audit

package
v0.38.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 7, 2024 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SetByGRPCGatewayKey = "x-cerbos-set-by-grpc-gateway"
	HTTPRemoteAddrKey   = "x-cerbos-http-remote-addr"
)
View Source 
const (
	KindAccess   = "access"
	KindDecision = "decision"
)
View Source 
const (
	ConfKey = "audit"
)

Variables

View Source 
var (
	ErrIteratorClosed = errors.New("iterator closed")
)
View Source 
var SetByGRPCGatewayVal string

Functions

func NewContextWithCallID 

func NewContextWithCallID(ctx context.Context, id ID) context.Context

func NewUnaryInterceptor 

func NewUnaryInterceptor(log Log, exclude ExcludeMethod) (grpc.UnaryServerInterceptor, error)

func PeerFromContext 

func PeerFromContext(ctx context.Context) *auditv1.Peer

func RegisterBackend 

func RegisterBackend(name string, cons Constructor)

RegisterBackend registers an audit log backend.

Types

type AccessLogEntryMaker 

type AccessLogEntryMaker func() (*auditv1.AccessLogEntry, error)

AccessLogEntryMaker is a lazy constructor for access log entries.

type AccessLogIterator 

type AccessLogIterator interface {
	Next() (*auditv1.AccessLogEntry, error)
}

type CheckResourcesFilter added in v0.24.0 

type CheckResourcesFilter struct {
	// IgnoreAllowAll ignores responses that don't contain an EFFECT_DENY.
	IgnoreAllowAll bool `yaml:"ignoreAllowAll" conf:",example=false"`
}

type Conf 

type Conf struct {
	// contains filtered or unexported fields
}

Conf is optional configuration for Audit.

func GetConf added in v0.15.0 

func GetConf() (*Conf, error)

func (*Conf) Key 

func (c *Conf) Key() string

func (*Conf) SetDefaults 

func (c *Conf) SetDefaults()

func (*Conf) UnmarshalYAML added in v0.7.0 

func (c *Conf) UnmarshalYAML(unmarshal func(any) error) error

type Constructor 

type Constructor func(context.Context, *config.Wrapper, DecisionLogEntryFilter) (Log, error)

Constructor for backends.

type DecisionLogEntryFilter added in v0.24.0 

type DecisionLogEntryFilter func(*auditv1.DecisionLogEntry) *auditv1.DecisionLogEntry

func NewDecisionLogEntryFilter added in v0.24.0 

func NewDecisionLogEntryFilter() (DecisionLogEntryFilter, error)

func NewDecisionLogEntryFilterFromConf added in v0.24.0 

func NewDecisionLogEntryFilterFromConf(conf *Conf) DecisionLogEntryFilter

type DecisionLogEntryMaker 

type DecisionLogEntryMaker func() (*auditv1.DecisionLogEntry, error)

DecisionLogEntryMaker is a lazy constructor for decision log entries.

type DecisionLogFilters added in v0.24.0 

type DecisionLogFilters struct {
	// CheckResources defines the filters that apply to CheckResources calls.
	CheckResources CheckResourcesFilter `yaml:"checkResources"`
	// PlanResources defines the filters that apply to PlanResources calls.
	PlanResources PlanResourcesFilter `yaml:"planResources"`
}

type DecisionLogIterator 

type DecisionLogIterator interface {
	Next() (*auditv1.DecisionLogEntry, error)
}

type ExcludeMethod 

type ExcludeMethod func(string) bool

type ID 

type ID string

func CallIDFromContext 

func CallIDFromContext(ctx context.Context) (ID, bool)

func FromRepr 

func FromRepr(id IDBytes) ID

FromRepr converts the byte representation to a string ID.

func NewID 

func NewID() (ID, error)

NewID generates a new ULID using the current time.

func NewIDForTS 

func NewIDForTS(ts uint64) (ID, error)

NewIDForTS generates a new ULID for the given timestamp.

func NewIDForTime 

func NewIDForTime(ts time.Time) (ID, error)

NewIDForTime generates a new ULID using the given time.

func (ID) Repr 

func (id ID) Repr() (IDBytes, error)

type IDBytes 

type IDBytes = ulid.ULID

type IDGen 

type IDGen struct {
	// contains filtered or unexported fields
}

IDGen is a generator for ULIDs without the monotonicity guarantee. Monotonicity adds overhead that we don't really need because approximate order is good enough for decision logs.

func NewIDGen 

func NewIDGen(poolSize uint64, randSeed int64) *IDGen

func (*IDGen) New 

func (ug *IDGen) New() (ID, error)

New generates a new ULID using the current time.

func (*IDGen) NewForTS 

func (ug *IDGen) NewForTS(ts uint64) (ID, error)

NewForTS generates a new ULID for the given timestamp.

func (*IDGen) NewForTime 

func (ug *IDGen) NewForTime(ts time.Time) (ID, error)

NewForTime generates a new ULID using the given time.

type IncludeKeysMethod added in v0.21.0 

type IncludeKeysMethod func(string) bool

type Info added in v0.23.0 

type Info interface {
	Backend() string
	Enabled() bool
}

type Log 

type Log interface {
	Info
	io.Closer
	WriteAccessLogEntry(context.Context, AccessLogEntryMaker) error
	WriteDecisionLogEntry(context.Context, DecisionLogEntryMaker) error
}

func NewLog 

func NewLog(ctx context.Context) (Log, error)

NewLog creates a new audit log.

func NewLogFromConf added in v0.15.0 

func NewLogFromConf(ctx context.Context, confW *config.Wrapper) (Log, error)

func NewNopLog 

func NewNopLog() Log

NewNopLog returns an audit log that does nothing.

type MetadataExtractor added in v0.24.0 

type MetadataExtractor func(context.Context) map[string]*auditv1.MetaValues

func NewMetadataExtractor added in v0.24.0 

func NewMetadataExtractor() (MetadataExtractor, error)

func NewMetadataExtractorFromConf added in v0.24.0 

func NewMetadataExtractorFromConf(conf *Conf) MetadataExtractor

type PlanResourcesFilter added in v0.24.0 

type PlanResourcesFilter struct {
	// IgnoreAll prevents any plan responses from being logged. Takes precedence over other filters.
	IgnoreAll bool `yaml:"ignoreAll" conf:",example=false"`
	// IgnoreAlwaysAllow ignores ALWAYS_ALLOWED plans.
	IgnoreAlwaysAllow bool `yaml:"ignoreAlwaysAllow" conf:",example=false"`
}

type QueryableLog added in v0.17.0 

type QueryableLog interface {
	Log
	LastNAccessLogEntries(context.Context, uint) AccessLogIterator
	LastNDecisionLogEntries(context.Context, uint) DecisionLogIterator
	AccessLogEntriesBetween(context.Context, time.Time, time.Time) AccessLogIterator
	DecisionLogEntriesBetween(context.Context, time.Time, time.Time) DecisionLogIterator
	AccessLogEntryByID(context.Context, ID) AccessLogIterator
	DecisionLogEntryByID(context.Context, ID) DecisionLogIterator
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.