Documentation
¶
Overview ¶
Package audit provides audit logging functionality for security-sensitive events in the LLM proxy. It implements a separate audit sink with immutable semantics for compliance and security investigations.
Index ¶
- Constants
- type DatabaseStore
- type Event
- func (e *Event) WithClientIP(clientIP string) *Event
- func (e *Event) WithCorrelationID(correlationID string) *Event
- func (e *Event) WithDetail(key string, value interface{}) *Event
- func (e *Event) WithDuration(duration time.Duration) *Event
- func (e *Event) WithEndpoint(endpoint string) *Event
- func (e *Event) WithError(err error) *Event
- func (e *Event) WithHTTPMethod(method string) *Event
- func (e *Event) WithIPAddress(ip string) *Event
- func (e *Event) WithProjectID(projectID string) *Event
- func (e *Event) WithReason(reason string) *Event
- func (e *Event) WithRequestID(requestID string) *Event
- func (e *Event) WithTokenID(token string) *Event
- func (e *Event) WithUserAgent(userAgent string) *Event
- type Logger
- type LoggerConfig
- type ResultType
Constants ¶
const ( // Token lifecycle actions ActionTokenCreate = "token.create" ActionTokenRead = "token.read" ActionTokenUpdate = "token.update" ActionTokenRevoke = "token.revoke" ActionTokenRevokeBatch = "token.revoke_batch" ActionTokenDelete = "token.delete" ActionTokenList = "token.list" ActionTokenValidate = "token.validate" ActionTokenAccess = "token.access" // Project lifecycle actions ActionProjectCreate = "project.create" ActionProjectRead = "project.read" ActionProjectUpdate = "project.update" ActionProjectDelete = "project.delete" ActionProjectList = "project.list" // Proxy request actions ActionProxyRequest = "proxy_request" // Admin actions ActionAdminLogin = "admin.login" ActionAdminLogout = "admin.logout" ActionAdminAccess = "admin.access" // Audit actions ActionAuditList = "audit.list" ActionAuditShow = "audit.show" // Cache actions ActionCachePurge = "cache.purge" )
Action constants for standardized audit event types
const ( ActorSystem = "system" ActorAnonymous = "anonymous" ActorAdmin = "admin" ActorManagement = "management_api" )
Actor types for common audit actors
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DatabaseStore ¶
DatabaseStore defines the interface for database audit storage
type Event ¶
type Event struct {
// Timestamp when the event occurred (ISO8601 format)
Timestamp time.Time `json:"timestamp"`
// Action describes what operation was performed (e.g., "token.create", "project.delete")
Action string `json:"action"`
// Actor identifies who performed the action (user ID, token ID, or system)
Actor string `json:"actor"`
// ProjectID identifies which project was affected (if applicable)
ProjectID string `json:"project_id,omitempty"`
// RequestID for correlation with request logs
RequestID string `json:"request_id,omitempty"`
// CorrelationID for tracing across services
CorrelationID string `json:"correlation_id,omitempty"`
// ClientIP is the IP address of the client making the request
ClientIP string `json:"client_ip,omitempty"`
// Result indicates success or failure of the operation
Result ResultType `json:"result"`
// Details contains additional context about the event (no secrets)
Details map[string]interface{} `json:"details,omitempty"`
}
Event represents a security audit event with canonical fields. All audit events must include these core fields for compliance and investigation purposes.
func NewEvent ¶
func NewEvent(action string, actor string, result ResultType) *Event
NewEvent creates a new audit event with the specified action and result. The timestamp is automatically set to the current time.
func (*Event) WithClientIP ¶
WithClientIP sets the client IP address for the audit event
func (*Event) WithCorrelationID ¶
WithCorrelationID sets the correlation ID for tracing across services
func (*Event) WithDetail ¶
WithDetail adds a detail key-value pair to the audit event. Secrets and sensitive information should be obfuscated before calling this method.
func (*Event) WithDuration ¶
WithDuration adds the operation duration to the audit event details
func (*Event) WithEndpoint ¶
WithEndpoint adds the API endpoint to the audit event details
func (*Event) WithHTTPMethod ¶
WithHTTPMethod adds the HTTP method to the audit event details
func (*Event) WithIPAddress ¶
WithIPAddress adds the client IP address to the audit event details Deprecated: Use WithClientIP instead for first-class IP field support
func (*Event) WithProjectID ¶
WithProjectID sets the project ID for the audit event
func (*Event) WithReason ¶
WithReason adds a reason/description to the audit event details
func (*Event) WithRequestID ¶
WithRequestID sets the request ID for correlation with request logs
func (*Event) WithTokenID ¶
WithTokenID adds an obfuscated token ID to the audit event details
func (*Event) WithUserAgent ¶
WithUserAgent adds the user agent to the audit event details
type Logger ¶
type Logger struct {
// contains filtered or unexported fields
}
Logger handles writing audit events to multiple backends (file and database) with immutable semantics. It provides thread-safe operations and ensures all audit events are persisted.
func NewLogger ¶
func NewLogger(config LoggerConfig) (*Logger, error)
NewLogger creates a new audit logger that writes to the specified file. If createDir is true, it will create parent directories if they don't exist. If a database store is provided, events will also be persisted to the database.
func NewNullLogger ¶
func NewNullLogger() *Logger
NewNullLogger creates a logger that discards all events. Useful for testing or when audit logging is disabled.
func (*Logger) Close ¶
Close closes the audit log file. After calling Close, the logger should not be used for logging.
type LoggerConfig ¶
type LoggerConfig struct {
// FilePath is the path to the audit log file
FilePath string
// CreateDir determines whether to create parent directories if they don't exist
CreateDir bool
// DatabaseStore is an optional database backend for audit events
DatabaseStore DatabaseStore
// EnableDatabase determines whether to store events in database
EnableDatabase bool
}
LoggerConfig holds configuration for the audit logger
type ResultType ¶
type ResultType string
ResultType represents the outcome of an audited operation
const ( // ResultSuccess indicates the operation completed successfully ResultSuccess ResultType = "success" // ResultFailure indicates the operation failed ResultFailure ResultType = "failure" // ResultDenied indicates the operation was denied (e.g., due to policy) ResultDenied ResultType = "denied" // ResultError indicates the operation encountered an error ResultError ResultType = "error" )