ebc1e64c62
This was inspired by #7022 but has the advantage of avoiding double-locking and needing to perform lock upgrades while also simplifying the logic and being faster. Original, #7022, this: goos: linux goarch: amd64 pkg: github.com/hashicorp/vault/builtin/audit/file BenchmarkAuditFile_request-4 30000 60734 ns/op PASS ok github.com/hashicorp/vault/builtin/audit/file 2.428s goos: linux goarch: amd64 pkg: github.com/hashicorp/vault/builtin/audit/file BenchmarkAuditFile_request-4 50000 34772 ns/op PASS ok github.com/hashicorp/vault/builtin/audit/file 2.086s goos: linux goarch: amd64 pkg: github.com/hashicorp/vault/builtin/audit/file BenchmarkAuditFile_request-4 50000 25302 ns/op PASS ok github.com/hashicorp/vault/builtin/audit/file 1.542s Fixes #7014 Closes #7022
144 lines
2.9 KiB
Go
144 lines
2.9 KiB
Go
package file
|
|
|
|
import (
|
|
"context"
|
|
"io/ioutil"
|
|
"os"
|
|
"path/filepath"
|
|
"strconv"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/hashicorp/vault/audit"
|
|
"github.com/hashicorp/vault/helper/namespace"
|
|
"github.com/hashicorp/vault/sdk/helper/salt"
|
|
"github.com/hashicorp/vault/sdk/logical"
|
|
)
|
|
|
|
func TestAuditFile_fileModeNew(t *testing.T) {
|
|
modeStr := "0777"
|
|
mode, err := strconv.ParseUint(modeStr, 8, 32)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
path, err := ioutil.TempDir("", "vault-test_audit_file-file_mode_new")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
defer os.RemoveAll(path)
|
|
|
|
file := filepath.Join(path, "auditTest.txt")
|
|
|
|
config := map[string]string{
|
|
"path": file,
|
|
"mode": modeStr,
|
|
}
|
|
|
|
_, err = Factory(context.Background(), &audit.BackendConfig{
|
|
SaltConfig: &salt.Config{},
|
|
SaltView: &logical.InmemStorage{},
|
|
Config: config,
|
|
})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
info, err := os.Stat(file)
|
|
if err != nil {
|
|
t.Fatalf("Cannot retrieve file mode from `Stat`")
|
|
}
|
|
if info.Mode() != os.FileMode(mode) {
|
|
t.Fatalf("File mode does not match.")
|
|
}
|
|
}
|
|
|
|
func TestAuditFile_fileModeExisting(t *testing.T) {
|
|
f, err := ioutil.TempFile("", "test")
|
|
if err != nil {
|
|
t.Fatalf("Failure to create test file.")
|
|
}
|
|
defer os.Remove(f.Name())
|
|
|
|
err = os.Chmod(f.Name(), 0777)
|
|
if err != nil {
|
|
t.Fatalf("Failure to chmod temp file for testing.")
|
|
}
|
|
|
|
err = f.Close()
|
|
if err != nil {
|
|
t.Fatalf("Failure to close temp file for test.")
|
|
}
|
|
|
|
config := map[string]string{
|
|
"path": f.Name(),
|
|
}
|
|
|
|
_, err = Factory(context.Background(), &audit.BackendConfig{
|
|
Config: config,
|
|
SaltConfig: &salt.Config{},
|
|
SaltView: &logical.InmemStorage{},
|
|
})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
info, err := os.Stat(f.Name())
|
|
if err != nil {
|
|
t.Fatalf("cannot retrieve file mode from `Stat`")
|
|
}
|
|
if info.Mode() != os.FileMode(0600) {
|
|
t.Fatalf("File mode does not match.")
|
|
}
|
|
}
|
|
|
|
func BenchmarkAuditFile_request(b *testing.B) {
|
|
config := map[string]string{
|
|
"path": "/dev/null",
|
|
}
|
|
sink, err := Factory(context.Background(), &audit.BackendConfig{
|
|
Config: config,
|
|
SaltConfig: &salt.Config{},
|
|
SaltView: &logical.InmemStorage{},
|
|
})
|
|
if err != nil {
|
|
b.Fatal(err)
|
|
}
|
|
|
|
in := &logical.LogInput{
|
|
Auth: &logical.Auth{
|
|
ClientToken: "foo",
|
|
Accessor: "bar",
|
|
EntityID: "foobarentity",
|
|
DisplayName: "testtoken",
|
|
NoDefaultPolicy: true,
|
|
Policies: []string{"root"},
|
|
TokenType: logical.TokenTypeService,
|
|
},
|
|
Request: &logical.Request{
|
|
Operation: logical.UpdateOperation,
|
|
Path: "/foo",
|
|
Connection: &logical.Connection{
|
|
RemoteAddr: "127.0.0.1",
|
|
},
|
|
WrapInfo: &logical.RequestWrapInfo{
|
|
TTL: 60 * time.Second,
|
|
},
|
|
Headers: map[string][]string{
|
|
"foo": []string{"bar"},
|
|
},
|
|
},
|
|
}
|
|
|
|
ctx := namespace.RootContext(nil)
|
|
b.ResetTimer()
|
|
b.RunParallel(func(pb *testing.PB) {
|
|
for pb.Next() {
|
|
if err := sink.LogRequest(ctx, in); err != nil {
|
|
panic(err)
|
|
}
|
|
}
|
|
})
|
|
}
|