scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-02 03:27:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Delay salt initialization for audit backends

Browse Source
This commit is contained in:
Jeff Mitchell
2017-05-23 20:36:20 -04:00
parent 41d4c69b54
commit dd26071875
18 changed files with 382 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
audit/format.go
View File

@@ -7,6 +7,8 @@ import (
"time"
"github.com/SermoDigital/jose/jws"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/vault/helper/salt"
"github.com/hashicorp/vault/logical"
"github.com/mitchellh/copystructure"
)
@@ -14,6 +16,7 @@ import (
type AuditFormatWriter interface {
WriteRequest(io.Writer, *AuditRequestEntry) error
WriteResponse(io.Writer, *AuditResponseEntry) error
Salt() (*salt.Salt, error)
}
// AuditFormatter implements the Formatter interface, and allows the underlying
@@ -41,6 +44,11 @@ func (f *AuditFormatter) FormatRequest(
return fmt.Errorf("no format writer specified")
}
salt, err := f.Salt()
if err != nil {
return errwrap.Wrapf("error fetching salt: {{err}}", err)
}
if !config.Raw {
// Before we copy the structure we must nil out some data
// otherwise we will cause reflection to panic and die
@@ -70,7 +78,7 @@ func (f *AuditFormatter) FormatRequest(
// Hash any sensitive information
if auth != nil {
if err := Hash(config.Salt, auth); err != nil {
if err := Hash(salt, auth); err != nil {
return err
}
}
@@ -80,7 +88,7 @@ func (f *AuditFormatter) FormatRequest(
if !config.HMACAccessor && req != nil && req.ClientTokenAccessor != "" {
clientTokenAccessor = req.ClientTokenAccessor
}
if err := Hash(config.Salt, req); err != nil {
if err := Hash(salt, req); err != nil {
return err
}
if clientTokenAccessor != "" {
@@ -152,6 +160,11 @@ func (f *AuditFormatter) FormatResponse(
return fmt.Errorf("no format writer specified")
}
salt, err := f.Salt()
if err != nil {
return errwrap.Wrapf("error fetching salt: {{err}}", err)
}
if !config.Raw {
// Before we copy the structure we must nil out some data
// otherwise we will cause reflection to panic and die
@@ -195,7 +208,7 @@ func (f *AuditFormatter) FormatResponse(
if !config.HMACAccessor && auth.Accessor != "" {
accessor = auth.Accessor
}
if err := Hash(config.Salt, auth); err != nil {
if err := Hash(salt, auth); err != nil {
return err
}
if accessor != "" {
@@ -208,7 +221,7 @@ func (f *AuditFormatter) FormatResponse(
if !config.HMACAccessor && req != nil && req.ClientTokenAccessor != "" {
clientTokenAccessor = req.ClientTokenAccessor
}
if err := Hash(config.Salt, req); err != nil {
if err := Hash(salt, req); err != nil {
return err
}
if clientTokenAccessor != "" {
@@ -224,7 +237,7 @@ func (f *AuditFormatter) FormatResponse(
if !config.HMACAccessor && resp != nil && resp.WrapInfo != nil && resp.WrapInfo.WrappedAccessor != "" {
wrappedAccessor = resp.WrapInfo.WrappedAccessor
}
if err := Hash(config.Salt, resp); err != nil {
if err := Hash(salt, resp); err != nil {
return err
}
if accessor != "" {