2016-10-10 02:23:30 +00:00
|
|
|
package file
|
|
|
|
|
|
|
|
import (
|
2018-01-19 06:44:44 +00:00
|
|
|
"context"
|
2016-10-10 15:58:26 +00:00
|
|
|
"io/ioutil"
|
2016-10-10 02:23:30 +00:00
|
|
|
"os"
|
2016-10-10 15:58:26 +00:00
|
|
|
"path/filepath"
|
2016-10-10 02:23:30 +00:00
|
|
|
"strconv"
|
|
|
|
"testing"
|
2019-07-01 20:07:03 +00:00
|
|
|
"time"
|
2016-10-10 02:23:30 +00:00
|
|
|
|
|
|
|
"github.com/hashicorp/vault/audit"
|
2019-07-01 20:07:03 +00:00
|
|
|
"github.com/hashicorp/vault/helper/namespace"
|
2019-04-12 21:54:35 +00:00
|
|
|
"github.com/hashicorp/vault/sdk/helper/salt"
|
|
|
|
"github.com/hashicorp/vault/sdk/logical"
|
2016-10-10 02:23:30 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestAuditFile_fileModeNew(t *testing.T) {
|
|
|
|
modeStr := "0777"
|
|
|
|
mode, err := strconv.ParseUint(modeStr, 8, 32)
|
2017-07-07 12:23:12 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
2016-10-10 02:23:30 +00:00
|
|
|
|
2016-10-10 16:58:30 +00:00
|
|
|
path, err := ioutil.TempDir("", "vault-test_audit_file-file_mode_new")
|
2017-07-07 12:23:12 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2016-10-10 15:58:26 +00:00
|
|
|
defer os.RemoveAll(path)
|
|
|
|
|
|
|
|
file := filepath.Join(path, "auditTest.txt")
|
2016-10-10 02:23:30 +00:00
|
|
|
|
|
|
|
config := map[string]string{
|
|
|
|
"path": file,
|
|
|
|
"mode": modeStr,
|
|
|
|
}
|
|
|
|
|
2018-01-19 06:44:44 +00:00
|
|
|
_, err = Factory(context.Background(), &audit.BackendConfig{
|
2017-05-24 00:36:20 +00:00
|
|
|
SaltConfig: &salt.Config{},
|
|
|
|
SaltView: &logical.InmemStorage{},
|
|
|
|
Config: config,
|
2016-10-10 02:23:30 +00:00
|
|
|
})
|
|
|
|
if err != nil {
|
2016-10-10 14:05:36 +00:00
|
|
|
t.Fatal(err)
|
2016-10-10 02:23:30 +00:00
|
|
|
}
|
|
|
|
|
2016-10-10 16:58:30 +00:00
|
|
|
info, err := os.Stat(file)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("Cannot retrieve file mode from `Stat`")
|
|
|
|
}
|
|
|
|
if info.Mode() != os.FileMode(mode) {
|
2016-10-10 15:58:26 +00:00
|
|
|
t.Fatalf("File mode does not match.")
|
2016-10-10 02:23:30 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestAuditFile_fileModeExisting(t *testing.T) {
|
2016-10-10 15:58:26 +00:00
|
|
|
f, err := ioutil.TempFile("", "test")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("Failure to create test file.")
|
|
|
|
}
|
|
|
|
defer os.Remove(f.Name())
|
2016-10-10 16:58:30 +00:00
|
|
|
|
2021-04-08 16:43:39 +00:00
|
|
|
err = os.Chmod(f.Name(), 0o777)
|
2016-10-10 16:58:30 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("Failure to chmod temp file for testing.")
|
|
|
|
}
|
|
|
|
|
2016-10-10 02:23:30 +00:00
|
|
|
err = f.Close()
|
|
|
|
if err != nil {
|
2016-10-10 16:58:30 +00:00
|
|
|
t.Fatalf("Failure to close temp file for test.")
|
2016-10-10 02:23:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
config := map[string]string{
|
2016-10-10 15:58:26 +00:00
|
|
|
"path": f.Name(),
|
2016-10-10 02:23:30 +00:00
|
|
|
}
|
|
|
|
|
2018-01-19 06:44:44 +00:00
|
|
|
_, err = Factory(context.Background(), &audit.BackendConfig{
|
2017-05-24 00:36:20 +00:00
|
|
|
Config: config,
|
|
|
|
SaltConfig: &salt.Config{},
|
|
|
|
SaltView: &logical.InmemStorage{},
|
2016-10-10 02:23:30 +00:00
|
|
|
})
|
|
|
|
if err != nil {
|
2016-10-10 14:05:36 +00:00
|
|
|
t.Fatal(err)
|
2016-10-10 02:23:30 +00:00
|
|
|
}
|
|
|
|
|
2016-10-10 15:58:26 +00:00
|
|
|
info, err := os.Stat(f.Name())
|
2016-10-10 02:23:30 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("cannot retrieve file mode from `Stat`")
|
|
|
|
}
|
2021-04-08 16:43:39 +00:00
|
|
|
if info.Mode() != os.FileMode(0o600) {
|
2016-10-10 15:58:26 +00:00
|
|
|
t.Fatalf("File mode does not match.")
|
2016-10-10 02:23:30 +00:00
|
|
|
}
|
|
|
|
}
|
2019-07-01 20:07:03 +00:00
|
|
|
|
|
|
|
func BenchmarkAuditFile_request(b *testing.B) {
|
|
|
|
config := map[string]string{
|
|
|
|
"path": "/dev/null",
|
|
|
|
}
|
|
|
|
sink, err := Factory(context.Background(), &audit.BackendConfig{
|
|
|
|
Config: config,
|
|
|
|
SaltConfig: &salt.Config{},
|
|
|
|
SaltView: &logical.InmemStorage{},
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
b.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
in := &logical.LogInput{
|
|
|
|
Auth: &logical.Auth{
|
|
|
|
ClientToken: "foo",
|
|
|
|
Accessor: "bar",
|
|
|
|
EntityID: "foobarentity",
|
|
|
|
DisplayName: "testtoken",
|
|
|
|
NoDefaultPolicy: true,
|
|
|
|
Policies: []string{"root"},
|
|
|
|
TokenType: logical.TokenTypeService,
|
|
|
|
},
|
|
|
|
Request: &logical.Request{
|
|
|
|
Operation: logical.UpdateOperation,
|
|
|
|
Path: "/foo",
|
|
|
|
Connection: &logical.Connection{
|
|
|
|
RemoteAddr: "127.0.0.1",
|
|
|
|
},
|
|
|
|
WrapInfo: &logical.RequestWrapInfo{
|
|
|
|
TTL: 60 * time.Second,
|
|
|
|
},
|
|
|
|
Headers: map[string][]string{
|
2021-04-08 16:43:39 +00:00
|
|
|
"foo": {"bar"},
|
2019-07-01 20:07:03 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
ctx := namespace.RootContext(nil)
|
|
|
|
b.ResetTimer()
|
|
|
|
b.RunParallel(func(pb *testing.PB) {
|
|
|
|
for pb.Next() {
|
|
|
|
if err := sink.LogRequest(ctx, in); err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|