mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-31 02:28:09 +00:00
Delay salt initialization for audit backends
This commit is contained in:
Jeff Mitchell
@@ -11,12 +11,16 @@ import (
|
||||
multierror "github.com/hashicorp/go-multierror"
|
||||
"github.com/hashicorp/vault/audit"
|
||||
"github.com/hashicorp/vault/helper/parseutil"
|
||||
"github.com/hashicorp/vault/helper/salt"
|
||||
"github.com/hashicorp/vault/logical"
|
||||
)
|
||||
|
||||
func Factory(conf *audit.BackendConfig) (audit.Backend, error) {
|
||||
if conf.Salt == nil {
|
||||
return nil, fmt.Errorf("nil salt passed in")
|
||||
if conf.SaltConfig == nil {
|
||||
return nil, fmt.Errorf("nil salt config")
|
||||
}
|
||||
if conf.SaltView == nil {
|
||||
return nil, fmt.Errorf("nil salt view")
|
||||
}
|
||||
|
||||
address, ok := conf.Config["address"]
|
||||
@@ -75,11 +79,13 @@ func Factory(conf *audit.BackendConfig) (audit.Backend, error) {
|
||||
|
||||
b := &Backend{
|
||||
connection: conn,
|
||||
saltConfig: conf.SaltConfig,
|
||||
saltView: conf.SaltView,
|
||||
formatConfig: audit.FormatterConfig{
|
||||
Raw: logRaw,
|
||||
Salt: conf.Salt,
|
||||
HMACAccessor: hmacAccessor,
|
||||
},
|
||||
|
||||
writeDuration: writeDuration,
|
||||
address: address,
|
||||
socketType: socketType,
|
||||
@@ -88,11 +94,13 @@ func Factory(conf *audit.BackendConfig) (audit.Backend, error) {
|
||||
switch format {
|
||||
case "json":
|
||||
b.formatter.AuditFormatWriter = &audit.JSONFormatWriter{
|
||||
Prefix: conf.Config["prefix"],
|
||||
Prefix: conf.Config["prefix"],
|
||||
SaltFunc: b.Salt,
|
||||
}
|
||||
case "jsonx":
|
||||
b.formatter.AuditFormatWriter = &audit.JSONxFormatWriter{
|
||||
Prefix: conf.Config["prefix"],
|
||||
Prefix: conf.Config["prefix"],
|
||||
SaltFunc: b.Salt,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -111,10 +119,19 @@ type Backend struct {
|
||||
socketType string
|
||||
|
||||
sync.Mutex
|
||||
|
||||
saltMutex sync.RWMutex
|
||||
salt *salt.Salt
|
||||
saltConfig *salt.Config
|
||||
saltView logical.Storage
|
||||
}
|
||||
|
||||
func (b *Backend) GetHash(data string) string {
|
||||
return audit.HashString(b.formatConfig.Salt, data)
|
||||
func (b *Backend) GetHash(data string) (string, error) {
|
||||
salt, err := b.Salt()
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return audit.HashString(salt, data), nil
|
||||
}
|
||||
|
||||
func (b *Backend) LogRequest(auth *logical.Auth, req *logical.Request, outerErr error) error {
|
||||
@@ -198,3 +215,29 @@ func (b *Backend) Reload() error {
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
func (b *Backend) Salt() (*salt.Salt, error) {
|
||||
b.saltMutex.RLock()
|
||||
if b.salt != nil {
|
||||
defer b.saltMutex.RUnlock()
|
||||
return b.salt, nil
|
||||
}
|
||||
b.saltMutex.RUnlock()
|
||||
b.saltMutex.Lock()
|
||||
defer b.saltMutex.Unlock()
|
||||
if b.salt != nil {
|
||||
return b.salt, nil
|
||||
}
|
||||
salt, err := salt.NewSalt(b.saltView, b.saltConfig)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
b.salt = salt
|
||||
return salt, nil
|
||||
}
|
||||
|
||||
func (b *Backend) Invalidate() {
|
||||
b.saltMutex.Lock()
|
||||
defer b.saltMutex.Unlock()
|
||||
b.salt = nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user