Merge pull request #7 from ncode/juliano/bumps

fix: resolve multiple bugs and improve test coverage

Author: ncode

.github/workflows/ci.yml

@@ -6,17 +6,17 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v4.2.2
         with:
           fetch-depth: 2
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5.4.0
         with:
-          go-version: '1.23'
+          go-version: '1.25'
       - name: Run coverage
-        run:  go test -coverpkg=./... ./... -race -coverprofile=coverage.out -covermode=atomic
+        run:  go env -w GOTOOLCHAIN=go1.25.0+auto && go test -coverpkg=./... ./... -race -coverprofile=coverage.out -covermode=atomic
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
-          verbose: true 
+          verbose: true
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/codeql.yml

@@ -14,12 +14,12 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v4.2.2
 
     - name: Set up Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5.4.0
       with:
-        go-version: '1.23'
+        go-version: '1.25'
 
     - name: Build
       run: go build -v ./...

.github/workflows/go.yml

@@ -1,9 +1,10 @@
+# Vault Audit Filter
+
+[![Go](https://github.com/ncode/vault-audit-filter/actions/workflows/go.yml/badge.svg)](https://github.com/ncode/vault-audit-filter/actions/workflows/go.yml)
 [![Go Report Card](https://goreportcard.com/badge/github.com/ncode/vault-audit-filter)](https://goreportcard.com/report/github.com/ncode/vault-audit-filter)
 [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![codecov](https://codecov.io/gh/ncode/vault-audit-filter/graph/badge.svg?token=PTW9OYF19R)](https://codecov.io/gh/ncode/vault-audit-filter)
 
-# Vault Audit Filter
-
 `vault-audit-filter` is a Go-based tool designed to filter and log HashiCorp Vault audit logs based on configurable rules. It provides fine-grained control over how Vault audit events are processed and categorized, allowing you to capture critical events while reducing noise from routine operations.
 
 ## Features

README.md

@@ -17,32 +17,25 @@ package cmd
 
 import (
 	"fmt"
-	"log"
 
 	"github.com/ncode/vault-audit-filter/pkg/auditserver"
 	"github.com/panjf2000/gnet"
-	"github.com/spf13/viper"
-
 	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
 )
 
 // auditServerCmd represents the auditServer command
 var auditServerCmd = &cobra.Command{
 	Use:   "auditServer",
-	Short: "A brief description of your command",
-	Long: `A longer description that spans multiple lines and likely contains examples
-and usage of using your command. For example:
-
-Cobra is a CLI library for Go that empowers applications.
-This application is a tool to generate the needed files
-to quickly create a Cobra application.`,
-	Run: func(cmd *cobra.Command, args []string) {
+	Short: "Start the audit server to receive and filter Vault audit logs",
+	Long:  `Starts a UDP server that receives Vault audit logs and filters them based on configured rules.`,
+	RunE: func(cmd *cobra.Command, args []string) error {
 		addr := fmt.Sprintf("udp://%s", viper.GetString("vault.audit_address"))
-		server, err := auditserver.New(nil)
+		server, err := auditserver.New(logger)
 		if err != nil {
-			logger.Error(err.Error())
+			return fmt.Errorf("failed to create audit server: %w", err)
 		}
-		log.Fatal(gnet.Serve(server, addr, gnet.WithMulticore(true)))
+		return gnet.Serve(server, addr, gnet.WithMulticore(true))
 	},
 }
 

cmd/auditServer.go

@@ -0,0 +1,56 @@
+/*
+Copyright © 2024 Juliano Martinez <[email protected]>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package cmd
+
+import (
+	"testing"
+
+	"github.com/spf13/viper"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAuditServerCmd_InvalidRuleGroups(t *testing.T) {
+	viper.Reset()
+	viper.Set("vault.audit_address", "127.0.0.1:1269")
+	viper.Set("rule_groups", "invalid_value")
+
+	err := auditServerCmd.RunE(auditServerCmd, []string{})
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "failed to create audit server")
+}
+
+func TestAuditServerCmd_ValidConfig(t *testing.T) {
+	viper.Reset()
+	viper.Set("vault.audit_address", "127.0.0.1:1269")
+	viper.Set("rule_groups", []map[string]interface{}{
+		{
+			"name": "test_group",
+			"rules": []string{
+				"Request.Operation == 'read'",
+			},
+			"log_file": map[string]interface{}{
+				"file_path": "/tmp/test-audit.log",
+				"max_size":  10,
+			},
+		},
+	})
+
+	// We can't actually test gnet.Serve without starting a server,
+	// but we can at least verify the command is properly configured
+	assert.NotNil(t, auditServerCmd)
+	assert.Equal(t, "auditServer", auditServerCmd.Use)
+	assert.NotNil(t, auditServerCmd.RunE)
+}

cmd/auditServer_test.go

@@ -104,7 +104,10 @@ func initConfig() {
 		fmt.Fprintln(os.Stderr, "Using config file:", viper.ConfigFileUsed())
 	}
 
-	if !viper.IsSet("rule_groups") || len(viper.GetStringSlice("rule_groups")) == 0 {
+	ruleGroups := viper.Get("rule_groups")
+	if ruleGroups == nil {
+		logger.Info("No rules defined in configuration; all audit logs will be printed")
+	} else if slice, ok := ruleGroups.([]interface{}); ok && len(slice) == 0 {
 		logger.Info("No rules defined in configuration; all audit logs will be printed")
 	}
 }

cmd/root.go

@@ -0,0 +1,131 @@
+/*
+Copyright © 2024 Juliano Martinez <[email protected]>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package cmd
+
+import (
+	"bytes"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/spf13/viper"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestRootCmd_Exists(t *testing.T) {
+	assert.NotNil(t, rootCmd)
+	assert.Equal(t, "vault-audit-filter", rootCmd.Use)
+}
+
+func TestRootCmd_HasSubcommands(t *testing.T) {
+	commands := rootCmd.Commands()
+	assert.GreaterOrEqual(t, len(commands), 2)
+
+	var hasSetup, hasAuditServer bool
+	for _, cmd := range commands {
+		if cmd.Use == "setup" {
+			hasSetup = true
+		}
+		if cmd.Use == "auditServer" {
+			hasAuditServer = true
+		}
+	}
+	assert.True(t, hasSetup, "setup command should be registered")
+	assert.True(t, hasAuditServer, "auditServer command should be registered")
+}
+
+func TestRootCmd_PersistentFlags(t *testing.T) {
+	flags := rootCmd.PersistentFlags()
+
+	configFlag := flags.Lookup("config")
+	assert.NotNil(t, configFlag)
+
+	vaultAddressFlag := flags.Lookup("vault.address")
+	assert.NotNil(t, vaultAddressFlag)
+	assert.Equal(t, "http://127.0.0.1:8200", vaultAddressFlag.DefValue)
+
+	vaultTokenFlag := flags.Lookup("vault.token")
+	assert.NotNil(t, vaultTokenFlag)
+
+	vaultAuditPathFlag := flags.Lookup("vault.audit_path")
+	assert.NotNil(t, vaultAuditPathFlag)
+
+	vaultAuditAddressFlag := flags.Lookup("vault.audit_address")
+	assert.NotNil(t, vaultAuditAddressFlag)
+	assert.Equal(t, "127.0.0.1:1269", vaultAuditAddressFlag.DefValue)
+}
+
+func TestInitConfig_WithConfigFile(t *testing.T) {
+	// Create a temporary config file
+	tmpDir := t.TempDir()
+	configPath := filepath.Join(tmpDir, "test-config.yaml")
+
+	configContent := `
+vault:
+  address: "http://test-vault:8200"
+  token: "test-token"
+rule_groups:
+  - name: test
+    rules:
+      - "Request.Operation == 'read'"
+`
+	err := os.WriteFile(configPath, []byte(configContent), 0644)
+	assert.NoError(t, err)
+
+	// Reset viper and set config file
+	viper.Reset()
+	cfgFile = configPath
+	initConfig()
+
+	assert.Equal(t, "http://test-vault:8200", viper.GetString("vault.address"))
+	assert.Equal(t, "test-token", viper.GetString("vault.token"))
+
+	ruleGroups := viper.Get("rule_groups")
+	assert.NotNil(t, ruleGroups)
+
+	// Reset for other tests
+	cfgFile = ""
+	viper.Reset()
+}
+
+func TestInitConfig_NoRuleGroups(t *testing.T) {
+	viper.Reset()
+	cfgFile = ""
+
+	// initConfig should log that no rules are defined
+	// We just verify it doesn't panic
+	initConfig()
+
+	// Reset for other tests
+	viper.Reset()
+}
+
+func TestExecute_Help(t *testing.T) {
+	// Test that Execute doesn't panic with help flag
+	oldArgs := os.Args
+	defer func() { os.Args = oldArgs }()
+
+	os.Args = []string{"vault-audit-filter", "--help"}
+
+	// Capture output
+	rootCmd.SetOut(&bytes.Buffer{})
+	rootCmd.SetErr(&bytes.Buffer{})
+
+	// This should not panic
+	// We don't call Execute() directly as it calls os.Exit
+	err := rootCmd.Help()
+	assert.NoError(t, err)
+}