VAULT-24452: audit refactor (#26460)

* Refactor audit code into audit package * remove builtin/audit * removed unrequired files
2025-11-01 19:17:58 +00:00 · 2024-04-18 08:25:04 +01:00
parent 961bf20bdb
commit 8bee54c89d
60 changed files with 2638 additions and 3214 deletions
--- a/audit/backend_syslog.go
+++ b/audit/backend_syslog.go
@@ -0,0 +1,108 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package audit
+
+import (
+	"fmt"
+	"reflect"
+
+	"github.com/hashicorp/vault/internal/observability/event"
+)
+
+const (
+	optionFacility = "facility"
+	optionTag      = "tag"
+)
+
+var _ Backend = (*SyslogBackend)(nil)
+
+type SyslogBackend struct {
+	*backend
+}
+
+// NewSyslogBackend provides a wrapper to support the expectation elsewhere in Vault that
+// all audit backends can be created via a factory that returns an interface (Backend).
+func NewSyslogBackend(conf *BackendConfig, headersConfig HeaderFormatter) (be Backend, err error) {
+	be, err = newSyslogBackend(conf, headersConfig)
+	return
+}
+
+// newSyslogBackend creates a backend and configures all nodes including a socket sink.
+func newSyslogBackend(conf *BackendConfig, headersConfig HeaderFormatter) (*SyslogBackend, error) {
+	if headersConfig == nil || reflect.ValueOf(headersConfig).IsNil() {
+		return nil, fmt.Errorf("nil header formatter: %w", ErrInvalidParameter)
+	}
+	if conf == nil {
+		return nil, fmt.Errorf("nil config: %w", ErrInvalidParameter)
+	}
+	if err := conf.Validate(); err != nil {
+		return nil, err
+	}
+
+	bec, err := newBackend(headersConfig, conf)
+	if err != nil {
+		return nil, err
+	}
+
+	// Get facility or default to AUTH
+	facility, ok := conf.Config[optionFacility]
+	if !ok {
+		facility = "AUTH"
+	}
+
+	// Get tag or default to 'vault'
+	tag, ok := conf.Config[optionTag]
+	if !ok {
+		tag = "vault"
+	}
+
+	sinkOpts := []event.Option{
+		event.WithFacility(facility),
+		event.WithTag(tag),
+	}
+
+	err = event.ValidateOptions(sinkOpts...)
+	if err != nil {
+		return nil, err
+	}
+
+	b := &SyslogBackend{backend: bec}
+
+	// Configure the sink.
+	cfg, err := newFormatterConfig(headersConfig, conf.Config)
+	if err != nil {
+		return nil, err
+	}
+
+	err = b.configureSinkNode(conf.MountPath, cfg.requiredFormat, sinkOpts...)
+	if err != nil {
+		return nil, err
+	}
+
+	return b, nil
+}
+
+func (b *SyslogBackend) configureSinkNode(name string, format format, opts ...event.Option) error {
+	sinkNodeID, err := event.GenerateNodeID()
+	if err != nil {
+		return fmt.Errorf("error generating random NodeID for sink node: %w: %w", ErrInternal, err)
+	}
+
+	n, err := event.NewSyslogSink(format.String(), opts...)
+	if err != nil {
+		return fmt.Errorf("error creating syslog sink node: %w", err)
+	}
+
+	err = b.wrapMetrics(name, sinkNodeID, n)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// Reload will trigger the reload action on the sink node for this backend.
+func (b *SyslogBackend) Reload() error {
+	return nil
+}