modified in any way. They should be deep copied if this is
@@ -273,11 +286,6 @@ type Backend interface {
 	// operation on creation, which is currently disallowed.)
 	LogTestMessage(context.Context, *logical.LogInput, map[string]string) error

-	// GetHash is used to return the given data with the backend's hash,
-	// so that a caller can determine if a value in the audit log matches
-	// an expected plaintext value
-	GetHash(context.Context, string) (string, error)
-
 	// Reload is called on SIGHUP for supporting backends.
 	Reload(context.Context) error

@@ -305,4 +313,4 @@ type BackendConfig struct {
 }

 // Factory is the factory function to create an audit backend.
-type Factory func(context.Context, *BackendConfig, bool) (Backend, error)
+type Factory func(context.Context, *BackendConfig, bool, HeaderFormatter) (Backend, error)