From b88eded18fd1487544b571441b5b43ab5537cd69 Mon Sep 17 00:00:00 2001
From: Daniel Huckins <dhuckins@users.noreply.github.com>
Date: Fri, 16 Dec 2022 15:17:29 -0500
Subject: [PATCH 1/7] added audit-hash operations

---
 vault/logical_system_paths.go | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/vault/logical_system_paths.go b/vault/logical_system_paths.go
index 37817f4919b6..4fdac1b0afc5 100644
--- a/vault/logical_system_paths.go
+++ b/vault/logical_system_paths.go
@@ -1,6 +1,7 @@
 package vault
 
 import (
+	"net/http"
 	"strings"
 
 	"github.com/hashicorp/vault/sdk/framework"
@@ -571,9 +572,21 @@ func (b *SystemBackend) auditPaths() []*framework.Path {
 					Type: framework.TypeString,
 				},
 			},
-
-			Callbacks: map[logical.Operation]framework.OperationFunc{
-				logical.UpdateOperation: b.handleAuditHash,
+			Operations: map[logical.Operation]framework.OperationHandler{
+				logical.UpdateOperation: &framework.PathOperation{
+					Callback: b.handleAuditHash,
+					Responses: map[int][]framework.Response{
+						http.StatusOK: {{
+							Description: "OK",
+							Fields: map[string]*framework.FieldSchema{
+								"hash": {
+									Type:     framework.TypeString,
+									Required: true,
+								},
+							},
+						}},
+					},
+				},
 			},
 
 			HelpSynopsis:    strings.TrimSpace(sysHelp["audit-hash"][0]),

From 72b6668de69698e90114a1377b422413ace236e8 Mon Sep 17 00:00:00 2001
From: Daniel Huckins <dhuckins@users.noreply.github.com>
Date: Fri, 16 Dec 2022 17:19:24 -0500
Subject: [PATCH 2/7] more audit paths

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
---
 vault/logical_system_paths.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/vault/logical_system_paths.go b/vault/logical_system_paths.go
index 4fdac1b0afc5..5a8d17d37c05 100644
--- a/vault/logical_system_paths.go
+++ b/vault/logical_system_paths.go
@@ -600,6 +600,12 @@ func (b *SystemBackend) auditPaths() []*framework.Path {
 				logical.ReadOperation: &framework.PathOperation{
 					Callback: b.handleAuditTable,
 					Summary:  "List the enabled audit devices.",
+					Responses: map[int][]framework.Response{
+						http.StatusOK: {{
+							// this response has dynamic keys
+							Description: "OK",
+						}},
+					},
 				},
 			},
 
@@ -638,10 +644,20 @@ func (b *SystemBackend) auditPaths() []*framework.Path {
 				logical.UpdateOperation: &framework.PathOperation{
 					Callback: b.handleEnableAudit,
 					Summary:  "Enable a new audit device at the supplied path.",
+					Responses: map[int][]framework.Response{
+						http.StatusNoContent: {{
+							Description: "OK",
+						}},
+					},
 				},
 				logical.DeleteOperation: &framework.PathOperation{
 					Callback: b.handleDisableAudit,
 					Summary:  "Disable the audit device at the given path.",
+					Responses: map[int][]framework.Response{
+						http.StatusNoContent: {{
+							Description: "OK",
+						}},
+					},
 				},
 			},
 

From a1785b1465385a2c4f275343f3f25ef9938ec5da Mon Sep 17 00:00:00 2001
From: Daniel Huckins <dhuckins@users.noreply.github.com>
Date: Fri, 16 Dec 2022 17:36:40 -0500
Subject: [PATCH 3/7] added audit fields

---
 vault/logical_system_paths.go | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/vault/logical_system_paths.go b/vault/logical_system_paths.go
index 5a8d17d37c05..91cc57b329a6 100644
--- a/vault/logical_system_paths.go
+++ b/vault/logical_system_paths.go
@@ -681,14 +681,31 @@ func (b *SystemBackend) auditPaths() []*framework.Path {
 				logical.UpdateOperation: &framework.PathOperation{
 					Callback: b.handleAuditedHeaderUpdate,
 					Summary:  "Enable auditing of a header.",
+					Responses: map[int][]framework.Response{
+						http.StatusNoContent: {{
+							Description: "OK",
+						}},
+					},
 				},
 				logical.DeleteOperation: &framework.PathOperation{
 					Callback: b.handleAuditedHeaderDelete,
 					Summary:  "Disable auditing of the given request header.",
+					Responses: map[int][]framework.Response{
+						http.StatusNoContent: {{
+							Description: "OK",
+						}},
+					},
 				},
 				logical.ReadOperation: &framework.PathOperation{
 					Callback: b.handleAuditedHeaderRead,
 					Summary:  "List the information for the given request header.",
+					Responses: map[int][]framework.Response{
+						http.StatusOK: {{
+							Description: "OK",
+							// the response keys are dynamic
+							Fields: map[string]*framework.FieldSchema{},
+						}},
+					},
 				},
 			},
 
@@ -703,6 +720,17 @@ func (b *SystemBackend) auditPaths() []*framework.Path {
 				logical.ReadOperation: &framework.PathOperation{
 					Callback: b.handleAuditedHeadersRead,
 					Summary:  "List the request headers that are configured to be audited.",
+					Responses: map[int][]framework.Response{
+						http.StatusOK: {{
+							Description: "OK",
+							Fields: map[string]*framework.FieldSchema{
+								"headers": {
+									Type:     framework.TypeMap,
+									Required: true,
+								},
+							},
+						}},
+					},
 				},
 			},
 

From d64ab7daeb979fbbf459830fc7b066c56c844945 Mon Sep 17 00:00:00 2001
From: Daniel Huckins <dhuckins@users.noreply.github.com>
Date: Thu, 22 Dec 2022 13:30:49 -0500
Subject: [PATCH 4/7] add changelog file

---
 changelog/18456.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 changelog/18456.txt

diff --git a/changelog/18456.txt b/changelog/18456.txt
new file mode 100644
index 000000000000..ee297508f2a4
--- /dev/null
+++ b/changelog/18456.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+openapi: add openapi response defintions to /sys/audit endpoints
+```
\ No newline at end of file

From 8f888e42515b9945526f53491094022022e79b58 Mon Sep 17 00:00:00 2001
From: Daniel Huckins <dhuckins@users.noreply.github.com>
Date: Thu, 19 Jan 2023 13:07:22 -0500
Subject: [PATCH 5/7] dynamic fields should be nil

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
---
 vault/logical_system_paths.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/vault/logical_system_paths.go b/vault/logical_system_paths.go
index 91cc57b329a6..03d7eb941307 100644
--- a/vault/logical_system_paths.go
+++ b/vault/logical_system_paths.go
@@ -604,6 +604,7 @@ func (b *SystemBackend) auditPaths() []*framework.Path {
 						http.StatusOK: {{
 							// this response has dynamic keys
 							Description: "OK",
+							Fields:      nil,
 						}},
 					},
 				},
@@ -703,7 +704,7 @@ func (b *SystemBackend) auditPaths() []*framework.Path {
 						http.StatusOK: {{
 							Description: "OK",
 							// the response keys are dynamic
-							Fields: map[string]*framework.FieldSchema{},
+							Fields: nil,
 						}},
 					},
 				},

From f384098a42ba32261278aa939212bd6015408d0f Mon Sep 17 00:00:00 2001
From: Daniel Huckins <dhuckins@users.noreply.github.com>
Date: Thu, 19 Jan 2023 15:23:19 -0500
Subject: [PATCH 6/7] start to add test helper

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
---
 vault/logical_system_test.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/vault/logical_system_test.go b/vault/logical_system_test.go
index e3bd92389b8c..ce17cd2f164a 100644
--- a/vault/logical_system_test.go
+++ b/vault/logical_system_test.go
@@ -32,6 +32,7 @@ import (
 	"github.com/hashicorp/vault/sdk/helper/jsonutil"
 	"github.com/hashicorp/vault/sdk/helper/pluginutil"
 	"github.com/hashicorp/vault/sdk/helper/salt"
+	"github.com/hashicorp/vault/sdk/helper/testhelpers/schema"
 	"github.com/hashicorp/vault/sdk/logical"
 	"github.com/hashicorp/vault/version"
 	"github.com/mitchellh/mapstructure"
@@ -2193,6 +2194,7 @@ func TestSystemBackend_enableAudit(t *testing.T) {
 
 func TestSystemBackend_auditHash(t *testing.T) {
 	c, b, _ := testCoreSystemBackend(t)
+	paths := b.(*SystemBackend).auditPaths()
 	c.auditBackends["noop"] = func(ctx context.Context, config *audit.BackendConfig) (audit.Backend, error) {
 		view := &logical.InmemStorage{}
 		view.Put(namespace.RootContext(nil), &logical.StorageEntry{
@@ -2220,6 +2222,7 @@ func TestSystemBackend_auditHash(t *testing.T) {
 	if resp != nil {
 		t.Fatalf("bad: %v", resp)
 	}
+	schema.ValidateResponse()
 
 	req = logical.TestRequest(t, logical.UpdateOperation, "audit-hash/foo")
 	req.Data["input"] = "bar"

From baffe55c0deb95c838a00dbe6831c8c936aadb75 Mon Sep 17 00:00:00 2001
From: Daniel Huckins <dhuckins@users.noreply.github.com>
Date: Thu, 19 Jan 2023 15:35:29 -0500
Subject: [PATCH 7/7] add tests for /sys/audit openapi paths

---
 vault/logical_system_test.go | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/vault/logical_system_test.go b/vault/logical_system_test.go
index ce17cd2f164a..6bdef6e7df88 100644
--- a/vault/logical_system_test.go
+++ b/vault/logical_system_test.go
@@ -2222,7 +2222,12 @@ func TestSystemBackend_auditHash(t *testing.T) {
 	if resp != nil {
 		t.Fatalf("bad: %v", resp)
 	}
-	schema.ValidateResponse()
+	schema.ValidateResponse(
+		t,
+		schema.FindResponseSchema(t, paths, 2, req.Operation),
+		resp,
+		true,
+	)
 
 	req = logical.TestRequest(t, logical.UpdateOperation, "audit-hash/foo")
 	req.Data["input"] = "bar"
@@ -2234,6 +2239,13 @@ func TestSystemBackend_auditHash(t *testing.T) {
 	if resp == nil || resp.Data == nil {
 		t.Fatalf("response or its data was nil")
 	}
+	schema.ValidateResponse(
+		t,
+		schema.FindResponseSchema(t, paths, 0, req.Operation),
+		resp,
+		true,
+	)
+
 	hash, ok := resp.Data["hash"]
 	if !ok {
 		t.Fatalf("did not get hash back in response, response was %#v", resp.Data)