scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 19:17:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

VAULT-17078: Audit types refactor (#22000)

Browse Source 
* moved types to types.go
This commit is contained in:
Peter Wilson
2023-07-21 16:37:05 +01:00
committed by GitHub
parent 5ba848dbdd
commit fec766e91a
4 changed files with 301 additions and 291 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
audit/event.go
View File

@@ -4,87 +4,11 @@
package audit
import (
"context"
"fmt"
"github.com/hashicorp/vault/internal/observability/event"
"github.com/hashicorp/vault/sdk/helper/salt"
"github.com/hashicorp/vault/sdk/logical"
)
// Audit subtypes.
const (
RequestType subtype = "AuditRequest"
ResponseType subtype = "AuditResponse"
)
// Audit formats.
const (
JSONFormat format = "json"
JSONxFormat format = "jsonx"
)
// version defines the version of audit events.
const version = "v0.1"
// subtype defines the type of audit event.
type subtype string
// format defines types of format audit events support.
type format string
// Backend interface must be implemented for an audit
// mechanism to be made available. Audit backends can be enabled to
// sink information to different backends such as logs, file, databases,
// or other external services.
type Backend interface {
// LogRequest is used to synchronously log a request. This is done after the
// request is authorized but before the request is executed. The arguments
// MUST not be modified in anyway. They should be deep copied if this is
// a possibility.
LogRequest(context.Context, *logical.LogInput) error
// LogResponse is used to synchronously log a response. This is done after
// the request is processed but before the response is sent. The arguments
// MUST not be modified in anyway. They should be deep copied if this is
// a possibility.
LogResponse(context.Context, *logical.LogInput) error
// LogTestMessage is used to check an audit backend before adding it
// permanently. It should attempt to synchronously log the given test
// message, WITHOUT using the normal Salt (which would require a storage
// operation on creation, which is currently disallowed.)
LogTestMessage(context.Context, *logical.LogInput, map[string]string) error
// GetHash is used to return the given data with the backend's hash,
// so that a caller can determine if a value in the audit log matches
// an expected plaintext value
GetHash(context.Context, string) (string, error)
// Reload is called on SIGHUP for supporting backends.
Reload(context.Context) error
// Invalidate is called for path invalidation
Invalidate(context.Context)
}
// BackendConfig contains configuration parameters used in the factory func to
// instantiate audit backends
type BackendConfig struct {
// The view to store the salt
SaltView logical.Storage
// The salt config that should be used for any secret obfuscation
SaltConfig *salt.Config
// Config is the opaque user configuration provided when mounting
Config map[string]string
}
// Factory is the factory function to create an audit backend.
type Factory func(context.Context, *BackendConfig, bool) (Backend, error)
// newEvent should be used to create an audit event.
// subtype and format are needed for audit.
// It will generate an ID if no ID is supplied.