Class: Vault::Provision::Sys::Audit
- Inherits:
-
Prototype
- Object
- Prototype
- Vault::Provision::Sys::Audit
- Defined in:
- lib/vault/provision/sys/audit.rb
Overview
helps to enable auditing
Instance Method Summary collapse
- #backend_changed?(vault_conf, file_conf) ⇒ Boolean
- #backend_exists?(path) ⇒ Boolean
- #provision! ⇒ Object
Instance Method Details
#backend_changed?(vault_conf, file_conf) ⇒ Boolean
29 30 31 32 33 34 35 |
# File 'lib/vault/provision/sys/audit.rb', line 29 def backend_changed?(vault_conf, file_conf) return true unless vault_conf file_conf.deep_symbolize_keys.each do |k, v| return true if v != vault_conf.to_h[k] end false end |
#backend_exists?(path) ⇒ Boolean
37 38 39 |
# File 'lib/vault/provision/sys/audit.rb', line 37 def backend_exists?(path) !@vault.sys.audits[path.to_sym].nil? end |
#provision! ⇒ Object
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
# File 'lib/vault/provision/sys/audit.rb', line 3 def provision! change = [] repo_files.each do |rf| audits = @vault.sys.audits validate_file! rf path = rf[(repo_path.length + 1)..-6] r_conf = JSON.parse(File.read(rf)) next unless backend_changed? audits[path.to_sym], r_conf # API only lets you delete & re-create audit backends # No upcerts allowed :( if backend_exists?(path) puts " * #{path} changed, disabling for update" @vault.sys.disable_audit(path) end puts " * #{path} enabled" @vault.sys.enable_audit(path, r_conf['type'], r_conf['description'], r_conf['options']) change << @vault.sys.audits[path.to_sym] end change end |