luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
open-vault/vault/audit.go

582 lines
15 KiB
Go
Raw Normal View History

vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
package vault
import (
Add context to storage backends and wire it through a lot of places (#3817)
2018-01-19 06:44:44 +00:00
"context"
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 16:18:37 +00:00
"crypto/sha256"
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
"errors"
"fmt"
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
"strings"
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
Run goimports across the repository (#6010) The result will still pass gofmtcheck and won't trigger additional changes if someone isn't using goimports, but it will avoid the piecemeal imports changes we've been seeing.
2019-01-09 00:48:57 +00:00
uuid "github.com/hashicorp/go-uuid"
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
"github.com/hashicorp/vault/audit"
The big one (#5346)
2018-09-18 03:03:00 +00:00
"github.com/hashicorp/vault/helper/namespace"
Fix panic in handleAuditNonLogical if vault is sealed (#9310) (#10103)
2020-10-07 12:30:36 +00:00
"github.com/hashicorp/vault/sdk/helper/consts"
Switch to go modules (#6585) * Switch to go modules * Make fmt
2019-04-13 07:44:06 +00:00
"github.com/hashicorp/vault/sdk/helper/jsonutil"
Create sdk/ and api/ submodules (#6583)
2019-04-12 21:54:35 +00:00
"github.com/hashicorp/vault/sdk/helper/salt"
"github.com/hashicorp/vault/sdk/logical"
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
)
const (
// coreAuditConfigPath is used to store the audit configuration.
// Audit configuration is protected within the Vault itself, which means it
// can only be viewed or modified after an unseal.
coreAuditConfigPath = "core/audit"
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
// coreLocalAuditConfigPath is used to store audit information for local
// (non-replicated) mounts
coreLocalAuditConfigPath = "core/local-audit"
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
// auditBarrierPrefix is the prefix to the UUID used in the
// barrier view for the audit backends.
auditBarrierPrefix = "audit/"
Add to auth/audit too
2016-05-26 17:38:51 +00:00
// auditTableType is the value we expect to find for the audit table and
// corresponding entries
auditTableType = "audit"
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
)
Run a more strict formatter over the code (#11312) * Update tooling * Run gofumpt * go mod vendor
2021-04-08 16:43:39 +00:00
// loadAuditFailed if loading audit tables encounters an error
var errLoadAuditFailed = errors.New("failed to setup audit table")
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
Send a test message before committing a new audit device. (#10520) * Send a test message before committing a new audit device. Also, lower timeout on connection attempts in socket device. * added changelog * go mod vendor (picked up some unrelated changes.) * Skip audit device check in integration test. Co-authored-by: swayne275 <swayne@hashicorp.com>
2020-12-16 22:00:32 +00:00
func (c *Core) generateAuditTestProbe() (*logical.LogInput, error) {
requestId, err := uuid.GenerateUUID()
if err != nil {
return nil, err
}
return &logical.LogInput{
Type: "request",
Auth: nil,
Request: &logical.Request{
ID: requestId,
Operation: "update",
Path: "sys/audit/test",
},
Response: nil,
OuterErr: nil,
}, nil
}
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
// enableAudit is used to enable a new audit backend
The big one (#5346)
2018-09-18 03:03:00 +00:00
func (c *Core) enableAudit(ctx context.Context, entry *MountEntry, updateStorage bool) error {
vault: Allow deep paths for audit backends
2015-04-03 21:27:33 +00:00
// Ensure we end the path in a slash
if !strings.HasSuffix(entry.Path, "/") {
entry.Path += "/"
}
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
// Ensure there is a name
vault: Allow deep paths for audit backends
2015-04-03 21:27:33 +00:00
if entry.Path == "/" {
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
return fmt.Errorf("backend path must be specified")
}
Rearchitect MountTable locking and fix rollback. The rollback manager was using a saved MountTable rather than the current table, causing it to attempt to rollback unmounted mounts, and never rollback new mounts. In fixing this, it became clear that bad things could happen to the mount table...the table itself could be locked, but the table pointer (which is what the rollback manager needs) could be modified at any time without locking. This commit therefore also returns locking to a mutex outside the table instead of inside, and plumbs RLock/RUnlock through to the various places that are reading the table but not holding a write lock. Both unit tests and race detection pass. Fixes #771
2015-11-11 16:44:07 +00:00
// Update the audit table
c.auditLock.Lock()
defer c.auditLock.Unlock()
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
// Look for matching name
for _, ent := range c.audit.Entries {
vault: Allow deep paths for audit backends
2015-04-03 21:27:33 +00:00
switch {
// Existing is sql/mysql/ new is sql/ or
// existing is sql/ and new is sql/mysql/
case strings.HasPrefix(ent.Path, entry.Path):
fallthrough
case strings.HasPrefix(entry.Path, ent.Path):
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
return fmt.Errorf("path already in use")
}
}
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 16:18:37 +00:00
// Generate a new UUID and view
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
if entry.UUID == "" {
entryUUID, err := uuid.GenerateUUID()
if err != nil {
return err
}
entry.UUID = entryUUID
Update deps, and adjust usage of go-uuid to match new return values
2016-01-13 18:40:08 +00:00
}
Create and persist human-friendly-ish mount accessors (#2918)
2017-06-26 17:14:36 +00:00
if entry.Accessor == "" {
accessor, err := c.generateMountAccessor("audit_" + entry.Type)
if err != nil {
return err
}
entry.Accessor = accessor
}
The big one (#5346)
2018-09-18 03:03:00 +00:00
viewPath := entry.ViewPath()
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
view := NewBarrierView(c.barrier, viewPath)
The big one (#5346)
2018-09-18 03:03:00 +00:00
addAuditPathChecker(c, entry, view, viewPath)
origViewReadOnlyErr := view.getReadOnlyErr()
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 16:18:37 +00:00
Make mount view read only until after mount persist (#3910)
2018-02-09 19:04:25 +00:00
// Mark the view as read-only until the mounting is complete and
// ensure that it is reset after. This ensures that there will be no
// writes during the construction of the backend.
view.setReadOnlyErr(logical.ErrSetupReadOnly)
The big one (#5346)
2018-09-18 03:03:00 +00:00
defer view.setReadOnlyErr(origViewReadOnlyErr)
Make mount view read only until after mount persist (#3910)
2018-02-09 19:04:25 +00:00
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
// Lookup the new backend
Add context to storage backends and wire it through a lot of places (#3817)
2018-01-19 06:44:44 +00:00
backend, err := c.newAuditBackend(ctx, entry, view, entry.Options)
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
if err != nil {
return err
}
Add some nil checks to mounting
2017-03-04 21:35:41 +00:00
if backend == nil {
return fmt.Errorf("nil audit backend of type %q returned from factory", entry.Type)
}
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
Send a test message before committing a new audit device. (#10520) * Send a test message before committing a new audit device. Also, lower timeout on connection attempts in socket device. * added changelog * go mod vendor (picked up some unrelated changes.) * Skip audit device check in integration test. Co-authored-by: swayne275 <swayne@hashicorp.com>
2020-12-16 22:00:32 +00:00
if entry.Options["skip_test"] != "true" {
// Test the new audit device and report failure if it doesn't work.
testProbe, err := c.generateAuditTestProbe()
if err != nil {
return err
}
err = backend.LogTestMessage(ctx, testProbe, entry.Options)
if err != nil {
c.logger.Error("new audit backend failed test", "path", entry.Path, "type", entry.Type, "error", err)
return fmt.Errorf("audit backend failed test message: %w", err)
}
}
Rejig locks during unmount/remount. (#1855)
2016-09-13 15:50:14 +00:00
newTable := c.audit.shallowClone()
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
newTable.Entries = append(newTable.Entries, entry)
The big one (#5346)
2018-09-18 03:03:00 +00:00
ns, err := namespace.FromContext(ctx)
if err != nil {
return err
}
entry.NamespaceID = ns.ID
entry.namespace = ns
if updateStorage {
if err := c.persistAudit(ctx, newTable, entry.Local); err != nil {
return errors.New("failed to update audit table")
}
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
}
Rearchitect MountTable locking and fix rollback. The rollback manager was using a saved MountTable rather than the current table, causing it to attempt to rollback unmounted mounts, and never rollback new mounts. In fixing this, it became clear that bad things could happen to the mount table...the table itself could be locked, but the table pointer (which is what the rollback manager needs) could be modified at any time without locking. This commit therefore also returns locking to a mutex outside the table instead of inside, and plumbs RLock/RUnlock through to the various places that are reading the table but not holding a write lock. Both unit tests and race detection pass. Fixes #771
2015-11-11 16:44:07 +00:00
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
c.audit = newTable
// Register the backend
The big one (#5346)
2018-09-18 03:03:00 +00:00
c.auditBroker.Register(entry.Path, backend, view, entry.Local)
Convert to logxi
2016-08-19 20:45:17 +00:00
if c.logger.IsInfo() {
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
c.logger.Info("enabled audit backend", "path", entry.Path, "type", entry.Type)
Convert to logxi
2016-08-19 20:45:17 +00:00
}
The big one (#5346)
2018-09-18 03:03:00 +00:00
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
return nil
}
// disableAudit is used to disable an existing audit backend
The big one (#5346)
2018-09-18 03:03:00 +00:00
func (c *Core) disableAudit(ctx context.Context, path string, updateStorage bool) (bool, error) {
vault: Allow deep paths for audit backends
2015-04-03 21:27:33 +00:00
// Ensure we end the path in a slash
if !strings.HasSuffix(path, "/") {
path += "/"
}
Sync over
2019-04-11 15:12:37 +00:00
// Ensure there is a name
if path == "/" {
return false, fmt.Errorf("backend path must be specified")
}
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
// Remove the entry from the mount table
Rearchitect MountTable locking and fix rollback. The rollback manager was using a saved MountTable rather than the current table, causing it to attempt to rollback unmounted mounts, and never rollback new mounts. In fixing this, it became clear that bad things could happen to the mount table...the table itself could be locked, but the table pointer (which is what the rollback manager needs) could be modified at any time without locking. This commit therefore also returns locking to a mutex outside the table instead of inside, and plumbs RLock/RUnlock through to the various places that are reading the table but not holding a write lock. Both unit tests and race detection pass. Fixes #771
2015-11-11 16:44:07 +00:00
c.auditLock.Lock()
defer c.auditLock.Unlock()
Rejig locks during unmount/remount. (#1855)
2016-09-13 15:50:14 +00:00
newTable := c.audit.shallowClone()
The big one (#5346)
2018-09-18 03:03:00 +00:00
entry, err := newTable.remove(ctx, path)
if err != nil {
return false, err
}
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
// Ensure there was a match
Adds HUP support for audit log files to close and reopen. (#1953) Adds HUP support for audit log files to close and reopen. This makes it much easier to deal with normal log rotation methods. As part of testing this I noticed that HUP and other items that come out of command/server.go are going to stderr, which is where our normal log lines go. This isn't so much problematic with our normal output but as we officially move to supporting other formats this can cause interleaving issues, so I moved those to stdout instead.
2016-09-30 19:04:50 +00:00
if entry == nil {
Follow Vault convention on `DELETE` being idempotent (#1903) * Follow Vault convention on `DELETE` being idempotent with audit/auth/mounts deletes (a.k.a. disabling/unmounting).
2016-09-19 17:02:25 +00:00
return false, fmt.Errorf("no matching backend")
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
}
Adds HUP support for audit log files to close and reopen. (#1953) Adds HUP support for audit log files to close and reopen. This makes it much easier to deal with normal log rotation methods. As part of testing this I noticed that HUP and other items that come out of command/server.go are going to stderr, which is where our normal log lines go. This isn't so much problematic with our normal output but as we officially move to supporting other formats this can cause interleaving issues, so I moved those to stdout instead.
2016-09-30 19:04:50 +00:00
c.removeAuditReloadFunc(entry)
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
// When unmounting all entries the JSON code will load back up from storage
// as a nil slice, which kills tests...just set it nil explicitly
if len(newTable.Entries) == 0 {
newTable.Entries = nil
}
The big one (#5346)
2018-09-18 03:03:00 +00:00
if updateStorage {
// Update the audit table
if err := c.persistAudit(ctx, newTable, entry.Local); err != nil {
return true, errors.New("failed to update audit table")
}
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
}
Rearchitect MountTable locking and fix rollback. The rollback manager was using a saved MountTable rather than the current table, causing it to attempt to rollback unmounted mounts, and never rollback new mounts. In fixing this, it became clear that bad things could happen to the mount table...the table itself could be locked, but the table pointer (which is what the rollback manager needs) could be modified at any time without locking. This commit therefore also returns locking to a mutex outside the table instead of inside, and plumbs RLock/RUnlock through to the various places that are reading the table but not holding a write lock. Both unit tests and race detection pass. Fixes #771
2015-11-11 16:44:07 +00:00
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
c.audit = newTable
// Unmount the backend
c.auditBroker.Deregister(path)
Convert to logxi
2016-08-19 20:45:17 +00:00
if c.logger.IsInfo() {
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
c.logger.Info("disabled audit backend", "path", path)
Convert to logxi
2016-08-19 20:45:17 +00:00
}
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
The big one (#5346)
2018-09-18 03:03:00 +00:00
removeAuditPathChecker(c, entry)
Follow Vault convention on `DELETE` being idempotent (#1903) * Follow Vault convention on `DELETE` being idempotent with audit/auth/mounts deletes (a.k.a. disabling/unmounting).
2016-09-19 17:02:25 +00:00
return true, nil
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
}
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
// loadAudits is invoked as part of postUnseal to load the audit table
Add context to storage backends and wire it through a lot of places (#3817)
2018-01-19 06:44:44 +00:00
func (c *Core) loadAudits(ctx context.Context) error {
Rearchitect MountTable locking and fix rollback. The rollback manager was using a saved MountTable rather than the current table, causing it to attempt to rollback unmounted mounts, and never rollback new mounts. In fixing this, it became clear that bad things could happen to the mount table...the table itself could be locked, but the table pointer (which is what the rollback manager needs) could be modified at any time without locking. This commit therefore also returns locking to a mutex outside the table instead of inside, and plumbs RLock/RUnlock through to the various places that are reading the table but not holding a write lock. Both unit tests and race detection pass. Fixes #771
2015-11-11 16:44:07 +00:00
auditTable := &MountTable{}
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
localAuditTable := &MountTable{}
Rearchitect MountTable locking and fix rollback. The rollback manager was using a saved MountTable rather than the current table, causing it to attempt to rollback unmounted mounts, and never rollback new mounts. In fixing this, it became clear that bad things could happen to the mount table...the table itself could be locked, but the table pointer (which is what the rollback manager needs) could be modified at any time without locking. This commit therefore also returns locking to a mutex outside the table instead of inside, and plumbs RLock/RUnlock through to the various places that are reading the table but not holding a write lock. Both unit tests and race detection pass. Fixes #771
2015-11-11 16:44:07 +00:00
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
// Load the existing audit table
Add context to storage backends and wire it through a lot of places (#3817)
2018-01-19 06:44:44 +00:00
raw, err := c.barrier.Get(ctx, coreAuditConfigPath)
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
if err != nil {
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
c.logger.Error("failed to read audit table", "error", err)
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 16:18:37 +00:00
return errLoadAuditFailed
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
}
Add context to storage backends and wire it through a lot of places (#3817)
2018-01-19 06:44:44 +00:00
rawLocal, err := c.barrier.Get(ctx, coreLocalAuditConfigPath)
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
if err != nil {
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
c.logger.Error("failed to read local audit table", "error", err)
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
return errLoadAuditFailed
}
Rearchitect MountTable locking and fix rollback. The rollback manager was using a saved MountTable rather than the current table, causing it to attempt to rollback unmounted mounts, and never rollback new mounts. In fixing this, it became clear that bad things could happen to the mount table...the table itself could be locked, but the table pointer (which is what the rollback manager needs) could be modified at any time without locking. This commit therefore also returns locking to a mutex outside the table instead of inside, and plumbs RLock/RUnlock through to the various places that are reading the table but not holding a write lock. Both unit tests and race detection pass. Fixes #771
2015-11-11 16:44:07 +00:00
c.auditLock.Lock()
defer c.auditLock.Unlock()
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
if raw != nil {
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
if err := jsonutil.DecodeJSON(raw.Value, auditTable); err != nil {
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
c.logger.Error("failed to decode audit table", "error", err)
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 16:18:37 +00:00
return errLoadAuditFailed
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
}
Rearchitect MountTable locking and fix rollback. The rollback manager was using a saved MountTable rather than the current table, causing it to attempt to rollback unmounted mounts, and never rollback new mounts. In fixing this, it became clear that bad things could happen to the mount table...the table itself could be locked, but the table pointer (which is what the rollback manager needs) could be modified at any time without locking. This commit therefore also returns locking to a mutex outside the table instead of inside, and plumbs RLock/RUnlock through to the various places that are reading the table but not holding a write lock. Both unit tests and race detection pass. Fixes #771
2015-11-11 16:44:07 +00:00
c.audit = auditTable
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
}
Minor mount logic updates (#3553)
2017-11-08 01:30:02 +00:00
var needPersist bool
if c.audit == nil {
c.audit = defaultAuditTable()
needPersist = true
}
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
if rawLocal != nil {
if err := jsonutil.DecodeJSON(rawLocal.Value, localAuditTable); err != nil {
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
c.logger.Error("failed to decode local audit table", "error", err)
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
return errLoadAuditFailed
}
Fix potential panic reading local mount tables (#3552)
2017-11-07 23:04:37 +00:00
if localAuditTable != nil && len(localAuditTable.Entries) > 0 {
c.audit.Entries = append(c.audit.Entries, localAuditTable.Entries...)
}
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
}
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
Minor mount logic updates (#3553)
2017-11-08 01:30:02 +00:00
// Upgrade to typed auth table
if c.audit.Type == "" {
c.audit.Type = auditTableType
needPersist = true
}
Add to auth/audit too
2016-05-26 17:38:51 +00:00
Minor mount logic updates (#3553)
2017-11-08 01:30:02 +00:00
// Upgrade to table-scoped entries
for _, entry := range c.audit.Entries {
if entry.Table == "" {
entry.Table = c.audit.Type
Add to auth/audit too
2016-05-26 17:38:51 +00:00
needPersist = true
}
Minor mount logic updates (#3553)
2017-11-08 01:30:02 +00:00
if entry.Accessor == "" {
accessor, err := c.generateMountAccessor("audit_" + entry.Type)
if err != nil {
return err
Create and persist human-friendly-ish mount accessors (#2918)
2017-06-26 17:14:36 +00:00
}
Minor mount logic updates (#3553)
2017-11-08 01:30:02 +00:00
entry.Accessor = accessor
needPersist = true
Add to auth/audit too
2016-05-26 17:38:51 +00:00
}
The big one (#5346)
2018-09-18 03:03:00 +00:00
if entry.NamespaceID == "" {
entry.NamespaceID = namespace.RootNamespaceID
needPersist = true
}
// Get the namespace from the namespace ID and load it in memory
ns, err := NamespaceByID(ctx, entry.NamespaceID, c)
if err != nil {
return err
}
if ns == nil {
return namespace.ErrNoNamespace
}
entry.namespace = ns
Minor mount logic updates (#3553)
2017-11-08 01:30:02 +00:00
}
Add to auth/audit too
2016-05-26 17:38:51 +00:00
perf-standby: Fix audit table upgrade on standbys (#5811)
2018-11-19 18:21:53 +00:00
if !needPersist || c.perfStandby {
Minor mount logic updates (#3553)
2017-11-08 01:30:02 +00:00
return nil
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
}
Add context to storage backends and wire it through a lot of places (#3817)
2018-01-19 06:44:44 +00:00
if err := c.persistAudit(ctx, c.audit, false); err != nil {
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 16:18:37 +00:00
return errLoadAuditFailed
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
}
return nil
}
// persistAudit is used to persist the audit table after modification
Add context to storage backends and wire it through a lot of places (#3817)
2018-01-19 06:44:44 +00:00
func (c *Core) persistAudit(ctx context.Context, table *MountTable, localOnly bool) error {
Add to auth/audit too
2016-05-26 17:38:51 +00:00
if table.Type != auditTableType {
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
c.logger.Error("given table to persist has wrong type", "actual_type", table.Type, "expected_type", auditTableType)
Add to auth/audit too
2016-05-26 17:38:51 +00:00
return fmt.Errorf("invalid table type given, not persisting")
}
for _, entry := range table.Entries {
if entry.Table != table.Type {
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
c.logger.Error("given entry to persist in audit table has wrong table value", "path", entry.Path, "entry_table_type", entry.Table, "actual_type", table.Type)
Add to auth/audit too
2016-05-26 17:38:51 +00:00
return fmt.Errorf("invalid audit entry found, not persisting")
}
}
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
nonLocalAudit := &MountTable{
Type: auditTableType,
}
localAudit := &MountTable{
Type: auditTableType,
}
for _, entry := range table.Entries {
if entry.Local {
localAudit.Entries = append(localAudit.Entries, entry)
} else {
nonLocalAudit.Entries = append(nonLocalAudit.Entries, entry)
}
}
Understand local when persisting mount tables, to avoid invalidations when not necessary (#2427)
2017-03-02 19:37:59 +00:00
if !localOnly {
// Marshal the table
compressedBytes, err := jsonutil.EncodeJSONAndCompress(nonLocalAudit, nil)
if err != nil {
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
c.logger.Error("failed to encode and/or compress audit table", "error", err)
Understand local when persisting mount tables, to avoid invalidations when not necessary (#2427)
2017-03-02 19:37:59 +00:00
return err
}
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
Understand local when persisting mount tables, to avoid invalidations when not necessary (#2427)
2017-03-02 19:37:59 +00:00
// Create an entry
Split SubView functionality into logical.StorageView (#6141) This lets other parts of Vault that can't depend on the vault package take advantage of the subview functionality. This also allows getting rid of BarrierStorage and vault.Entry, two totally redundant abstractions.
2019-01-31 14:25:18 +00:00
entry := &logical.StorageEntry{
Understand local when persisting mount tables, to avoid invalidations when not necessary (#2427)
2017-03-02 19:37:59 +00:00
Key: coreAuditConfigPath,
Value: compressedBytes,
}
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
Understand local when persisting mount tables, to avoid invalidations when not necessary (#2427)
2017-03-02 19:37:59 +00:00
// Write to the physical backend
Add context to storage backends and wire it through a lot of places (#3817)
2018-01-19 06:44:44 +00:00
if err := c.barrier.Put(ctx, entry); err != nil {
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
c.logger.Error("failed to persist audit table", "error", err)
Understand local when persisting mount tables, to avoid invalidations when not necessary (#2427)
2017-03-02 19:37:59 +00:00
return err
}
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
}
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
// Repeat with local audit
Understand local when persisting mount tables, to avoid invalidations when not necessary (#2427)
2017-03-02 19:37:59 +00:00
compressedBytes, err := jsonutil.EncodeJSONAndCompress(localAudit, nil)
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
if err != nil {
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
c.logger.Error("failed to encode and/or compress local audit table", "error", err)
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
return err
}
Split SubView functionality into logical.StorageView (#6141) This lets other parts of Vault that can't depend on the vault package take advantage of the subview functionality. This also allows getting rid of BarrierStorage and vault.Entry, two totally redundant abstractions.
2019-01-31 14:25:18 +00:00
entry := &logical.StorageEntry{
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
Key: coreLocalAuditConfigPath,
Value: compressedBytes,
}
Add context to storage backends and wire it through a lot of places (#3817)
2018-01-19 06:44:44 +00:00
if err := c.barrier.Put(ctx, entry); err != nil {
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
c.logger.Error("failed to persist local audit table", "error", err)
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
return err
}
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
return nil
}
// setupAudit is invoked after we've loaded the audit able to
// initialize the audit backends
Add context to storage backends and wire it through a lot of places (#3817)
2018-01-19 06:44:44 +00:00
func (c *Core) setupAudits(ctx context.Context) error {
Allow most parts of Vault's logging to have its level changed on-the-fly (#5280) * Allow most parts of Vault's logging to have its level changed on-the-fly * Use a const for not set
2018-09-05 19:52:54 +00:00
brokerLogger := c.baseLogger.Named("audit")
c.AddLogger(brokerLogger)
broker := NewAuditBroker(brokerLogger)
Rearchitect MountTable locking and fix rollback. The rollback manager was using a saved MountTable rather than the current table, causing it to attempt to rollback unmounted mounts, and never rollback new mounts. In fixing this, it became clear that bad things could happen to the mount table...the table itself could be locked, but the table pointer (which is what the rollback manager needs) could be modified at any time without locking. This commit therefore also returns locking to a mutex outside the table instead of inside, and plumbs RLock/RUnlock through to the various places that are reading the table but not holding a write lock. Both unit tests and race detection pass. Fixes #771
2015-11-11 16:44:07 +00:00
c.auditLock.Lock()
defer c.auditLock.Unlock()
Change Vault audit broker logic to successfully start when at least one (#2155) backend is successfully loaded. Fixes #2083
2016-12-02 20:09:01 +00:00
var successCount int
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
for _, entry := range c.audit.Entries {
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 16:18:37 +00:00
// Create a barrier view using the UUID
The big one (#5346)
2018-09-18 03:03:00 +00:00
viewPath := entry.ViewPath()
More porting from rep (#2389) * More porting from rep * Address feedback
2017-02-17 01:13:19 +00:00
view := NewBarrierView(c.barrier, viewPath)
The big one (#5346)
2018-09-18 03:03:00 +00:00
addAuditPathChecker(c, entry, view, viewPath)
origViewReadOnlyErr := view.getReadOnlyErr()
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 16:18:37 +00:00
Make mount view read only until after mount persist (#3910)
2018-02-09 19:04:25 +00:00
// Mark the view as read-only until the mounting is complete and
// ensure that it is reset after. This ensures that there will be no
// writes during the construction of the backend.
view.setReadOnlyErr(logical.ErrSetupReadOnly)
Defer setting views read/write until the end of postUnseal (#4392) A few notes: * We exert positive control over singletons and they usually need to perform some (known, validated) writes, so this excludes singletons -- they are simply limited to the end of the mount function as before. * I'm not sure how to test this _specifically_; I've done some testing of e.g. sealing vault and unsealing and ensuring that I can write to a KV mount. I think this is tested by every dev server though, since for a dev server Vault is inited, the default mounts are mounted, then it's sealed, then it's unsealed for the user, so it already goes through this code path. The mere fact that you can write to secret/ on a dev server means it was successfully set read-write.
2018-04-19 17:29:43 +00:00
c.postUnsealFuncs = append(c.postUnsealFuncs, func() {
The big one (#5346)
2018-09-18 03:03:00 +00:00
view.setReadOnlyErr(origViewReadOnlyErr)
Defer setting views read/write until the end of postUnseal (#4392) A few notes: * We exert positive control over singletons and they usually need to perform some (known, validated) writes, so this excludes singletons -- they are simply limited to the end of the mount function as before. * I'm not sure how to test this _specifically_; I've done some testing of e.g. sealing vault and unsealing and ensuring that I can write to a KV mount. I think this is tested by every dev server though, since for a dev server Vault is inited, the default mounts are mounted, then it's sealed, then it's unsealed for the user, so it already goes through this code path. The mere fact that you can write to secret/ on a dev server means it was successfully set read-write.
2018-04-19 17:29:43 +00:00
})
Make mount view read only until after mount persist (#3910)
2018-02-09 19:04:25 +00:00
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
// Initialize the backend
Add context to storage backends and wire it through a lot of places (#3817)
2018-01-19 06:44:44 +00:00
backend, err := c.newAuditBackend(ctx, entry, view, entry.Options)
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
if err != nil {
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
c.logger.Error("failed to create audit entry", "path", entry.Path, "error", err)
Change Vault audit broker logic to successfully start when at least one (#2155) backend is successfully loaded. Fixes #2083
2016-12-02 20:09:01 +00:00
continue
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
}
Add some nil checks to mounting
2017-03-04 21:35:41 +00:00
if backend == nil {
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
c.logger.Error("created audit entry was nil", "path", entry.Path, "type", entry.Type)
Add some nil checks to mounting
2017-03-04 21:35:41 +00:00
continue
}
vault: Adding AuditBroker and basic tests
2015-03-31 20:22:40 +00:00
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
// Mount the backend
The big one (#5346)
2018-09-18 03:03:00 +00:00
broker.Register(entry.Path, backend, view, entry.Local)
Change Vault audit broker logic to successfully start when at least one (#2155) backend is successfully loaded. Fixes #2083
2016-12-02 20:09:01 +00:00
The big one (#5346)
2018-09-18 03:03:00 +00:00
successCount++
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
}
Change Vault audit broker logic to successfully start when at least one (#2155) backend is successfully loaded. Fixes #2083
2016-12-02 20:09:01 +00:00
if len(c.audit.Entries) > 0 && successCount == 0 {
return errLoadAuditFailed
}
vault: Adding enable/disable audit methods
2015-03-31 22:26:03 +00:00
c.auditBroker = broker
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
return nil
}
// teardownAudit is used before we seal the vault to reset the audit
// backends to their unloaded state. This is reversed by loadAudits.
func (c *Core) teardownAudits() error {
Rearchitect MountTable locking and fix rollback. The rollback manager was using a saved MountTable rather than the current table, causing it to attempt to rollback unmounted mounts, and never rollback new mounts. In fixing this, it became clear that bad things could happen to the mount table...the table itself could be locked, but the table pointer (which is what the rollback manager needs) could be modified at any time without locking. This commit therefore also returns locking to a mutex outside the table instead of inside, and plumbs RLock/RUnlock through to the various places that are reading the table but not holding a write lock. Both unit tests and race detection pass. Fixes #771
2015-11-11 16:44:07 +00:00
c.auditLock.Lock()
defer c.auditLock.Unlock()
Don't panic if postUnseal calls preSeal due to audit table never being set up. Also call cleanup funcs on auth backends. (#2043)
2016-10-28 19:32:32 +00:00
if c.audit != nil {
for _, entry := range c.audit.Entries {
c.removeAuditReloadFunc(entry)
The big one (#5346)
2018-09-18 03:03:00 +00:00
removeAuditPathChecker(c, entry)
Don't panic if postUnseal calls preSeal due to audit table never being set up. Also call cleanup funcs on auth backends. (#2043)
2016-10-28 19:32:32 +00:00
}
Adds HUP support for audit log files to close and reopen. (#1953) Adds HUP support for audit log files to close and reopen. This makes it much easier to deal with normal log rotation methods. As part of testing this I noticed that HUP and other items that come out of command/server.go are going to stderr, which is where our normal log lines go. This isn't so much problematic with our normal output but as we officially move to supporting other formats this can cause interleaving issues, so I moved those to stdout instead.
2016-09-30 19:04:50 +00:00
}
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
c.audit = nil
vault: Adding AuditBroker and basic tests
2015-03-31 20:22:40 +00:00
c.auditBroker = nil
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
return nil
}
Adds HUP support for audit log files to close and reopen. (#1953) Adds HUP support for audit log files to close and reopen. This makes it much easier to deal with normal log rotation methods. As part of testing this I noticed that HUP and other items that come out of command/server.go are going to stderr, which is where our normal log lines go. This isn't so much problematic with our normal output but as we officially move to supporting other formats this can cause interleaving issues, so I moved those to stdout instead.
2016-09-30 19:04:50 +00:00
// removeAuditReloadFunc removes the reload func from the working set. The
// audit lock needs to be held before calling this.
func (c *Core) removeAuditReloadFunc(entry *MountEntry) {
switch entry.Type {
case "file":
key := "audit_file|" + entry.Path
c.reloadFuncsLock.Lock()
if c.logger.IsDebug() {
Don't resetnamed
2018-08-23 19:04:18 +00:00
c.baseLogger.Named("audit").Debug("removing reload function", "path", entry.Path)
Adds HUP support for audit log files to close and reopen. (#1953) Adds HUP support for audit log files to close and reopen. This makes it much easier to deal with normal log rotation methods. As part of testing this I noticed that HUP and other items that come out of command/server.go are going to stderr, which is where our normal log lines go. This isn't so much problematic with our normal output but as we officially move to supporting other formats this can cause interleaving issues, so I moved those to stdout instead.
2016-09-30 19:04:50 +00:00
}
delete(c.reloadFuncs, key)
c.reloadFuncsLock.Unlock()
}
}
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
// newAuditBackend is used to create and configure a new audit backend by name
Add context to storage backends and wire it through a lot of places (#3817)
2018-01-19 06:44:44 +00:00
func (c *Core) newAuditBackend(ctx context.Context, entry *MountEntry, view logical.Storage, conf map[string]string) (audit.Backend, error) {
Adds HUP support for audit log files to close and reopen. (#1953) Adds HUP support for audit log files to close and reopen. This makes it much easier to deal with normal log rotation methods. As part of testing this I noticed that HUP and other items that come out of command/server.go are going to stderr, which is where our normal log lines go. This isn't so much problematic with our normal output but as we officially move to supporting other formats this can cause interleaving issues, so I moved those to stdout instead.
2016-09-30 19:04:50 +00:00
f, ok := c.auditBackends[entry.Type]
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
if !ok {
Errwrap everywhere (#4252) * package api * package builtin/credential * package builtin/logical * package command * package helper * package http and logical * package physical * package shamir * package vault * package vault * address feedback * more fixes
2018-04-05 15:49:21 +00:00
return nil, fmt.Errorf("unknown backend type: %q", entry.Type)
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
}
Delay salt initialization for audit backends
2017-05-24 00:36:20 +00:00
saltConfig := &salt.Config{
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 16:18:37 +00:00
HMAC: sha256.New,
Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass.
2015-09-18 21:36:42 +00:00
HMACType: "hmac-sha256",
Delay salt initialization for audit backends
2017-05-24 00:36:20 +00:00
Location: salt.DefaultLocation,
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 16:18:37 +00:00
}
Adds HUP support for audit log files to close and reopen. (#1953) Adds HUP support for audit log files to close and reopen. This makes it much easier to deal with normal log rotation methods. As part of testing this I noticed that HUP and other items that come out of command/server.go are going to stderr, which is where our normal log lines go. This isn't so much problematic with our normal output but as we officially move to supporting other formats this can cause interleaving issues, so I moved those to stdout instead.
2016-09-30 19:04:50 +00:00
Add context to storage backends and wire it through a lot of places (#3817)
2018-01-19 06:44:44 +00:00
be, err := f(ctx, &audit.BackendConfig{
Delay salt initialization for audit backends
2017-05-24 00:36:20 +00:00
SaltView: view,
SaltConfig: saltConfig,
Config: conf,
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 16:18:37 +00:00
})
Adds HUP support for audit log files to close and reopen. (#1953) Adds HUP support for audit log files to close and reopen. This makes it much easier to deal with normal log rotation methods. As part of testing this I noticed that HUP and other items that come out of command/server.go are going to stderr, which is where our normal log lines go. This isn't so much problematic with our normal output but as we officially move to supporting other formats this can cause interleaving issues, so I moved those to stdout instead.
2016-09-30 19:04:50 +00:00
if err != nil {
return nil, err
}
Add some nil checks to mounting
2017-03-04 21:35:41 +00:00
if be == nil {
return nil, fmt.Errorf("nil backend returned from %q factory function", entry.Type)
}
Adds HUP support for audit log files to close and reopen. (#1953) Adds HUP support for audit log files to close and reopen. This makes it much easier to deal with normal log rotation methods. As part of testing this I noticed that HUP and other items that come out of command/server.go are going to stderr, which is where our normal log lines go. This isn't so much problematic with our normal output but as we officially move to supporting other formats this can cause interleaving issues, so I moved those to stdout instead.
2016-09-30 19:04:50 +00:00
Don't resetnamed
2018-08-23 19:04:18 +00:00
auditLogger := c.baseLogger.Named("audit")
Allow most parts of Vault's logging to have its level changed on-the-fly (#5280) * Allow most parts of Vault's logging to have its level changed on-the-fly * Use a const for not set
2018-09-05 19:52:54 +00:00
c.AddLogger(auditLogger)
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
Adds HUP support for audit log files to close and reopen. (#1953) Adds HUP support for audit log files to close and reopen. This makes it much easier to deal with normal log rotation methods. As part of testing this I noticed that HUP and other items that come out of command/server.go are going to stderr, which is where our normal log lines go. This isn't so much problematic with our normal output but as we officially move to supporting other formats this can cause interleaving issues, so I moved those to stdout instead.
2016-09-30 19:04:50 +00:00
switch entry.Type {
case "file":
key := "audit_file|" + entry.Path
c.reloadFuncsLock.Lock()
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
if auditLogger.IsDebug() {
auditLogger.Debug("adding reload function", "path", entry.Path)
Debug level logging of socket audit backend config at startup (#3560)
2017-11-10 17:08:36 +00:00
if entry.Options != nil {
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
auditLogger.Debug("file backend options", "path", entry.Path, "file_path", entry.Options["file_path"])
Debug level logging of socket audit backend config at startup (#3560)
2017-11-10 17:08:36 +00:00
}
Adds HUP support for audit log files to close and reopen. (#1953) Adds HUP support for audit log files to close and reopen. This makes it much easier to deal with normal log rotation methods. As part of testing this I noticed that HUP and other items that come out of command/server.go are going to stderr, which is where our normal log lines go. This isn't so much problematic with our normal output but as we officially move to supporting other formats this can cause interleaving issues, so I moved those to stdout instead.
2016-09-30 19:04:50 +00:00
}
Create configutil and move some common config and setup functions there (#8362)
2020-05-14 13:19:27 +00:00
c.reloadFuncs[key] = append(c.reloadFuncs[key], func() error {
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
if auditLogger.IsInfo() {
auditLogger.Info("reloading file audit backend", "path", entry.Path)
Adds HUP support for audit log files to close and reopen. (#1953) Adds HUP support for audit log files to close and reopen. This makes it much easier to deal with normal log rotation methods. As part of testing this I noticed that HUP and other items that come out of command/server.go are going to stderr, which is where our normal log lines go. This isn't so much problematic with our normal output but as we officially move to supporting other formats this can cause interleaving issues, so I moved those to stdout instead.
2016-09-30 19:04:50 +00:00
}
Add context to storage backends and wire it through a lot of places (#3817)
2018-01-19 06:44:44 +00:00
return be.Reload(ctx)
Adds HUP support for audit log files to close and reopen. (#1953) Adds HUP support for audit log files to close and reopen. This makes it much easier to deal with normal log rotation methods. As part of testing this I noticed that HUP and other items that come out of command/server.go are going to stderr, which is where our normal log lines go. This isn't so much problematic with our normal output but as we officially move to supporting other formats this can cause interleaving issues, so I moved those to stdout instead.
2016-09-30 19:04:50 +00:00
})
c.reloadFuncsLock.Unlock()
Debug level logging of socket audit backend config at startup (#3560)
2017-11-10 17:08:36 +00:00
case "socket":
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
if auditLogger.IsDebug() {
Debug level logging of socket audit backend config at startup (#3560)
2017-11-10 17:08:36 +00:00
if entry.Options != nil {
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
auditLogger.Debug("socket backend options", "path", entry.Path, "address", entry.Options["address"], "socket type", entry.Options["socket_type"])
Debug level logging of socket audit backend config at startup (#3560)
2017-11-10 17:08:36 +00:00
}
}
case "syslog":
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
if auditLogger.IsDebug() {
Debug level logging of socket audit backend config at startup (#3560)
2017-11-10 17:08:36 +00:00
if entry.Options != nil {
Move to "github.com/hashicorp/go-hclog" (#4227) * logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
2018-04-03 00:46:59 +00:00
auditLogger.Debug("syslog backend options", "path", entry.Path, "facility", entry.Options["facility"], "tag", entry.Options["tag"])
Debug level logging of socket audit backend config at startup (#3560)
2017-11-10 17:08:36 +00:00
}
}
Adds HUP support for audit log files to close and reopen. (#1953) Adds HUP support for audit log files to close and reopen. This makes it much easier to deal with normal log rotation methods. As part of testing this I noticed that HUP and other items that come out of command/server.go are going to stderr, which is where our normal log lines go. This isn't so much problematic with our normal output but as we officially move to supporting other formats this can cause interleaving issues, so I moved those to stdout instead.
2016-09-30 19:04:50 +00:00
}
return be, err
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
}
// defaultAuditTable creates a default audit table
func defaultAuditTable() *MountTable {
Add to auth/audit too
2016-05-26 17:38:51 +00:00
table := &MountTable{
Type: auditTableType,
}
vault: Adding basic audit table load/unload
2015-03-27 21:00:38 +00:00
return table
}
Allow plugins to submit audit requests/responses via extended SystemView (#6777) Move audit.LogInput to sdk/logical. Allow the Data values in audited logical.Request and Response to implement OptMarshaler, in which case we delegate hashing/serializing responsibility to them. Add new ClientCertificateSerialNumber audit request field. SystemView can now be cast to ExtendedSystemView to expose the Auditor interface, which allows submitting requests and responses to the audit broker.
2019-05-22 22:52:53 +00:00
Audit generate root requests and responses. (#8301)
2020-02-06 16:56:37 +00:00
type AuditLogger interface {
AuditRequest(ctx context.Context, input *logical.LogInput) error
AuditResponse(ctx context.Context, input *logical.LogInput) error
}
type basicAuditor struct {
c *Core
}
func (b *basicAuditor) AuditRequest(ctx context.Context, input *logical.LogInput) error {
Fix panic in handleAuditNonLogical if vault is sealed (#9310) (#10103)
2020-10-07 12:30:36 +00:00
if b.c.auditBroker == nil {
return consts.ErrSealed
}
Audit generate root requests and responses. (#8301)
2020-02-06 16:56:37 +00:00
return b.c.auditBroker.LogRequest(ctx, input, b.c.auditedHeaders)
}
func (b *basicAuditor) AuditResponse(ctx context.Context, input *logical.LogInput) error {
Fix panic in handleAuditNonLogical if vault is sealed (#9310) (#10103)
2020-10-07 12:30:36 +00:00
if b.c.auditBroker == nil {
return consts.ErrSealed
}
Audit generate root requests and responses. (#8301)
2020-02-06 16:56:37 +00:00
return b.c.auditBroker.LogResponse(ctx, input, b.c.auditedHeaders)
}
Allow plugins to submit audit requests/responses via extended SystemView (#6777) Move audit.LogInput to sdk/logical. Allow the Data values in audited logical.Request and Response to implement OptMarshaler, in which case we delegate hashing/serializing responsibility to them. Add new ClientCertificateSerialNumber audit request field. SystemView can now be cast to ExtendedSystemView to expose the Auditor interface, which allows submitting requests and responses to the audit broker.
2019-05-22 22:52:53 +00:00
type genericAuditor struct {
c *Core
mountType string
namespace *namespace.Namespace
}
func (g genericAuditor) AuditRequest(ctx context.Context, input *logical.LogInput) error {
ctx = namespace.ContextWithNamespace(ctx, g.namespace)
logInput := *input
logInput.Type = g.mountType + "-request"
return g.c.auditBroker.LogRequest(ctx, &logInput, g.c.auditedHeaders)
}
func (g genericAuditor) AuditResponse(ctx context.Context, input *logical.LogInput) error {
ctx = namespace.ContextWithNamespace(ctx, g.namespace)
logInput := *input
logInput.Type = g.mountType + "-response"
return g.c.auditBroker.LogResponse(ctx, &logInput, g.c.auditedHeaders)
}