vault: Allow deep paths for audit backends

vault/audit.go

@@ -33,17 +33,24 @@ func (c *Core) enableAudit(entry *MountEntry) error {
 	c.audit.Lock()
 	defer c.audit.Unlock()
 
-	// Ensure there is a name
-	if entry.Path == "" {
-		return fmt.Errorf("backend path must be specified")
+	// Ensure we end the path in a slash
+	if !strings.HasSuffix(entry.Path, "/") {
+		entry.Path += "/"
 	}
-	if strings.Contains(entry.Path, "/") {
-		return fmt.Errorf("backend path cannot have a forward slash")
+
+	// Ensure there is a name
+	if entry.Path == "/" {
+		return fmt.Errorf("backend path must be specified")
 	}
 
 	// Look for matching name
 	for _, ent := range c.audit.Entries {
-		if ent.Path == entry.Path {
+		switch {
+		// Existing is sql/mysql/ new is sql/ or
+		// existing is sql/ and new is sql/mysql/
+		case strings.HasPrefix(ent.Path, entry.Path):
+			fallthrough
+		case strings.HasPrefix(entry.Path, ent.Path):
 			return fmt.Errorf("path already in use")
 		}
 	}
@@ -78,6 +85,11 @@ func (c *Core) disableAudit(path string) error {
 	c.audit.Lock()
 	defer c.audit.Unlock()
 
+	// Ensure we end the path in a slash
+	if !strings.HasSuffix(path, "/") {
+		path += "/"
+	}
+
 	// Remove the entry from the mount table
 	found := false
 	newTable := c.audit.Clone()

vault/audit_test.go

@@ -53,7 +53,7 @@ func TestCore_EnableAudit(t *testing.T) {
 		t.Fatalf("err: %v", err)
 	}
 
-	if !c.auditBroker.IsRegistered("foo") {
+	if !c.auditBroker.IsRegistered("foo/") {
 		t.Fatalf("missing audit backend")
 	}
 
@@ -82,7 +82,7 @@ func TestCore_EnableAudit(t *testing.T) {
 	}
 
 	// Check for registration
-	if !c2.auditBroker.IsRegistered("foo") {
+	if !c2.auditBroker.IsRegistered("foo/") {
 		t.Fatalf("missing audit backend")
 	}
 }

vault/logical_system_test.go

@@ -551,7 +551,7 @@ func TestSystemBackend_auditTable(t *testing.T) {
 	}
 
 	exp := map[string]interface{}{
-		"foo": map[string]interface{}{
+		"foo/": map[string]interface{}{
 			"type":        "noop",
 			"description": "testing",
 			"options": map[string]string{