* CE changes to support exclusion in audit
* Add an external test for audit exclusion
---------
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
* Add Logger to BackendConfig
* EntryFormatter use logger and recover panics
* Added TODO to consider
* Add 'name' to entry formatter
* Add test for the panic
* Fix NoopAudit with update params
* emit counter metric even when 0
* Fix vault package tests
* changelog
* Remove old comment during test writing
* add gosimport to make fmt and run it
* move installation to tools.sh
* correct weird spacing issue
* Update Makefile
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* fix a weird issue
---------
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* Validate audit filter option against filter selectors referencing unsupported fields
* Test updates due to filter validation
* Test all properties of the log input bexpr datum struct in filters
* Remove redundant cloning of the client in external tests for audit filtering
* TestAuditFilteringFilterForUnsupportedField now also tests the same behaviour with skip_test option set to true
* Add filter validation test cases to unit tests for audit backends
---------
Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
* Re-process .well-known redirects with a recursive handler call rather than a 302 redirect
* Track when the RequestURI mismatches path (in a redirect) and add it to the audit log
* call cancelFunc
* audit: entry_formatter update to ensure no race detection issues
* in progress with looking at a clone method for LogInput
* Tidy up LogInput Clone method
* less memory allocation
* fix hmac key clone
* Work towards removing the feature flag that disabled eventlogger for audit events
* Removed audited headers from LogRequest and LogResponse and clean up
* make clear we don't use a method param, and comment tweak
* Moved BenchmarkAuditFile_request to audit_broker_test and renamed. Clean up
* fixed calls from tests to Factory's
* waffling godoc for a ported and tweaked test
* Remove duplicate code from previous merges, remove uneeded code
* Refactor file audit backend tests
---------
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
* VAULT-22481: Audit filter node (#24465)
* Initial commit on adding filter nodes for audit
* tests for audit filter
* test: longer filter - more conditions
* copywrite headers
* Check interface for the right type
* Add audit filtering feature (#24554)
* Support filter nodes in backend factories and add some tests
* More tests and cleanup
* Attempt to move control of registration for nodes and pipelines to the audit broker (#24505)
* invert control of the pipelines/nodes to the audit broker vs. within each backend
* update noop audit test code to implement the pipeliner interface
* noop mount path has trailing slash
* attempting to make NoopAudit more friendly
* NoopAudit uses known salt
* Refactor audit.ProcessManual to support filter nodes
* HasFiltering
* rename the pipeliner
* use exported AuditEvent in Filter
* Add tests for registering and deregistering backends on the audit broker
* Add missing licence header to one file, fix a typo in two tests
---------
Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
* Add changelog file
* initial work on global metrics for sink success/failure
* initial work to add a fallback device for audit
* Return when we have outright errors
* Improve comment
* Remove unneeded options on NewBroker and remove the policy opts elsewhere
* Remove duplicate node registration code
* Add more tests for audit backends
* ensure we return the multierror as soon as possible, and append it correctly
* error tweaks for audit: log req/resp
* extract the registration for fallback/normal devices, and ensure we always add to backends when successful
* slightly nicer error message rather than returning the raw err
* refactor the deregister methods for audit broker
* Prevent issues if fallback device is the first device added
* Bail early when the user tries adding more than one fallback audit device
* Check if there is an existing fallback audit device when setting the required sinks threshold for an audit broker
* Use the right ParseBool in audit backends
* Tweak the way we check for the threshold to make it clear why we ignore fallback
* Ensure all 'fallback' settings look the same
* nicer formatting of error
* broker tests for Register
* Deregister tests
* Deregister checks if registered before attempting
* Comment improvement
* Multiple Deregister calls are OK
* Fallback not required in this test
* Sanitise input for Deregister
* Locking mixup
* fix test
* Add changelog
* Check fallback broker's sink success threshold for register/deregister
* Remove changelog
* updated
* better name for the audit metrics labelers
* extra test
* remove name from metric counter type
* update func calls for NewMetricsCounter
* labelers should be pointers to the instance
* revert audit_test complaints about the header
* use constant value for the metric label on a fallback miss
* remove vault prefix from metric labels
* US spelling for labeler and adjust the way the labels are returned
* Fixed name and type we're testing for
* Defensive addition to HasFiltering (no nodemap no filter node)
* Remove dupe code block
* Revert to using armon/go-metrics
* Fallback miss fix
* PR feedback updates
* consistent format for configure methods
* Updated telemetry set up based on PR feedback
---------
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
* VAULT-22481: Audit filter node (#24465)
* Initial commit on adding filter nodes for audit
* tests for audit filter
* test: longer filter - more conditions
* copywrite headers
* Check interface for the right type
* Add audit filtering feature (#24554)
* Support filter nodes in backend factories and add some tests
* More tests and cleanup
* Attempt to move control of registration for nodes and pipelines to the audit broker (#24505)
* invert control of the pipelines/nodes to the audit broker vs. within each backend
* update noop audit test code to implement the pipeliner interface
* noop mount path has trailing slash
* attempting to make NoopAudit more friendly
* NoopAudit uses known salt
* Refactor audit.ProcessManual to support filter nodes
* HasFiltering
* rename the pipeliner
* use exported AuditEvent in Filter
* Add tests for registering and deregistering backends on the audit broker
* Add missing licence header to one file, fix a typo in two tests
---------
Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
* Add changelog file
* update bexpr datum to use a strong type
* go docs updates
* test path
* PR review comments
* handle scenarios/outcomes from broker.send
* don't need to re-check the complete sinks
* add extra check to deregister to ensure that re-registering non-filtered device sets sink threshold
* Ensure that the multierror is appended before attempting to return it
---------
Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
* Export audit event
* Move older tests away from audit behavior that didn't use eventlogger
* spelling--;
* no more struct initialization of NoopAudit outside of NewNoopAudit
* locking since we're accessing the shared backend
* add escape hatch to use feature flag for reversion of audit behavior
* Setup pipeline which ends with a NoopSink
* explicitly call out old way of running test
* old behavior for audit trail tests
* More manual forcing of tests to legacy audit system
* Add NOTE: to suggest that the feature flag is temporary
