mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-12 22:31:39 +01:00
Code Issues Projects Releases Wiki Activity
vault/builtin/logical/pki/observe/observation_consts.go
Vault Automation 7f9a3efe21
VAULT-39462 PKI observations (#9576) (#9747) 
* VAULT-39462 PKI observations first draft?

* acme account

* acme account 2

* license

* belt and braces

* EST, and some tests

* more stuff

* SCEP

* key tests etc

* WIP reorganize code into an observe sub-package with interfaces

* make fmt

* fmt

* fmt

* empty file hehe

* copyright headers

* Update builtin/logical/pki/backend_cmpv2_ent_test.go



* Update builtin/logical/pki/backend_cmpv2_ent_test.go



* Update builtin/logical/pki/path_ocsp.go



* Update builtin/logical/pki/path_acme_order.go



* Update builtin/logical/pki/path_acme_order.go



* extra info

* add stored to cieps

* make fmt

---------

Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2025-09-30 12:34:07 -04:00

184 lines
7.3 KiB
Go
Raw Blame History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1
package observe
const (
// ---
// Generate Root:
ObservationTypePKIGenerateRoot = "pki/root/generate"
// ---
// Generate Intermediate:
ObservationTypePKIGenerateIntermediate = "pki/intermediate/generate"
// ---
// Issue + Sign
// ObservationTypePKIIssue observations will be emitted for both the issue (pki/issue/:name) and
// issue-and-sign endpoints (pki/sign/:name). Observations for isssued-and-signed certs will
// contain "signed" = true, and unsigned certs will contain "signed" = false.
ObservationTypePKIIssue = "pki/issue"
// ObservationTypePKICIEPSIssue observations will be emitted for both the CIEPS issue and
// issue-and-sign endpoints. Observations for issued-and-signed certs will
// contain "signed" = true, and unsigned certs will contain "signed" = false.
ObservationTypePKICIEPSIssue = "pki/cieps/issue"
// ---
// Issuer Related Observations
ObservationTypePKIIssuerRead = "pki/issuer/read"
ObservationTypePKIIssuerWrite = "pki/issuer/write"
ObservationTypePKIIssuerPatch = "pki/issuer/patch"
ObservationTypePKIIssuerDelete = "pki/issuer/delete"
ObservationTypePKIIssuerResignCRLs = "pki/issuer/resign-crls"
// ObservationTypePKIIssuersImport is emitted when an import happens for issuers.
// This can happen via /pki/config/ca, /pki/issuers/import/bundle, /pki/intermediate/set-signed,
// and others.
ObservationTypePKIIssuersImport = "pki/issuer/import"
// ObservationTypePKIConfigIssuersWrite is emitted both for writes to /pki/config/issuers
// and /pki/root/replace, as they have the same code path.
ObservationTypePKIConfigIssuersWrite = "pki/config/issuers/write"
ObservationTypePKIConfigIssuersRead = "pki/config/issuers/read"
// ObservationTypePKIReadIssuerCertificate is issued when the issuer's certificate is read,
// i.e. the following:
// https://developer.hashicorp.com/vault/api-docs/secret/pki#read-issuer-certificate
ObservationTypePKIReadIssuerCertificate = "pki/issuer/certificate/read"
// ---
// Role related observations
ObservationTypePKIRoleRead = "pki/role/read"
ObservationTypePKIRoleWrite = "pki/role/write"
ObservationTypePKIRolePatch = "pki/role/patch"
ObservationTypePKIRoleDelete = "pki/role/delete"
// ---
// Cert metadata
// ObservationTypePKIReadCertificateMetadata is emitted when /pki/cert-metadata/:serial is called.
ObservationTypePKIReadCertificateMetadata = "pki/certificate-metadata/read"
// ---
// Tidy
// ObservationTypePKITidy is emitted when a tidy operation is accepted, not completed.
ObservationTypePKITidy = "pki/tidy"
// ---
// Revoke
ObservationTypePKIRevoke = "pki/revoke"
// ---
// Rotate CRLs
// ObservationTypePKIRotateCRL is emitted when pki/crl/rotate is called, which forces a rotation of all issuers' CRLs.
ObservationTypePKIRotateCRL = "pki/crl/rotate"
// ObservationTypePKIRotateDeltaCRL is emitted when pki/crl/rotate-delta is called, which forces a rotation of all issuers' delta CRLs.
ObservationTypePKIRotateDeltaCRL = "pki/crl/rotate-delta"
// ---
// Key Related Observations
ObservationTypePKIKeysGenerate = "pki/keys/generate"
ObservationTypePKIKeysImport = "pki/keys/import"
ObservationTypePKIConfigKeysWrite = "pki/config/keys/write"
ObservationTypePKIConfigKeysRead = "pki/config/keys/read"
ObservationTypePKIKeyRead = "pki/key/read"
ObservationTypePKIKeyWrite = "pki/key/write"
ObservationTypePKIKeyDelete = "pki/key/delete"
// ---
// OCSP Related Observations
// Note that statuses are kept to their values as per https://datatracker.ietf.org/doc/html/rfc6960 and
// are not translated to be 'human-readable'. This observation covers both pki/ocsp and pki/unified-ocsp
// endpoints, returning a "unified" boolean in the body.
ObservationTypePKIOCSP = "pki/ocsp"
// ---
// Config Related Observations
// ObservationTypePKIConfigClusterRead will be emitted on a read to
// pki/config/cluster
ObservationTypePKIConfigClusterRead = "pki/config/integrations/cluster/read"
// ObservationTypePKIConfigClusterWrite will be emitted on a write to
// pki/config/cluster.
ObservationTypePKIConfigClusterWrite = "pki/config/integrations/cluster/write"
// ObservationTypePKIConfigIntegrationsGardiumRead will be emitted on a read to
// pki/config/integrations/gardium. It will not include any user-specified URLs.
ObservationTypePKIConfigIntegrationsGardiumRead = "pki/config/integrations/gardium/read"
// ObservationTypePKIConfigIntegrationsGardiumWrite will be emitted on a write to
// pki/config/integrations/gardium. It will not include any user-specified URLs.
ObservationTypePKIConfigIntegrationsGardiumWrite = "pki/config/integrations/gardium/write"
// ObservationTypePKIConfigURLsRead will be emitted on a read to
// pki/config/urls. It will not include any user-specified URLs.
ObservationTypePKIConfigURLsRead = "pki/config/urls/read"
// ObservationTypePKIConfigURLsWrite will be emitted on a write to
// pki/config/urls. It will not include any user-specified URLs.
ObservationTypePKIConfigURLsWrite = "pki/config/urls/write"
// ObservationTypePKIConfigExternalPolicyRead is emitted when a read call goes to
// pki/config/external-policy (CIEPS).
ObservationTypePKIConfigExternalPolicyRead = "pki/config/external-policy/read"
// ObservationTypePKIConfigExternalPolicyWrite is emitted when a write call goes to
// pki/config/external-policy (CIEPS). Note that any sensitive information, like
// certificates or URLs.
ObservationTypePKIConfigExternalPolicyWrite = "pki/config/external-policy/write"
ObservationTypePKIConfigCRLRead = "pki/config/crl/read"
ObservationTypePKIConfigCRLWrite = "pki/config/crl/write"
// ---
// ACME Related Observations
ObservationTypePKIConfigACMERead = "pki/config/acme/read"
ObservationTypePKIConfigACMEWrite = "pki/config/acme/write"
ObservationTypePKIAcmeRevoke = "pki/acme/revoke"
ObservationTypePKIAcmeNewOrder = "pki/acme/order/new-order"
ObservationTypePKIAcmeListOrders = "pki/acme/order/list-orders"
ObservationTypePKIAcmeGetOrder = "pki/acme/order/get-order"
ObservationTypePKIAcmeFinalizeOrder = "pki/acme/order/finalize-order"
ObservationTypePKIAcmeFetchOrderCert = "pki/acme/order/fetch-order-cert"
ObservationTypePKIAcmeNewAccount = "pki/acme/account/new-account"
ObservationTypePKIAcmeUpdateAccount = "pki/acme/account/update-account"
ObservationTypePKIAcmeChallenge = "pki/acme/challenge"
ObservationTypePKIAcmeAuthorization = "pki/acme/authorization"
ObservationTypePKIAcmeNewEab = "pki/acme/new-eab"
// ---
// EST Related Observations
ObservationTypePKIConfigESTRead = "pki/config/est/read"
ObservationTypePKIConfigESTWrite = "pki/config/est/write"
ObservationTypePKIESTCACerts = "pki/est/ca-certs"
ObservationTypePKIESTEnroll = "pki/est/enroll"
ObservationTypePKIESTReEnroll = "pki/est/re-enroll"
// ---
// CMPv2 Related Observations
ObservationTypePKIConfigCMPv2Read = "pki/config/cmpv2/read"
ObservationTypePKIConfigCMPv2Write = "pki/config/cmpv2/write"
ObservationTypePKICMPCertRequest = "pki/cmpv2/cert-request"
// ---
// SCEP Related Observations
ObservationTypePKIConfigSCEPRead = "pki/config/scep/read"
ObservationTypePKIConfigSCEPWrite = "pki/config/scep/write"
ObservationTypePKISCEPPKIOperation = "pki/scep/operation/pki"
)
Reference in New Issue View Git Blame Copy Permalink