Documentation
¶
Index ¶
- Constants
- func HttpFilter(a Auditing, logger *slog.Logger, opts ...httpFilterOpt) (restful.FilterFunction, error)
- func NewConnectInterceptor(a Auditing, logger *slog.Logger, shouldAudit func(fullMethod string) bool) (connect.Interceptor, error)
- func NewHttpFilterErrorCallback(callback func(err error, response *restful.Response)) *httpFilterErrorCallback
- func StreamServerInterceptor(a Auditing, logger *slog.Logger, shouldAudit func(fullMethod string) bool) (grpc.StreamServerInterceptor, error)
- func UnaryServerInterceptor(a Auditing, logger *slog.Logger, shouldAudit func(fullMethod string) bool) (grpc.UnaryServerInterceptor, error)
- type AsyncConfig
- type Auditing
- type Config
- type Entry
- type EntryDetail
- type EntryFilter
- type EntryPhase
- type EntryType
- type Interval
- type MemoryConfig
- type SplunkConfig
- type TimescaleDbConfig
Constants ¶
View Source
const ( // Include explicitly includes the request to the auditing backend even if the request method would prevent the request to be audited (only applies for the http filter) Include string = "include-to-auditing" // Exclude explicitly excludes the request to the auditing backend even if the request method would audit the request (only applies for the http filter) Exclude string = "exclude-from-auditing" )
View Source
const EntryFilterDefaultLimit int64 = 100
Variables ¶
This section is empty.
Functions ¶
func HttpFilter ¶
func NewConnectInterceptor ¶
func NewHttpFilterErrorCallback ¶ added in v0.20.1
func StreamServerInterceptor ¶
func UnaryServerInterceptor ¶
Types ¶
type AsyncConfig ¶ added in v0.23.0
type Auditing ¶
type Auditing interface {
// Adds the given entry to the index.
// Some fields like `Id`, `Component` and `Timestamp` will be filled by the auditing driver if not given.
Index(Entry) error
// Searches for entries matching the given filter.
// By default only recent entries will be returned.
// The returned entries will be sorted by timestamp in descending order.
Search(context.Context, EntryFilter) ([]Entry, error)
}
func NewAsync ¶ added in v0.23.0
NewAsync takes another audit backend and allows indexing audit traces asynchronously. If this is used it can occur that audit traces get lost in case the backend is not available for receiving the trace. The advantage is that it does not block.
Dev note: For a backend wrapped in async, it is strictly required that the index function does not modify internal state as otherwise race conditions will occur!
func NewMemory ¶ added in v0.22.0
func NewMemory(c Config, mc MemoryConfig) (Auditing, error)
NewMemory returns a new auditing backend that runs in memory. The main intention of this backend is to be used for testing purposes to avoid mocking.
Please note that this backend is not intended to be used for production because it is ephemeral and it is not guaranteed to have feature-parity with other auditing backends.
func NewSplunk ¶ added in v0.23.0
func NewSplunk(c Config, sc SplunkConfig) (Auditing, error)
NewSplunk returns a new auditing backend for splunk. It supports the HTTP event collector interface.
func NewTimescaleDB ¶ added in v0.20.0
func NewTimescaleDB(c Config, tc TimescaleDbConfig) (Auditing, error)
type Entry ¶
type Entry struct {
Id string `json:"-"` // filled by the auditing driver
Component string `json:"component"`
RequestId string `json:"rqid"`
Type EntryType `json:"type"`
Timestamp time.Time `json:"timestamp"`
User string `json:"user"`
Tenant string `json:"tenant"`
Project string `json:"project"`
// For `EntryDetailHTTP` the HTTP method get, post, put, delete, ...
// For `EntryDetailGRPC` unary, stream
Detail EntryDetail `json:"detail"`
// e.g. Request, Response, Error, Opened, Close
Phase EntryPhase `json:"phase"`
// For `EntryDetailHTTP` /api/v1/...
// For `EntryDetailGRPC` /api.v1/... (the method name)
Path string `json:"path"`
ForwardedFor string `json:"forwardedfor"`
RemoteAddr string `json:"remoteaddr"`
Body any `json:"body"` // JSON, string or numbers
StatusCode *int `json:"statuscode"` // for `EntryDetailHTTP` the HTTP status code, for EntryDetailGRPC` the grpc status code
// Internal errors
Error any `json:"error"`
}
type EntryDetail ¶
type EntryDetail string
const ( EntryDetailGRPCUnary EntryDetail = "unary" EntryDetailGRPCStream EntryDetail = "stream" )
type EntryFilter ¶ added in v0.11.7
type EntryFilter struct {
Limit int64 `json:"limit" optional:"true"` // default `EntryFilterDefaultLimit`
// In range
From time.Time `json:"from" optional:"true"`
To time.Time `json:"to" optional:"true"`
Component string `json:"component" optional:"true"` // exact match
RequestId string `json:"rqid" optional:"true"` // starts with
Type EntryType `json:"type" optional:"true"` // exact match
User string `json:"user" optional:"true"` // exact match
Tenant string `json:"tenant" optional:"true"` // exact match
Project string `json:"project" optional:"true"` // exact match
Detail EntryDetail `json:"detail" optional:"true"` // exact match
Phase EntryPhase `json:"phase" optional:"true"` // exact match
Path string `json:"path" optional:"true"` // free text
ForwardedFor string `json:"forwarded_for" optional:"true"` // free text
RemoteAddr string `json:"remote_addr" optional:"true"` // free text
Body string `json:"body" optional:"true"` // free text
StatusCode *int `json:"status_code" optional:"true"` // exact match
Error string `json:"error" optional:"true"` // free text
}
type EntryPhase ¶
type EntryPhase string
const ( EntryPhaseRequest EntryPhase = "request" EntryPhaseResponse EntryPhase = "response" EntryPhaseSingle EntryPhase = "single" EntryPhaseError EntryPhase = "error" EntryPhaseOpened EntryPhase = "opened" EntryPhaseClosed EntryPhase = "closed" )
type MemoryConfig ¶ added in v0.22.0
type MemoryConfig struct{}
type SplunkConfig ¶ added in v0.23.0
type TimescaleDbConfig ¶ added in v0.20.0
type TimescaleDbConfig struct {
Host string
Port string
DB string
User string
Password string
// Retention defines when audit traces will be thrown away, only settable on initial database usage
// If this needs to be changed over time, you need to do this manually. Defaults to '14 days'.
Retention string
// CompressionInterval defines after which period audit traces will be compressed, only settable on initial database usage.
// If this needs to be changed over time, you need to do this manually. Defaults to '7 days'.
CompressionInterval string
// ChunkInterval defines after which period audit traces will be stored in a new chunk table, only settable on initial database usage.
// If this needs to be changed over time, you need to do this manually. Defaults to '1 days'.
ChunkInterval string
MaxIdleConns *int
ConnMaxLifetime *time.Duration
MaxOpenConns *int
}
Source Files
Click to show internal directories.
Click to hide internal directories.