Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add list of granting policies audit logs #15457

Merged
merged 2 commits into from
May 16, 2022
Merged

Conversation

briankassouf
Copy link
Contributor

This PR adds a policy results block to the audit log output. This block contains a list of the policy or policies that actually granted the permissions needed for the request.

Example Audit Logs:

    "policy_results": {
      "allowed": true,
      "granting_policies": [
        {
          "name": "admin",
          "namespace_id": "root",
          "type": "acl"
        },
        {
          "name": "always-pass1",
          "namespace_id": "root",
          "type": "rgp"
        },
        {
          "name": "always-pass-ns1",
          "namespace_id": "root",
          "type": "egp"
        }
      ]
    },

The policy_results block is also a more explicit way to detect a request failed due to being unauthorized:

    "policy_results": {
      "allowed": false
    },

@briankassouf briankassouf added this to the 1.11.0-rc1 milestone May 16, 2022
@briankassouf briankassouf requested review from pmmukh and swayne275 May 16, 2022 22:29
@briankassouf briankassouf merged commit dad15be into main May 16, 2022
@briankassouf briankassouf deleted the granting-policies-auditlog branch May 16, 2022 23:23
Gabrielopesantos pushed a commit to Gabrielopesantos/vault that referenced this pull request Jun 6, 2022
* Add list of granting policies audit logs

* Add changelog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants