Skip to content

Commit

Permalink
Add 'discard' target to file audit backend (#3262)
Browse files Browse the repository at this point in the history
Fixes #seth
  • Loading branch information
jefferai authored Aug 30, 2017
1 parent b0f8d16 commit 22528da
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 6 deletions.
21 changes: 16 additions & 5 deletions builtin/audit/file/backend.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package file

import (
"fmt"
"io/ioutil"
"os"
"path/filepath"
"strconv"
Expand Down Expand Up @@ -33,6 +34,9 @@ func Factory(conf *audit.BackendConfig) (audit.Backend, error) {
if strings.ToLower(path) == "stdout" {
path = "stdout"
}
if strings.ToLower(path) == "discard" {
path = "discard"
}

format, ok := conf.Config["format"]
if !ok {
Expand Down Expand Up @@ -99,8 +103,8 @@ func Factory(conf *audit.BackendConfig) (audit.Backend, error) {
}

switch path {
case "stdout":
// no need to test opening file if outputting to stdout
case "stdout", "discard":
// no need to test opening file if outputting to stdout or discarding
default:
// Ensure that the file can be successfully opened for writing;
// otherwise it will be too late to catch later without problems
Expand Down Expand Up @@ -166,8 +170,11 @@ func (b *Backend) LogRequest(auth *logical.Auth, req *logical.Request, outerErr
b.fileLock.Lock()
defer b.fileLock.Unlock()

if b.path == "stdout" {
switch b.path {
case "stdout":
return b.formatter.FormatRequest(os.Stdout, b.formatConfig, auth, req, outerErr)
case "discard":
return b.formatter.FormatRequest(ioutil.Discard, b.formatConfig, auth, req, outerErr)
}

if err := b.open(); err != nil {
Expand Down Expand Up @@ -198,8 +205,11 @@ func (b *Backend) LogResponse(
b.fileLock.Lock()
defer b.fileLock.Unlock()

if b.path == "stdout" {
switch b.path {
case "stdout":
return b.formatter.FormatResponse(os.Stdout, b.formatConfig, auth, req, resp, err)
case "discard":
return b.formatter.FormatResponse(ioutil.Discard, b.formatConfig, auth, req, resp, err)
}

if err := b.open(); err != nil {
Expand Down Expand Up @@ -251,7 +261,8 @@ func (b *Backend) open() error {
}

func (b *Backend) Reload() error {
if b.path == "stdout" {
switch b.path {
case "stdout", "discard":
return nil
}

Expand Down
2 changes: 1 addition & 1 deletion website/source/docs/audit/file.html.md
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ Following are the configuration options available for the backend.
<span class="param">file_path</span>
<span class="param-flags">required</span>
The path to where the audit log will be written. If this
path exists, the audit backend will append to it. Specify `"stdout"` to write audit log to **stdout**.
path exists, the audit backend will append to it. Specify `"stdout"` to write audit log to standard output; specify `"discard"` to discard output (useful in testing scenarios).
</li>
<li>
<span class="param">log_raw</span>
Expand Down

0 comments on commit 22528da

Please sign in to comment.