From fc6d13e29de9bb36b42bd1395ab9fc487d70c70b Mon Sep 17 00:00:00 2001 From: Daniel Huckins Date: Fri, 20 Jan 2023 11:09:33 -0500 Subject: [PATCH] VAULT-12112: openapi response definitions: sys/audit (#18456) * added audit-hash operations * more audit paths Signed-off-by: Daniel Huckins * added audit fields * add changelog file * dynamic fields should be nil Signed-off-by: Daniel Huckins * start to add test helper Signed-off-by: Daniel Huckins * add tests for /sys/audit openapi paths Signed-off-by: Daniel Huckins Co-authored-by: Anton Averchenkov --- changelog/18456.txt | 3 ++ vault/logical_system_paths.go | 64 +++++++++++++++++++++++++++++++++-- vault/logical_system_test.go | 15 ++++++++ 3 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 changelog/18456.txt diff --git a/changelog/18456.txt b/changelog/18456.txt new file mode 100644 index 000000000..ee297508f --- /dev/null +++ b/changelog/18456.txt @@ -0,0 +1,3 @@ +```release-note:improvement +openapi: add openapi response defintions to /sys/audit endpoints +``` \ No newline at end of file diff --git a/vault/logical_system_paths.go b/vault/logical_system_paths.go index 36ddbed9e..26c3e5aa0 100644 --- a/vault/logical_system_paths.go +++ b/vault/logical_system_paths.go @@ -1,6 +1,7 @@ package vault import ( + "net/http" "strings" "github.com/hashicorp/vault/sdk/framework" @@ -571,9 +572,21 @@ func (b *SystemBackend) auditPaths() []*framework.Path { Type: framework.TypeString, }, }, - - Callbacks: map[logical.Operation]framework.OperationFunc{ - logical.UpdateOperation: b.handleAuditHash, + Operations: map[logical.Operation]framework.OperationHandler{ + logical.UpdateOperation: &framework.PathOperation{ + Callback: b.handleAuditHash, + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + Fields: map[string]*framework.FieldSchema{ + "hash": { + Type: framework.TypeString, + Required: true, + }, + }, + }}, + }, + }, }, HelpSynopsis: strings.TrimSpace(sysHelp["audit-hash"][0]), @@ -587,6 +600,13 @@ func (b *SystemBackend) auditPaths() []*framework.Path { logical.ReadOperation: &framework.PathOperation{ Callback: b.handleAuditTable, Summary: "List the enabled audit devices.", + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + // this response has dynamic keys + Description: "OK", + Fields: nil, + }}, + }, }, }, @@ -625,10 +645,20 @@ func (b *SystemBackend) auditPaths() []*framework.Path { logical.UpdateOperation: &framework.PathOperation{ Callback: b.handleEnableAudit, Summary: "Enable a new audit device at the supplied path.", + Responses: map[int][]framework.Response{ + http.StatusNoContent: {{ + Description: "OK", + }}, + }, }, logical.DeleteOperation: &framework.PathOperation{ Callback: b.handleDisableAudit, Summary: "Disable the audit device at the given path.", + Responses: map[int][]framework.Response{ + http.StatusNoContent: {{ + Description: "OK", + }}, + }, }, }, @@ -652,14 +682,31 @@ func (b *SystemBackend) auditPaths() []*framework.Path { logical.UpdateOperation: &framework.PathOperation{ Callback: b.handleAuditedHeaderUpdate, Summary: "Enable auditing of a header.", + Responses: map[int][]framework.Response{ + http.StatusNoContent: {{ + Description: "OK", + }}, + }, }, logical.DeleteOperation: &framework.PathOperation{ Callback: b.handleAuditedHeaderDelete, Summary: "Disable auditing of the given request header.", + Responses: map[int][]framework.Response{ + http.StatusNoContent: {{ + Description: "OK", + }}, + }, }, logical.ReadOperation: &framework.PathOperation{ Callback: b.handleAuditedHeaderRead, Summary: "List the information for the given request header.", + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + // the response keys are dynamic + Fields: nil, + }}, + }, }, }, @@ -674,6 +721,17 @@ func (b *SystemBackend) auditPaths() []*framework.Path { logical.ReadOperation: &framework.PathOperation{ Callback: b.handleAuditedHeadersRead, Summary: "List the request headers that are configured to be audited.", + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + Fields: map[string]*framework.FieldSchema{ + "headers": { + Type: framework.TypeMap, + Required: true, + }, + }, + }}, + }, }, }, diff --git a/vault/logical_system_test.go b/vault/logical_system_test.go index a1c4981da..d66f96287 100644 --- a/vault/logical_system_test.go +++ b/vault/logical_system_test.go @@ -33,6 +33,7 @@ import ( "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/helper/pluginutil" "github.com/hashicorp/vault/sdk/helper/salt" + "github.com/hashicorp/vault/sdk/helper/testhelpers/schema" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/version" "github.com/mitchellh/mapstructure" @@ -2194,6 +2195,7 @@ func TestSystemBackend_enableAudit(t *testing.T) { func TestSystemBackend_auditHash(t *testing.T) { c, b, _ := testCoreSystemBackend(t) + paths := b.(*SystemBackend).auditPaths() c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) { view := &logical.InmemStorage{} view.Put(namespace.RootContext(nil), &logical.StorageEntry{ @@ -2221,6 +2223,12 @@ func TestSystemBackend_auditHash(t *testing.T) { if resp != nil { t.Fatalf("bad: %v", resp) } + schema.ValidateResponse( + t, + schema.FindResponseSchema(t, paths, 2, req.Operation), + resp, + true, + ) req = logical.TestRequest(t, logical.UpdateOperation, "audit-hash/foo") req.Data["input"] = "bar" @@ -2232,6 +2240,13 @@ func TestSystemBackend_auditHash(t *testing.T) { if resp == nil || resp.Data == nil { t.Fatalf("response or its data was nil") } + schema.ValidateResponse( + t, + schema.FindResponseSchema(t, paths, 0, req.Operation), + resp, + true, + ) + hash, ok := resp.Data["hash"] if !ok { t.Fatalf("did not get hash back in response, response was %#v", resp.Data)