audit

package
v0.4.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 11, 2024 License: BSD-3-Clause-Clear Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	UserAgentContextKey auditContextKey = "user-agent"
	RequestIDContextKey auditContextKey = "request-id"
	ActorIDContextKey   auditContextKey = "actor-id"
)

Context Keys

View Source 
const (
	ActionResultSuccess = "success"
	ActionResultError   = "error"
)

Action Results

View Source 
const (
	DefaultNone = "None"
)

Common Strings

View Source 
const (
	// Currently setting AUDIT level to 10, a level above ERROR so it is always logged
	LevelAudit = slog.Level(10)
)

From the Slog docs (https://betterstack.com/community/guides/logging/logging-in-go/#customizing-slog-levels): The log/slog package provides four log levels by default, with each one associated with an integer value: DEBUG (-4), INFO (0), WARN (4), and ERROR (8).

View Source 
const (
	UserAgentHeaderKey = "user-agent"
)

Header Values

Variables

View Source 
var AuditLogLevelNames = map[slog.Leveler]string{
	LevelAudit: "AUDIT",
}

Functions

func UnaryServerInterceptor 

func UnaryServerInterceptor(ctx context.Context, req any, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error)

The audit unary server interceptor is a gRPC interceptor that adds metadata to the context of incoming requests. This metadata is used to log audit events

Types

type ActionType 

type ActionType int
const (
	ActionTypeCreate ActionType = iota
	ActionTypeUpdate
	ActionTypeDelete
	ActionTypeRewrap
)

func (ActionType) String 

func (a ActionType) String() string

type ContextData 

type ContextData struct {
	RequestID uuid.UUID
	UserAgent string
	RequestIP string
	ActorID   string
}

func GetAuditDataFromContext 

func GetAuditDataFromContext(ctx context.Context) ContextData

type DiffEntry 

type DiffEntry struct {
	Type  string      `json:"op"`
	Path  string      `json:"path"`
	Value interface{} `json:"value,omitempty"`
}

type EventObject 

type EventObject struct {
	Object        auditEventObject  `json:"object"`
	Action        eventAction       `json:"action"`
	Owner         EventOwner        `json:"owner"`
	Actor         auditEventActor   `json:"actor"`
	EventMetaData map[string]string `json:"eventMetaData"`
	ClientInfo    eventClientInfo   `json:"clientInfo"`

	Diff      []DiffEntry `json:"diff,omitempty"`
	RequestID uuid.UUID   `json:"requestId"`
	Timestamp string      `json:"timestamp"`
}

event

func CreatePolicyEvent 

func CreatePolicyEvent(ctx context.Context, isSuccess bool, params PolicyEventParams) (*EventObject, error)

func CreateRewrapAuditEvent 

func CreateRewrapAuditEvent(ctx context.Context, params RewrapAuditEventParams) (*EventObject, error)

type EventOwner 

type EventOwner struct {
	ID    uuid.UUID `json:"id"`
	OrgID uuid.UUID `json:"orgId"`
}

event.owner

func CreateNilOwner 

func CreateNilOwner() EventOwner

Audit requires an "owner" field but that doesn't apply in the context of the platform. Therefore we just create a "nil" owner which has nil UUID fields.

type KasAttribute 

type KasAttribute struct {
	URI string
}

type KasPolicy 

type KasPolicy struct {
	UUID uuid.UUID
	Body KasPolicyBody
}

type KasPolicyBody 

type KasPolicyBody struct {
	DataAttributes []KasAttribute
	Dissem         []string
}

type Logger 

type Logger struct {
	// contains filtered or unexported fields
}

func CreateAuditLogger 

func CreateAuditLogger(logger slog.Logger) *Logger

func (*Logger) PolicyCRUDFailure 

func (a *Logger) PolicyCRUDFailure(ctx context.Context, eventParams PolicyEventParams)

func (*Logger) PolicyCRUDSuccess 

func (a *Logger) PolicyCRUDSuccess(ctx context.Context, eventParams PolicyEventParams)

func (*Logger) RewrapFailure 

func (a *Logger) RewrapFailure(ctx context.Context, eventParams RewrapAuditEventParams)

func (*Logger) RewrapSuccess 

func (a *Logger) RewrapSuccess(ctx context.Context, eventParams RewrapAuditEventParams)

func (*Logger) With 

func (a *Logger) With(key string, value string) *Logger

type ObjectType 

type ObjectType int
const (
	ObjectTypeSubjectMapping ObjectType = iota
	ObjectTypeResourceMapping
	ObjectTypeAttributeDefinition
	ObjectTypeAttributeValue
	ObjectTypeNamespace
	ObjectTypeConditionSet
	ObjectTypeKasRegistry
	ObjectTypeKasAttributeDefinitionAssignment
	ObjectTypeKasAttributeValueAssignment
	ObjectTypeKeyObject
)

func (ObjectType) String 

func (o ObjectType) String() string

type PolicyEventParams 

type PolicyEventParams struct {
	ActionType ActionType
	ObjectID   string
	ObjectType ObjectType

	Original interface{}
	Updated  interface{}
}

type RewrapAuditEventParams 

type RewrapAuditEventParams struct {
	Policy        KasPolicy
	IsSuccess     bool
	TDFFormat     string
	Algorithm     string
	PolicyBinding string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.