Documentation ¶
Index ¶
- Constants
- type Config
- type Log
- func (l *Log) Close() error
- func (l *Log) EmitAuditEvent(ctx context.Context, in apievents.AuditEvent) error
- func (l *Log) GetSessionChunk(namespace string, sid session.ID, offsetBytes, maxBytes int) ([]byte, error)
- func (l *Log) GetSessionEvents(namespace string, sid session.ID, after int, inlcudePrintEvents bool) ([]events.EventFields, error)
- func (l *Log) SearchEvents(fromUTC, toUTC time.Time, namespace string, eventTypes []string, limit int, ...) ([]apievents.AuditEvent, string, error)
- func (l *Log) SearchSessionEvents(fromUTC, toUTC time.Time, limit int, order types.EventOrder, startKey string, ...) ([]apievents.AuditEvent, string, error)
- func (l *Log) StreamSessionEvents(ctx context.Context, sessionID session.ID, startIndex int64) (chan apievents.AuditEvent, chan error)
Constants ¶
const ( // DefaultReadCapacityUnits specifies default value for read capacity units DefaultReadCapacityUnits = 10 // DefaultWriteCapacityUnits specifies default value for write capacity units DefaultWriteCapacityUnits = 10 // DefaultRetentionPeriod is a default data retention period in events table. // The default is 1 year. DefaultRetentionPeriod = 365 * 24 * time.Hour )
const ( // ErrValidationException for service response error code // "ValidationException". // // Indicates about invalid item for example max DynamoDB item length was exceeded. ErrValidationException = "ValidationException" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { // Region is where DynamoDB Table will be used to store k/v Region string `json:"region,omitempty"` // Tablename where to store K/V in DynamoDB Tablename string `json:"table_name,omitempty"` // ReadCapacityUnits is Dynamodb read capacity units ReadCapacityUnits int64 `json:"read_capacity_units"` // WriteCapacityUnits is Dynamodb write capacity units WriteCapacityUnits int64 `json:"write_capacity_units"` // RetentionPeriod is a default retention period for events. RetentionPeriod *types.Duration `json:"audit_retention_period"` // Clock is a clock interface, used in tests Clock clockwork.Clock // UIDGenerator is unique ID generator UIDGenerator utils.UID // Endpoint is an optional non-AWS endpoint Endpoint string `json:"endpoint,omitempty"` // ReadMaxCapacity is the maximum provisioned read capacity. ReadMaxCapacity int64 // ReadMinCapacity is the minimum provisioned read capacity. ReadMinCapacity int64 // ReadTargetValue is the ratio of consumed read to provisioned capacity. ReadTargetValue float64 // WriteMaxCapacity is the maximum provisioned write capacity. WriteMaxCapacity int64 // WriteMinCapacity is the minimum provisioned write capacity. WriteMinCapacity int64 // WriteTargetValue is the ratio of consumed write to provisioned capacity. WriteTargetValue float64 // UseFIPSEndpoint uses AWS FedRAMP/FIPS 140-2 mode endpoints. // to determine its behavior: // Unset - allows environment variables or AWS config to set the value // Enabled - explicitly enabled // Disabled - explicitly disabled UseFIPSEndpoint types.ClusterAuditConfigSpecV2_FIPSEndpointState // EnableContinuousBackups is used to enable PITR (Point-In-Time Recovery). EnableContinuousBackups bool // EnableAutoScaling is used to enable auto scaling policy. EnableAutoScaling bool }
Config structure represents DynamoDB configuration as appears in `storage` section of Teleport YAML
func (*Config) CheckAndSetDefaults ¶
CheckAndSetDefaults is a helper returns an error if the supplied configuration is not enough to connect to DynamoDB
type Log ¶
type Log struct { // Entry is a log entry *log.Entry // Config is a backend configuration Config // contains filtered or unexported fields }
Log is a dynamo-db backed storage of events
func New ¶
New returns new instance of DynamoDB backend. It's an implementation of backend API's NewFunc
func (*Log) EmitAuditEvent ¶
EmitAuditEvent emits audit event
func (*Log) GetSessionChunk ¶
func (l *Log) GetSessionChunk(namespace string, sid session.ID, offsetBytes, maxBytes int) ([]byte, error)
GetSessionChunk returns a reader which can be used to read a byte stream of a recorded session starting from 'offsetBytes' (pass 0 to start from the beginning) up to maxBytes bytes.
If maxBytes > MaxChunkBytes, it gets rounded down to MaxChunkBytes
func (*Log) GetSessionEvents ¶
func (l *Log) GetSessionEvents(namespace string, sid session.ID, after int, inlcudePrintEvents bool) ([]events.EventFields, error)
GetSessionEvents Returns all events that happen during a session sorted by time (oldest first).
after tells to use only return events after a specified cursor Id
This function is usually used in conjunction with GetSessionReader to replay recorded session streams.
func (*Log) SearchEvents ¶
func (l *Log) SearchEvents(fromUTC, toUTC time.Time, namespace string, eventTypes []string, limit int, order types.EventOrder, startKey string) ([]apievents.AuditEvent, string, error)
SearchEvents is a flexible way to find events.
Event types to filter can be specified and pagination is handled by an iterator key that allows a query to be resumed.
The only mandatory requirement is a date range (UTC).
This function may never return more than 1 MiB of event data.
func (*Log) SearchSessionEvents ¶
func (l *Log) SearchSessionEvents(fromUTC, toUTC time.Time, limit int, order types.EventOrder, startKey string, cond *types.WhereExpr, sessionID string) ([]apievents.AuditEvent, string, error)
SearchSessionEvents returns session related events only. This is used to find completed session.
func (*Log) StreamSessionEvents ¶
func (l *Log) StreamSessionEvents(ctx context.Context, sessionID session.ID, startIndex int64) (chan apievents.AuditEvent, chan error)
StreamSessionEvents streams all events from a given session recording. An error is returned on the first channel if one is encountered. Otherwise the event channel is closed when the stream ends. The event channel is not closed on error to prevent race conditions in downstream select statements.