Add backend type to audit logs (#9167)

Add a mount_type field to audit log requests and responses.
2020-06-16 07:22:33 -05:00 · 2020-06-16 07:22:33 -05:00 · 883524c71c
parent 4acadd372b
commit 883524c71c
4 changed files with 22 additions and 16 deletions
--- a/audit/format.go
+++ b/audit/format.go
@ -114,6 +114,7 @@ func (f *AuditFormatter) FormatRequest(ctx context.Context, w io.Writer, config
 			ClientToken:         req.ClientToken,
 			ClientTokenAccessor: req.ClientTokenAccessor,
 			Operation:           req.Operation,
 			MountType:           req.MountType,
 			Namespace: &AuditNamespace{
 				ID:   ns.ID,
 				Path: ns.Path,
@ -275,6 +276,7 @@ func (f *AuditFormatter) FormatResponse(ctx context.Context, w io.Writer, config
 			ClientToken:         req.ClientToken,
 			ClientTokenAccessor: req.ClientTokenAccessor,
 			Operation:           req.Operation,
 			MountType:           req.MountType,
 			Namespace: &AuditNamespace{
 				ID:   ns.ID,
 				Path: ns.Path,
@ -289,13 +291,14 @@ func (f *AuditFormatter) FormatResponse(ctx context.Context, w io.Writer, config
 		},
 		Response: &AuditResponse{
-			Auth:     respAuth,
+			MountType: req.MountType,
-			Secret:   respSecret,
+			Auth:      respAuth,
-			Data:     resp.Data,
+			Secret:    respSecret,
-			Warnings: resp.Warnings,
+			Data:      resp.Data,
-			Redirect: resp.Redirect,
+			Warnings:  resp.Warnings,
-			WrapInfo: respWrapInfo,
+			Redirect:  resp.Redirect,
-			Headers:  resp.Headers,
+			WrapInfo:  respWrapInfo,
 			Headers:   resp.Headers,
 		},
 	}
@ -336,6 +339,7 @@ type AuditRequest struct {
 	ID                            string                 `json:"id,omitempty"`
 	ReplicationCluster            string                 `json:"replication_cluster,omitempty"`
 	Operation                     logical.Operation      `json:"operation,omitempty"`
 	MountType                     string                 `json:"mount_type,omitempty"`
 	ClientToken                   string                 `json:"client_token,omitempty"`
 	ClientTokenAccessor           string                 `json:"client_token_accessor,omitempty"`
 	Namespace                     *AuditNamespace        `json:"namespace,omitempty"`
@ -349,13 +353,14 @@ type AuditRequest struct {
 }
 type AuditResponse struct {
-	Auth     *AuditAuth             `json:"auth,omitempty"`
+	Auth      *AuditAuth             `json:"auth,omitempty"`
-	Secret   *AuditSecret           `json:"secret,omitempty"`
+	MountType string                 `json:"mount_type,omitempty"`
-	Data     map[string]interface{} `json:"data,omitempty"`
+	Secret    *AuditSecret           `json:"secret,omitempty"`
-	Warnings []string               `json:"warnings,omitempty"`
+	Data      map[string]interface{} `json:"data,omitempty"`
-	Redirect string                 `json:"redirect,omitempty"`
+	Warnings  []string               `json:"warnings,omitempty"`
-	WrapInfo *AuditResponseWrapInfo `json:"wrap_info,omitempty"`
+	Redirect  string                 `json:"redirect,omitempty"`
-	Headers  map[string][]string    `json:"headers,omitempty"`
+	WrapInfo  *AuditResponseWrapInfo `json:"wrap_info,omitempty"`
 	Headers   map[string][]string    `json:"headers,omitempty"`
 }
 type AuditAuth struct {
--- a/go.mod
+++ b/go.mod
@ -92,7 +92,7 @@ require (
 	github.com/hashicorp/vault-plugin-secrets-mongodbatlas v0.1.2
 	github.com/hashicorp/vault-plugin-secrets-openldap v0.1.3
 	github.com/hashicorp/vault/api v1.0.5-0.20200519221902-385fac77e20f
-	github.com/hashicorp/vault/sdk v0.1.14-0.20200527182800-ad90e0b39d2f
+	github.com/hashicorp/vault/sdk v0.1.14-0.20200615191832-d4b3c4b29c62
 	github.com/influxdata/influxdb v0.0.0-20190411212539-d24b7ba8c4c4
 	github.com/jcmturner/gokrb5/v8 v8.0.0
 	github.com/jefferai/isbadcipher v0.0.0-20190226160619-51d2077c035f
--- a/go.sum
+++ b/go.sum
@ -750,6 +750,7 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT
 github.com/prometheus/procfs v0.0.8 h1:+fpWZdT24pJBiqJdAwYBjPSk+5YmQzYNPYzQsdzLkt8=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a h1:9ZKAASQSHhDYGoxY8uLVpewe1GDZ2vu2Tr/vTdVAkFQ=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -457,7 +457,7 @@ github.com/hashicorp/vault-plugin-secrets-openldap
 github.com/hashicorp/vault-plugin-secrets-openldap/client
 # github.com/hashicorp/vault/api v1.0.5-0.20200519221902-385fac77e20f => ./api
 github.com/hashicorp/vault/api
-# github.com/hashicorp/vault/sdk v0.1.14-0.20200527182800-ad90e0b39d2f => ./sdk
+# github.com/hashicorp/vault/sdk v0.1.14-0.20200615191832-d4b3c4b29c62 => ./sdk
 github.com/hashicorp/vault/sdk/database/dbplugin
 github.com/hashicorp/vault/sdk/database/helper/connutil
 github.com/hashicorp/vault/sdk/database/helper/credsutil