open-vault

Author	SHA1	Message	Date
Mark Gritter	8c67bed7ae	Send a test message before committing a new audit device. (#10520 ) * Send a test message before committing a new audit device. Also, lower timeout on connection attempts in socket device. * added changelog * go mod vendor (picked up some unrelated changes.) * Skip audit device check in integration test. Co-authored-by: swayne275 <swayne@hashicorp.com>	2020-12-16 16:00:32 -06:00
ncabatoff	ad28263b69	Allow plugins to submit audit requests/responses via extended SystemView (#6777 ) Move audit.LogInput to sdk/logical. Allow the Data values in audited logical.Request and Response to implement OptMarshaler, in which case we delegate hashing/serializing responsibility to them. Add new ClientCertificateSerialNumber audit request field. SystemView can now be cast to ExtendedSystemView to expose the Auditor interface, which allows submitting requests and responses to the audit broker.	2019-05-22 18:52:53 -04:00
Jeff Mitchell	8bcb533a1b	Create sdk/ and api/ submodules (#6583 )	2019-04-12 17:54:35 -04:00
Vishal Nayak	28e3eb9e2c	Errwrap everywhere (#4252 ) * package api * package builtin/credential * package builtin/logical * package command * package helper * package http and logical * package physical * package shamir * package vault * package vault * address feedback * more fixes	2018-04-05 11:49:21 -04:00
Brian Kassouf	9dba3590ac	Add context to the NewSalt function (#4102 )	2018-03-08 11:21:11 -08:00
Calvin Leung Huang	e2fb199ce5	Non-HMAC audit values (#4033 ) * Add non-hmac request keys * Update comment * Initial audit request keys implementation * Add audit_non_hmac_response_keys * Move where req.NonHMACKeys gets set * Minor refactor * Add params to auth tune endpoints * Sync cache on loadCredentials * Explicitly unset req.NonHMACKeys * Do not error if entry is nil * Add tests * docs: Add params to api sections * Refactor audit.Backend and Formatter interfaces, update audit broker methods * Add audit_broker.go * Fix method call params in audit backends * Remove fields from logical.Request and logical.Response, pass keys via LogInput * Use data.GetOk to allow unsetting existing values * Remove debug lines * Add test for unsetting values * Address review feedback * Initialize values in FormatRequest and FormatResponse using input values * Update docs * Use strutil.StrListContains * Use strutil.StrListContains	2018-03-02 12:18:39 -05:00
Brian Kassouf	2f19de0305	Add context to storage backends and wire it through a lot of places (#3817 )	2018-01-19 01:44:44 -05:00
Jeff Mitchell	488aad00b0	Don't dial on backend startup; retry dials at log time so that transient (#2934 ) network failures are worked around. Also, during a reconnect always close the existing connection. Fixes #2931	2017-07-06 10:18:18 -04:00
Jeff Mitchell	7cc72a9066	Delay salt initialization for audit backends	2017-05-23 20:36:20 -04:00
Jeff Mitchell	5119b173c4	Rename helper 'duration' to 'parseutil'. (#2449 ) Add a ParseBool function that accepts various kinds of ways of specifying booleans. Have config use ParseBool for UI and disabling mlock/cache.	2017-03-07 11:21:22 -05:00
Tommy Murphy	ca06bc0b53	audit: support a configurable prefix string to write before each message (#2359 ) A static token at the beginning of a log line can help systems parse logs better. For example, rsyslog and syslog-ng will recognize the '@cee: ' prefix and will parse the rest of the line as a valid json message. This is useful in environments where there is a mix of structured and unstructured logs.	2017-02-10 16:56:28 -08:00
Brian Kassouf	09049c2787	Added a single retry after a reconnection	2017-02-06 11:38:38 -08:00
Brian Kassouf	af1847f2b4	Update the docs and move the logic for reconnecting into its own function	2017-02-04 16:55:17 -08:00
Brian Kassouf	b38eeec96a	Add write deadline and a Reload function	2017-02-02 15:44:56 -08:00
Harrison Harnisch	b09077c2d8	add socket audit backend	2017-02-02 14:21:48 -08:00

15 commits