mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-02-16 13:21:13 +01:00
Code Issues Projects Releases Wiki Activity

VAULT-17078: Add useEventLogger Argument to Audit Factory Functions (#21962)

Browse Source 
* add useEventLogger argument to audit Factory functions

* adjusting Factory functions defined in tests

* fixup! adjusting Factory functions defined in tests
This commit is contained in:
Marc Boudreau 2023-07-20 11:23:21 -04:00 committed by GitHub
parent 6d9e181cf3
commit 7103bc2cdb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
audit/audit.go
View File

@ -59,4 +59,4 @@ type BackendConfig struct {
}
// Factory is the factory function to create an audit backend.
type Factory func(context.Context, *BackendConfig) (Backend, error)
type Factory func(context.Context, *BackendConfig, bool) (Backend, error)

2
builtin/audit/file/backend.go
View File

@ -20,7 +20,7 @@ import (
"github.com/hashicorp/vault/sdk/logical"
)
func Factory(ctx context.Context, conf *audit.BackendConfig) (audit.Backend, error) {
func Factory(ctx context.Context, conf *audit.BackendConfig, useEventLogger bool) (audit.Backend, error) {
if conf.SaltConfig == nil {
return nil, fmt.Errorf("nil salt config")
}

8
builtin/audit/file/backend_test.go
View File

@ -43,7 +43,7 @@ func TestAuditFile_fileModeNew(t *testing.T) {
SaltConfig: &salt.Config{},
SaltView: &logical.InmemStorage{},
Config: config,
})
}, false)
if err != nil {
t.Fatal(err)
}
@ -82,7 +82,7 @@ func TestAuditFile_fileModeExisting(t *testing.T) {
Config: config,
SaltConfig: &salt.Config{},
SaltView: &logical.InmemStorage{},
})
}, false)
if err != nil {
t.Fatal(err)
}
@ -122,7 +122,7 @@ func TestAuditFile_fileMode0000(t *testing.T) {
Config: config,
SaltConfig: &salt.Config{},
SaltView: &logical.InmemStorage{},
})
}, false)
if err != nil {
t.Fatal(err)
}
@ -144,7 +144,7 @@ func BenchmarkAuditFile_request(b *testing.B) {
Config: config,
SaltConfig: &salt.Config{},
SaltView: &logical.InmemStorage{},
})
}, false)
if err != nil {
b.Fatal(err)
}

2
builtin/audit/socket/backend.go
View File

@ -19,7 +19,7 @@ import (
"github.com/hashicorp/vault/sdk/logical"
)
func Factory(ctx context.Context, conf *audit.BackendConfig) (audit.Backend, error) {
func Factory(ctx context.Context, conf *audit.BackendConfig, useEventLogger bool) (audit.Backend, error) {
if conf.SaltConfig == nil {
return nil, fmt.Errorf("nil salt config")
}

2
builtin/audit/syslog/backend.go
View File

@ -16,7 +16,7 @@ import (
"github.com/hashicorp/vault/sdk/logical"
)
func Factory(ctx context.Context, conf *audit.BackendConfig) (audit.Backend, error) {
func Factory(ctx context.Context, conf *audit.BackendConfig, useEventLogger bool) (audit.Backend, error) {
if conf.SaltConfig == nil {
return nil, fmt.Errorf("nil salt config")
}

2
helper/testhelpers/corehelpers/corehelpers.go
View File

@ -262,7 +262,7 @@ func NewNoopAudit(config map[string]string) (*NoopAudit, error) {
}
func NoopAuditFactory(records **[][]byte) audit.Factory {
return func(_ context.Context, config *audit.BackendConfig) (audit.Backend, error) {
return func(_ context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) {
n, err := NewNoopAudit(config.Config)
if err != nil {
return nil, err

2
http/logical_test.go
View File

@ -482,7 +482,7 @@ func TestLogical_Audit_invalidWrappingToken(t *testing.T) {
noop := corehelpers.TestNoopAudit(t, nil)
c, _, root := vault.TestCoreUnsealedWithConfig(t, &vault.CoreConfig{
AuditBackends: map[string]audit.Factory{
"noop": func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) {
"noop": func(ctx context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) {
return noop, nil
},
},

2
vault/audit.go
View File

@ -482,7 +482,7 @@ func (c *Core) newAuditBackend(ctx context.Context, entry *MountEntry, view logi
SaltView: view,
SaltConfig: saltConfig,
Config: conf,
})
}, c.IsExperimentEnabled(experiments.VaultExperimentCoreAuditEventsAlpha1))
if err != nil {
return nil, err
}

8
vault/audit_test.go
View File

@ -27,7 +27,7 @@ import (
func TestAudit_ReadOnlyViewDuringMount(t *testing.T) {
c, _, _ := TestCoreUnsealed(t)
c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) {
c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) {
err := config.SaltView.Put(ctx, &logical.StorageEntry{
Key: "bar",
Value: []byte("baz"),
@ -36,7 +36,7 @@ func TestAudit_ReadOnlyViewDuringMount(t *testing.T) {
t.Fatalf("expected a read-only error")
}
factory := corehelpers.NoopAuditFactory(nil)
return factory(ctx, config)
return factory(ctx, config, false)
}
me := &MountEntry{
@ -103,7 +103,7 @@ func TestCore_EnableAudit(t *testing.T) {
func TestCore_EnableAudit_MixedFailures(t *testing.T) {
c, _, _ := TestCoreUnsealed(t)
c.auditBackends["noop"] = corehelpers.NoopAuditFactory(nil)
c.auditBackends["fail"] = func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) {
c.auditBackends["fail"] = func(ctx context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) {
return nil, fmt.Errorf("failing enabling")
}
@ -152,7 +152,7 @@ func TestCore_EnableAudit_MixedFailures(t *testing.T) {
func TestCore_EnableAudit_Local(t *testing.T) {
c, _, _ := TestCoreUnsealed(t)
c.auditBackends["noop"] = corehelpers.NoopAuditFactory(nil)
c.auditBackends["fail"] = func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) {
c.auditBackends["fail"] = func(ctx context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) {
return nil, fmt.Errorf("failing enabling")
}

6
vault/core_test.go
View File

@ -1137,7 +1137,7 @@ func TestCore_HandleRequest_AuditTrail(t *testing.T) {
// Create a noop audit backend
noop := &corehelpers.NoopAudit{}
c, _, root := TestCoreUnsealed(t)
c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) {
c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) {
noop = &corehelpers.NoopAudit{
Config: config,
}
@ -1201,7 +1201,7 @@ func TestCore_HandleRequest_AuditTrail_noHMACKeys(t *testing.T) {
// Create a noop audit backend
var noop *corehelpers.NoopAudit
c, _, root := TestCoreUnsealed(t)
c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) {
c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) {
noop = &corehelpers.NoopAudit{
Config: config,
}
@ -1323,7 +1323,7 @@ func TestCore_HandleLogin_AuditTrail(t *testing.T) {
c.credentialBackends["noop"] = func(context.Context, *logical.BackendConfig) (logical.Backend, error) {
return noopBack, nil
}
c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) {
c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) {
noop = &corehelpers.NoopAudit{
Config: config,
}

2
vault/external_tests/identity/login_mfa_totp_test.go
View File

@ -61,7 +61,7 @@ func TestLoginMfaGenerateTOTPTestAuditIncluded(t *testing.T) {
"totp": totp.Factory,
},
AuditBackends: map[string]audit.Factory{
"noop": func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) {
"noop": func(ctx context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) {
return noop, nil
},
},

2
vault/mount_test.go
View File

@ -724,7 +724,7 @@ func TestDefaultMountTable(t *testing.T) {
func TestCore_MountTable_UpgradeToTyped(t *testing.T) {
c, _, _ := TestCoreUnsealed(t)
c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) {
c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) {
return &corehelpers.NoopAudit{
Config: config,
}, nil