audit

package
v1.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 12, 2026 License: AGPL-3.0 Imports: 11 Imported by: 0

Documentation

Overview

Package audit manages the registry audit log ring buffer and optional external export (Splunk HEC, syslog/CEF, plain JSON). It is extracted from the registry server monolith as part of the R1.2 decomposition plan (architecture-notes/08-REGISTRY-EXTRACTION.md).

Fan-out from the server's audit() helper to the ring buffer and exporter is async: server.audit() publishes an "audit.entry" event on the shared events.Bus; Store.Subscribe starts a background goroutine that consumes those events and writes them here. This removes the direct coupling between the server's hot request path and the audit I/O.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuditExporter 

type AuditExporter struct {
	// contains filtered or unexported fields
}

AuditExporter sends audit events to an external system in the configured format (Splunk HEC, syslog/CEF, or plain JSON). It runs asynchronously with a buffered channel, just like registryWebhook.

func NewAuditExporter 

func NewAuditExporter(cfg *wire.BlueprintAuditExport) *AuditExporter

NewAuditExporter creates and starts a new AuditExporter for the given config. It is exported so that the server package shim (audit_export.go) can delegate to it without the sub-package re-implementing the constructor.

func (*AuditExporter) Close 

func (ae *AuditExporter) Close()

Close signals the background goroutine to stop and waits for it to drain.

func (*AuditExporter) Export 

func (ae *AuditExporter) Export(entry *Entry)

Export queues an audit entry for export. Non-blocking; drops if buffer full.

func (*AuditExporter) Stats 

func (ae *AuditExporter) Stats() (exported, dropped uint64)

Stats returns export statistics.

type Entry 

type Entry struct {
	Timestamp string `json:"timestamp"`
	Action    string `json:"action"`
	NetworkID uint16 `json:"network_id,omitempty"`
	NodeID    uint32 `json:"node_id,omitempty"`
	Details   string `json:"details,omitempty"`
}

Entry records a single audit event. The JSON tags match the on-wire format used by handleGetAuditLog and the snapshot serialiser.

func BuildEntry 

func BuildEntry(action string, netID uint16, nodeID uint32, attrs ...any) Entry

type SplunkHECEvent 

type SplunkHECEvent struct {
	Time       int64                  `json:"time"`
	Host       string                 `json:"host,omitempty"`
	Source     string                 `json:"source,omitempty"`
	SourceType string                 `json:"sourcetype,omitempty"`
	Index      string                 `json:"index,omitempty"`
	Event      map[string]interface{} `json:"event"`
}

SplunkHECEvent is the Splunk HTTP Event Collector event format.

type Store 

type Store struct {
	// contains filtered or unexported fields
}

Store holds the in-memory audit ring buffer and the optional external export adapter. All exported methods are safe for concurrent use.

func NewStore 

func NewStore() *Store

NewStore creates an empty Store with no exporter configured.

func (*Store) Append 

func (st *Store) Append(e Entry)

Append directly inserts an entry into the ring buffer and forwards it to the exporter (if configured). It is used by the snapshot restore path which bypasses the bus (no need to publish historical entries).

func (*Store) Close 

func (st *Store) Close()

Close stops the bus subscriber goroutine and drains/closes the exporter.

func (*Store) ExporterConfig 

func (st *Store) ExporterConfig() *wire.BlueprintAuditExport

ExporterConfig returns the active export configuration (nil = disabled).

func (*Store) ExporterStats 

func (st *Store) ExporterStats() (exported, dropped uint64)

ExporterStats returns (exported, dropped) counters from the active exporter.

func (*Store) FilteredEntries 

func (st *Store) FilteredEntries(filterNetID uint16, limit int) []map[string]interface{}

FilteredEntries returns audit entries newest-first, filtered by netID (0 = all) and limited to at most limit entries.

func (*Store) HandleGetAuditExport 

func (st *Store) HandleGetAuditExport(_ map[string]interface{}) (map[string]interface{}, error)

HandleGetAuditExport builds the response map for a "get_audit_export" protocol request. adminCheck must be called by the caller before invoking this method (the server wraps this in handleGetAuditExport which first calls requireAdminToken).

func (*Store) RestoreLog 

func (st *Store) RestoreLog(entries []Entry)

RestoreLog replaces the ring buffer with the provided slice (used during snapshot restore on startup).

func (*Store) SetExporter 

func (st *Store) SetExporter(cfg *wire.BlueprintAuditExport)

SetExporter replaces the current exporter with a new one built from cfg. The old exporter (if any) is drained and closed. Pass nil cfg to disable.

func (*Store) Snapshot 

func (st *Store) Snapshot() []Entry

Snapshot returns a copy of the current audit log (oldest first).

func (*Store) Subscribe 

func (st *Store) Subscribe(bus events.Bus)

Subscribe starts a background goroutine that reads "audit.entry" events from the bus and forwards each one to the configured exporter. Ring-buffer writes are synchronous (via Append); this goroutine handles only async exporter fan-out. Call it once after constructing the Store.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.