From 7103bc2cdb45ff8c4e01ebb09f61e9b20a67fe10 Mon Sep 17 00:00:00 2001 From: Marc Boudreau Date: Thu, 20 Jul 2023 11:23:21 -0400 Subject: [PATCH] VAULT-17078: Add useEventLogger Argument to Audit Factory Functions (#21962) * add useEventLogger argument to audit Factory functions * adjusting Factory functions defined in tests * fixup! adjusting Factory functions defined in tests --- audit/audit.go | 2 +- builtin/audit/file/backend.go | 2 +- builtin/audit/file/backend_test.go | 8 ++++---- builtin/audit/socket/backend.go | 2 +- builtin/audit/syslog/backend.go | 2 +- helper/testhelpers/corehelpers/corehelpers.go | 2 +- http/logical_test.go | 2 +- vault/audit.go | 2 +- vault/audit_test.go | 8 ++++---- vault/core_test.go | 6 +++--- vault/external_tests/identity/login_mfa_totp_test.go | 2 +- vault/mount_test.go | 2 +- 12 files changed, 20 insertions(+), 20 deletions(-) diff --git a/audit/audit.go b/audit/audit.go index 35a3d38a05..31164be3f2 100644 --- a/audit/audit.go +++ b/audit/audit.go @@ -59,4 +59,4 @@ type BackendConfig struct { } // Factory is the factory function to create an audit backend. -type Factory func(context.Context, *BackendConfig) (Backend, error) +type Factory func(context.Context, *BackendConfig, bool) (Backend, error) diff --git a/builtin/audit/file/backend.go b/builtin/audit/file/backend.go index d4471f1a9a..43471f429f 100644 --- a/builtin/audit/file/backend.go +++ b/builtin/audit/file/backend.go @@ -20,7 +20,7 @@ import ( "github.com/hashicorp/vault/sdk/logical" ) -func Factory(ctx context.Context, conf *audit.BackendConfig) (audit.Backend, error) { +func Factory(ctx context.Context, conf *audit.BackendConfig, useEventLogger bool) (audit.Backend, error) { if conf.SaltConfig == nil { return nil, fmt.Errorf("nil salt config") } diff --git a/builtin/audit/file/backend_test.go b/builtin/audit/file/backend_test.go index ad082ace5d..7160a3feb2 100644 --- a/builtin/audit/file/backend_test.go +++ b/builtin/audit/file/backend_test.go @@ -43,7 +43,7 @@ func TestAuditFile_fileModeNew(t *testing.T) { SaltConfig: &salt.Config{}, SaltView: &logical.InmemStorage{}, Config: config, - }) + }, false) if err != nil { t.Fatal(err) } @@ -82,7 +82,7 @@ func TestAuditFile_fileModeExisting(t *testing.T) { Config: config, SaltConfig: &salt.Config{}, SaltView: &logical.InmemStorage{}, - }) + }, false) if err != nil { t.Fatal(err) } @@ -122,7 +122,7 @@ func TestAuditFile_fileMode0000(t *testing.T) { Config: config, SaltConfig: &salt.Config{}, SaltView: &logical.InmemStorage{}, - }) + }, false) if err != nil { t.Fatal(err) } @@ -144,7 +144,7 @@ func BenchmarkAuditFile_request(b *testing.B) { Config: config, SaltConfig: &salt.Config{}, SaltView: &logical.InmemStorage{}, - }) + }, false) if err != nil { b.Fatal(err) } diff --git a/builtin/audit/socket/backend.go b/builtin/audit/socket/backend.go index 25077fc0ff..e5e0ce3fd6 100644 --- a/builtin/audit/socket/backend.go +++ b/builtin/audit/socket/backend.go @@ -19,7 +19,7 @@ import ( "github.com/hashicorp/vault/sdk/logical" ) -func Factory(ctx context.Context, conf *audit.BackendConfig) (audit.Backend, error) { +func Factory(ctx context.Context, conf *audit.BackendConfig, useEventLogger bool) (audit.Backend, error) { if conf.SaltConfig == nil { return nil, fmt.Errorf("nil salt config") } diff --git a/builtin/audit/syslog/backend.go b/builtin/audit/syslog/backend.go index 19059b86cc..4fbcfd034e 100644 --- a/builtin/audit/syslog/backend.go +++ b/builtin/audit/syslog/backend.go @@ -16,7 +16,7 @@ import ( "github.com/hashicorp/vault/sdk/logical" ) -func Factory(ctx context.Context, conf *audit.BackendConfig) (audit.Backend, error) { +func Factory(ctx context.Context, conf *audit.BackendConfig, useEventLogger bool) (audit.Backend, error) { if conf.SaltConfig == nil { return nil, fmt.Errorf("nil salt config") } diff --git a/helper/testhelpers/corehelpers/corehelpers.go b/helper/testhelpers/corehelpers/corehelpers.go index 8910e4fa6e..a7acfd56de 100644 --- a/helper/testhelpers/corehelpers/corehelpers.go +++ b/helper/testhelpers/corehelpers/corehelpers.go @@ -262,7 +262,7 @@ func NewNoopAudit(config map[string]string) (*NoopAudit, error) { } func NoopAuditFactory(records **[][]byte) audit.Factory { - return func(_ context.Context, config *audit.BackendConfig) (audit.Backend, error) { + return func(_ context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) { n, err := NewNoopAudit(config.Config) if err != nil { return nil, err diff --git a/http/logical_test.go b/http/logical_test.go index a9ccdff052..90eac9469d 100644 --- a/http/logical_test.go +++ b/http/logical_test.go @@ -482,7 +482,7 @@ func TestLogical_Audit_invalidWrappingToken(t *testing.T) { noop := corehelpers.TestNoopAudit(t, nil) c, _, root := vault.TestCoreUnsealedWithConfig(t, &vault.CoreConfig{ AuditBackends: map[string]audit.Factory{ - "noop": func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) { + "noop": func(ctx context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) { return noop, nil }, }, diff --git a/vault/audit.go b/vault/audit.go index 4078edbee2..961e250637 100644 --- a/vault/audit.go +++ b/vault/audit.go @@ -482,7 +482,7 @@ func (c *Core) newAuditBackend(ctx context.Context, entry *MountEntry, view logi SaltView: view, SaltConfig: saltConfig, Config: conf, - }) + }, c.IsExperimentEnabled(experiments.VaultExperimentCoreAuditEventsAlpha1)) if err != nil { return nil, err } diff --git a/vault/audit_test.go b/vault/audit_test.go index c7d85dcdf3..98738f10fa 100644 --- a/vault/audit_test.go +++ b/vault/audit_test.go @@ -27,7 +27,7 @@ import ( func TestAudit_ReadOnlyViewDuringMount(t *testing.T) { c, _, _ := TestCoreUnsealed(t) - c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) { + c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) { err := config.SaltView.Put(ctx, &logical.StorageEntry{ Key: "bar", Value: []byte("baz"), @@ -36,7 +36,7 @@ func TestAudit_ReadOnlyViewDuringMount(t *testing.T) { t.Fatalf("expected a read-only error") } factory := corehelpers.NoopAuditFactory(nil) - return factory(ctx, config) + return factory(ctx, config, false) } me := &MountEntry{ @@ -103,7 +103,7 @@ func TestCore_EnableAudit(t *testing.T) { func TestCore_EnableAudit_MixedFailures(t *testing.T) { c, _, _ := TestCoreUnsealed(t) c.auditBackends["noop"] = corehelpers.NoopAuditFactory(nil) - c.auditBackends["fail"] = func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) { + c.auditBackends["fail"] = func(ctx context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) { return nil, fmt.Errorf("failing enabling") } @@ -152,7 +152,7 @@ func TestCore_EnableAudit_MixedFailures(t *testing.T) { func TestCore_EnableAudit_Local(t *testing.T) { c, _, _ := TestCoreUnsealed(t) c.auditBackends["noop"] = corehelpers.NoopAuditFactory(nil) - c.auditBackends["fail"] = func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) { + c.auditBackends["fail"] = func(ctx context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) { return nil, fmt.Errorf("failing enabling") } diff --git a/vault/core_test.go b/vault/core_test.go index 59e0706f1d..306afea483 100644 --- a/vault/core_test.go +++ b/vault/core_test.go @@ -1137,7 +1137,7 @@ func TestCore_HandleRequest_AuditTrail(t *testing.T) { // Create a noop audit backend noop := &corehelpers.NoopAudit{} c, _, root := TestCoreUnsealed(t) - c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) { + c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) { noop = &corehelpers.NoopAudit{ Config: config, } @@ -1201,7 +1201,7 @@ func TestCore_HandleRequest_AuditTrail_noHMACKeys(t *testing.T) { // Create a noop audit backend var noop *corehelpers.NoopAudit c, _, root := TestCoreUnsealed(t) - c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) { + c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) { noop = &corehelpers.NoopAudit{ Config: config, } @@ -1323,7 +1323,7 @@ func TestCore_HandleLogin_AuditTrail(t *testing.T) { c.credentialBackends["noop"] = func(context.Context, *logical.BackendConfig) (logical.Backend, error) { return noopBack, nil } - c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) { + c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) { noop = &corehelpers.NoopAudit{ Config: config, } diff --git a/vault/external_tests/identity/login_mfa_totp_test.go b/vault/external_tests/identity/login_mfa_totp_test.go index 3244d92595..74d6ab713d 100644 --- a/vault/external_tests/identity/login_mfa_totp_test.go +++ b/vault/external_tests/identity/login_mfa_totp_test.go @@ -61,7 +61,7 @@ func TestLoginMfaGenerateTOTPTestAuditIncluded(t *testing.T) { "totp": totp.Factory, }, AuditBackends: map[string]audit.Factory{ - "noop": func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) { + "noop": func(ctx context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) { return noop, nil }, }, diff --git a/vault/mount_test.go b/vault/mount_test.go index f73ce3876e..3b2b96d083 100644 --- a/vault/mount_test.go +++ b/vault/mount_test.go @@ -724,7 +724,7 @@ func TestDefaultMountTable(t *testing.T) { func TestCore_MountTable_UpgradeToTyped(t *testing.T) { c, _, _ := TestCoreUnsealed(t) - c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) { + c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig, _ bool) (audit.Backend, error) { return &corehelpers.NoopAudit{ Config: config, }, nil