audit

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 16, 2026 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation

Overview

Package audit defines the audit logging interface and entry types.

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrInvalidRequestID is returned when the audit entry has an empty request_id.
	ErrInvalidRequestID = errors.New("request_id is required")
	// ErrInvalidTimestamp is returned when the audit entry has a zero timestamp.
	ErrInvalidTimestamp = errors.New("timestamp is required")
	// ErrInvalidCaller is returned when the audit entry has an empty caller.
	ErrInvalidCaller = errors.New("caller is required")
	// ErrInvalidTargetRepository is returned when the audit entry has an empty target_repository.
	ErrInvalidTargetRepository = errors.New("target_repository is required")
	// ErrInvalidOutcome is returned when outcome is not granted or denied.
	ErrInvalidOutcome = errors.New("outcome must be granted or denied")
	// ErrInvalidDenyReason is returned when outcome is denied but deny_reason is empty.
	ErrInvalidDenyReason = errors.New("deny_reason is required when outcome is denied")
	// ErrInvalidTokenHash is returned when outcome is granted but token_hash is empty.
	ErrInvalidTokenHash = errors.New("token_hash is required when outcome is granted")
	// ErrInvalidTTL is returned when outcome is granted but ttl is not positive.
	ErrInvalidTTL = errors.New("ttl must be positive when outcome is granted")
	// ErrInvalidPolicyName is returned when outcome is granted but policy_name is empty.
	ErrInvalidPolicyName = errors.New("policy_name is required when outcome is granted")
	// ErrInvalidGitHubClientID is returned when outcome is granted but github_client_id is empty.
	ErrInvalidGitHubClientID = errors.New("github_client_id is required when outcome is granted")
)

Functions

This section is empty.

Types

type AuditEntry

type AuditEntry struct {
	RequestID        string            `json:"request_id"                 dynamodbav:"request_id"                 gorm:"column:request_id;not null;uniqueIndex"`
	Timestamp        int64             `json:"timestamp"                  dynamodbav:"timestamp"                  gorm:"column:timestamp;not null"`
	Caller           string            `json:"caller"                     dynamodbav:"caller"                     gorm:"column:caller;not null"`
	Claims           map[string]string `json:"claims,omitempty"           dynamodbav:"claims,omitempty"           gorm:"column:claims;type:jsonb;serializer:json"`
	TargetRepository string            `json:"target_repository"          dynamodbav:"target_repository"          gorm:"column:target_repository;not null"`
	PolicyName       string            `json:"policy_name"                dynamodbav:"policy_name"                gorm:"column:policy_name;not null"`
	Permissions      map[string]string `` /* 126-byte string literal not displayed */
	Outcome          Outcome           `json:"outcome"                    dynamodbav:"outcome"                    gorm:"column:outcome;not null"`
	DenyReason       string            `json:"deny_reason,omitempty"      dynamodbav:"deny_reason,omitempty"      gorm:"column:deny_reason"`
	TokenHash        string            `json:"token_hash,omitempty"       dynamodbav:"token_hash,omitempty"       gorm:"column:token_hash"`
	TTL              int               `json:"ttl,omitempty"              dynamodbav:"ttl,omitempty"              gorm:"column:ttl"`
	GitHubClientID   string            `json:"github_client_id,omitempty" dynamodbav:"github_client_id,omitempty" gorm:"column:github_client_id"`
	ExpiresAt        int64             `json:"expires_at,omitempty"       dynamodbav:"expires_at,omitempty"       gorm:"-"`
}

AuditEntry records a single token exchange attempt.

func (*AuditEntry) Validate

func (e *AuditEntry) Validate() error

Validate validates the audit entry ensuring all required fields are present.

type AuditEntryBackend

type AuditEntryBackend interface {
	// Log persists the audit entry. Returns an error if validation fails or persistence fails.
	Log(ctx context.Context, entry *AuditEntry) error
	// Close releases resources held by the backend. Safe to call multiple times.
	Close() error
}

AuditEntryBackend is the interface for persisting audit entries. Implementations must be safe for concurrent use.

type MockBackend

type MockBackend struct {
	mock.Mock
}

MockBackend is a testify mock implementing AuditEntryBackend.

func (*MockBackend) Close

func (m *MockBackend) Close() error

func (*MockBackend) Log

func (m *MockBackend) Log(ctx context.Context, entry *AuditEntry) error

type Outcome

type Outcome string

Outcome represents the result of a token exchange for audit purposes.

const (
	// OutcomeGranted indicates the token exchange was successful.
	OutcomeGranted Outcome = "granted"
	// OutcomeDenied indicates the token exchange was denied.
	OutcomeDenied Outcome = "denied"
)

Directories

Path Synopsis
Package backends provides audit logging backend implementations.
Package backends provides audit logging backend implementations.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL