mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-25 00:21:07 +02:00
c28739512a
Add Consul edition support to Enos scenarios and modules Add Linux distros and Consul edition to Enos samples Bump RHEL versions to 9.3 and 8.9
49 lines
1.2 KiB
Bash
49 lines
1.2 KiB
Bash
#!/usr/bin/env bash
|
|
# Copyright (c) HashiCorp, Inc.
|
|
# SPDX-License-Identifier: BUSL-1.1
|
|
|
|
set -exo pipefail
|
|
|
|
fail() {
|
|
echo "$1" 1>&2
|
|
exit 1
|
|
}
|
|
|
|
[[ -z "$LOG_FILE_PATH" ]] && fail "LOG_FILE_PATH env variable has not been set"
|
|
[[ -z "$SOCKET_PORT" ]] && fail "SOCKET_PORT env variable has not been set"
|
|
[[ -z "$VAULT_ADDR" ]] && fail "VAULT_ADDR env variable has not been set"
|
|
[[ -z "$VAULT_BIN_PATH" ]] && fail "VAULT_BIN_PATH env variable has not been set"
|
|
[[ -z "$VAULT_TOKEN" ]] && fail "VAULT_TOKEN env variable has not been set"
|
|
|
|
enable_file_audit_device() {
|
|
$VAULT_BIN_PATH audit enable file file_path="$LOG_FILE_PATH"
|
|
}
|
|
|
|
enable_syslog_audit_device(){
|
|
$VAULT_BIN_PATH audit enable syslog tag="vault" facility="AUTH"
|
|
}
|
|
|
|
enable_socket_audit_device() {
|
|
"$VAULT_BIN_PATH" audit enable socket address="127.0.0.1:$SOCKET_PORT"
|
|
}
|
|
|
|
main() {
|
|
if ! enable_file_audit_device; then
|
|
fail "Failed to enable vault file audit device"
|
|
fi
|
|
|
|
if ! enable_syslog_audit_device; then
|
|
fail "Failed to enable vault syslog audit device"
|
|
fi
|
|
|
|
if ! enable_socket_audit_device; then
|
|
local log
|
|
log=$(cat /tmp/vault-socket.log)
|
|
fail "Failed to enable vault socket audit device: listener log: $log"
|
|
fi
|
|
|
|
return 0
|
|
}
|
|
|
|
main
|