mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-23 23:51:08 +02:00
769fe0b67d
* add hashfunc field to EntryFormatter struct and adjust NewEntryFormatter function and tests * add HeaderAdjuster interface and require it in EntryFormatter dquote> adjust all references to NewEntryFormatter to include a HeaderAdjuster parameter * replace use of hash function in AuditedHeadersConfig's ApplyConfig method with Salter interface instance * fixup! replace use of hash function in AuditedHeadersConfig's ApplyConfig method with Salter interface instance * review feedback * Go doc typo * add another test function --------- Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
213 lines
4.6 KiB
Go
213 lines
4.6 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package file
|
|
|
|
import (
|
|
"context"
|
|
"io/ioutil"
|
|
"os"
|
|
"path/filepath"
|
|
"strconv"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/hashicorp/vault/audit"
|
|
"github.com/hashicorp/vault/helper/namespace"
|
|
"github.com/hashicorp/vault/sdk/helper/salt"
|
|
"github.com/hashicorp/vault/sdk/logical"
|
|
)
|
|
|
|
func TestAuditFile_fileModeNew(t *testing.T) {
|
|
modeStr := "0777"
|
|
mode, err := strconv.ParseUint(modeStr, 8, 32)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
file := filepath.Join(t.TempDir(), "auditTest.txt")
|
|
config := map[string]string{
|
|
"path": file,
|
|
"mode": modeStr,
|
|
}
|
|
|
|
_, err = Factory(context.Background(), &audit.BackendConfig{
|
|
SaltConfig: &salt.Config{},
|
|
SaltView: &logical.InmemStorage{},
|
|
Config: config,
|
|
}, false, nil)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
info, err := os.Stat(file)
|
|
if err != nil {
|
|
t.Fatalf("Cannot retrieve file mode from `Stat`")
|
|
}
|
|
if info.Mode() != os.FileMode(mode) {
|
|
t.Fatalf("File mode does not match.")
|
|
}
|
|
}
|
|
|
|
func TestAuditFile_fileModeExisting(t *testing.T) {
|
|
f, err := ioutil.TempFile("", "test")
|
|
if err != nil {
|
|
t.Fatalf("Failure to create test file.")
|
|
}
|
|
defer os.Remove(f.Name())
|
|
|
|
err = os.Chmod(f.Name(), 0o777)
|
|
if err != nil {
|
|
t.Fatalf("Failure to chmod temp file for testing.")
|
|
}
|
|
|
|
err = f.Close()
|
|
if err != nil {
|
|
t.Fatalf("Failure to close temp file for test.")
|
|
}
|
|
|
|
config := map[string]string{
|
|
"path": f.Name(),
|
|
}
|
|
|
|
_, err = Factory(context.Background(), &audit.BackendConfig{
|
|
Config: config,
|
|
SaltConfig: &salt.Config{},
|
|
SaltView: &logical.InmemStorage{},
|
|
}, false, nil)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
info, err := os.Stat(f.Name())
|
|
if err != nil {
|
|
t.Fatalf("cannot retrieve file mode from `Stat`")
|
|
}
|
|
if info.Mode() != os.FileMode(0o600) {
|
|
t.Fatalf("File mode does not match.")
|
|
}
|
|
}
|
|
|
|
func TestAuditFile_fileMode0000(t *testing.T) {
|
|
f, err := ioutil.TempFile("", "test")
|
|
if err != nil {
|
|
t.Fatalf("Failure to create test file. The error is %v", err)
|
|
}
|
|
defer os.Remove(f.Name())
|
|
|
|
err = os.Chmod(f.Name(), 0o777)
|
|
if err != nil {
|
|
t.Fatalf("Failure to chmod temp file for testing. The error is %v", err)
|
|
}
|
|
|
|
err = f.Close()
|
|
if err != nil {
|
|
t.Fatalf("Failure to close temp file for test. The error is %v", err)
|
|
}
|
|
|
|
config := map[string]string{
|
|
"path": f.Name(),
|
|
"mode": "0000",
|
|
}
|
|
|
|
_, err = Factory(context.Background(), &audit.BackendConfig{
|
|
Config: config,
|
|
SaltConfig: &salt.Config{},
|
|
SaltView: &logical.InmemStorage{},
|
|
}, false, nil)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
info, err := os.Stat(f.Name())
|
|
if err != nil {
|
|
t.Fatalf("cannot retrieve file mode from `Stat`. The error is %v", err)
|
|
}
|
|
if info.Mode() != os.FileMode(0o777) {
|
|
t.Fatalf("File mode does not match.")
|
|
}
|
|
}
|
|
|
|
// TestAuditFile_EventLogger_fileModeNew verifies that the Factory function
|
|
// correctly sets the file mode when the useEventLogger argument is set to
|
|
// true.
|
|
func TestAuditFile_EventLogger_fileModeNew(t *testing.T) {
|
|
modeStr := "0777"
|
|
mode, err := strconv.ParseUint(modeStr, 8, 32)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
file := filepath.Join(t.TempDir(), "auditTest.txt")
|
|
config := map[string]string{
|
|
"path": file,
|
|
"mode": modeStr,
|
|
}
|
|
|
|
_, err = Factory(context.Background(), &audit.BackendConfig{
|
|
SaltConfig: &salt.Config{},
|
|
SaltView: &logical.InmemStorage{},
|
|
Config: config,
|
|
}, true, nil)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
info, err := os.Stat(file)
|
|
if err != nil {
|
|
t.Fatalf("Cannot retrieve file mode from `Stat`")
|
|
}
|
|
if info.Mode() != os.FileMode(mode) {
|
|
t.Fatalf("File mode does not match.")
|
|
}
|
|
}
|
|
|
|
func BenchmarkAuditFile_request(b *testing.B) {
|
|
config := map[string]string{
|
|
"path": "/dev/null",
|
|
}
|
|
sink, err := Factory(context.Background(), &audit.BackendConfig{
|
|
Config: config,
|
|
SaltConfig: &salt.Config{},
|
|
SaltView: &logical.InmemStorage{},
|
|
}, false, nil)
|
|
if err != nil {
|
|
b.Fatal(err)
|
|
}
|
|
|
|
in := &logical.LogInput{
|
|
Auth: &logical.Auth{
|
|
ClientToken: "foo",
|
|
Accessor: "bar",
|
|
EntityID: "foobarentity",
|
|
DisplayName: "testtoken",
|
|
NoDefaultPolicy: true,
|
|
Policies: []string{"root"},
|
|
TokenType: logical.TokenTypeService,
|
|
},
|
|
Request: &logical.Request{
|
|
Operation: logical.UpdateOperation,
|
|
Path: "/foo",
|
|
Connection: &logical.Connection{
|
|
RemoteAddr: "127.0.0.1",
|
|
},
|
|
WrapInfo: &logical.RequestWrapInfo{
|
|
TTL: 60 * time.Second,
|
|
},
|
|
Headers: map[string][]string{
|
|
"foo": {"bar"},
|
|
},
|
|
},
|
|
}
|
|
|
|
ctx := namespace.RootContext(context.Background())
|
|
b.ResetTimer()
|
|
b.RunParallel(func(pb *testing.PB) {
|
|
for pb.Next() {
|
|
if err := sink.LogRequest(ctx, in); err != nil {
|
|
panic(err)
|
|
}
|
|
}
|
|
})
|
|
}
|