v1.14.6/audit/audit.go - hashicorp/vault - Git at Google

 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0

 package audit

 import (
 	"context"

 	"github.com/hashicorp/vault/sdk/helper/salt"
 	"github.com/hashicorp/vault/sdk/logical"
 )

 // Backend interface must be implemented for an audit
 // mechanism to be made available. Audit backends can be enabled to
 // sink information to different backends such as logs, file, databases,
 // or other external services.
 type Backend interface {
 	// LogRequest is used to synchronously log a request. This is done after the
 	// request is authorized but before the request is executed. The arguments
 	// MUST not be modified in anyway. They should be deep copied if this is
 	// a possibility.
 	LogRequest(context.Context, *logical.LogInput) error

 	// LogResponse is used to synchronously log a response. This is done after
 	// the request is processed but before the response is sent. The arguments
 	// MUST not be modified in anyway. They should be deep copied if this is
 	// a possibility.
 	LogResponse(context.Context, *logical.LogInput) error

 	// LogTestMessage is used to check an audit backend before adding it
 	// permanently. It should attempt to synchronously log the given test
 	// message, WITHOUT using the normal Salt (which would require a storage
 	// operation on creation, which is currently disallowed.)
 	LogTestMessage(context.Context, *logical.LogInput, map[string]string) error

 	// GetHash is used to return the given data with the backend's hash,
 	// so that a caller can determine if a value in the audit log matches
 	// an expected plaintext value
 	GetHash(context.Context, string) (string, error)

 	// Reload is called on SIGHUP for supporting backends.
 	Reload(context.Context) error

 	// Invalidate is called for path invalidation
 	Invalidate(context.Context)
 }

 // BackendConfig contains configuration parameters used in the factory func to
 // instantiate audit backends
 type BackendConfig struct {
 	// The view to store the salt
 	SaltView logical.Storage

 	// The salt config that should be used for any secret obfuscation
 	SaltConfig *salt.Config

 	// Config is the opaque user configuration provided when mounting
 	Config map[string]string
 }

 // Factory is the factory function to create an audit backend.
 type Factory func(context.Context, *BackendConfig) (Backend, error)
	// Copyright (c) HashiCorp, Inc.
	// SPDX-License-Identifier: MPL-2.0

	package audit

	import (
	"context"

	"github.com/hashicorp/vault/sdk/helper/salt"
	"github.com/hashicorp/vault/sdk/logical"
	)

	// Backend interface must be implemented for an audit
	// mechanism to be made available. Audit backends can be enabled to
	// sink information to different backends such as logs, file, databases,
	// or other external services.
	type Backend interface {
	// LogRequest is used to synchronously log a request. This is done after the
	// request is authorized but before the request is executed. The arguments
	// MUST not be modified in anyway. They should be deep copied if this is
	// a possibility.
	LogRequest(context.Context, *logical.LogInput) error

	// LogResponse is used to synchronously log a response. This is done after
	// the request is processed but before the response is sent. The arguments
	// MUST not be modified in anyway. They should be deep copied if this is
	// a possibility.
	LogResponse(context.Context, *logical.LogInput) error

	// LogTestMessage is used to check an audit backend before adding it
	// permanently. It should attempt to synchronously log the given test
	// message, WITHOUT using the normal Salt (which would require a storage
	// operation on creation, which is currently disallowed.)
	LogTestMessage(context.Context, *logical.LogInput, map[string]string) error

	// GetHash is used to return the given data with the backend's hash,
	// so that a caller can determine if a value in the audit log matches
	// an expected plaintext value
	GetHash(context.Context, string) (string, error)

	// Reload is called on SIGHUP for supporting backends.
	Reload(context.Context) error

	// Invalidate is called for path invalidation
	Invalidate(context.Context)
	}

	// BackendConfig contains configuration parameters used in the factory func to
	// instantiate audit backends
	type BackendConfig struct {
	// The view to store the salt
	SaltView logical.Storage

	// The salt config that should be used for any secret obfuscation
	SaltConfig *salt.Config

	// Config is the opaque user configuration provided when mounting
	Config map[string]string
	}

	// Factory is the factory function to create an audit backend.
	type Factory func(context.Context, *BackendConfig) (Backend, error)