-
Notifications
You must be signed in to change notification settings - Fork 4.2k
/
audit_enable.go
154 lines (122 loc) · 3.43 KB
/
audit_enable.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
package command
import (
"fmt"
"io"
"os"
"strings"
"github.com/hashicorp/vault/api"
"github.com/mitchellh/cli"
"github.com/posener/complete"
)
var _ cli.Command = (*AuditEnableCommand)(nil)
var _ cli.CommandAutocomplete = (*AuditEnableCommand)(nil)
type AuditEnableCommand struct {
*BaseCommand
flagDescription string
flagPath string
flagLocal bool
testStdin io.Reader // For tests
}
func (c *AuditEnableCommand) Synopsis() string {
return "Enables an audit device"
}
func (c *AuditEnableCommand) Help() string {
helpText := `
Usage: vault audit enable [options] TYPE [CONFIG K=V...]
Enables an audit device at a given path.
This command enables an audit device of TYPE. Additional options for
configuring the audit device can be specified after the type in the same
format as the "vault write" command in key/value pairs.
For example, to configure the file audit device to write audit logs at the
path "/var/log/audit.log":
$ vault audit enable file file_path=/var/log/audit.log
` + c.Flags().Help()
return strings.TrimSpace(helpText)
}
func (c *AuditEnableCommand) Flags() *FlagSets {
set := c.flagSet(FlagSetHTTP)
f := set.NewFlagSet("Command Options")
f.StringVar(&StringVar{
Name: "description",
Target: &c.flagDescription,
Default: "",
EnvVar: "",
Completion: complete.PredictAnything,
Usage: "Human-friendly description for the purpose of this audit " +
"device.",
})
f.StringVar(&StringVar{
Name: "path",
Target: &c.flagPath,
Default: "", // The default is complex, so we have to manually document
EnvVar: "",
Completion: complete.PredictAnything,
Usage: "Place where the audit device will be accessible. This must be " +
"unique across all audit devices. This defaults to the \"type\" of the " +
"audit device.",
})
f.BoolVar(&BoolVar{
Name: "local",
Target: &c.flagLocal,
Default: false,
EnvVar: "",
Usage: "Mark the audit device as a local-only device. Local devices " +
"are not replicated or removed by replication.",
})
return set
}
func (c *AuditEnableCommand) AutocompleteArgs() complete.Predictor {
return complete.PredictSet(
"file",
"syslog",
"socket",
)
}
func (c *AuditEnableCommand) AutocompleteFlags() complete.Flags {
return c.Flags().Completions()
}
func (c *AuditEnableCommand) Run(args []string) int {
f := c.Flags()
if err := f.Parse(args); err != nil {
c.UI.Error(err.Error())
return 1
}
args = f.Args()
if len(args) < 1 {
c.UI.Error("Missing TYPE!")
return 1
}
// Grab the type
auditType := strings.TrimSpace(args[0])
auditPath := c.flagPath
if auditPath == "" {
auditPath = auditType
}
auditPath = ensureTrailingSlash(auditPath)
// Pull our fake stdin if needed
stdin := (io.Reader)(os.Stdin)
if c.testStdin != nil {
stdin = c.testStdin
}
options, err := parseArgsDataString(stdin, args[1:])
if err != nil {
c.UI.Error(fmt.Sprintf("Failed to parse K=V data: %s", err))
return 1
}
client, err := c.Client()
if err != nil {
c.UI.Error(err.Error())
return 2
}
if err := client.Sys().EnableAuditWithOptions(auditPath, &api.EnableAuditOptions{
Type: auditType,
Description: c.flagDescription,
Options: options,
Local: c.flagLocal,
}); err != nil {
c.UI.Error(fmt.Sprintf("Error enabling audit device: %s", err))
return 2
}
c.UI.Output(fmt.Sprintf("Success! Enabled the %s audit device at: %s", auditType, auditPath))
return 0
}