Skip to content

VAULT-30108: Include User-Agent header in audit requests by default#28596

Merged
ccapurso merged 9 commits intomainfrom
vault-30108-audit-user-agent
Oct 7, 2024
Merged

VAULT-30108: Include User-Agent header in audit requests by default#28596
ccapurso merged 9 commits intomainfrom
vault-30108-audit-user-agent

Conversation

@ccapurso
Copy link
Contributor

@ccapurso ccapurso commented Oct 4, 2024
edited
Loading

Description

This PR adds the User-Agent as a default header in audit request entries. As with other request headers, this will not be hashed by default. One can override this and choose to HMAC the value via the /sys/config/auditing/request-headers/:name endpoint.

TODO only if you're a HashiCorp employee

  • Backport Labels: If this PR is in the ENT repo and needs to be backported, backport
    to N, N-1, and N-2, using the backport/ent/x.x.x+ent labels. If this PR is in the CE repo, you should only backport to N, using the backport/x.x.x label, not the enterprise labels.
    • If this fixes a critical security vulnerability or severity 1 bug, it will also need to be backported to the current LTS versions of Vault. To ensure this, use all available enterprise labels.
  • ENT Breakage: If this PR either 1) removes a public function OR 2) changes the signature
    of a public function, even if that change is in a CE file, double check that
    applying the patch for this PR to the ENT repo and running tests doesn't
    break any tests. Sometimes ENT only tests rely on public functions in CE
    files.
  • Jira: If this change has an associated Jira, it's referenced either
    in the PR description, commit message, or branch name.
  • RFC: If this change has an associated RFC, please link it in the description.
  • ENT PR: If this change has an associated ENT PR, please link it in the
    description. Also, make sure the changelog is in this PR, not in your ENT PR.

@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Oct 4, 2024
@github-actions
Copy link

github-actions bot commented Oct 4, 2024
edited
Loading

CI Results:
All Go tests succeeded! ✅

@ccapurso ccapurso added this to the 1.19.0-rc milestone Oct 4, 2024
@ccapurso ccapurso marked this pull request as ready for review October 4, 2024 18:59
@ccapurso ccapurso requested a review from a team as a code owner October 4, 2024 18:59
VioletHynes
VioletHynes approved these changes Oct 4, 2024
View reviewed changes
Copy link
Contributor

@VioletHynes VioletHynes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is awesome! Glad it worked out so well, and love the new test stuff. Just some small nits that aren't required, but would be nice :)

vault/external_tests/audit/audit_test.go Outdated
err := json.Unmarshal(scanner.Bytes(), &entry)
require.NoError(t, err)

request := entry["request"].(map[string]interface{})
Copy link
Contributor

@VioletHynes VioletHynes Oct 4, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: would be nice to have an ok here and require.True it

@github-actions
Copy link

github-actions bot commented Oct 4, 2024

Build Results:
All builds succeeded! ✅

@ccapurso ccapurso merged commit 69411d7 into main Oct 7, 2024
@ccapurso ccapurso deleted the vault-30108-audit-user-agent branch October 7, 2024 14:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@VioletHynes VioletHynes VioletHynes approved these changes

@akshya96 akshya96 Awaiting requested review from akshya96

Assignees

No one assigned

Labels

hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed

Projects

None yet

Milestone

1.19.0-rc

Development

Successfully merging this pull request may close these issues.

2 participants

@ccapurso @VioletHynes