builtin/audit: add file audit
This commit is contained in:
Mitchell Hashimoto
parent
2744d84e0b
commit
8bfa12297d
|
|
@ -0,0 +1,67 @@
|
|||
package file
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"sync"
|
||||
|
||||
"github.com/hashicorp/vault/audit"
|
||||
"github.com/hashicorp/vault/logical"
|
||||
)
|
||||
|
||||
func Factory(conf map[string]string) (audit.Backend, error) {
|
||||
path, ok := conf["path"]
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("path is required")
|
||||
}
|
||||
|
||||
return &Backend{Path: path}, nil
|
||||
}
|
||||
|
||||
// Backend is the audit backend for the file-based audit store.
|
||||
//
|
||||
// NOTE: This audit backend is currently very simple: it appends to a file.
|
||||
// It doesn't do anything more at the moment to assist with rotation
|
||||
// or reset the write cursor, this should be done in the future.
|
||||
type Backend struct {
|
||||
Path string
|
||||
|
||||
once sync.Once
|
||||
f *os.File
|
||||
}
|
||||
|
||||
func (b *Backend) LogRequest(auth *logical.Auth, req *logical.Request) error {
|
||||
if err := b.open(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// TODO
|
||||
return nil
|
||||
}
|
||||
|
||||
func (b *Backend) LogResponse(
|
||||
auth *logical.Auth,
|
||||
req *logical.Request,
|
||||
resp *logical.Response,
|
||||
err error) error {
|
||||
if err := b.open(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// TODO
|
||||
return nil
|
||||
}
|
||||
|
||||
func (b *Backend) open() error {
|
||||
if b.f != nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
var err error
|
||||
b.f, err = os.Create(b.Path)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
@ -11,6 +11,7 @@ import (
|
|||
"strings"
|
||||
|
||||
"github.com/hashicorp/logutils"
|
||||
"github.com/hashicorp/vault/audit"
|
||||
"github.com/hashicorp/vault/command/server"
|
||||
"github.com/hashicorp/vault/helper/flag-slice"
|
||||
"github.com/hashicorp/vault/helper/gated-writer"
|
||||
|
|
@ -22,6 +23,7 @@ import (
|
|||
|
||||
// ServerCommand is a Command that starts the Vault server.
|
||||
type ServerCommand struct {
|
||||
AuditBackends map[string]audit.Factory
|
||||
CredentialBackends map[string]logical.Factory
|
||||
LogicalBackends map[string]logical.Factory
|
||||
|
||||
|
|
@ -91,6 +93,7 @@ func (c *ServerCommand) Run(args []string) int {
|
|||
// Initialize the core
|
||||
core, err := vault.NewCore(&vault.CoreConfig{
|
||||
Physical: backend,
|
||||
AuditBackends: c.AuditBackends,
|
||||
CredentialBackends: c.CredentialBackends,
|
||||
LogicalBackends: c.LogicalBackends,
|
||||
Logger: logger,
|
||||
|
|
|
|||
|
|
@ -3,9 +3,14 @@ package main
|
|||
import (
|
||||
"os"
|
||||
|
||||
auditFile "github.com/hashicorp/vault/builtin/audit/file"
|
||||
|
||||
"github.com/hashicorp/vault/builtin/credential/github"
|
||||
|
||||
"github.com/hashicorp/vault/builtin/logical/aws"
|
||||
"github.com/hashicorp/vault/builtin/logical/consul"
|
||||
|
||||
"github.com/hashicorp/vault/audit"
|
||||
tokenDisk "github.com/hashicorp/vault/builtin/token/disk"
|
||||
"github.com/hashicorp/vault/command"
|
||||
"github.com/hashicorp/vault/logical"
|
||||
|
|
@ -106,6 +111,9 @@ func init() {
|
|||
"server": func() (cli.Command, error) {
|
||||
return &command.ServerCommand{
|
||||
Meta: meta,
|
||||
AuditBackends: map[string]audit.Factory{
|
||||
"file": auditFile.Factory,
|
||||
},
|
||||
CredentialBackends: map[string]logical.Factory{
|
||||
"github": github.Factory,
|
||||
},
|
||||
|
|
|
|||
Loading…
Reference in New Issue