Fully omitempty audit (#6727)
This commit is contained in:
parent
2d727a5640
commit
ff2e8053e8
|
@ -145,7 +145,7 @@ func (f *AuditFormatter) FormatRequest(ctx context.Context, w io.Writer, config
|
|||
Type: reqType,
|
||||
Error: errString,
|
||||
|
||||
Auth: AuditAuth{
|
||||
Auth: &AuditAuth{
|
||||
ClientToken: auth.ClientToken,
|
||||
Accessor: auth.Accessor,
|
||||
DisplayName: auth.DisplayName,
|
||||
|
@ -159,12 +159,12 @@ func (f *AuditFormatter) FormatRequest(ctx context.Context, w io.Writer, config
|
|||
TokenType: auth.TokenType.String(),
|
||||
},
|
||||
|
||||
Request: AuditRequest{
|
||||
Request: &AuditRequest{
|
||||
ID: req.ID,
|
||||
ClientToken: req.ClientToken,
|
||||
ClientTokenAccessor: req.ClientTokenAccessor,
|
||||
Operation: req.Operation,
|
||||
Namespace: AuditNamespace{
|
||||
Namespace: &AuditNamespace{
|
||||
ID: ns.ID,
|
||||
Path: ns.Path,
|
||||
},
|
||||
|
@ -389,7 +389,7 @@ func (f *AuditFormatter) FormatResponse(ctx context.Context, w io.Writer, config
|
|||
respEntry := &AuditResponseEntry{
|
||||
Type: respType,
|
||||
Error: errString,
|
||||
Auth: AuditAuth{
|
||||
Auth: &AuditAuth{
|
||||
ClientToken: auth.ClientToken,
|
||||
Accessor: auth.Accessor,
|
||||
DisplayName: auth.DisplayName,
|
||||
|
@ -403,12 +403,12 @@ func (f *AuditFormatter) FormatResponse(ctx context.Context, w io.Writer, config
|
|||
TokenType: auth.TokenType.String(),
|
||||
},
|
||||
|
||||
Request: AuditRequest{
|
||||
Request: &AuditRequest{
|
||||
ID: req.ID,
|
||||
ClientToken: req.ClientToken,
|
||||
ClientTokenAccessor: req.ClientTokenAccessor,
|
||||
Operation: req.Operation,
|
||||
Namespace: AuditNamespace{
|
||||
Namespace: &AuditNamespace{
|
||||
ID: ns.ID,
|
||||
Path: ns.Path,
|
||||
},
|
||||
|
@ -421,7 +421,7 @@ func (f *AuditFormatter) FormatResponse(ctx context.Context, w io.Writer, config
|
|||
Headers: req.Headers,
|
||||
},
|
||||
|
||||
Response: AuditResponse{
|
||||
Response: &AuditResponse{
|
||||
Auth: respAuth,
|
||||
Secret: respSecret,
|
||||
Data: resp.Data,
|
||||
|
@ -446,35 +446,35 @@ func (f *AuditFormatter) FormatResponse(ctx context.Context, w io.Writer, config
|
|||
// AuditRequestEntry is the structure of a request audit log entry in Audit.
|
||||
type AuditRequestEntry struct {
|
||||
Time string `json:"time,omitempty"`
|
||||
Type string `json:"type"`
|
||||
Auth AuditAuth `json:"auth"`
|
||||
Request AuditRequest `json:"request"`
|
||||
Error string `json:"error"`
|
||||
Type string `json:"type,omitempty"`
|
||||
Auth *AuditAuth `json:"auth,omitempty"`
|
||||
Request *AuditRequest `json:"request,omitempty"`
|
||||
Error string `json:"error,omitempty"`
|
||||
}
|
||||
|
||||
// AuditResponseEntry is the structure of a response audit log entry in Audit.
|
||||
type AuditResponseEntry struct {
|
||||
Time string `json:"time,omitempty"`
|
||||
Type string `json:"type"`
|
||||
Auth AuditAuth `json:"auth"`
|
||||
Request AuditRequest `json:"request"`
|
||||
Response AuditResponse `json:"response"`
|
||||
Error string `json:"error"`
|
||||
Type string `json:"type,omitempty"`
|
||||
Auth *AuditAuth `json:"auth,omitempty"`
|
||||
Request *AuditRequest `json:"request,omitempty"`
|
||||
Response *AuditResponse `json:"response,omitempty"`
|
||||
Error string `json:"error,omitempty"`
|
||||
}
|
||||
|
||||
type AuditRequest struct {
|
||||
ID string `json:"id"`
|
||||
ID string `json:"id,omitempty"`
|
||||
ReplicationCluster string `json:"replication_cluster,omitempty"`
|
||||
Operation logical.Operation `json:"operation"`
|
||||
ClientToken string `json:"client_token"`
|
||||
ClientTokenAccessor string `json:"client_token_accessor"`
|
||||
Namespace AuditNamespace `json:"namespace"`
|
||||
Path string `json:"path"`
|
||||
Data map[string]interface{} `json:"data"`
|
||||
PolicyOverride bool `json:"policy_override"`
|
||||
RemoteAddr string `json:"remote_address"`
|
||||
WrapTTL int `json:"wrap_ttl"`
|
||||
Headers map[string][]string `json:"headers"`
|
||||
Operation logical.Operation `json:"operation,omitempty"`
|
||||
ClientToken string `json:"client_token,omitempty"`
|
||||
ClientTokenAccessor string `json:"client_token_accessor,omitempty"`
|
||||
Namespace *AuditNamespace `json:"namespace,omitempty"`
|
||||
Path string `json:"path,omitempty"`
|
||||
Data map[string]interface{} `json:"data,omitempty"`
|
||||
PolicyOverride bool `json:"policy_override,omitempty"`
|
||||
RemoteAddr string `json:"remote_address,omitempty"`
|
||||
WrapTTL int `json:"wrap_ttl,omitempty"`
|
||||
Headers map[string][]string `json:"headers,omitempty"`
|
||||
ClientCertificateSerialNumber string `json:"client_certificate_serial_number,omitempty"`
|
||||
}
|
||||
|
||||
|
@ -485,40 +485,40 @@ type AuditResponse struct {
|
|||
Warnings []string `json:"warnings,omitempty"`
|
||||
Redirect string `json:"redirect,omitempty"`
|
||||
WrapInfo *AuditResponseWrapInfo `json:"wrap_info,omitempty"`
|
||||
Headers map[string][]string `json:"headers"`
|
||||
Headers map[string][]string `json:"headers,omitempty"`
|
||||
}
|
||||
|
||||
type AuditAuth struct {
|
||||
ClientToken string `json:"client_token"`
|
||||
Accessor string `json:"accessor"`
|
||||
DisplayName string `json:"display_name"`
|
||||
Policies []string `json:"policies"`
|
||||
ClientToken string `json:"client_token,omitempty"`
|
||||
Accessor string `json:"accessor,omitempty"`
|
||||
DisplayName string `json:"display_name,omitempty"`
|
||||
Policies []string `json:"policies,omitempty"`
|
||||
TokenPolicies []string `json:"token_policies,omitempty"`
|
||||
IdentityPolicies []string `json:"identity_policies,omitempty"`
|
||||
ExternalNamespacePolicies map[string][]string `json:"external_namespace_policies,omitempty"`
|
||||
Metadata map[string]string `json:"metadata"`
|
||||
Metadata map[string]string `json:"metadata,omitempty"`
|
||||
NumUses int `json:"num_uses,omitempty"`
|
||||
RemainingUses int `json:"remaining_uses,omitempty"`
|
||||
EntityID string `json:"entity_id"`
|
||||
TokenType string `json:"token_type"`
|
||||
EntityID string `json:"entity_id,omitempty"`
|
||||
TokenType string `json:"token_type,omitempty"`
|
||||
}
|
||||
|
||||
type AuditSecret struct {
|
||||
LeaseID string `json:"lease_id"`
|
||||
LeaseID string `json:"lease_id,omitempty"`
|
||||
}
|
||||
|
||||
type AuditResponseWrapInfo struct {
|
||||
TTL int `json:"ttl"`
|
||||
Token string `json:"token"`
|
||||
Accessor string `json:"accessor"`
|
||||
CreationTime string `json:"creation_time"`
|
||||
CreationPath string `json:"creation_path"`
|
||||
TTL int `json:"ttl,omitempty"`
|
||||
Token string `json:"token,omitempty"`
|
||||
Accessor string `json:"accessor,omitempty"`
|
||||
CreationTime string `json:"creation_time,omitempty"`
|
||||
CreationPath string `json:"creation_path,omitempty"`
|
||||
WrappedAccessor string `json:"wrapped_accessor,omitempty"`
|
||||
}
|
||||
|
||||
type AuditNamespace struct {
|
||||
ID string `json:"id"`
|
||||
Path string `json:"path"`
|
||||
ID string `json:"id,omitempty"`
|
||||
Path string `json:"path,omitempty"`
|
||||
}
|
||||
|
||||
// getRemoteAddr safely gets the remote address avoiding a nil pointer
|
||||
|
|
|
@ -40,6 +40,7 @@ func TestFormatJSON_formatRequest(t *testing.T) {
|
|||
&logical.Auth{
|
||||
ClientToken: "foo",
|
||||
Accessor: "bar",
|
||||
EntityID: "foobarentity",
|
||||
DisplayName: "testtoken",
|
||||
Policies: []string{"root"},
|
||||
TokenType: logical.TokenTypeService,
|
||||
|
@ -65,6 +66,7 @@ func TestFormatJSON_formatRequest(t *testing.T) {
|
|||
&logical.Auth{
|
||||
ClientToken: "foo",
|
||||
Accessor: "bar",
|
||||
EntityID: "foobarentity",
|
||||
DisplayName: "testtoken",
|
||||
Policies: []string{"root"},
|
||||
TokenType: logical.TokenTypeService,
|
||||
|
@ -117,7 +119,7 @@ func TestFormatJSON_formatRequest(t *testing.T) {
|
|||
if err := jsonutil.DecodeJSON([]byte(expectedResultStr), &expectedjson); err != nil {
|
||||
t.Fatalf("bad json: %s", err)
|
||||
}
|
||||
expectedjson.Request.Namespace = AuditNamespace{ID: "root"}
|
||||
expectedjson.Request.Namespace = &AuditNamespace{ID: "root"}
|
||||
|
||||
var actualjson = new(AuditRequestEntry)
|
||||
if err := jsonutil.DecodeJSON([]byte(buf.String())[len(tc.Prefix):], &actualjson); err != nil {
|
||||
|
@ -139,5 +141,5 @@ func TestFormatJSON_formatRequest(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
const testFormatJSONReqBasicStrFmt = `{"time":"2015-08-05T13:45:46Z","type":"request","auth":{"client_token":"%s","accessor":"bar","display_name":"testtoken","policies":["root"],"metadata":null,"entity_id":"","token_type":"service"},"request":{"operation":"update","path":"/foo","data":null,"wrap_ttl":60,"remote_address":"127.0.0.1","headers":{"foo":["bar"]}},"error":"this is an error"}
|
||||
const testFormatJSONReqBasicStrFmt = `{"time":"2015-08-05T13:45:46Z","type":"request","auth":{"client_token":"%s","accessor":"bar","display_name":"testtoken","policies":["root"],"metadata":null,"entity_id":"foobarentity","token_type":"service"},"request":{"operation":"update","path":"/foo","data":null,"wrap_ttl":60,"remote_address":"127.0.0.1","headers":{"foo":["bar"]}},"error":"this is an error"}
|
||||
`
|
||||
|
|
|
@ -39,11 +39,15 @@ func TestFormatJSONx_formatRequest(t *testing.T) {
|
|||
&logical.Auth{
|
||||
ClientToken: "foo",
|
||||
Accessor: "bar",
|
||||
EntityID: "foobarentity",
|
||||
DisplayName: "testtoken",
|
||||
Policies: []string{"root"},
|
||||
TokenType: logical.TokenTypeService,
|
||||
},
|
||||
&logical.Request{
|
||||
ID: "request",
|
||||
ClientToken: "foo",
|
||||
ClientTokenAccessor: "bar",
|
||||
Operation: logical.UpdateOperation,
|
||||
Path: "/foo",
|
||||
Connection: &logical.Connection{
|
||||
|
@ -55,22 +59,27 @@ func TestFormatJSONx_formatRequest(t *testing.T) {
|
|||
Headers: map[string][]string{
|
||||
"foo": []string{"bar"},
|
||||
},
|
||||
PolicyOverride: true,
|
||||
},
|
||||
errors.New("this is an error"),
|
||||
"",
|
||||
"",
|
||||
fmt.Sprintf(`<json:object name="auth"><json:string name="accessor">bar</json:string><json:string name="client_token">%s</json:string><json:string name="display_name">testtoken</json:string><json:string name="entity_id"></json:string><json:null name="metadata" /><json:array name="policies"><json:string>root</json:string></json:array><json:string name="token_type">service</json:string></json:object><json:string name="error">this is an error</json:string><json:object name="request"><json:string name="client_token"></json:string><json:string name="client_token_accessor"></json:string><json:null name="data" /><json:object name="headers"><json:array name="foo"><json:string>bar</json:string></json:array></json:object><json:string name="id"></json:string><json:object name="namespace"><json:string name="id">root</json:string><json:string name="path"></json:string></json:object><json:string name="operation">update</json:string><json:string name="path">/foo</json:string><json:boolean name="policy_override">false</json:boolean><json:string name="remote_address">127.0.0.1</json:string><json:number name="wrap_ttl">60</json:number></json:object><json:string name="type">request</json:string>`,
|
||||
fooSalted),
|
||||
fmt.Sprintf(`<json:object name="auth"><json:string name="accessor">bar</json:string><json:string name="client_token">%s</json:string><json:string name="display_name">testtoken</json:string><json:string name="entity_id">foobarentity</json:string><json:array name="policies"><json:string>root</json:string></json:array><json:string name="token_type">service</json:string></json:object><json:string name="error">this is an error</json:string><json:object name="request"><json:string name="client_token">%s</json:string><json:string name="client_token_accessor">bar</json:string><json:object name="headers"><json:array name="foo"><json:string>bar</json:string></json:array></json:object><json:string name="id">request</json:string><json:object name="namespace"><json:string name="id">root</json:string></json:object><json:string name="operation">update</json:string><json:string name="path">/foo</json:string><json:boolean name="policy_override">true</json:boolean><json:string name="remote_address">127.0.0.1</json:string><json:number name="wrap_ttl">60</json:number></json:object><json:string name="type">request</json:string>`,
|
||||
fooSalted, fooSalted),
|
||||
},
|
||||
"auth, request with prefix": {
|
||||
&logical.Auth{
|
||||
ClientToken: "foo",
|
||||
Accessor: "bar",
|
||||
EntityID: "foobarentity",
|
||||
DisplayName: "testtoken",
|
||||
Policies: []string{"root"},
|
||||
TokenType: logical.TokenTypeService,
|
||||
},
|
||||
&logical.Request{
|
||||
ID: "request",
|
||||
ClientToken: "foo",
|
||||
ClientTokenAccessor: "bar",
|
||||
Operation: logical.UpdateOperation,
|
||||
Path: "/foo",
|
||||
Connection: &logical.Connection{
|
||||
|
@ -82,12 +91,13 @@ func TestFormatJSONx_formatRequest(t *testing.T) {
|
|||
Headers: map[string][]string{
|
||||
"foo": []string{"bar"},
|
||||
},
|
||||
PolicyOverride: true,
|
||||
},
|
||||
errors.New("this is an error"),
|
||||
"",
|
||||
"@cee: ",
|
||||
fmt.Sprintf(`<json:object name="auth"><json:string name="accessor">bar</json:string><json:string name="client_token">%s</json:string><json:string name="display_name">testtoken</json:string><json:string name="entity_id"></json:string><json:null name="metadata" /><json:array name="policies"><json:string>root</json:string></json:array><json:string name="token_type">service</json:string></json:object><json:string name="error">this is an error</json:string><json:object name="request"><json:string name="client_token"></json:string><json:string name="client_token_accessor"></json:string><json:null name="data" /><json:object name="headers"><json:array name="foo"><json:string>bar</json:string></json:array></json:object><json:string name="id"></json:string><json:object name="namespace"><json:string name="id">root</json:string><json:string name="path"></json:string></json:object><json:string name="operation">update</json:string><json:string name="path">/foo</json:string><json:boolean name="policy_override">false</json:boolean><json:string name="remote_address">127.0.0.1</json:string><json:number name="wrap_ttl">60</json:number></json:object><json:string name="type">request</json:string>`,
|
||||
fooSalted),
|
||||
fmt.Sprintf(`<json:object name="auth"><json:string name="accessor">bar</json:string><json:string name="client_token">%s</json:string><json:string name="display_name">testtoken</json:string><json:string name="entity_id">foobarentity</json:string><json:array name="policies"><json:string>root</json:string></json:array><json:string name="token_type">service</json:string></json:object><json:string name="error">this is an error</json:string><json:object name="request"><json:string name="client_token">%s</json:string><json:string name="client_token_accessor">bar</json:string><json:object name="headers"><json:array name="foo"><json:string>bar</json:string></json:array></json:object><json:string name="id">request</json:string><json:object name="namespace"><json:string name="id">root</json:string></json:object><json:string name="operation">update</json:string><json:string name="path">/foo</json:string><json:boolean name="policy_override">true</json:boolean><json:string name="remote_address">127.0.0.1</json:string><json:number name="wrap_ttl">60</json:number></json:object><json:string name="type">request</json:string>`,
|
||||
fooSalted, fooSalted),
|
||||
},
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue