otlpaudit

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2025 License: Apache-2.0 Imports: 13 Imported by: 1

README

OpenTelemetry Event Library

Go library for creating and sending audit log events to OpenTelemetry collector using HTTP requests.

Dependencies

  • go 1.23 or higher
  • Working OpenTelemetry collector instance with a HTTP receiver

How to use

Configuration

Configuration is being read from config.yaml file. The consumers should use LoadConfig function provided within common package to load and unmarshal configuration into a struct to be used by consumers. The section related to this library in consumer's config should look like this:

audit:
  endpoint: "<YOUR_ENDPOINT>"
  # potential auth config

The library allows two ways of authenticating against the target endpoint: mTLS and Basic Auth. If needed, they should be configured within the config.yaml. Please note that only one authenticating method can be implemented at a time. If both are provided, mTLS is prioritized. Example config snippets:

  basicAuth:
    username:
      source: file
      file:
        path: <JSON_FILE>
        format: json
        jsonPath: "$.<KEY_FOR_USERNAME_IN_JSONFILE>"
    password:
      source: file
      file:
        path: <JSON_FILE>
        format: json
        jsonPath: "$.<KEY_FOR_PASSWORD_IN_JSONFILE>"

   mtls:
    cert:
      source: file
      file:
        path: <JSON_FILE>
        format: json
        jsonPath: "$.<KEY_FOR_CERT_IN_JSONFILE>"
    certKey:
      source: file
      file:
        path: <JSON_FILE>
        format: json
        jsonPath: "$.<KEY_FOR_KEY_IN_JSONFILE>"
    serverCa:
      source: file
      file:
        path: <JSON_FILE>
        format: json
        jsonPath: "$.<KEY_FOR_SERVERCA_IN_JSONFILE>"

All of the secrets for Basic Auth and mTLS are defined as SourceRef - see common package for more info.

Event creation and sending

The core of the library is a SendEvent function that handles sending of the events and a set of New...Event functions that create the events and map them into plog.Logs - an OpenTelemetry logs type that's propagated through the collector's pipeline.

New<EVENT_TYPE>Event(<ARGUMENTS_EXPECTED_BY_EVENT_TYPE>) (plog.Logs, error)
The set of functions present in this library take arguments based on desired event type and return a plog.Logs object or a possible validation error. See below for the full list of event types and their expected arguments.

func SendEvent(ctx context.Context, auditCfg *common.AuditConfig, logs plog.Logs)
plog.Logs The best way to utilize SendEvent is to use one of the event creating functions provided by the library to create the event and map it into plog.Logs. Consuming services should handle the possible validation error and if there's none pass the created plog.Logs object to SendEvent along with the context to be then marshalled and sent out to the collector.

Example call on the consumer side would look like:

logs, err := NewWorkflowEvent("SomeID", "SomeValue") // or any event creating function
if err != nil {
  // handle validation error
}
SendEvent(ctx, &cfg.Audit, logs)

Event catalog

Event type Function signature
keyCreate NewKeyCreateEvent(objectID string, l KeyLevel, t KeyCreateActionType, value any, dpp bool)
keyDelete NewKeyDeleteEvent(objectID string, l KeyLevel, value any, dpp bool)
keyUpdate NewKeyUpdateEvent(objectID, propertyName string, l KeyLevel, t KeyUpdateActionType, oldValue, newValue any, dpp bool)
keyRead NewKeyReadEvent(objectID, channelType, channelID string, l KeyLevel, t KeyReadActionType, value any, dpp bool)
workflowStart NewWorkflowStartEvent(objectID, channelID, channelType string, value any, dpp bool)
workflowUpdate NewWorkflowUpdateEvent(objectID string, oldValue, newValue any, dpp bool)
workflowExecute NewWorkflowExecuteEvent(objectID, channelID, channelType string, value any, dpp bool)
workflowTerminate NewWorkflowTerminateEvent(objectID, channelID, channelType string, value any, dpp bool)
groupCreate NewGroupCreateEvent(objectID string, value any, dpp bool)
groupRead NewGroupReadEvent(objectID string, value any, dpp bool)
groupDelete NewGroupDeleteEvent(objectID string, value any, dpp bool)
groupUpdate NewGroupUpdateEvent(objectID, propertyName string, oldValue, newValue any, dpp bool)
userLoginSuccess NewUserLoginSuccessEvent(objectID string, l LoginMethod, t MfaType, u UserType, value any)
userLoginFailure NewUserLoginFailureEvent(objectID string, l LoginMethod, f FailReason, value any)
tenantOnboarding NewTenantOnboardingEvent(objectID string, value any)
tenantOffboarding NewTenantOffboardingEvent(objectID string, value any)
tenantUpdate NewTenantUpdateEvent(objectID, propertyName string, t TenantUpdateActionType, oldValue, newValue any)
configurationCreate NewConfigurationCreateEvent(objectID string, value any)
configurationRead NewConfigurationReadEvent(objectID, channelType, channelID string, value any) `
configurationDelete NewConfigurationDeleteEvent(objectID string, value any)
configurationUpdate NewConfigurationUpdateEvent(objectID string, oldValue, newValue any)
credentialCreate NewCredentialCreateEvent(credentialID string, c CredentialType, value any)
credentialExpiration NewCredentialExpirationEvent(credentialID string, c CredentialType, value any)
credentialDelete NewCredentialDeleteEvent(credentialID string, c CredentialType, value any)
credentialRevokation NewCredentialRevokationEvent(credentialID string, c CredentialType, value any)

All the enums in the functions above are provided within this library. For UserLoginSuccess and UserLoginFailure, values for enum types can be empty (it will be set to UNSPECIFIED), but if they are provided they must match the enums defined in this library, otherwise there will be an error. For all others and for objectID, channelID and channelType properties, it is necessary to provide a valid (non-empty) value. Additionally for configurationCreate, configurationRead, configurationDelete and configurationUpdate *value properties are required.

Documentation

Index

Constants

View Source 
const (
	ConfigCreateEvent         = "configurationCreate"
	ConfigReadEvent           = "configurationRead"
	ConfigUpdateEvent         = "configurationUpdate"
	ConfigDeleteEvent         = "configurationDelete"
	GroupCreateEvent          = "groupCreate"
	GroupReadEvent            = "groupRead"
	GroupUpdateEvent          = "groupUpdate"
	GroupDeleteEvent          = "groupDelete"
	KeyCreateEvent            = "keyCreate"
	KeyDeleteEvent            = "keyDelete"
	KeyReadEvent              = "keyRead"
	KeyUpdateEvent            = "keyUpdate"
	WorkflowStartEvent        = "workflowStart"
	WorkflowUpdateEvent       = "workflowUpdate"
	WorkflowExecuteEvent      = "workflowExecute"
	WorkflowTerminateEvent    = "workflowTerminate"
	UserLoginSuccessEvent     = "userLoginSuccess"
	UserLoginFailureEvent     = "userLoginFailure"
	TenantOnboardingEvent     = "tenantOnboarding"
	TenantOffboardingEvent    = "tenantOffboarding"
	TenantUpdateEvent         = "tenantUpdate"
	CredentialExpirationEvent = "credentialExpiration"
	CredentialCreateEvent     = "credentialCreate"
	CredentialRevokationEvent = "credentialRevokation"
	CredentialDeleteEvent     = "credentialDelete"
)
View Source 
const (
	EventTypeKey          = "eventType"
	ObjectIDKey           = "objectID"
	ObjectTypeKey         = "objectType"
	ActionTypeKey         = "actionType"
	ChannelTypeKey        = "channelType"
	ChannelIDKey          = "channelID"
	LoginMethodKey        = "loginMethod"
	MfaTypeKey            = "mfaType"
	UserTypeKey           = "userType"
	FailureReasonKey      = "failureReason"
	CredentialTypeKey     = "credentialType"
	ValueKey              = "value"
	PropertyNameKey       = "propertyName"
	OldValueKey           = "oldValue"
	NewValueKey           = "newValue"
	DppKey                = "dpp"
	UserInitiatorIDKey    = "userInitiatorID"
	TenantIDKey           = "tenantID"
	EventCorrelationIDKey = "eventCorrelationID"
)
View Source 
const UNSPECIFIED = "UNSPECIFIED"

Variables

This section is empty.

Functions

func NewConfigurationCreateEvent 

func NewConfigurationCreateEvent(metadata EventMetadata, objectID string, value any) (plog.Logs, error)

func NewConfigurationDeleteEvent 

func NewConfigurationDeleteEvent(metadata EventMetadata, objectID string, value any) (plog.Logs, error)

func NewConfigurationReadEvent 

func NewConfigurationReadEvent(metadata EventMetadata, objectID, channelType, channelID string, value any) (plog.Logs, error)

func NewConfigurationUpdateEvent 

func NewConfigurationUpdateEvent(metadata EventMetadata, objectID string, oldValue, newValue any) (plog.Logs, error)

func NewCredentialCreateEvent 

func NewCredentialCreateEvent(metadata EventMetadata, credentialID string, c CredentialType, value any) (plog.Logs, error)

func NewCredentialDeleteEvent 

func NewCredentialDeleteEvent(metadata EventMetadata, credentialID string, c CredentialType, value any) (plog.Logs, error)

func NewCredentialExpirationEvent 

func NewCredentialExpirationEvent(metadata EventMetadata, credentialID string, c CredentialType, value any) (plog.Logs, error)

func NewCredentialRevokationEvent 

func NewCredentialRevokationEvent(metadata EventMetadata, credentialID string, c CredentialType, value any) (plog.Logs, error)

func NewGroupCreateEvent 

func NewGroupCreateEvent(metadata EventMetadata, objectID string, value any, dpp bool) (plog.Logs, error)

func NewGroupDeleteEvent 

func NewGroupDeleteEvent(metadata EventMetadata, objectID string, value any, dpp bool) (plog.Logs, error)

func NewGroupReadEvent 

func NewGroupReadEvent(metadata EventMetadata, objectID, channelID, channelType string, value any, dpp bool) (plog.Logs, error)

func NewGroupUpdateEvent 

func NewGroupUpdateEvent(metadata EventMetadata, objectID, propertyName string, oldValue, newValue any, dpp bool) (plog.Logs, error)

func NewKeyCreateEvent 

func NewKeyCreateEvent(metadata EventMetadata, objectID string, l KeyLevel, t KeyCreateActionType, value any, dpp bool) (plog.Logs, error)

func NewKeyDeleteEvent 

func NewKeyDeleteEvent(metadata EventMetadata, objectID string, l KeyLevel, value any, dpp bool) (plog.Logs, error)

func NewKeyReadEvent 

func NewKeyReadEvent(metadata EventMetadata, objectID, channelType, channelID string, l KeyLevel, t KeyReadActionType, value any, dpp bool) (plog.Logs, error)

func NewKeyUpdateEvent 

func NewKeyUpdateEvent(metadata EventMetadata, objectID, propertyName string, l KeyLevel, t KeyUpdateActionType, oldValue, newValue any, dpp bool) (plog.Logs, error)

func NewTenantOffboardingEvent 

func NewTenantOffboardingEvent(metadata EventMetadata, objectID string, value any) (plog.Logs, error)

func NewTenantOnboardingEvent 

func NewTenantOnboardingEvent(metadata EventMetadata, objectID string, value any) (plog.Logs, error)

func NewTenantUpdateEvent 

func NewTenantUpdateEvent(metadata EventMetadata, objectID, propertyName string, t TenantUpdateActionType, oldValue, newValue any) (plog.Logs, error)

func NewUserLoginFailureEvent 

func NewUserLoginFailureEvent(metadata EventMetadata, objectID string, l LoginMethod, f FailReason, value any) (plog.Logs, error)

func NewUserLoginSuccessEvent 

func NewUserLoginSuccessEvent(metadata EventMetadata, objectID string, l LoginMethod, t MfaType, u UserType, value any) (plog.Logs, error)

func NewWorkflowExecuteEvent 

func NewWorkflowExecuteEvent(metadata EventMetadata, objectID, channelID, channelType string, value any, dpp bool) (plog.Logs, error)

func NewWorkflowStartEvent 

func NewWorkflowStartEvent(metadata EventMetadata, objectID, channelID, channelType string, value any, dpp bool) (plog.Logs, error)

func NewWorkflowTerminateEvent 

func NewWorkflowTerminateEvent(metadata EventMetadata, objectID, channelID, channelType string, value any, dpp bool) (plog.Logs, error)

func NewWorkflowUpdateEvent 

func NewWorkflowUpdateEvent(metadata EventMetadata, objectID string, oldValue, newValue any, dpp bool) (plog.Logs, error)

func SendEvent 

func SendEvent(ctx context.Context, auditCfg *commoncfg.Audit, logs plog.Logs) error

Types

type CredentialType 

type CredentialType string
const (
	CREDTYPE_X509CERT CredentialType = "X509_CERTIFICATE"
	CREDTYPE_KEY      CredentialType = "KEY"
	CREDTYPE_SECRET   CredentialType = "SECRET"
)

func (CredentialType) IsValid 

func (c CredentialType) IsValid() bool

type EventMetadata 

type EventMetadata map[string]string

func NewEventMetadata 

func NewEventMetadata(userInitiatorID, tenantID, eventCorrelationID string) (EventMetadata, error)

type FailReason 

type FailReason string
const (
	FAILREASON_PASSWORD        FailReason = "PASSWORD"
	FAILREASON_MFAFAIL         FailReason = "MFA_FAILED"
	FAILREASON_USERNOTFOUND    FailReason = "USER_NOT_FOUND"
	FAILREASON_USERLOCKED      FailReason = "USER_LOCKED"
	FAILREASON_USERBLOCKED     FailReason = "USER_BLOCKED"
	FAILREASON_USERUNVERIFIED  FailReason = "USER_UNVERIFIED"
	FAILREASON_USEREXPIRED     FailReason = "USER_EXPIRED"
	FAILREASON_USERINVALID     FailReason = "USER_INVALID"
	FAILREASON_INSECURECONNECT FailReason = "INSECURE_CONNECTION"
	FAILREASON_METHODDISABLED  FailReason = "LOGIN_METHOD_DISABLED"
	FAILREASON_TOKENEXPIRED    FailReason = "TOKEN_EXPIRED"
	FAILREASON_TOKENREVOKED    FailReason = "TOKEN_REVOKED"
	FAILREASON_TOKENINVALID    FailReason = "TOKEN_INVALID"
	FAILREASON_SESSIONEXPIRED  FailReason = "SESSION_EXPIRED"
	FAILREASON_SESSIONREVOKED  FailReason = "SESSION_REVOKED"
	FAILREASON_CERTEXPIRED     FailReason = "CERTIFICATE_EXPIRED"
	FAILREASON_CERTREVOKED     FailReason = "CERTIFICATE_REVOKED"
	FAILREASON_CERTINVALID     FailReason = "CERTIFICATE_INVALID"
)

func (FailReason) IsValid 

func (r FailReason) IsValid() bool

type KeyCreateActionType 

type KeyCreateActionType string
const (
	KEYCREATE_CREATE  KeyCreateActionType = "CREATE"
	KEYCREATE_IMPORT  KeyCreateActionType = "IMPORT"
	KEYCREATE_RESTORE KeyCreateActionType = "RESTORE"
)

func (KeyCreateActionType) IsValid 

func (t KeyCreateActionType) IsValid() bool

type KeyLevel 

type KeyLevel string
const (
	L1 KeyLevel = "L1KEY"
	L2 KeyLevel = "L2KEY"
	L3 KeyLevel = "L3KEY"
)

func (KeyLevel) IsValid 

func (l KeyLevel) IsValid() bool

type KeyReadActionType 

type KeyReadActionType string
const (
	KEYREAD_READMETADATA KeyReadActionType = "READ_METADATA"
	KEYREAD_CRYPTOACCESS KeyReadActionType = "CRYPTO_ACCESS"
)

func (KeyReadActionType) IsValid 

func (t KeyReadActionType) IsValid() bool

type KeyUpdateActionType 

type KeyUpdateActionType string
const (
	KEYUPDATE_ENABLE  KeyUpdateActionType = "ENABLE"
	KEYUPDATE_DISABLE KeyUpdateActionType = "DISABLE"
	KEYUPDATE_ROTATE  KeyUpdateActionType = "ROTATE"
)

func (KeyUpdateActionType) IsValid 

func (t KeyUpdateActionType) IsValid() bool

type LoginMethod 

type LoginMethod string
const (
	LOGINMETHOD_OPENIDCONNECT LoginMethod = "OPEN_ID_CONNECT"
	LOGINMETHOD_X509CERT      LoginMethod = "X509_CERTIFICATE"
)

func (LoginMethod) IsValid 

func (l LoginMethod) IsValid() bool

type MfaType 

type MfaType string
const (
	MFATYPE_WEBAUTHN MfaType = "WEB_AUTHN"
	MFATYPE_NONE     MfaType = "NONE"
)

func (MfaType) IsValid 

func (l MfaType) IsValid() bool

type OtlpClient 

type OtlpClient struct {
	Endpoint  string
	Client    *http.Client
	BasicAuth *basicAuth
}

func New 

func New(config *commoncfg.Audit) (*OtlpClient, error)

type TenantUpdateActionType 

type TenantUpdateActionType string
const (
	TENANTUPDATE_TESTMODE        TenantUpdateActionType = "TEST_MODE"
	TENANTUPDATE_WORKFLOWENABLE  TenantUpdateActionType = "WORKFLOW_ENABLE"
	TENANTUPDATE_WORKFLOWDISABLE TenantUpdateActionType = "WORKFLOW_DISABLE"
)

func (TenantUpdateActionType) IsValid 

func (t TenantUpdateActionType) IsValid() bool

type UserLoginFailureActionType 

type UserLoginFailureActionType string
const (
	USERLOGINFAIL_AUTHN UserLoginFailureActionType = "AUTHN"
	USERLOGINFAIL_AUTHZ UserLoginFailureActionType = "AUTHZ"
	USERLOGINFAIL_FLOW  UserLoginFailureActionType = "FLOW"
)

func (UserLoginFailureActionType) IsValid 

func (t UserLoginFailureActionType) IsValid() bool

type UserType 

type UserType string
const (
	USERTYPE_BUSINESS  UserType = "BUSINESS_USER"
	USERTYPE_TECHNICAL UserType = "TECHNICAL_USER"
)

func (UserType) IsValid 

func (u UserType) IsValid() bool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.