open-vault/audit/formatter.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package audit

import (
	"context"
	"io"

	"github.com/hashicorp/vault/sdk/logical"
)

// Formatter is an interface that is responsible for formatting a
// request/response into some format. Formatters write their output
// to an io.Writer.
//
// It is recommended that you pass data through Hash prior to formatting it.
type Formatter interface {
	FormatRequest(context.Context, io.Writer, FormatterConfig, *logical.LogInput) error
	FormatResponse(context.Context, io.Writer, FormatterConfig, *logical.LogInput) error
}

type FormatterConfig struct {
	Raw          bool
	HMACAccessor bool

	// Vault lacks pagination in its APIs. As a result, certain list operations can return **very** large responses.
	// The user's chosen audit sinks may experience difficulty consuming audit records that swell to tens of megabytes
	// of JSON. The responses of list operations are typically not very interesting, as they are mostly lists of keys,
	// or, even when they include a "key_info" field, are not returning confidential information. They become even less
	// interesting once HMAC-ed by the audit system.
	//
	// Some example Vault "list" operations that are prone to becoming very large in an active Vault installation are:
	//   auth/token/accessors/
	//   identity/entity/id/
	//   identity/entity-alias/id/
	//   pki/certs/
	//
	// This option exists to provide such users with the option to have response data elided from audit logs, only when
	// the operation type is "list". For added safety, the elision only applies to the "keys" and "key_info" fields
	// within the response data - these are conventionally the only fields present in a list response - see
	// logical.ListResponse, and logical.ListResponseWithInfo. However, other fields are technically possible if a
	// plugin author writes unusual code, and these will be preserved in the audit log even with this option enabled.
	// The elision replaces the values of the "keys" and "key_info" fields with an integer count of the number of
	// entries. This allows even the elided audit logs to still be useful for answering questions like
	// "Was any data returned?" or "How many records were listed?".
	ElideListResponses bool

	// This should only ever be used in a testing context
	OmitTime bool
}
adding copyright header (#19555) * adding copyright header * fix fmt and a test 2023-03-15 16:00:52 +00:00			`// Copyright (c) HashiCorp, Inc.`
			`// SPDX-License-Identifier: MPL-2.0`

audit: JSON formatter 2015-04-13 21:12:03 +00:00			`package audit`

			`import (`
Add context to the NewSalt function (#4102) 2018-03-08 19:21:11 +00:00			`"context"`
audit: JSON formatter 2015-04-13 21:12:03 +00:00			`"io"`
Allow plugins to submit audit requests/responses via extended SystemView (#6777) Move audit.LogInput to sdk/logical. Allow the Data values in audited logical.Request and Response to implement OptMarshaler, in which case we delegate hashing/serializing responsibility to them. Add new ClientCertificateSerialNumber audit request field. SystemView can now be cast to ExtendedSystemView to expose the Auditor interface, which allows submitting requests and responses to the audit broker. 2019-05-22 22:52:53 +00:00
			`"github.com/hashicorp/vault/sdk/logical"`
audit: JSON formatter 2015-04-13 21:12:03 +00:00			`)`

Add option 'elide_list_responses' to audit backends (#18128) This PR relates to a feature request logged through HashiCorp commercial support. Vault lacks pagination in its APIs. As a result, certain list operations can return very large responses. The user's chosen audit sinks may experience difficulty consuming audit records that swell to tens of megabytes of JSON. In our case, one of the systems consuming audit log data could not cope, and failed. The responses of list operations are typically not very interesting, as they are mostly lists of keys, or, even when they include a "key_info" field, are not returning confidential information. They become even less interesting once HMAC-ed by the audit system. Some example Vault "list" operations that are prone to becoming very large in an active Vault installation are: auth/token/accessors/ identity/entity/id/ identity/entity-alias/id/ pki/certs/ In response, I've coded a new option that can be applied to audit backends, `elide_list_responses`. When enabled, response data is elided from audit logs, only when the operation type is "list". For added safety, the elision only applies to the "keys" and "key_info" fields within the response data - these are conventionally the only fields present in a list response - see logical.ListResponse, and logical.ListResponseWithInfo. However, other fields are technically possible if a plugin author writes unusual code, and these will be preserved in the audit log even with this option enabled. The elision replaces the values of the "keys" and "key_info" fields with an integer count of the number of entries. This allows even the elided audit logs to still be useful for answering questions like "Was any data returned?" or "How many records were listed?". 2023-01-11 21:15:52 +00:00			`// Formatter is an interface that is responsible for formatting a`
audit: JSON formatter 2015-04-13 21:12:03 +00:00			`// request/response into some format. Formatters write their output`
			`// to an io.Writer.`
audit: docs 2015-04-22 05:42:37 +00:00			`//`
			`// It is recommended that you pass data through Hash prior to formatting it.`
audit: JSON formatter 2015-04-13 21:12:03 +00:00			`type Formatter interface {`
Allow plugins to submit audit requests/responses via extended SystemView (#6777) Move audit.LogInput to sdk/logical. Allow the Data values in audited logical.Request and Response to implement OptMarshaler, in which case we delegate hashing/serializing responsibility to them. Add new ClientCertificateSerialNumber audit request field. SystemView can now be cast to ExtendedSystemView to expose the Auditor interface, which allows submitting requests and responses to the audit broker. 2019-05-22 22:52:53 +00:00			`FormatRequest(context.Context, io.Writer, FormatterConfig, *logical.LogInput) error`
			`FormatResponse(context.Context, io.Writer, FormatterConfig, *logical.LogInput) error`
Transit and audit enhancements 2016-09-21 14:29:42 +00:00			`}`

			`type FormatterConfig struct {`
			`Raw bool`
			`HMACAccessor bool`

Add option 'elide_list_responses' to audit backends (#18128) This PR relates to a feature request logged through HashiCorp commercial support. Vault lacks pagination in its APIs. As a result, certain list operations can return very large responses. The user's chosen audit sinks may experience difficulty consuming audit records that swell to tens of megabytes of JSON. In our case, one of the systems consuming audit log data could not cope, and failed. The responses of list operations are typically not very interesting, as they are mostly lists of keys, or, even when they include a "key_info" field, are not returning confidential information. They become even less interesting once HMAC-ed by the audit system. Some example Vault "list" operations that are prone to becoming very large in an active Vault installation are: auth/token/accessors/ identity/entity/id/ identity/entity-alias/id/ pki/certs/ In response, I've coded a new option that can be applied to audit backends, `elide_list_responses`. When enabled, response data is elided from audit logs, only when the operation type is "list". For added safety, the elision only applies to the "keys" and "key_info" fields within the response data - these are conventionally the only fields present in a list response - see logical.ListResponse, and logical.ListResponseWithInfo. However, other fields are technically possible if a plugin author writes unusual code, and these will be preserved in the audit log even with this option enabled. The elision replaces the values of the "keys" and "key_info" fields with an integer count of the number of entries. This allows even the elided audit logs to still be useful for answering questions like "Was any data returned?" or "How many records were listed?". 2023-01-11 21:15:52 +00:00			`// Vault lacks pagination in its APIs. As a result, certain list operations can return very large responses.`
			`// The user's chosen audit sinks may experience difficulty consuming audit records that swell to tens of megabytes`
			`// of JSON. The responses of list operations are typically not very interesting, as they are mostly lists of keys,`
			`// or, even when they include a "key_info" field, are not returning confidential information. They become even less`
			`// interesting once HMAC-ed by the audit system.`
			`//`
			`// Some example Vault "list" operations that are prone to becoming very large in an active Vault installation are:`
			`// auth/token/accessors/`
			`// identity/entity/id/`
			`// identity/entity-alias/id/`
			`// pki/certs/`
			`//`
			`// This option exists to provide such users with the option to have response data elided from audit logs, only when`
			`// the operation type is "list". For added safety, the elision only applies to the "keys" and "key_info" fields`
			`// within the response data - these are conventionally the only fields present in a list response - see`
			`// logical.ListResponse, and logical.ListResponseWithInfo. However, other fields are technically possible if a`
			`// plugin author writes unusual code, and these will be preserved in the audit log even with this option enabled.`
			`// The elision replaces the values of the "keys" and "key_info" fields with an integer count of the number of`
			`// entries. This allows even the elided audit logs to still be useful for answering questions like`
			`// "Was any data returned?" or "How many records were listed?".`
			`ElideListResponses bool`

Transit and audit enhancements 2016-09-21 14:29:42 +00:00			`// This should only ever be used in a testing context`
			`OmitTime bool`
audit: JSON formatter 2015-04-13 21:12:03 +00:00			`}`