auditserver

package
v0.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 17, 2026 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Overview

Package auditserver provides Vault audit log filtering and side-effect processing.

In library mode, callers can construct a server with `New`, then call `MatchFrame` to evaluate a raw audit log frame without running a gnet event loop.

Example: 

server, err := New(nil)
if err != nil {
	// handle init error
}
result, err := server.MatchFrame([]byte("{\"type\":\"request\",\"time\":\"2024-01-01T00:00:00Z\",\"request\":{\"operation\":\"update\",\"path\":\"secret/data/config\"},\"auth\":{\"policy_results\":{\"allowed\":true}}}"))
if err != nil {
	// handle parse error
}
if result.Matched {
	// result.Log holds the parsed AuditLog
	// result.MatchedGroups lists matched rule group names
}

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuditLog 

type AuditLog struct {
	Type       string   `json:"type"`
	Time       string   `json:"time"`
	Auth       Auth     `json:"auth"`
	Request    Request  `json:"request"`
	Response   Response `json:"response"`
	Error      string   `json:"error"`
	RemoteAddr string   `json:"remote_addr"`
}

type AuditServer 

type AuditServer struct {
	*gnet.BuiltinEventEngine
	// contains filtered or unexported fields
}

func New 

func New(logger *slog.Logger) (*AuditServer, error)

func (*AuditServer) MatchFrame added in v0.0.5 

func (as *AuditServer) MatchFrame(frame []byte) (MatchResult, error)

MatchFrame evaluates a raw audit log frame against configured rule groups. It returns whether any group matched, the decoded audit log, and the names of matching rule groups in configured order.

Example 
viper.Reset()
defer viper.Reset()

viper.Set("rule_groups", []RuleGroupConfig{
	{
		Name:  "writes",
		Rules: []string{`Request.Operation == "update" && Auth.PolicyResults.Allowed == true`},
	},
})

as, err := New(nil)
if err != nil {
	panic(err)
}

result, err := as.MatchFrame([]byte(`{"type":"request","time":"2024-01-01T00:00:00Z","request":{"operation":"update","path":"secret/data/config"},"auth":{"policy_results":{"allowed":true}}}`))
if err != nil {
	panic(err)
}

fmt.Printf("matched=%v groups=%v\n", result.Matched, result.MatchedGroups)

Output:

matched=true groups=[writes]

func (*AuditServer) OnTraffic added in v0.0.5 

func (as *AuditServer) OnTraffic(c gnet.Conn) (action gnet.Action)

func (*AuditServer) React 

func (as *AuditServer) React(frame []byte, _ gnet.Conn) (out []byte, action gnet.Action)

type Auth 

type Auth struct {
	ClientToken   string   `json:"client_token"`
	Accessor      string   `json:"accessor"`
	DisplayName   string   `json:"display_name"`
	Policies      []string `json:"policies"`
	TokenPolicies []string `json:"token_policies"`
	PolicyResults struct {
		Allowed          bool `json:"allowed"`
		GrantingPolicies []struct {
			Name        string `json:"name"`
			NamespaceID string `json:"namespace_id"`
			Type        string `json:"type"`
		} `json:"granting_policies"`
	} `json:"policy_results"`
	TokenType      string    `json:"token_type"`
	TokenIssueTime time.Time `json:"token_issue_time"`
}

type CompiledRule 

type CompiledRule struct {
	Program *vm.Program
}

type ForwardingConfig added in v0.0.2 

type ForwardingConfig struct {
	Enabled bool   `mapstructure:"enabled"`
	Address string `mapstructure:"address"`
}

type LogFileConfig 

type LogFileConfig struct {
	FilePath   string `mapstructure:"file_path"`
	MaxSize    int    `mapstructure:"max_size"`
	MaxBackups int    `mapstructure:"max_backups"`
	MaxAge     int    `mapstructure:"max_age"`
	Compress   bool   `mapstructure:"compress"`
}

type MatchResult added in v0.0.5 

type MatchResult struct {
	Matched       bool
	Log           AuditLog
	MatchedGroups []string
}

MatchResult describes the outcome of matching a single audit frame. It mirrors the rule-group matching behavior used by the runtime event loop, returning the decoded log and any rule groups that matched.

type Messaging added in v0.0.2 

type Messaging struct {
	Type       string `mapstructure:"type"`
	Token      string `mapstructure:"token"`
	Channel    string `mapstructure:"channel"`
	URL        string `mapstructure:"url"`
	WebhookURL string `mapstructure:"webhook_url"`
}

type Request 

type Request struct {
	ID                  string `json:"id"`
	ClientID            string `json:"client_id"`
	Operation           string `json:"operation"`
	MountPoint          string `json:"mount_point"`
	MountType           string `json:"mount_type"`
	MountAccessor       string `json:"mount_accessor"`
	MountRunningVersion string `json:"mount_running_version"`
	MountClass          string `json:"mount_class"`
	ClientToken         string `json:"client_token"`
	ClientTokenAccessor string `json:"client_token_accessor"`
	Path                string `json:"path"`
	RemoteAddress       string `json:"remote_address"`
	RemotePort          int    `json:"remote_port"`
}

type Response 

type Response struct {
	MountPoint                string `json:"mount_point"`
	MountType                 string `json:"mount_type"`
	MountAccessor             string `json:"mount_accessor"`
	MountRunningPluginVersion string `json:"mount_running_plugin_version"`
	MountClass                string `json:"mount_class"`
	Data                      struct {
		CasRequired        bool   `json:"cas_required"`
		CreatedTime        string `json:"created_time"`
		CurrentVersion     int    `json:"current_version"`
		DeleteVersionAfter string `json:"delete_version_after"`
		MaxVersions        int    `json:"max_versions"`
		OldestVersion      int    `json:"oldest_version"`
		UpdatedTime        string `json:"updated_time"`
	} `json:"data"`
}

type RuleGroup 

type RuleGroup struct {
	Name          string
	CompiledRules []CompiledRule
	Logger        *log.Logger
	Messenger     messaging.Messenger
	Forwarder     forwarder.Forwarder
	Writer        io.Writer
}

type RuleGroupConfig 

type RuleGroupConfig struct {
	Name       string           `mapstructure:"name"`
	Rules      []string         `mapstructure:"rules"`
	LogFile    LogFileConfig    `mapstructure:"log_file"`
	Messaging  Messaging        `mapstructure:"messaging"`
	Forwarding ForwardingConfig `mapstructure:"forwarding"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.