Documentation ¶
Index ¶
- func Hash(salter *salt.Salt, raw interface{}, nonHMACDataKeys []string) error
- func HashString(salter *salt.Salt, data string) string
- func HashStructure(s interface{}, cb HashCallback, ignoredKeys []string) (interface{}, error)
- type AuditAuth
- type AuditFormatWriter
- type AuditFormatter
- type AuditNamespace
- type AuditRequest
- type AuditRequestEntry
- type AuditResponse
- type AuditResponseEntry
- type AuditResponseWrapInfo
- type AuditSecret
- type Backend
- type BackendConfig
- type Factory
- type Formatter
- type FormatterConfig
- type HashCallback
- type JSONFormatWriter
- type LogInput
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Hash ¶
Hash will hash the given type. This has built-in support for auth, requests, and responses. If it is a type that isn't recognized, then it will be passed through.
The structure is modified in-place.
func HashString ¶
HashString hashes the given opaque string and returns it
func HashStructure ¶
func HashStructure(s interface{}, cb HashCallback, ignoredKeys []string) (interface{}, error)
HashStructure takes an interface and hashes all the values within the structure. Only _values_ are hashed: keys of objects are not.
For the HashCallback, see the built-in HashCallbacks below.
Types ¶
type AuditAuth ¶
type AuditAuth struct { ClientToken string `json:"client_token"` Accessor string `json:"accessor"` DisplayName string `json:"display_name"` Policies []string `json:"policies"` TokenPolicies []string `json:"token_policies,omitempty"` IdentityPolicies []string `json:"identity_policies,omitempty"` ExternalNamespacePolicies map[string][]string `json:"external_namespace_policies,omitempty"` Metadata map[string]string `json:"metadata"` NumUses int `json:"num_uses,omitempty"` RemainingUses int `json:"remaining_uses,omitempty"` EntityID string `json:"entity_id"` TokenType string `json:"token_type"` }
type AuditFormatWriter ¶
type AuditFormatter ¶
type AuditFormatter struct {
AuditFormatWriter
}
AuditFormatter implements the Formatter interface, and allows the underlying marshaller to be swapped out
func (*AuditFormatter) FormatRequest ¶
func (f *AuditFormatter) FormatRequest(ctx context.Context, w io.Writer, config FormatterConfig, in *LogInput) error
func (*AuditFormatter) FormatResponse ¶
func (f *AuditFormatter) FormatResponse(ctx context.Context, w io.Writer, config FormatterConfig, in *LogInput) error
type AuditNamespace ¶
type AuditRequest ¶
type AuditRequest struct { ID string `json:"id"` ReplicationCluster string `json:"replication_cluster,omitempty"` Operation logical.Operation `json:"operation"` ClientToken string `json:"client_token"` ClientTokenAccessor string `json:"client_token_accessor"` Namespace AuditNamespace `json:"namespace"` Path string `json:"path"` Data map[string]interface{} `json:"data"` PolicyOverride bool `json:"policy_override"` RemoteAddr string `json:"remote_address"` WrapTTL int `json:"wrap_ttl"` Headers map[string][]string `json:"headers"` }
type AuditRequestEntry ¶
type AuditRequestEntry struct { Time string `json:"time,omitempty"` Type string `json:"type"` Auth AuditAuth `json:"auth"` Request AuditRequest `json:"request"` Error string `json:"error"` }
AuditRequestEntry is the structure of a request audit log entry in Audit.
type AuditResponse ¶
type AuditResponse struct { Auth *AuditAuth `json:"auth,omitempty"` Secret *AuditSecret `json:"secret,omitempty"` Data map[string]interface{} `json:"data,omitempty"` Warnings []string `json:"warnings,omitempty"` Redirect string `json:"redirect,omitempty"` WrapInfo *AuditResponseWrapInfo `json:"wrap_info,omitempty"` Headers map[string][]string `json:"headers"` }
type AuditResponseEntry ¶
type AuditResponseEntry struct { Time string `json:"time,omitempty"` Type string `json:"type"` Auth AuditAuth `json:"auth"` Request AuditRequest `json:"request"` Response AuditResponse `json:"response"` Error string `json:"error"` }
AuditResponseEntry is the structure of a response audit log entry in Audit.
type AuditResponseWrapInfo ¶
type AuditSecret ¶
type AuditSecret struct {
LeaseID string `json:"lease_id"`
}
type Backend ¶
type Backend interface { // LogRequest is used to synchronously log a request. This is done after the // request is authorized but before the request is executed. The arguments // MUST not be modified in anyway. They should be deep copied if this is // a possibility. LogRequest(context.Context, *LogInput) error // LogResponse is used to synchronously log a response. This is done after // the request is processed but before the response is sent. The arguments // MUST not be modified in anyway. They should be deep copied if this is // a possibility. LogResponse(context.Context, *LogInput) error // GetHash is used to return the given data with the backend's hash, // so that a caller can determine if a value in the audit log matches // an expected plaintext value GetHash(context.Context, string) (string, error) // Reload is called on SIGHUP for supporting backends. Reload(context.Context) error // Invalidate is called for path invalidation Invalidate(context.Context) }
Backend interface must be implemented for an audit mechanism to be made available. Audit backends can be enabled to sink information to different backends such as logs, file, databases, or other external services.
type BackendConfig ¶
type BackendConfig struct { // The view to store the salt SaltView logical.Storage // The salt config that should be used for any secret obfuscation SaltConfig *salt.Config // Config is the opaque user configuration provided when mounting Config map[string]string }
BackendConfig contains configuration parameters used in the factory func to instantiate audit backends
type Factory ¶
type Factory func(context.Context, *BackendConfig) (Backend, error)
Factory is the factory function to create an audit backend.
type Formatter ¶
type Formatter interface { FormatRequest(context.Context, io.Writer, FormatterConfig, *LogInput) error FormatResponse(context.Context, io.Writer, FormatterConfig, *LogInput) error }
Formatter is an interface that is responsible for formating a request/response into some format. Formatters write their output to an io.Writer.
It is recommended that you pass data through Hash prior to formatting it.
type FormatterConfig ¶
type HashCallback ¶
HashCallback is the callback called for HashStructure to hash a value.
type JSONFormatWriter ¶
JSONFormatWriter is an AuditFormatWriter implementation that structures data into a JSON format.
func (*JSONFormatWriter) WriteRequest ¶
func (f *JSONFormatWriter) WriteRequest(w io.Writer, req *AuditRequestEntry) error
func (*JSONFormatWriter) WriteResponse ¶
func (f *JSONFormatWriter) WriteResponse(w io.Writer, resp *AuditResponseEntry) error