From bac4fe0799a372ba1245db642f3f6cd1f1d02669 Mon Sep 17 00:00:00 2001 From: vishalnayak Date: Mon, 14 Mar 2016 17:15:07 -0400 Subject: [PATCH] Rename id to path and path to file_path, print audit backend paths --- api/sys_audit.go | 1 + builtin/audit/file/backend.go | 4 ++-- command/audit_enable.go | 14 +++++++------- command/audit_list.go | 4 ++-- vault/logical_system.go | 1 + website/source/docs/audit/file.html.md | 8 ++++---- 6 files changed, 17 insertions(+), 15 deletions(-) diff --git a/api/sys_audit.go b/api/sys_audit.go index bf688541e3..6fbe1ef228 100644 --- a/api/sys_audit.go +++ b/api/sys_audit.go @@ -78,6 +78,7 @@ func (c *Sys) DisableAudit(path string) error { // documentation. Please refer to that documentation for more details. type Audit struct { + Path string Type string Description string Options map[string]string diff --git a/builtin/audit/file/backend.go b/builtin/audit/file/backend.go index 813603ab1f..ccb3935d33 100644 --- a/builtin/audit/file/backend.go +++ b/builtin/audit/file/backend.go @@ -18,9 +18,9 @@ func Factory(conf *audit.BackendConfig) (audit.Backend, error) { return nil, fmt.Errorf("nil salt") } - path, ok := conf.Config["path"] + path, ok := conf.Config["file_path"] if !ok { - return nil, fmt.Errorf("path is required") + return nil, fmt.Errorf("file_path is required") } // Check if hashing of accessor is disabled diff --git a/command/audit_enable.go b/command/audit_enable.go index 5f7b6a6e80..3e95889fe9 100644 --- a/command/audit_enable.go +++ b/command/audit_enable.go @@ -19,10 +19,10 @@ type AuditEnableCommand struct { } func (c *AuditEnableCommand) Run(args []string) int { - var desc, id string + var desc, path string flags := c.Meta.FlagSet("audit-enable", FlagSetDefault) flags.StringVar(&desc, "description", "", "") - flags.StringVar(&id, "id", "", "") + flags.StringVar(&path, "path", "", "") flags.Usage = func() { c.Ui.Error(c.Help()) } if err := flags.Parse(args); err != nil { return 1 @@ -37,8 +37,8 @@ func (c *AuditEnableCommand) Run(args []string) int { } auditType := args[0] - if id == "" { - id = auditType + if path == "" { + path = auditType } // Build the options @@ -67,7 +67,7 @@ func (c *AuditEnableCommand) Run(args []string) int { return 1 } - err = client.Sys().EnableAudit(id, auditType, desc, opts) + err = client.Sys().EnableAudit(path, auditType, desc, opts) if err != nil { c.Ui.Error(fmt.Sprintf( "Error enabling audit backend: %s", err)) @@ -75,7 +75,7 @@ func (c *AuditEnableCommand) Run(args []string) int { } c.Ui.Output(fmt.Sprintf( - "Successfully enabled audit backend '%s'!", auditType)) + "Successfully enabled audit backend '%s' with path '%s'!", auditType, path)) return 0 } @@ -103,7 +103,7 @@ Audit Enable Options: -description= A human-friendly description for the backend. This shows up only when querying the enabled backends. - -id= Specify a unique ID for this audit backend. This + -path= Specify a unique path for this audit backend. This is purely for referencing this audit backend. By default this will be the backend type. diff --git a/command/audit_list.go b/command/audit_list.go index 398b6c8d26..36e70ac365 100644 --- a/command/audit_list.go +++ b/command/audit_list.go @@ -47,7 +47,7 @@ func (c *AuditListCommand) Run(args []string) int { } sort.Strings(paths) - columns := []string{"Type | Description | Options"} + columns := []string{"Path | Type | Description | Options"} for _, path := range paths { audit := audits[path] opts := make([]string, 0, len(audit.Options)) @@ -56,7 +56,7 @@ func (c *AuditListCommand) Run(args []string) int { } columns = append(columns, fmt.Sprintf( - "%s | %s | %s", audit.Type, audit.Description, strings.Join(opts, " "))) + "%s | %s | %s | %s", audit.Path, audit.Type, audit.Description, strings.Join(opts, " "))) } c.Ui.Output(columnize.SimpleFormat(columns)) diff --git a/vault/logical_system.go b/vault/logical_system.go index f4bf4aac56..f8bacb915a 100644 --- a/vault/logical_system.go +++ b/vault/logical_system.go @@ -932,6 +932,7 @@ func (b *SystemBackend) handleAuditTable( } for _, entry := range b.Core.audit.Entries { info := map[string]interface{}{ + "path": entry.Path, "type": entry.Type, "description": entry.Description, "options": entry.Options, diff --git a/website/source/docs/audit/file.html.md b/website/source/docs/audit/file.html.md index 8c0a1db963..7d093db9a9 100644 --- a/website/source/docs/audit/file.html.md +++ b/website/source/docs/audit/file.html.md @@ -25,13 +25,13 @@ information is first hashed before logging in the audit logs. Audit `file` backend can be enabled by the following command. ``` -$ vault audit-enable file path=/var/log/vault_audit.log +$ vault audit-enable file file_path=/var/log/vault_audit.log ``` -Any number of `file` audit logs can be created by enabling it with different `id`s. +Any number of `file` audit logs can be created by enabling it with different `path`s. ``` -$ vault audit-enable -id="vault_audit_1" file path=/home/user/vault_audit.log +$ vault audit-enable -path="vault_audit_1" file file_path=/home/user/vault_audit.log ``` Note the difference between `audit-enable` command options and the `file` backend @@ -43,7 +43,7 @@ Following are the configuration options available for the backend.
  • - path + file_path required The path to where the audit log will be written. If this path exists, the audit backend will append to it.