auditlog

Documentation

Overview

Package auditlog contains logging structs.

Index

• Constants
• Variables
• func WritePolicyDecisionLog(client *logging.Client, log *PolicyDecisionLog)
• func WriteRequestLog(ctx context.Context, client *logging.Client, log *RequestLog)
• type PolicyDecisionLog
• type RequestLog

Constants

const (
	// TypeRequestLog log type string for access log
	TypeRequestLog = "request"
	// TypePolicyLog log type string for policy log
	TypePolicyLog = "policy_decision"
)

Variables

var (
	// LogSync ensure that logs are written sync.
	// Useful for testing.
	LogSync bool

	// SearchableFields lists all labels allow to search via FA endpoints
	SearchableFields = []string{
		"httpRequest.requestMethod",
		"labels.token_id",
		"labels.token_issuer",
		"labels.tracing_id",
		"labels.request_endpoint",
		"labels.request_path",
		"labels.error_type",
		"labels.resource",
		"labels.ttl",
		"labels.cart_id",
	}
)

Functions

func WritePolicyDecisionLog

func WritePolicyDecisionLog(client *logging.Client, log *PolicyDecisionLog)

WritePolicyDecisionLog puts the policy decision log to StackDriver.

func WriteRequestLog

func WriteRequestLog(ctx context.Context, client *logging.Client, log *RequestLog)

WriteRequestLog puts the access log to StackDriver.

Types

type PolicyDecisionLog

type PolicyDecisionLog struct {
	// TokenID is the id of the token, maybe "jti".
	TokenID string
	// TokenSubject is the "sub" of the token.
	TokenSubject string
	// TokenIssuer is the iss of the token.
	TokenIssuer string
	// Resource identifies the dataset.
	Resource string
	// TTL that user requested to grant.
	TTL string
	// PassAuthCheck if the request pass the auth checker.
	PassAuthCheck bool
	// ErrorType of deny.
	ErrorType string
	// CartID of request.
	CartID string
	// ConfigRevision the request using. Can use /config/history/{revision} to see the policy.
	ConfigRevision int64
	// Message of deny.
	Message interface{}
}

PolicyDecisionLog logs the dataset access request be granted or denied and the reason.

type RequestLog

type RequestLog struct {
	// TokenID is the id of the token, maybe "jti".
	TokenID string
	// TokenSubject is the "sub" of the token.
	TokenSubject string
	// TokenIssuer is the iss of the token.
	TokenIssuer string
	// TracingID is the id of request from proxies.
	TracingID string
	// RequestMethod is the http method of the request.
	RequestMethod string
	// RequestEndpoint is the absolute abstract path of the request endpoint registration.
	RequestEndpoint string
	// RequestPath is the request's path with concrete variables (such as realm) filled in
	// as per the caller's absolute path.
	RequestPath string
	// RequestIP is the requester IP.
	RequestIP string
	// ErrorType formats like "no_token" for search.
	ErrorType string
	// ResponseCode is the response code.
	ResponseCode int
	// Request stores the http.Request.
	Request *http.Request
	// PassAuthCheck if the request pass the auth checker.
	PassAuthCheck bool
	// Payload of the log.
	Payload interface{}
}

RequestLog logs the http endpoint accessing.