luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Merge pull request #1210 from hashicorp/audit-id-path 

Rename id to path and path to file_path, print audit backend paths
This commit is contained in:
Vishal Nayak 2016-03-15 20:13:21 -04:00
parent db3ebd37c2 39a0c8e91f
commit 7db7b47fdd
10 changed files with 26 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
api/sys_audit.go
View File

@ -78,6 +78,7 @@ func (c *Sys) DisableAudit(path string) error {
// documentation. Please refer to that documentation for more details.
type Audit struct {
Path string
Type string
Description string
Options map[string]string

7
builtin/audit/file/backend.go
View File

@ -18,9 +18,12 @@ func Factory(conf *audit.BackendConfig) (audit.Backend, error) {
return nil, fmt.Errorf("nil salt")
}
path, ok := conf.Config["path"]
path, ok := conf.Config["file_path"]
if !ok {
return nil, fmt.Errorf("path is required")
path, ok = conf.Config["path"]
if !ok {
return nil, fmt.Errorf("file_path is required")
}
}
// Check if hashing of accessor is disabled

14
command/audit_enable.go
View File

@ -19,10 +19,10 @@ type AuditEnableCommand struct {
}
func (c *AuditEnableCommand) Run(args []string) int {
var desc, id string
var desc, path string
flags := c.Meta.FlagSet("audit-enable", FlagSetDefault)
flags.StringVar(&desc, "description", "", "")
flags.StringVar(&id, "id", "", "")
flags.StringVar(&path, "path", "", "")
flags.Usage = func() { c.Ui.Error(c.Help()) }
if err := flags.Parse(args); err != nil {
return 1
@ -37,8 +37,8 @@ func (c *AuditEnableCommand) Run(args []string) int {
}
auditType := args[0]
if id == "" {
id = auditType
if path == "" {
path = auditType
}
// Build the options
@ -67,7 +67,7 @@ func (c *AuditEnableCommand) Run(args []string) int {
return 1
}
err = client.Sys().EnableAudit(id, auditType, desc, opts)
err = client.Sys().EnableAudit(path, auditType, desc, opts)
if err != nil {
c.Ui.Error(fmt.Sprintf(
"Error enabling audit backend: %s", err))
@ -75,7 +75,7 @@ func (c *AuditEnableCommand) Run(args []string) int {
}
c.Ui.Output(fmt.Sprintf(
"Successfully enabled audit backend '%s'!", auditType))
"Successfully enabled audit backend '%s' with path '%s'!", auditType, path))
return 0
}
@ -103,7 +103,7 @@ Audit Enable Options:
-description=<desc> A human-friendly description for the backend. This
shows up only when querying the enabled backends.
-id=<id> Specify a unique ID for this audit backend. This
-path=<path> Specify a unique path for this audit backend. This
is purely for referencing this audit backend. By
default this will be the backend type.

4
command/audit_list.go
View File

@ -47,7 +47,7 @@ func (c *AuditListCommand) Run(args []string) int {
}
sort.Strings(paths)
columns := []string{"Type | Description | Options"}
columns := []string{"Path | Type | Description | Options"}
for _, path := range paths {
audit := audits[path]
opts := make([]string, 0, len(audit.Options))
@ -56,7 +56,7 @@ func (c *AuditListCommand) Run(args []string) int {
}
columns = append(columns, fmt.Sprintf(
"%s | %s | %s", audit.Type, audit.Description, strings.Join(opts, " ")))
"%s | %s | %s | %s", audit.Path, audit.Type, audit.Description, strings.Join(opts, " ")))
}
c.Ui.Output(columnize.SimpleFormat(columns))

3
http/sys_audit_test.go
View File

@ -23,6 +23,7 @@ func TestSysAudit(t *testing.T) {
var actual map[string]interface{}
expected := map[string]interface{}{
"noop/": map[string]interface{}{
"path": "noop/",
"type": "noop",
"description": "",
"options": map[string]interface{}{},
@ -31,7 +32,7 @@ func TestSysAudit(t *testing.T) {
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
t.Fatalf("bad: expected:\n%#v actual:\n%#v\n", expected, actual)
}
}

1
vault/logical_system.go
View File

@ -932,6 +932,7 @@ func (b *SystemBackend) handleAuditTable(
}
for _, entry := range b.Core.audit.Entries {
info := map[string]interface{}{
"path": entry.Path,
"type": entry.Type,
"description": entry.Description,
"options": entry.Options,

1
vault/logical_system_test.go
View File

@ -635,6 +635,7 @@ func TestSystemBackend_auditTable(t *testing.T) {
exp := map[string]interface{}{
"foo/": map[string]interface{}{
"path": "foo/",
"type": "noop",
"description": "testing",
"options": map[string]string{

8
website/source/docs/audit/file.html.md
View File

@ -25,13 +25,13 @@ information is first hashed before logging in the audit logs.
Audit `file` backend can be enabled by the following command.
```
$ vault audit-enable file path=/var/log/vault_audit.log
$ vault audit-enable file file_path=/var/log/vault_audit.log
```
Any number of `file` audit logs can be created by enabling it with different `id`s.
Any number of `file` audit logs can be created by enabling it with different `path`s.
```
$ vault audit-enable -id="vault_audit_1" file path=/home/user/vault_audit.log
$ vault audit-enable -path="vault_audit_1" file file_path=/home/user/vault_audit.log
```
Note the difference between `audit-enable` command options and the `file` backend
@ -43,7 +43,7 @@ Following are the configuration options available for the backend.
<dd>
<ul>
<li>
<span class="param">path</span>
<span class="param">file_path</span>
<span class="param-flags">required</span>
The path to where the audit log will be written. If this
path exists, the audit backend will append to it.

2
website/source/docs/http/sys-audit-hash.html.md
View File

@ -27,7 +27,7 @@ description: |-
<dd>POST</dd>
<dt>URL</dt>
<dd>`/sys/audit-hash/<name>`</dd>
<dd>`/sys/audit-hash/<path>`</dd>
<dt>Parameters</dt>
<dd>

4
website/source/docs/http/sys-audit.html.md
View File

@ -54,7 +54,7 @@ description: |-
<dd>PUT</dd>
<dt>URL</dt>
<dd>`/sys/audit/<name>`</dd>
<dd>`/sys/audit/<path>`</dd>
<dt>Parameters</dt>
<dd>
@ -96,7 +96,7 @@ description: |-
<dd>DELETE</dd>
<dt>URL</dt>
<dd>`/sys/audit/<name>`</dd>
<dd>`/sys/audit/<path>`</dd>
<dt>Parameters</dt>
<dd>None