audit

package
v0.4.13 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 22, 2024 License: BSD-3-Clause-Clear Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// Currently setting AUDIT level to 10, a level above ERROR so it is always logged
	LevelAudit    = slog.Level(10)
	LevelAuditStr = "AUDIT"
)

From the Slog docs (https://betterstack.com/community/guides/logging/logging-in-go/#customizing-slog-levels): The log/slog package provides four log levels by default, with each one associated with an integer value: DEBUG (-4), INFO (0), WARN (4), and ERROR (8).

Variables

This section is empty.

Functions

func ContextServerInterceptor added in v0.4.7

func ContextServerInterceptor(ctx context.Context, req any, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error)

The audit unary server interceptor is a gRPC interceptor that adds metadata to the context of incoming requests. This metadata is used to log audit audit events.

func ReplaceAttrAuditLevel added in v0.4.8

func ReplaceAttrAuditLevel(_ []string, a slog.Attr) slog.Attr

Used to support custom log levels showing up with custom labels as well see https://betterstack.com/community/guides/logging/logging-in-go/#creating-custom-log-levels

Types

type ActionResult added in v0.4.7

type ActionResult int
const (
	ActionResultSuccess ActionResult = iota
	ActionResultFailure
	ActionResultError
	ActionResultEncrypt
	ActionResultBlock
	ActionResultIgnore
	ActionResultOverride
	ActionResultCancel
)

func (ActionResult) MarshalJSON added in v0.4.7

func (ar ActionResult) MarshalJSON() ([]byte, error)

func (ActionResult) String added in v0.4.7

func (ar ActionResult) String() string

type ActionType

type ActionType int
const (
	ActionTypeCreate ActionType = iota
	ActionTypeRead
	ActionTypeUpdate
	ActionTypeDelete
	ActionTypeRewrap
)

func (ActionType) MarshalJSON added in v0.4.7

func (at ActionType) MarshalJSON() ([]byte, error)

func (ActionType) String

func (at ActionType) String() string

type ContextData

type ContextData struct {
	RequestID uuid.UUID
	UserAgent string
	RequestIP string
	ActorID   string
}

func GetAuditDataFromContext

func GetAuditDataFromContext(ctx context.Context) ContextData

Gets relevant audit data from the context object.

type DecisionResult added in v0.4.7

type DecisionResult int
const (
	GetDecisionResultPermit DecisionResult = iota
	GetDecisionResultDeny
)

func (DecisionResult) String added in v0.4.7

func (dr DecisionResult) String() string

type DiffEntry

type DiffEntry struct {
	Type  string      `json:"op"`
	Path  string      `json:"path"`
	Value interface{} `json:"value,omitempty"`
}

type EntityChainEntitlement added in v0.4.7

type EntityChainEntitlement struct {
	EntityID                 string   `json:"entityId"`
	AttributeValueReferences []string `json:"attributeValueReferences"`
}

type EntityDecision added in v0.4.7

type EntityDecision struct {
	EntityID     string   `json:"id"`
	Decision     string   `json:"decision"`
	Entitlements []string `json:"entitlements"`
}

type EventObject

type EventObject struct {
	Object        auditEventObject `json:"object"`
	Action        eventAction      `json:"action"`
	Owner         EventOwner       `json:"owner"`
	Actor         auditEventActor  `json:"actor"`
	EventMetaData interface{}      `json:"eventMetaData"`
	ClientInfo    eventClientInfo  `json:"clientInfo"`

	Diff      []DiffEntry `json:"diff,omitempty"`
	RequestID uuid.UUID   `json:"requestId"`
	Timestamp string      `json:"timestamp"`
}

event

func CreateGetDecisionEvent added in v0.4.7

func CreateGetDecisionEvent(ctx context.Context, params GetDecisionEventParams) (*EventObject, error)

func CreatePolicyEvent

func CreatePolicyEvent(ctx context.Context, isSuccess bool, params PolicyEventParams) (*EventObject, error)

func CreateRewrapAuditEvent

func CreateRewrapAuditEvent(ctx context.Context, params RewrapAuditEventParams) (*EventObject, error)

type EventOwner

type EventOwner struct {
	ID    uuid.UUID `json:"id"`
	OrgID uuid.UUID `json:"orgId"`
}

event.owner

func CreateNilOwner

func CreateNilOwner() EventOwner

Audit requires an "owner" field but that doesn't apply in the context of the platform. Therefore we just create a "nil" owner which has nil UUID fields.

type GetDecisionEventParams added in v0.4.7

type GetDecisionEventParams struct {
	Decision                DecisionResult
	EntityChainEntitlements []EntityChainEntitlement
	EntityChainID           string
	EntityDecisions         []EntityDecision
	ResourceAttributeID     string
	FQNs                    []string
}

type KasAttribute

type KasAttribute struct {
	URI string
}

type KasPolicy

type KasPolicy struct {
	UUID uuid.UUID
	Body KasPolicyBody
}

type KasPolicyBody

type KasPolicyBody struct {
	DataAttributes []KasAttribute
	Dissem         []string
}

type Logger

type Logger struct {
	// contains filtered or unexported fields
}

func CreateAuditLogger

func CreateAuditLogger(logger slog.Logger) *Logger

func (*Logger) GetDecision added in v0.4.7

func (a *Logger) GetDecision(ctx context.Context, eventParams GetDecisionEventParams)

func (*Logger) PolicyCRUDFailure

func (a *Logger) PolicyCRUDFailure(ctx context.Context, eventParams PolicyEventParams)

func (*Logger) PolicyCRUDSuccess

func (a *Logger) PolicyCRUDSuccess(ctx context.Context, eventParams PolicyEventParams)

func (*Logger) RewrapFailure

func (a *Logger) RewrapFailure(ctx context.Context, eventParams RewrapAuditEventParams)

func (*Logger) RewrapSuccess

func (a *Logger) RewrapSuccess(ctx context.Context, eventParams RewrapAuditEventParams)

func (*Logger) With

func (a *Logger) With(key string, value string) *Logger

type ObjectType

type ObjectType int
const (
	ObjectTypeSubjectMapping ObjectType = iota
	ObjectTypeResourceMapping
	ObjectTypeAttributeDefinition
	ObjectTypeAttributeValue
	ObjectTypeNamespace
	ObjectTypeConditionSet
	ObjectTypeKasRegistry
	ObjectTypeKasAttributeDefinitionAssignment
	ObjectTypeKasAttributeValueAssignment
	ObjectTypeKeyObject
	ObjectTypeEntityObject
)

func (ObjectType) MarshalJSON added in v0.4.7

func (ot ObjectType) MarshalJSON() ([]byte, error)

func (ObjectType) String

func (ot ObjectType) String() string

type PolicyEventParams

type PolicyEventParams struct {
	ActionType ActionType
	ObjectID   string
	ObjectType ObjectType

	Original interface{}
	Updated  interface{}
}

type RewrapAuditEventParams

type RewrapAuditEventParams struct {
	Policy        KasPolicy
	IsSuccess     bool
	TDFFormat     string
	Algorithm     string
	PolicyBinding string
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL