vault: Adding AuditBroker and basic tests
This commit is contained in:
Armon Dadgar
parent
0a7df0b3d4
commit
a6bc60c7d6
|
|
@ -75,17 +75,23 @@ func (c *Core) persistAudit(table *MountTable) error {
|
|||
// setupAudit is invoked after we've loaded the audit able to
|
||||
// initialize the audit backends
|
||||
func (c *Core) setupAudits() error {
|
||||
var backends []audit.Backend
|
||||
for _, entry := range c.audit.Entries {
|
||||
// Initialize the backend
|
||||
_, err := c.newAuditBackend(entry.Type, nil)
|
||||
audit, err := c.newAuditBackend(entry.Type, entry.Options)
|
||||
if err != nil {
|
||||
c.logger.Printf(
|
||||
"[ERR] core: failed to create audit entry %#v: %v",
|
||||
entry, err)
|
||||
return loadAuditFailed
|
||||
}
|
||||
// TODO: Do something with backend
|
||||
|
||||
// Append to the audit entry to the list of backends
|
||||
backends = append(backends, audit)
|
||||
}
|
||||
|
||||
// Setup the audit broker
|
||||
c.auditBroker = NewAuditBroker(backends)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
@ -93,6 +99,7 @@ func (c *Core) setupAudits() error {
|
|||
// backends to their unloaded state. This is reversed by loadAudits.
|
||||
func (c *Core) teardownAudits() error {
|
||||
c.audit = nil
|
||||
c.auditBroker = nil
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
@ -110,3 +117,17 @@ func defaultAuditTable() *MountTable {
|
|||
table := &MountTable{}
|
||||
return table
|
||||
}
|
||||
|
||||
// AuditBroker is used to provide a single ingest interface to auditable
|
||||
// events given that multiple backends may be configured.
|
||||
type AuditBroker struct {
|
||||
backends []audit.Backend
|
||||
}
|
||||
|
||||
// NewAuditBroker creates a new broker given the list of backends
|
||||
func NewAuditBroker(backends []audit.Backend) *AuditBroker {
|
||||
b := &AuditBroker{
|
||||
backends: backends,
|
||||
}
|
||||
return b
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,46 @@
|
|||
package vault
|
||||
|
||||
import (
|
||||
"reflect"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestCore_DefaultAuditTable(t *testing.T) {
|
||||
c, key, _ := TestCoreUnsealed(t)
|
||||
verifyDefaultAuditTable(t, c.audit)
|
||||
|
||||
// Verify we have an audit broker
|
||||
if c.auditBroker == nil {
|
||||
t.Fatalf("missing audit broker")
|
||||
}
|
||||
|
||||
// Start a second core with same physical
|
||||
conf := &CoreConfig{Physical: c.physical}
|
||||
c2, err := NewCore(conf)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
unseal, err := c2.Unseal(key)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
if !unseal {
|
||||
t.Fatalf("should be unsealed")
|
||||
}
|
||||
|
||||
// Verify matching mount tables
|
||||
if !reflect.DeepEqual(c.audit, c2.audit) {
|
||||
t.Fatalf("mismatch: %v %v", c.audit, c2.audit)
|
||||
}
|
||||
}
|
||||
|
||||
func TestDefaultAuditTable(t *testing.T) {
|
||||
table := defaultAuditTable()
|
||||
verifyDefaultAuditTable(t, table)
|
||||
}
|
||||
|
||||
func verifyDefaultAuditTable(t *testing.T, table *MountTable) {
|
||||
if len(table.Entries) != 0 {
|
||||
t.Fatalf("bad: %v", table.Entries)
|
||||
}
|
||||
}
|
||||
|
|
@ -131,6 +131,10 @@ type Core struct {
|
|||
// configuration
|
||||
audit *MountTable
|
||||
|
||||
// auditBroker is used to ingest the audit events and fan
|
||||
// out into the configured audit backends
|
||||
auditBroker *AuditBroker
|
||||
|
||||
// systemView is the barrier view for the system backend
|
||||
systemView *BarrierView
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue