audit

package
v3.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 21, 2026 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package audit defines supported-adapter audit event contracts for services.

Event, Recorder, and ValidateEvent provide the reusable contract shared by generated services and audit adapters such as auditpostgres. The package owns field validation, result labels, actor/tenant/resource fields, and defensive metadata cloning.

Audit metadata must stay redaction-safe before it reaches a Recorder. Do not put raw secrets, request bodies, provider payloads, or unbounded user input in metadata maps.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrInvalidEvent reports that an audit event is missing required fields.
	ErrInvalidEvent = errors.New("invalid audit event")
	// ErrUnsafeMetadata reports that audit metadata appears to contain a secret.
	ErrUnsafeMetadata = errors.New("unsafe audit metadata")
)

Functions

func CloneMetadata 

func CloneMetadata(metadata map[string]string) map[string]string

CloneMetadata returns a defensive copy of metadata.

func ValidateEvent 

func ValidateEvent(event Event) error

ValidateEvent verifies required fields and metadata safety.

func ValidateMetadata 

func ValidateMetadata(metadata map[string]string) error

ValidateMetadata rejects metadata keys that commonly carry raw secrets.

Types

type Actor 

type Actor struct {
	Type string
	ID   string
}

Actor identifies the principal responsible for an action.

type Event 

type Event struct {
	ID         string
	TenantID   string
	Actor      Actor
	Action     string
	Resource   Resource
	Result     Result
	RequestID  string
	Metadata   map[string]string
	OccurredAt time.Time
}

Event records a security-relevant action for tenant-scoped services.

type Recorder 

type Recorder interface {
	Record(ctx context.Context, event Event) error
}

Recorder stores audit events.

type Resource 

type Resource struct {
	Type string
	ID   string
}

Resource identifies the object affected by an action.

type Result 

type Result string

Result describes the outcome recorded by an audit event. 

const (
	// ResultSuccess records an allowed action that completed successfully.
	ResultSuccess Result = "success"
	// ResultDenied records an authorization or policy denial.
	ResultDenied Result = "denied"
	// ResultFailure records an attempted action that failed.
	ResultFailure Result = "failure"
)

Source Files

View all Source files

Directories

Path Synopsis
Package audittest contains reusable audit recorder contract tests.
 Package audittest contains reusable audit recorder contract tests.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.