-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VAULT-30108: Include User-Agent header in audit requests by default #28596
base: main
Are you sure you want to change the base?
Conversation
CI Results: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is awesome! Glad it worked out so well, and love the new test stuff. Just some small nits that aren't required, but would be nice :)
@@ -254,9 +254,11 @@ func TestAuditedHeadersConfig_ApplyConfig(t *testing.T) { | |||
t.Fatal(err) | |||
} | |||
|
|||
const hmacPrefix = "hmac-sha256:" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Love this little clean up :)
@@ -175,6 +175,7 @@ func (a *HeadersConfig) DefaultHeaders() map[string]*headerSettings { | |||
return map[string]*headerSettings{ | |||
correlationID: {}, | |||
xCorrelationID: {}, | |||
"user-agent": {}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Huh, just one line of code! Awesome :D
err := json.Unmarshal(scanner.Bytes(), &entry) | ||
require.NoError(t, err) | ||
|
||
request := entry["request"].(map[string]interface{}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: would be nice to have an ok
here and require.True
it
request := entry["request"].(map[string]interface{}) | ||
|
||
// test probe will not have headers set | ||
if request["path"].(string) != "sys/audit/test" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: would be nice to ensure we get ok
from the type assertion
Build Results: |
Description
This PR adds the User-Agent as a default header in audit request entries. As with other request headers, this will not be hashed by default. One can override this and choose to HMAC the value via the /sys/config/auditing/request-headers/:name endpoint.
TODO only if you're a HashiCorp employee
to N, N-1, and N-2, using the
backport/ent/x.x.x+ent
labels. If this PR is in the CE repo, you should only backport to N, using thebackport/x.x.x
label, not the enterprise labels.of a public function, even if that change is in a CE file, double check that
applying the patch for this PR to the ENT repo and running tests doesn't
break any tests. Sometimes ENT only tests rely on public functions in CE
files.
in the PR description, commit message, or branch name.
description. Also, make sure the changelog is in this PR, not in your ENT PR.