audit

package

v0.19.0 Latest Latest Go to latest Published: Jul 1, 2022 License: Apache-2.0 Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cerbos/cerbos

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func NewContextWithCallID(ctx context.Context, id ID) context.Context
func NewUnaryInterceptor(log Log, exclude ExcludeMethod) grpc.UnaryServerInterceptor
func PeerFromContext(ctx context.Context) *auditv1.Peer
func RegisterBackend(name string, cons Constructor)
type AccessLogEntryMaker
type AccessLogIterator
type Conf
- func GetConf() (*Conf, error)
- func (c *Conf) Key() string
- func (c *Conf) SetDefaults()
- func (c *Conf) UnmarshalYAML(unmarshal func(any) error) error
type Constructor
type DecisionLogEntryMaker
type DecisionLogIterator
type ExcludeMethod
type ID
- func CallIDFromContext(ctx context.Context) (ID, bool)
- func FromRepr(id IDBytes) ID
- func NewID() (ID, error)
- func NewIDForTS(ts uint64) (ID, error)
- func NewIDForTime(ts time.Time) (ID, error)
- func (id ID) Repr() (IDBytes, error)
type IDBytes
type IDGen
- func NewIDGen(poolSize uint64, randSeed int64) *IDGen
- func (ug *IDGen) New() (ID, error)
- func (ug *IDGen) NewForTS(ts uint64) (ID, error)
- func (ug *IDGen) NewForTime(ts time.Time) (ID, error)
type Log
- func NewLog(ctx context.Context) (Log, error)
- func NewLogFromConf(ctx context.Context, confW *config.Wrapper) (Log, error)
- func NewNopLog() Log
type QueryableLog

Constants ¶

View Source

const (
	ConfKey = "audit"
)

Variables ¶

View Source

var (
	ErrIteratorClosed = errors.New("iterator closed")
)

Functions ¶

func NewContextWithCallID ¶

func NewContextWithCallID(ctx context.Context, id ID) context.Context

func NewUnaryInterceptor ¶

func NewUnaryInterceptor(log Log, exclude ExcludeMethod) grpc.UnaryServerInterceptor

func PeerFromContext ¶

func PeerFromContext(ctx context.Context) *auditv1.Peer

func RegisterBackend ¶

func RegisterBackend(name string, cons Constructor)

RegisterBackend registers an audit log backend.

Types ¶

type AccessLogEntryMaker ¶

type AccessLogEntryMaker func() (*auditv1.AccessLogEntry, error)

AccessLogEntryMaker is a lazy constructor for access log entries.

type AccessLogIterator ¶

type AccessLogIterator interface {
	Next() (*auditv1.AccessLogEntry, error)
}

type Conf ¶

type Conf struct {
	// contains filtered or unexported fields
}

Conf is optional configuration for Audit.

func GetConf ¶ added in v0.15.0

func GetConf() (*Conf, error)

func (*Conf) Key ¶

func (c *Conf) Key() string

func (*Conf) SetDefaults ¶

func (c *Conf) SetDefaults()

func (*Conf) UnmarshalYAML ¶ added in v0.7.0

func (c *Conf) UnmarshalYAML(unmarshal func(any) error) error

type Constructor ¶

type Constructor func(context.Context, *config.Wrapper) (Log, error)

Constructor for backends.

type DecisionLogEntryMaker ¶

type DecisionLogEntryMaker func() (*auditv1.DecisionLogEntry, error)

DecisionLogEntryMaker is a lazy constructor for decision log entries.

type DecisionLogIterator ¶

type DecisionLogIterator interface {
	Next() (*auditv1.DecisionLogEntry, error)
}

type ExcludeMethod ¶

type ExcludeMethod func(string) bool

type ID ¶

type ID string

func CallIDFromContext ¶

func CallIDFromContext(ctx context.Context) (ID, bool)

func FromRepr ¶

func FromRepr(id IDBytes) ID

FromRepr converts the byte representation to a string ID.

func NewID ¶

func NewID() (ID, error)

NewID generates a new ULID using the current time.

func NewIDForTS ¶

func NewIDForTS(ts uint64) (ID, error)

NewIDForTS generates a new ULID for the given timestamp.

func NewIDForTime ¶

func NewIDForTime(ts time.Time) (ID, error)

NewIDForTime generates a new ULID using the given time.

func (ID) Repr ¶

func (id ID) Repr() (IDBytes, error)

type IDBytes ¶

type IDBytes = ulid.ULID

type IDGen ¶

type IDGen struct {
	// contains filtered or unexported fields
}

IDGen is a generator for ULIDs without the monotonicity guarantee. Monotonicity adds overhead that we don't really need because approximate order is good enough for decision logs.

func NewIDGen ¶

func NewIDGen(poolSize uint64, randSeed int64) *IDGen

func (*IDGen) New ¶

func (ug *IDGen) New() (ID, error)

New generates a new ULID using the current time.

func (*IDGen) NewForTS ¶

func (ug *IDGen) NewForTS(ts uint64) (ID, error)

NewForTS generates a new ULID for the given timestamp.

func (*IDGen) NewForTime ¶

func (ug *IDGen) NewForTime(ts time.Time) (ID, error)

NewForTime generates a new ULID using the given time.

type Log ¶

type Log interface {
	WriteAccessLogEntry(context.Context, AccessLogEntryMaker) error
	WriteDecisionLogEntry(context.Context, DecisionLogEntryMaker) error
	Close()
}

func NewLog ¶

func NewLog(ctx context.Context) (Log, error)

NewLog creates a new audit log.

func NewLogFromConf ¶ added in v0.15.0

func NewLogFromConf(ctx context.Context, confW *config.Wrapper) (Log, error)

func NewNopLog ¶

func NewNopLog() Log

NewNopLog returns an audit log that does nothing.

type QueryableLog ¶ added in v0.17.0

type QueryableLog interface {
	Log
	LastNAccessLogEntries(context.Context, uint) AccessLogIterator
	LastNDecisionLogEntries(context.Context, uint) DecisionLogIterator
	AccessLogEntriesBetween(context.Context, time.Time, time.Time) AccessLogIterator
	DecisionLogEntriesBetween(context.Context, time.Time, time.Time) DecisionLogIterator
	AccessLogEntryByID(context.Context, ID) AccessLogIterator
	DecisionLogEntryByID(context.Context, ID) DecisionLogIterator
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
file
local

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL