mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-14 18:47:01 +02:00
17ffe62d0d
* VAULT-22481: Audit filter node (#24465) * Initial commit on adding filter nodes for audit * tests for audit filter * test: longer filter - more conditions * copywrite headers * Check interface for the right type * Add audit filtering feature (#24554) * Support filter nodes in backend factories and add some tests * More tests and cleanup * Attempt to move control of registration for nodes and pipelines to the audit broker (#24505) * invert control of the pipelines/nodes to the audit broker vs. within each backend * update noop audit test code to implement the pipeliner interface * noop mount path has trailing slash * attempting to make NoopAudit more friendly * NoopAudit uses known salt * Refactor audit.ProcessManual to support filter nodes * HasFiltering * rename the pipeliner * use exported AuditEvent in Filter * Add tests for registering and deregistering backends on the audit broker * Add missing licence header to one file, fix a typo in two tests --------- Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com> * Add changelog file * update bexpr datum to use a strong type * go docs updates * test path * PR review comments * handle scenarios/outcomes from broker.send * don't need to re-check the complete sinks * add extra check to deregister to ensure that re-registering non-filtered device sets sink threshold * Ensure that the multierror is appended before attempting to return it --------- Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
78 lines
1.8 KiB
Go
78 lines
1.8 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package logical
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
// TestLogInput_BexprDatum ensures that we can transform a LogInput
|
|
// into a LogInputBexpr to be used in audit filtering.
|
|
func TestLogInput_BexprDatum(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
tests := map[string]struct {
|
|
Request *Request
|
|
Namespace string
|
|
ExpectedPath string
|
|
ExpectedMountPoint string
|
|
ExpectedMountType string
|
|
ExpectedNamespace string
|
|
ExpectedOperation string
|
|
}{
|
|
"nil-no-namespace": {
|
|
Request: nil,
|
|
Namespace: "",
|
|
ExpectedPath: "",
|
|
ExpectedMountPoint: "",
|
|
ExpectedMountType: "",
|
|
ExpectedNamespace: "",
|
|
ExpectedOperation: "",
|
|
},
|
|
"nil-namespace": {
|
|
Request: nil,
|
|
Namespace: "juan",
|
|
ExpectedPath: "",
|
|
ExpectedMountPoint: "",
|
|
ExpectedMountType: "",
|
|
ExpectedNamespace: "juan",
|
|
ExpectedOperation: "",
|
|
},
|
|
"happy-path": {
|
|
Request: &Request{
|
|
MountPoint: "IAmAMountPoint",
|
|
MountType: "IAmAMountType",
|
|
Operation: CreateOperation,
|
|
Path: "IAmAPath",
|
|
},
|
|
Namespace: "juan",
|
|
ExpectedPath: "IAmAPath",
|
|
ExpectedMountPoint: "IAmAMountPoint",
|
|
ExpectedMountType: "IAmAMountType",
|
|
ExpectedNamespace: "juan",
|
|
ExpectedOperation: "create",
|
|
},
|
|
}
|
|
|
|
for name, tc := range tests {
|
|
name := name
|
|
tc := tc
|
|
t.Run(name, func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
l := &LogInput{Request: tc.Request}
|
|
|
|
d := l.BexprDatum(tc.Namespace)
|
|
|
|
require.Equal(t, tc.ExpectedPath, d.Path)
|
|
require.Equal(t, tc.ExpectedMountPoint, d.MountPoint)
|
|
require.Equal(t, tc.ExpectedMountType, d.MountType)
|
|
require.Equal(t, tc.ExpectedNamespace, d.Namespace)
|
|
require.Equal(t, tc.ExpectedOperation, d.Operation)
|
|
})
|
|
}
|
|
}
|