mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-24 16:11:08 +02:00
Code Issues Projects Releases Wiki Activity
vault/enos/modules/vault_cluster/scripts/enable-audit-devices.sh
Ryan Cragun b5d32b7bec
enos: add shfmt formatting to enos module scripts (#28142) 
Signed-off-by: Ryan Cragun <me@ryan.ec>
2024-08-23 13:45:30 -06:00

54 lines
1.4 KiB
Bash
Raw Permalink Blame History

#!/usr/bin/env bash
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -exo pipefail
fail() {
echo "$1" 1>&2
exit 1
}
[[ -z "$IP_VERSION" ]] && fail "IP_VERSION env variable has not been set"
[[ -z "$LOG_FILE_PATH" ]] && fail "LOG_FILE_PATH env variable has not been set"
[[ -z "$SOCKET_PORT" ]] && fail "SOCKET_PORT env variable has not been set"
[[ -z "$VAULT_ADDR" ]] && fail "VAULT_ADDR env variable has not been set"
[[ -z "$VAULT_BIN_PATH" ]] && fail "VAULT_BIN_PATH env variable has not been set"
[[ -z "$VAULT_TOKEN" ]] && fail "VAULT_TOKEN env variable has not been set"
enable_file_audit_device() {
$VAULT_BIN_PATH audit enable file file_path="$LOG_FILE_PATH"
}
enable_syslog_audit_device() {
$VAULT_BIN_PATH audit enable syslog tag="vault" facility="AUTH"
}
enable_socket_audit_device() {
if [ "$IP_VERSION" = "4" ]; then
"$VAULT_BIN_PATH" audit enable socket address="127.0.0.1:$SOCKET_PORT"
else
"$VAULT_BIN_PATH" audit enable socket address="[::1]:$SOCKET_PORT"
fi
}
main() {
if ! enable_file_audit_device; then
fail "Failed to enable vault file audit device"
fi
if ! enable_syslog_audit_device; then
fail "Failed to enable vault syslog audit device"
fi
if ! enable_socket_audit_device; then
local log
log=$(cat /tmp/vault-socket.log)
fail "Failed to enable vault socket audit device: listener log: $log"
fi
return 0
}
main
Reference in New Issue View Git Blame Copy Permalink