auditing

package
v0.25.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 22, 2026 License: MIT Imports: 7 Imported by: 12

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DefaultComponent added in v0.25.0 

func DefaultComponent() (string, error)

func PutUserInContext added in v0.25.0 

func PutUserInContext(ctx context.Context, u *User) context.Context

PutUserInContext puts the given user as a value in the context.

Types

type AsyncConfig added in v0.23.0 

type AsyncConfig struct {
	// AsyncRetry defines the amount of attempts to retry sending an audit trace to a backend in case it failed.
	AsyncRetry int
	// AsyncBackoff defines the backoff after a failed attempt to index an audit trace to a backend.
	AsyncBackoff *time.Duration
}

type Auditing 

type Auditing interface {
	// Adds the given entry to the index.
	// Some fields like `Id`, `Component` and `Timestamp` will be filled by the auditing driver if not given.
	Index(Entry) error
	// Searches for entries matching the given filter.
	// By default only recent entries will be returned.
	// The returned entries will be sorted by timestamp in descending order.
	Search(context.Context, EntryFilter) ([]Entry, error)

	// Implements the health check interface
	healthstatus.HealthCheck
}

func NewAsync added in v0.23.0 

func NewAsync(backend Auditing, log *slog.Logger, ac AsyncConfig) (Auditing, error)

NewAsync takes another audit backend and allows indexing audit traces asynchronously. If this is used it can occur that audit traces get lost in case the backend is not available for receiving the trace. The advantage is that it does not block.

Dev note: For a backend wrapped in async, it is strictly required that the index function does not modify internal state as otherwise race conditions will occur!

type Config 

type Config struct {
	Component string
	Log       *slog.Logger
	// IndexTimeout sets a timeout for indexing a trace for the backend.
	IndexTimeout time.Duration
}

type Entry 

type Entry struct {
	Id        string    `json:"-"` // filled by the auditing driver
	Component string    `json:"component"`
	RequestId string    `json:"rqid"`
	Type      EntryType `json:"type"`
	Timestamp time.Time `json:"timestamp"`

	User    string `json:"user"`
	Tenant  string `json:"tenant"`
	Project string `json:"project"`

	// For `EntryDetailHTTP` the HTTP method get, post, put, delete, ...
	// For `EntryDetailGRPC` unary, stream
	Detail EntryDetail `json:"detail"`
	// e.g. Request, Response, Error, Opened, Close
	Phase EntryPhase `json:"phase"`
	// For `EntryDetailHTTP` /api/v1/...
	// For `EntryDetailGRPC` /api.v1/... (the method name)
	Path         string `json:"path"`
	ForwardedFor string `json:"forwardedfor"`
	RemoteAddr   string `json:"remoteaddr"`

	Body       any  `json:"body"`       // JSON, string or numbers
	StatusCode *int `json:"statuscode"` // for `EntryDetailHTTP` the HTTP status code, for EntryDetailGRPC` the grpc status code

	// Internal errors
	Error any `json:"error"`
}

func (*Entry) PrepareForNextPhase added in v0.25.0 

func (e *Entry) PrepareForNextPhase()

type EntryDetail 

type EntryDetail string
const (
	EntryDetailGRPCUnary  EntryDetail = "unary"
	EntryDetailGRPCStream EntryDetail = "stream"
)

type EntryFilter added in v0.11.7 

type EntryFilter struct {
	Limit int64 `json:"limit" optional:"true"` // default `EntryFilterDefaultLimit`

	// In range
	From time.Time `json:"from" optional:"true"`
	To   time.Time `json:"to" optional:"true"`

	Component string    `json:"component" optional:"true"` // exact match
	RequestId string    `json:"rqid" optional:"true"`      // starts with
	Type      EntryType `json:"type" optional:"true"`      // exact match

	User    string `json:"user" optional:"true"`    // exact match
	Tenant  string `json:"tenant" optional:"true"`  // exact match
	Project string `json:"project" optional:"true"` // exact match

	Detail EntryDetail `json:"detail" optional:"true"` // exact match
	Phase  EntryPhase  `json:"phase" optional:"true"`  // exact match

	Path         string `json:"path" optional:"true"`          // free text
	ForwardedFor string `json:"forwarded_for" optional:"true"` // free text
	RemoteAddr   string `json:"remote_addr" optional:"true"`   // free text

	Body       string `json:"body" optional:"true"`        // free text
	StatusCode *int   `json:"status_code" optional:"true"` // exact match

	Error string `json:"error" optional:"true"` // free text
}

type EntryPhase 

type EntryPhase string
const (
	EntryPhaseRequest  EntryPhase = "request"
	EntryPhaseResponse EntryPhase = "response"
	EntryPhaseSingle   EntryPhase = "single"
	EntryPhaseError    EntryPhase = "error"
	EntryPhaseOpened   EntryPhase = "opened"
	EntryPhaseClosed   EntryPhase = "closed"
)

type EntryType 

type EntryType string
const (
	EntryTypeHTTP  EntryType = "http"
	EntryTypeGRPC  EntryType = "grpc"
	EntryTypeEvent EntryType = "event"
)

type User added in v0.25.0 

type User struct {
	EMail   string
	Name    string
	Tenant  string
	Project string
	Subject string
}

func GetUserFromContext added in v0.25.0 

func GetUserFromContext(ctx context.Context) *User

GetUserFromContext returns the current user from the context. If no user is set it returns a guest with no rights.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.