scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 11:08:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

NewTestCluster: default to enabling a 'discard' file audit device when none are configured (#26861)

Browse Source 
* Removed unrequired noop audit factory declaration

* Default NewTestCluster to using file audit device (discard)
This commit is contained in:
Peter Wilson
2024-05-07 16:49:20 +01:00
committed by GitHub
parent bef178b4a5
commit ec1f261db9
2 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
helper/builtinplugins/builtinplugins_test.go
View File

@@ -8,7 +8,6 @@ import (
logicalKv "github.com/hashicorp/vault-plugin-secrets-kv" logicalKv "github.com/hashicorp/vault-plugin-secrets-kv"
"github.com/hashicorp/vault/api" "github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/audit"
logicalDb "github.com/hashicorp/vault/builtin/logical/database" logicalDb "github.com/hashicorp/vault/builtin/logical/database"
vaulthttp "github.com/hashicorp/vault/http" vaulthttp "github.com/hashicorp/vault/http"
"github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/consts"
@@ -44,11 +43,6 @@ func TestBuiltinPluginsWork(t *testing.T) {
"database": logicalDb.Factory, "database": logicalDb.Factory,
}, },
PendingRemovalMountsAllowed: true, PendingRemovalMountsAllowed: true,
// Specifying at least one audit backend factory will prevent NewTestCluster
// from attempting to enable a noop audit, and audit isn't required for this test.
AuditBackends: map[string]audit.Factory{
"noop": audit.NoopAuditFactory(nil),
},
}, },
&vault.TestClusterOptions{ &vault.TestClusterOptions{
HandlerFunc: vaulthttp.Handler, HandlerFunc: vaulthttp.Handler,

14
vault/testing.go
View File

@@ -1540,9 +1540,11 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te
coreConfig.RawConfig = c coreConfig.RawConfig = c
} }
// If the caller didn't supply any configuration for types of audit device,
// default to adding `file` (and enabling it later).
addAuditBackend := len(coreConfig.AuditBackends) == 0 addAuditBackend := len(coreConfig.AuditBackends) == 0
if addAuditBackend { if addAuditBackend {
coreConfig.AuditBackends["noop"] = audit.NoopAuditFactory(nil) coreConfig.AuditBackends[audit.TypeFile] = audit.NewFileBackend
} }
if coreConfig.Physical == nil && (opts == nil || opts.PhysicalFactory == nil) { if coreConfig.Physical == nil && (opts == nil || opts.PhysicalFactory == nil) {
@@ -1975,6 +1977,9 @@ func (tc *TestCluster) InitCores(t testing.T, opts *TestClusterOptions, addAudit
tc.initCores(t, opts, addAuditBackend) tc.initCores(t, opts, addAuditBackend)
} }
// initCores attempts to initialize a core for a test cluster using the supplied
// options. If the addAuditBackend flag is true, the core will have a file audit
// device enabled with the 'discard' file path (See: /vault/docs/audit/file#discard).
func (tc *TestCluster) initCores(t testing.T, opts *TestClusterOptions, addAuditBackend bool) { func (tc *TestCluster) initCores(t testing.T, opts *TestClusterOptions, addAuditBackend bool) {
leader := tc.Cores[0] leader := tc.Cores[0]
@@ -2087,8 +2092,11 @@ func (tc *TestCluster) initCores(t testing.T, opts *TestClusterOptions, addAudit
auditReq := &logical.Request{ auditReq := &logical.Request{
Operation: logical.UpdateOperation, Operation: logical.UpdateOperation,
ClientToken: tc.RootToken, ClientToken: tc.RootToken,
Path: "sys/audit/noop", Path: "sys/audit/file",
Data: map[string]interface{}{"type": "noop"}, Data: map[string]interface{}{
"type": audit.TypeFile,
"file_path": "discard",
},
} }
resp, err := leader.Core.HandleRequest(namespace.RootContext(ctx), auditReq) resp, err := leader.Core.HandleRequest(namespace.RootContext(ctx), auditReq)
if err != nil { if err != nil {