coulomb/railiance-platform
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Configure OpenBao file audit declaratively

Browse Source
This commit is contained in:
Bernd Worsch
2026-06-01 22:12:23 +02:00
parent 5840783e44
commit 087bb91b86
5 changed files with 53 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
scripts/openbao-verify.sh
View File

@@ -106,13 +106,19 @@ if [ "$MODE" = "basic" ]; then
fi
step "Post-unseal unauthenticated checks"
if run exec -n "$OPENBAO_NAMESPACE" "$pod" -- sh -c 'test -d /openbao/audit'; then
if run exec -n "$OPENBAO_NAMESPACE" "$pod" -- sh -c 'test -d /openbao/audit' >/dev/null 2>&1; then
ok "audit directory exists"
else
warn "audit directory missing or inaccessible"
fi
if run exec -n "$OPENBAO_NAMESPACE" "$pod" -- sh -c 'test -d /openbao/data'; then
if run exec -n "$OPENBAO_NAMESPACE" "$pod" -- sh -c 'test -s /openbao/audit/openbao-audit.log' >/dev/null 2>&1; then
ok "audit log file exists and is non-empty"
else
warn "audit log file missing or empty; declarative file audit is not verified"
fi
if run exec -n "$OPENBAO_NAMESPACE" "$pod" -- sh -c 'test -d /openbao/data' >/dev/null 2>&1; then
ok "raft data directory exists"
else
warn "raft data directory missing or inaccessible"