audit

package
v0.4.26 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 17, 2024 License: BSD-3-Clause-Clear Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// Currently setting AUDIT level to 10, a level above ERROR so it is always logged
	LevelAudit    = slog.Level(10)
	LevelAuditStr = "AUDIT"
)

From the Slog docs (https://betterstack.com/community/guides/logging/logging-in-go/#customizing-slog-levels): The log/slog package provides four log levels by default, with each one associated with an integer value: DEBUG (-4), INFO (0), WARN (4), and ERROR (8).

Variables

View Source
var (
	TestPolicyObjectVersionEnum_name = map[int32]string{
		0: "TEST_POLICY_OBJECT_VERSION_ENUM_UNSPECIFIED",
		1: "TEST_POLICY_OBJECT_VERSION_ENUM_OLD",
		2: "TEST_POLICY_OBJECT_VERSION_ENUM_NEW",
	}
	TestPolicyObjectVersionEnum_value = map[string]int32{
		"TEST_POLICY_OBJECT_VERSION_ENUM_UNSPECIFIED": 0,
		"TEST_POLICY_OBJECT_VERSION_ENUM_OLD":         1,
		"TEST_POLICY_OBJECT_VERSION_ENUM_NEW":         2,
	}
)

Enum value maps for TestPolicyObjectVersionEnum.

View Source
var File_logger_audit_test_proto protoreflect.FileDescriptor

Functions

func ContextServerInterceptor

func ContextServerInterceptor(ctx context.Context, req any, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error)

The audit unary server interceptor is a gRPC interceptor that adds metadata to the context of incoming requests. This metadata is used to log audit audit events.

func ReplaceAttrAuditLevel

func ReplaceAttrAuditLevel(_ []string, a slog.Attr) slog.Attr

Used to support custom log levels showing up with custom labels as well see https://betterstack.com/community/guides/logging/logging-in-go/#creating-custom-log-levels

Types

type ActionResult

type ActionResult int
const (
	ActionResultSuccess ActionResult = iota
	ActionResultFailure
	ActionResultError
	ActionResultEncrypt
	ActionResultBlock
	ActionResultIgnore
	ActionResultOverride
	ActionResultCancel
)

func (ActionResult) MarshalJSON

func (ar ActionResult) MarshalJSON() ([]byte, error)

func (ActionResult) String

func (ar ActionResult) String() string

type ActionType

type ActionType int
const (
	ActionTypeCreate ActionType = iota
	ActionTypeRead
	ActionTypeUpdate
	ActionTypeDelete
	ActionTypeRewrap
)

func (ActionType) MarshalJSON

func (at ActionType) MarshalJSON() ([]byte, error)

func (ActionType) String

func (at ActionType) String() string

type ContextData

type ContextData struct {
	RequestID uuid.UUID
	UserAgent string
	RequestIP string
	ActorID   string
}

func GetAuditDataFromContext

func GetAuditDataFromContext(ctx context.Context) ContextData

GetAuditDataFromContext gets relevant audit data from the context object

func (ContextData) LogValue added in v0.4.25

func (c ContextData) LogValue() slog.Value

type DecisionResult

type DecisionResult int
const (
	GetDecisionResultPermit DecisionResult = iota
	GetDecisionResultDeny
)

func (DecisionResult) String

func (dr DecisionResult) String() string

type EntityChainEntitlement

type EntityChainEntitlement struct {
	EntityID                 string   `json:"entityId"`
	EntityCatagory           string   `json:"entityCatagory"`
	AttributeValueReferences []string `json:"attributeValueReferences"`
}

type EntityDecision

type EntityDecision struct {
	EntityID     string   `json:"id"`
	Decision     string   `json:"decision"`
	Entitlements []string `json:"entitlements"`
}

type EventObject

type EventObject struct {
	Object        auditEventObject `json:"object"`
	Action        eventAction      `json:"action"`
	Actor         auditEventActor  `json:"actor"`
	EventMetaData interface{}      `json:"eventMetaData"`
	ClientInfo    eventClientInfo  `json:"clientInfo"`

	Original  map[string]interface{} `json:"original,omitempty"`
	Updated   map[string]interface{} `json:"updated,omitempty"`
	RequestID uuid.UUID              `json:"requestId"`
	Timestamp string                 `json:"timestamp"`
}

event

func CreateGetDecisionEvent

func CreateGetDecisionEvent(ctx context.Context, params GetDecisionEventParams) (*EventObject, error)

func CreatePolicyEvent

func CreatePolicyEvent(ctx context.Context, isSuccess bool, params PolicyEventParams) (*EventObject, error)
 TODO: Changes to oneOf proto properties are not yet audited correctly with the existing code.

	The Updated event object will contain both the original and updated oneOf properties due to
	the logic for merging maps within this function.  We will need to find a way to support them
	correctly in the near future.

func CreateRewrapAuditEvent

func CreateRewrapAuditEvent(ctx context.Context, params RewrapAuditEventParams) (*EventObject, error)

func (EventObject) LogValue added in v0.4.25

func (e EventObject) LogValue() slog.Value

type GetDecisionEventParams

type GetDecisionEventParams struct {
	Decision                DecisionResult
	EntityChainEntitlements []EntityChainEntitlement
	EntityChainID           string
	EntityDecisions         []EntityDecision
	ResourceAttributeID     string
	FQNs                    []string
}

type KasAttribute

type KasAttribute struct {
	URI string
}

type KasPolicy

type KasPolicy struct {
	UUID uuid.UUID
	Body KasPolicyBody
}

type KasPolicyBody

type KasPolicyBody struct {
	DataAttributes []KasAttribute
	Dissem         []string
}

type Logger

type Logger struct {
	// contains filtered or unexported fields
}

func CreateAuditLogger

func CreateAuditLogger(logger slog.Logger) *Logger

func (*Logger) GetDecision

func (a *Logger) GetDecision(ctx context.Context, eventParams GetDecisionEventParams)

func (*Logger) PolicyCRUDFailure

func (a *Logger) PolicyCRUDFailure(ctx context.Context, eventParams PolicyEventParams)

func (*Logger) PolicyCRUDSuccess

func (a *Logger) PolicyCRUDSuccess(ctx context.Context, eventParams PolicyEventParams)

func (*Logger) RewrapFailure

func (a *Logger) RewrapFailure(ctx context.Context, eventParams RewrapAuditEventParams)

func (*Logger) RewrapSuccess

func (a *Logger) RewrapSuccess(ctx context.Context, eventParams RewrapAuditEventParams)

func (*Logger) With

func (a *Logger) With(key string, value string) *Logger

type ObjectType

type ObjectType int
const (
	ObjectTypeSubjectMapping ObjectType = iota
	ObjectTypeResourceMapping
	ObjectTypeAttributeDefinition
	ObjectTypeAttributeValue
	ObjectTypeNamespace
	ObjectTypeConditionSet
	ObjectTypeKasRegistry
	ObjectTypeKasAttributeNamespaceAssignment
	ObjectTypeKasAttributeDefinitionAssignment
	ObjectTypeKasAttributeValueAssignment
	ObjectTypeKeyObject
	ObjectTypeEntityObject
	ObjectTypeResourceMappingGroup
)

func (ObjectType) MarshalJSON

func (ot ObjectType) MarshalJSON() ([]byte, error)

func (ObjectType) String

func (ot ObjectType) String() string

type PolicyEventParams

type PolicyEventParams struct {
	ActionType ActionType
	ObjectID   string
	ObjectType ObjectType

	Original proto.Message
	Updated  proto.Message
}

type RewrapAuditEventParams

type RewrapAuditEventParams struct {
	Policy        KasPolicy
	IsSuccess     bool
	TDFFormat     string
	Algorithm     string
	PolicyBinding string
}

type TestPolicyObject added in v0.4.24

type TestPolicyObject struct {
	Id      string                      `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	Active  *wrapperspb.BoolValue       `protobuf:"bytes,2,opt,name=active,proto3" json:"active,omitempty"`
	Version TestPolicyObjectVersionEnum `protobuf:"varint,3,opt,name=version,proto3,enum=service.logger.audit.TestPolicyObjectVersionEnum" json:"version,omitempty"`
	// add array field
	Tags []string `protobuf:"bytes,5,rep,name=tags,proto3" json:"tags,omitempty"`
	// add oneOf simulated field that has either a scalar or struct value
	//
	// Types that are assignable to PolicyUser:
	//
	//	*TestPolicyObject_Username
	//	*TestPolicyObject_User
	PolicyUser isTestPolicyObject_PolicyUser `protobuf_oneof:"policy_user"`
	Metadata   *common.Metadata              `protobuf:"bytes,4,opt,name=metadata,proto3" json:"metadata,omitempty"`
	// contains filtered or unexported fields
}

func (*TestPolicyObject) Descriptor deprecated added in v0.4.24

func (*TestPolicyObject) Descriptor() ([]byte, []int)

Deprecated: Use TestPolicyObject.ProtoReflect.Descriptor instead.

func (*TestPolicyObject) GetActive added in v0.4.24

func (x *TestPolicyObject) GetActive() *wrapperspb.BoolValue

func (*TestPolicyObject) GetId added in v0.4.24

func (x *TestPolicyObject) GetId() string

func (*TestPolicyObject) GetMetadata added in v0.4.24

func (x *TestPolicyObject) GetMetadata() *common.Metadata

func (*TestPolicyObject) GetPolicyUser added in v0.4.24

func (m *TestPolicyObject) GetPolicyUser() isTestPolicyObject_PolicyUser

func (*TestPolicyObject) GetTags added in v0.4.24

func (x *TestPolicyObject) GetTags() []string

func (*TestPolicyObject) GetUser added in v0.4.24

func (x *TestPolicyObject) GetUser() *User

func (*TestPolicyObject) GetUsername added in v0.4.24

func (x *TestPolicyObject) GetUsername() string

func (*TestPolicyObject) GetVersion added in v0.4.24

func (*TestPolicyObject) ProtoMessage added in v0.4.24

func (*TestPolicyObject) ProtoMessage()

func (*TestPolicyObject) ProtoReflect added in v0.4.24

func (x *TestPolicyObject) ProtoReflect() protoreflect.Message

func (*TestPolicyObject) Reset added in v0.4.24

func (x *TestPolicyObject) Reset()

func (*TestPolicyObject) String added in v0.4.24

func (x *TestPolicyObject) String() string

type TestPolicyObjectVersionEnum added in v0.4.24

type TestPolicyObjectVersionEnum int32

buflint ENUM_VALUE_PREFIX: to make sure that C++ scoping rules aren't violated when users add new enum values to an enum in a given package

const (
	TestPolicyObjectVersionEnum_TEST_POLICY_OBJECT_VERSION_ENUM_UNSPECIFIED TestPolicyObjectVersionEnum = 0
	TestPolicyObjectVersionEnum_TEST_POLICY_OBJECT_VERSION_ENUM_OLD         TestPolicyObjectVersionEnum = 1
	TestPolicyObjectVersionEnum_TEST_POLICY_OBJECT_VERSION_ENUM_NEW         TestPolicyObjectVersionEnum = 2
)

func (TestPolicyObjectVersionEnum) Descriptor added in v0.4.24

func (TestPolicyObjectVersionEnum) Enum added in v0.4.24

func (TestPolicyObjectVersionEnum) EnumDescriptor deprecated added in v0.4.24

func (TestPolicyObjectVersionEnum) EnumDescriptor() ([]byte, []int)

Deprecated: Use TestPolicyObjectVersionEnum.Descriptor instead.

func (TestPolicyObjectVersionEnum) Number added in v0.4.24

func (TestPolicyObjectVersionEnum) String added in v0.4.24

func (TestPolicyObjectVersionEnum) Type added in v0.4.24

type TestPolicyObject_User added in v0.4.24

type TestPolicyObject_User struct {
	User *User `protobuf:"bytes,7,opt,name=user,proto3,oneof"`
}

type TestPolicyObject_Username added in v0.4.24

type TestPolicyObject_Username struct {
	Username string `protobuf:"bytes,6,opt,name=username,proto3,oneof"`
}

type User added in v0.4.24

type User struct {
	Id   string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

func (*User) Descriptor deprecated added in v0.4.24

func (*User) Descriptor() ([]byte, []int)

Deprecated: Use User.ProtoReflect.Descriptor instead.

func (*User) GetId added in v0.4.24

func (x *User) GetId() string

func (*User) GetName added in v0.4.24

func (x *User) GetName() string

func (*User) ProtoMessage added in v0.4.24

func (*User) ProtoMessage()

func (*User) ProtoReflect added in v0.4.24

func (x *User) ProtoReflect() protoreflect.Message

func (*User) Reset added in v0.4.24

func (x *User) Reset()

func (*User) String added in v0.4.24

func (x *User) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL