Merge pull request #1210 from hashicorp/audit-id-path
Rename id to path and path to file_path, print audit backend paths
This commit is contained in:
Vishal Nayak
commit
7db7b47fdd
|
|
@ -78,6 +78,7 @@ func (c *Sys) DisableAudit(path string) error {
|
||||||
// documentation. Please refer to that documentation for more details.
|
// documentation. Please refer to that documentation for more details.
|
||||||
|
|
||||||
type Audit struct {
|
type Audit struct {
|
||||||
|
Path string
|
||||||
Type string
|
Type string
|
||||||
Description string
|
Description string
|
||||||
Options map[string]string
|
Options map[string]string
|
||||||
|
|
|
||||||
|
|
@ -18,9 +18,12 @@ func Factory(conf *audit.BackendConfig) (audit.Backend, error) {
|
||||||
return nil, fmt.Errorf("nil salt")
|
return nil, fmt.Errorf("nil salt")
|
||||||
}
|
}
|
||||||
|
|
||||||
path, ok := conf.Config["path"]
|
path, ok := conf.Config["file_path"]
|
||||||
if !ok {
|
if !ok {
|
||||||
return nil, fmt.Errorf("path is required")
|
path, ok = conf.Config["path"]
|
||||||
|
if !ok {
|
||||||
|
return nil, fmt.Errorf("file_path is required")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if hashing of accessor is disabled
|
// Check if hashing of accessor is disabled
|
||||||
|
|
|
||||||
|
|
@ -19,10 +19,10 @@ type AuditEnableCommand struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *AuditEnableCommand) Run(args []string) int {
|
func (c *AuditEnableCommand) Run(args []string) int {
|
||||||
var desc, id string
|
var desc, path string
|
||||||
flags := c.Meta.FlagSet("audit-enable", FlagSetDefault)
|
flags := c.Meta.FlagSet("audit-enable", FlagSetDefault)
|
||||||
flags.StringVar(&desc, "description", "", "")
|
flags.StringVar(&desc, "description", "", "")
|
||||||
flags.StringVar(&id, "id", "", "")
|
flags.StringVar(&path, "path", "", "")
|
||||||
flags.Usage = func() { c.Ui.Error(c.Help()) }
|
flags.Usage = func() { c.Ui.Error(c.Help()) }
|
||||||
if err := flags.Parse(args); err != nil {
|
if err := flags.Parse(args); err != nil {
|
||||||
return 1
|
return 1
|
||||||
|
|
@ -37,8 +37,8 @@ func (c *AuditEnableCommand) Run(args []string) int {
|
||||||
}
|
}
|
||||||
|
|
||||||
auditType := args[0]
|
auditType := args[0]
|
||||||
if id == "" {
|
if path == "" {
|
||||||
id = auditType
|
path = auditType
|
||||||
}
|
}
|
||||||
|
|
||||||
// Build the options
|
// Build the options
|
||||||
|
|
@ -67,7 +67,7 @@ func (c *AuditEnableCommand) Run(args []string) int {
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
|
|
||||||
err = client.Sys().EnableAudit(id, auditType, desc, opts)
|
err = client.Sys().EnableAudit(path, auditType, desc, opts)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.Ui.Error(fmt.Sprintf(
|
c.Ui.Error(fmt.Sprintf(
|
||||||
"Error enabling audit backend: %s", err))
|
"Error enabling audit backend: %s", err))
|
||||||
|
|
@ -75,7 +75,7 @@ func (c *AuditEnableCommand) Run(args []string) int {
|
||||||
}
|
}
|
||||||
|
|
||||||
c.Ui.Output(fmt.Sprintf(
|
c.Ui.Output(fmt.Sprintf(
|
||||||
"Successfully enabled audit backend '%s'!", auditType))
|
"Successfully enabled audit backend '%s' with path '%s'!", auditType, path))
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -103,7 +103,7 @@ Audit Enable Options:
|
||||||
-description=<desc> A human-friendly description for the backend. This
|
-description=<desc> A human-friendly description for the backend. This
|
||||||
shows up only when querying the enabled backends.
|
shows up only when querying the enabled backends.
|
||||||
|
|
||||||
-id=<id> Specify a unique ID for this audit backend. This
|
-path=<path> Specify a unique path for this audit backend. This
|
||||||
is purely for referencing this audit backend. By
|
is purely for referencing this audit backend. By
|
||||||
default this will be the backend type.
|
default this will be the backend type.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -47,7 +47,7 @@ func (c *AuditListCommand) Run(args []string) int {
|
||||||
}
|
}
|
||||||
sort.Strings(paths)
|
sort.Strings(paths)
|
||||||
|
|
||||||
columns := []string{"Type | Description | Options"}
|
columns := []string{"Path | Type | Description | Options"}
|
||||||
for _, path := range paths {
|
for _, path := range paths {
|
||||||
audit := audits[path]
|
audit := audits[path]
|
||||||
opts := make([]string, 0, len(audit.Options))
|
opts := make([]string, 0, len(audit.Options))
|
||||||
|
|
@ -56,7 +56,7 @@ func (c *AuditListCommand) Run(args []string) int {
|
||||||
}
|
}
|
||||||
|
|
||||||
columns = append(columns, fmt.Sprintf(
|
columns = append(columns, fmt.Sprintf(
|
||||||
"%s | %s | %s", audit.Type, audit.Description, strings.Join(opts, " ")))
|
"%s | %s | %s | %s", audit.Path, audit.Type, audit.Description, strings.Join(opts, " ")))
|
||||||
}
|
}
|
||||||
|
|
||||||
c.Ui.Output(columnize.SimpleFormat(columns))
|
c.Ui.Output(columnize.SimpleFormat(columns))
|
||||||
|
|
|
||||||
|
|
@ -23,6 +23,7 @@ func TestSysAudit(t *testing.T) {
|
||||||
var actual map[string]interface{}
|
var actual map[string]interface{}
|
||||||
expected := map[string]interface{}{
|
expected := map[string]interface{}{
|
||||||
"noop/": map[string]interface{}{
|
"noop/": map[string]interface{}{
|
||||||
|
"path": "noop/",
|
||||||
"type": "noop",
|
"type": "noop",
|
||||||
"description": "",
|
"description": "",
|
||||||
"options": map[string]interface{}{},
|
"options": map[string]interface{}{},
|
||||||
|
|
@ -31,7 +32,7 @@ func TestSysAudit(t *testing.T) {
|
||||||
testResponseStatus(t, resp, 200)
|
testResponseStatus(t, resp, 200)
|
||||||
testResponseBody(t, resp, &actual)
|
testResponseBody(t, resp, &actual)
|
||||||
if !reflect.DeepEqual(actual, expected) {
|
if !reflect.DeepEqual(actual, expected) {
|
||||||
t.Fatalf("bad: %#v", actual)
|
t.Fatalf("bad: expected:\n%#v actual:\n%#v\n", expected, actual)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -932,6 +932,7 @@ func (b *SystemBackend) handleAuditTable(
|
||||||
}
|
}
|
||||||
for _, entry := range b.Core.audit.Entries {
|
for _, entry := range b.Core.audit.Entries {
|
||||||
info := map[string]interface{}{
|
info := map[string]interface{}{
|
||||||
|
"path": entry.Path,
|
||||||
"type": entry.Type,
|
"type": entry.Type,
|
||||||
"description": entry.Description,
|
"description": entry.Description,
|
||||||
"options": entry.Options,
|
"options": entry.Options,
|
||||||
|
|
|
||||||
|
|
@ -635,6 +635,7 @@ func TestSystemBackend_auditTable(t *testing.T) {
|
||||||
|
|
||||||
exp := map[string]interface{}{
|
exp := map[string]interface{}{
|
||||||
"foo/": map[string]interface{}{
|
"foo/": map[string]interface{}{
|
||||||
|
"path": "foo/",
|
||||||
"type": "noop",
|
"type": "noop",
|
||||||
"description": "testing",
|
"description": "testing",
|
||||||
"options": map[string]string{
|
"options": map[string]string{
|
||||||
|
|
|
||||||
|
|
@ -25,13 +25,13 @@ information is first hashed before logging in the audit logs.
|
||||||
Audit `file` backend can be enabled by the following command.
|
Audit `file` backend can be enabled by the following command.
|
||||||
|
|
||||||
```
|
```
|
||||||
$ vault audit-enable file path=/var/log/vault_audit.log
|
$ vault audit-enable file file_path=/var/log/vault_audit.log
|
||||||
```
|
```
|
||||||
|
|
||||||
Any number of `file` audit logs can be created by enabling it with different `id`s.
|
Any number of `file` audit logs can be created by enabling it with different `path`s.
|
||||||
|
|
||||||
```
|
```
|
||||||
$ vault audit-enable -id="vault_audit_1" file path=/home/user/vault_audit.log
|
$ vault audit-enable -path="vault_audit_1" file file_path=/home/user/vault_audit.log
|
||||||
```
|
```
|
||||||
|
|
||||||
Note the difference between `audit-enable` command options and the `file` backend
|
Note the difference between `audit-enable` command options and the `file` backend
|
||||||
|
|
@ -43,7 +43,7 @@ Following are the configuration options available for the backend.
|
||||||
<dd>
|
<dd>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
<span class="param">path</span>
|
<span class="param">file_path</span>
|
||||||
<span class="param-flags">required</span>
|
<span class="param-flags">required</span>
|
||||||
The path to where the audit log will be written. If this
|
The path to where the audit log will be written. If this
|
||||||
path exists, the audit backend will append to it.
|
path exists, the audit backend will append to it.
|
||||||
|
|
|
||||||
|
|
@ -27,7 +27,7 @@ description: |-
|
||||||
<dd>POST</dd>
|
<dd>POST</dd>
|
||||||
|
|
||||||
<dt>URL</dt>
|
<dt>URL</dt>
|
||||||
<dd>`/sys/audit-hash/<name>`</dd>
|
<dd>`/sys/audit-hash/<path>`</dd>
|
||||||
|
|
||||||
<dt>Parameters</dt>
|
<dt>Parameters</dt>
|
||||||
<dd>
|
<dd>
|
||||||
|
|
|
||||||
|
|
@ -54,7 +54,7 @@ description: |-
|
||||||
<dd>PUT</dd>
|
<dd>PUT</dd>
|
||||||
|
|
||||||
<dt>URL</dt>
|
<dt>URL</dt>
|
||||||
<dd>`/sys/audit/<name>`</dd>
|
<dd>`/sys/audit/<path>`</dd>
|
||||||
|
|
||||||
<dt>Parameters</dt>
|
<dt>Parameters</dt>
|
||||||
<dd>
|
<dd>
|
||||||
|
|
@ -96,7 +96,7 @@ description: |-
|
||||||
<dd>DELETE</dd>
|
<dd>DELETE</dd>
|
||||||
|
|
||||||
<dt>URL</dt>
|
<dt>URL</dt>
|
||||||
<dd>`/sys/audit/<name>`</dd>
|
<dd>`/sys/audit/<path>`</dd>
|
||||||
|
|
||||||
<dt>Parameters</dt>
|
<dt>Parameters</dt>
|
||||||
<dd>None
|
<dd>None
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue