Jeff Mitchell
1c7157e632
Reintroduce the ability to look up obfuscated values in the audit log
...
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).
In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)
Fixes #784
2015-11-18 20:26:03 -05:00
Jeff Mitchell
cf4b88c196
Write HMAC-SHA256'd client token to audited requests
...
Fixes #713
2015-10-29 13:26:18 -04:00
Jeff Mitchell
c8a0eda224
Use hmac-sha256 for protecting secrets in audit entries
2015-09-19 11:29:31 -04:00
Jeff Mitchell
5dde76fa1c
Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass.
2015-09-18 17:38:30 -04:00
Jeff Mitchell
b655f6b858
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 17:38:22 -04:00
Jeff Mitchell
ea9fbb90bc
Rejig Lease terminology internally; also, put a few JSON names back to their original values
2015-08-20 22:27:01 -07:00
Jeff Mitchell
93ef9a54bd
Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod
2015-08-20 18:00:51 -07:00
Erik Kristensen
a394678ec1
update tests
2015-08-05 08:44:48 -06:00
Erik Kristensen
2125017cb9
add a time field to the log entries
2015-08-05 07:47:39 -06:00
Armon Dadgar
496ebe561c
vault: cleanups for the audit log changes
2015-06-29 15:27:28 -07:00
Armon Dadgar
add8e1a3fd
Fixing merge conflict
2015-06-29 15:19:04 -07:00
Mitchell Hashimoto
0809378c9b
audit: some tests
2015-06-19 03:31:19 -07:00
Nate Brown
91611a32c9
Fixing tests
2015-06-18 20:14:20 -07:00
Nate Brown
3a860fe5c1
Actually not logging auth in the response if nil
2015-06-18 19:48:00 -07:00
Nate Brown
4ec685dc1a
Logging authentication errors and bad token usage
2015-06-18 18:30:18 -07:00
Nate Brown
c55f103c58
Adding error and remote_address to audit log lines
2015-06-18 17:17:18 -07:00
Mitchell Hashimoto
a9f8d6243c
audit: add display name to auth [GH-176]
2015-05-11 10:40:32 -07:00
Armon Dadgar
46636ea52c
audit: Guard against a few nil pointer cases
2015-04-27 15:56:40 -07:00
Mitchell Hashimoto
c18f3928df
audit: add more tests for copying
2015-04-27 15:54:14 -07:00
Armon Dadgar
a837db6570
audit: Document that arguments must not be modified
2015-04-27 14:24:11 -07:00
Mitchell Hashimoto
e77e2d8c98
audit: docs
2015-04-22 07:42:37 +02:00
Mitchell Hashimoto
1b34aae7f1
audit: separate hashing from formatting to facilitate raw
2015-04-22 07:41:53 +02:00
Mitchell Hashimoto
ed388c100d
audit: hash all the req/resp structures
2015-04-21 16:20:31 +01:00
Mitchell Hashimoto
7edc41b6da
audit: fix failing test
2015-04-21 16:15:04 +01:00
Mitchell Hashimoto
82252c0d34
audit: sanity sha1 test
2015-04-21 16:14:26 +01:00
Mitchell Hashimoto
97ff2ad09b
audit: add SHA1 hash callback
2015-04-21 16:13:06 +01:00
Mitchell Hashimoto
2a6bb96276
audit: add hashstructure
2015-04-21 16:02:03 +01:00
Mitchell Hashimoto
ee2b113831
audit/file: append
2015-04-19 22:43:39 -07:00
Mitchell Hashimoto
358845053b
audit: JSON formatter
2015-04-13 14:12:03 -07:00
Armon Dadgar
0f40bb75c0
audit: Adding basic interface methods
2015-04-01 13:54:50 -07:00
Armon Dadgar
615e209296
audit: Basic interface
2015-03-27 13:43:23 -07:00