Configure OpenBao file audit declaratively
This commit is contained in:
parent
5840783e44
commit
087bb91b86
5 changed files with 53 additions and 36 deletions
|
|
@ -106,13 +106,19 @@ if [ "$MODE" = "basic" ]; then
|
|||
fi
|
||||
|
||||
step "Post-unseal unauthenticated checks"
|
||||
if run exec -n "$OPENBAO_NAMESPACE" "$pod" -- sh -c 'test -d /openbao/audit'; then
|
||||
if run exec -n "$OPENBAO_NAMESPACE" "$pod" -- sh -c 'test -d /openbao/audit' >/dev/null 2>&1; then
|
||||
ok "audit directory exists"
|
||||
else
|
||||
warn "audit directory missing or inaccessible"
|
||||
fi
|
||||
|
||||
if run exec -n "$OPENBAO_NAMESPACE" "$pod" -- sh -c 'test -d /openbao/data'; then
|
||||
if run exec -n "$OPENBAO_NAMESPACE" "$pod" -- sh -c 'test -s /openbao/audit/openbao-audit.log' >/dev/null 2>&1; then
|
||||
ok "audit log file exists and is non-empty"
|
||||
else
|
||||
warn "audit log file missing or empty; declarative file audit is not verified"
|
||||
fi
|
||||
|
||||
if run exec -n "$OPENBAO_NAMESPACE" "$pod" -- sh -c 'test -d /openbao/data' >/dev/null 2>&1; then
|
||||
ok "raft data directory exists"
|
||||
else
|
||||
warn "raft data directory missing or inaccessible"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue