Documentation
¶
Overview ¶
Package audit defines the audit logging interface and entry types.
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrInvalidRequestID is returned when the audit entry has an empty request_id. ErrInvalidRequestID = errors.New("request_id is required") // ErrInvalidTimestamp is returned when the audit entry has a zero timestamp. ErrInvalidTimestamp = errors.New("timestamp is required") // ErrInvalidCaller is returned when the audit entry has an empty caller. ErrInvalidCaller = errors.New("caller is required") // ErrInvalidTargetRepository is returned when the audit entry has an empty target_repository. ErrInvalidTargetRepository = errors.New("target_repository is required") // ErrInvalidOutcome is returned when outcome is not granted or denied. ErrInvalidOutcome = errors.New("outcome must be granted or denied") // ErrInvalidDenyReason is returned when outcome is denied but deny_reason is empty. ErrInvalidDenyReason = errors.New("deny_reason is required when outcome is denied") // ErrInvalidTokenHash is returned when outcome is granted but token_hash is empty. ErrInvalidTokenHash = errors.New("token_hash is required when outcome is granted") // ErrInvalidTTL is returned when outcome is granted but ttl is not positive. ErrInvalidTTL = errors.New("ttl must be positive when outcome is granted") // ErrInvalidPolicyName is returned when outcome is granted but policy_name is empty. ErrInvalidPolicyName = errors.New("policy_name is required when outcome is granted") // ErrInvalidGitHubClientID is returned when outcome is granted but github_client_id is empty. ErrInvalidGitHubClientID = errors.New("github_client_id is required when outcome is granted") )
Functions ¶
This section is empty.
Types ¶
type AuditEntry ¶
type AuditEntry struct {
RequestID string `json:"request_id" dynamodbav:"request_id" gorm:"column:request_id;not null;uniqueIndex"`
Timestamp int64 `json:"timestamp" dynamodbav:"timestamp" gorm:"column:timestamp;not null"`
Caller string `json:"caller" dynamodbav:"caller" gorm:"column:caller;not null"`
Claims map[string]string `json:"claims,omitempty" dynamodbav:"claims,omitempty" gorm:"column:claims;type:jsonb;serializer:json"`
TargetRepository string `json:"target_repository" dynamodbav:"target_repository" gorm:"column:target_repository;not null"`
PolicyName string `json:"policy_name" dynamodbav:"policy_name" gorm:"column:policy_name;not null"`
Permissions map[string]string `` /* 126-byte string literal not displayed */
Outcome Outcome `json:"outcome" dynamodbav:"outcome" gorm:"column:outcome;not null"`
DenyReason string `json:"deny_reason,omitempty" dynamodbav:"deny_reason,omitempty" gorm:"column:deny_reason"`
TokenHash string `json:"token_hash,omitempty" dynamodbav:"token_hash,omitempty" gorm:"column:token_hash"`
TTL int `json:"ttl,omitempty" dynamodbav:"ttl,omitempty" gorm:"column:ttl"`
GitHubClientID string `json:"github_client_id,omitempty" dynamodbav:"github_client_id,omitempty" gorm:"column:github_client_id"`
ExpiresAt int64 `json:"expires_at,omitempty" dynamodbav:"expires_at,omitempty" gorm:"-"`
}
AuditEntry records a single token exchange attempt.
func (*AuditEntry) Validate ¶
func (e *AuditEntry) Validate() error
Validate validates the audit entry ensuring all required fields are present.
type AuditEntryBackend ¶
type AuditEntryBackend interface {
// Log persists the audit entry. Returns an error if validation fails or persistence fails.
Log(ctx context.Context, entry *AuditEntry) error
// Close releases resources held by the backend. Safe to call multiple times.
Close() error
}
AuditEntryBackend is the interface for persisting audit entries. Implementations must be safe for concurrent use.
type MockBackend ¶
MockBackend is a testify mock implementing AuditEntryBackend.
func (*MockBackend) Close ¶
func (m *MockBackend) Close() error
func (*MockBackend) Log ¶
func (m *MockBackend) Log(ctx context.Context, entry *AuditEntry) error
Click to show internal directories.
Click to hide internal directories.