audit

package
v0.4.29 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 18, 2024 License: BSD-3-Clause-Clear Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Currently setting AUDIT level to 10, a level above ERROR so it is always logged
	LevelAudit    = slog.Level(10)
	LevelAuditStr = "AUDIT"
)

From the Slog docs (https://betterstack.com/community/guides/logging/logging-in-go/#customizing-slog-levels): The log/slog package provides four log levels by default, with each one associated with an integer value: DEBUG (-4), INFO (0), WARN (4), and ERROR (8).

Variables

View Source 
var (
	TestPolicyObjectVersionEnum_name = map[int32]string{
		0: "TEST_POLICY_OBJECT_VERSION_ENUM_UNSPECIFIED",
		1: "TEST_POLICY_OBJECT_VERSION_ENUM_OLD",
		2: "TEST_POLICY_OBJECT_VERSION_ENUM_NEW",
	}
	TestPolicyObjectVersionEnum_value = map[string]int32{
		"TEST_POLICY_OBJECT_VERSION_ENUM_UNSPECIFIED": 0,
		"TEST_POLICY_OBJECT_VERSION_ENUM_OLD":         1,
		"TEST_POLICY_OBJECT_VERSION_ENUM_NEW":         2,
	}
)

Enum value maps for TestPolicyObjectVersionEnum.

View Source 
var File_logger_audit_test_proto protoreflect.FileDescriptor

Functions

func ContextServerInterceptor 

func ContextServerInterceptor() connect.UnaryInterceptorFunc

The audit unary server interceptor is a gRPC interceptor that adds metadata to the context of incoming requests. This metadata is used to log audit audit events.

func ReplaceAttrAuditLevel 

func ReplaceAttrAuditLevel(_ []string, a slog.Attr) slog.Attr

Used to support custom log levels showing up with custom labels as well see https://betterstack.com/community/guides/logging/logging-in-go/#creating-custom-log-levels

Types

type ActionResult 

type ActionResult int
const (
	ActionResultSuccess ActionResult = iota
	ActionResultFailure
	ActionResultError
	ActionResultEncrypt
	ActionResultBlock
	ActionResultIgnore
	ActionResultOverride
	ActionResultCancel
)

func (ActionResult) MarshalJSON 

func (ar ActionResult) MarshalJSON() ([]byte, error)

func (ActionResult) String 

func (ar ActionResult) String() string

type ActionType 

type ActionType int
const (
	ActionTypeCreate ActionType = iota
	ActionTypeRead
	ActionTypeUpdate
	ActionTypeDelete
	ActionTypeRewrap
)

func (ActionType) MarshalJSON 

func (at ActionType) MarshalJSON() ([]byte, error)

func (ActionType) String 

func (at ActionType) String() string

type ContextData 

type ContextData struct {
	RequestID uuid.UUID
	UserAgent string
	RequestIP string
	ActorID   string
}

func GetAuditDataFromContext 

func GetAuditDataFromContext(ctx context.Context) ContextData

GetAuditDataFromContext gets relevant audit data from the context object

func (ContextData) LogValue added in v0.4.25 

func (c ContextData) LogValue() slog.Value

type DecisionResult 

type DecisionResult int
const (
	GetDecisionResultPermit DecisionResult = iota
	GetDecisionResultDeny
)

func (DecisionResult) String 

func (dr DecisionResult) String() string

type EntityChainEntitlement 

type EntityChainEntitlement struct {
	EntityID                 string   `json:"entityId"`
	EntityCatagory           string   `json:"entityCatagory"`
	AttributeValueReferences []string `json:"attributeValueReferences"`
}

type EntityDecision 

type EntityDecision struct {
	EntityID     string   `json:"id"`
	Decision     string   `json:"decision"`
	Entitlements []string `json:"entitlements"`
}

type EventObject 

type EventObject struct {
	Object        auditEventObject `json:"object"`
	Action        eventAction      `json:"action"`
	Actor         auditEventActor  `json:"actor"`
	EventMetaData interface{}      `json:"eventMetaData"`
	ClientInfo    eventClientInfo  `json:"clientInfo"`

	Original  map[string]interface{} `json:"original,omitempty"`
	Updated   map[string]interface{} `json:"updated,omitempty"`
	RequestID uuid.UUID              `json:"requestId"`
	Timestamp string                 `json:"timestamp"`
}

event

func CreateGetDecisionEvent 

func CreateGetDecisionEvent(ctx context.Context, params GetDecisionEventParams) (*EventObject, error)

func CreatePolicyEvent 

func CreatePolicyEvent(ctx context.Context, isSuccess bool, params PolicyEventParams) (*EventObject, error)
 TODO: Changes to oneOf proto properties are not yet audited correctly with the existing code.

	The Updated event object will contain both the original and updated oneOf properties due to
	the logic for merging maps within this function.  We will need to find a way to support them
	correctly in the near future.

func CreateRewrapAuditEvent 

func CreateRewrapAuditEvent(ctx context.Context, params RewrapAuditEventParams) (*EventObject, error)

func (EventObject) LogValue added in v0.4.25 

func (e EventObject) LogValue() slog.Value

type GetDecisionEventParams 

type GetDecisionEventParams struct {
	Decision                DecisionResult
	EntityChainEntitlements []EntityChainEntitlement
	EntityChainID           string
	EntityDecisions         []EntityDecision
	ResourceAttributeID     string
	FQNs                    []string
}

type KasAttribute 

type KasAttribute struct {
	URI string
}

type KasPolicy 

type KasPolicy struct {
	UUID uuid.UUID
	Body KasPolicyBody
}

type KasPolicyBody 

type KasPolicyBody struct {
	DataAttributes []KasAttribute
	Dissem         []string
}

type Logger 

type Logger struct {
	// contains filtered or unexported fields
}

func CreateAuditLogger 

func CreateAuditLogger(logger slog.Logger) *Logger

func (*Logger) GetDecision 

func (a *Logger) GetDecision(ctx context.Context, eventParams GetDecisionEventParams)

func (*Logger) PolicyCRUDFailure 

func (a *Logger) PolicyCRUDFailure(ctx context.Context, eventParams PolicyEventParams)

func (*Logger) PolicyCRUDSuccess 

func (a *Logger) PolicyCRUDSuccess(ctx context.Context, eventParams PolicyEventParams)

func (*Logger) RewrapFailure 

func (a *Logger) RewrapFailure(ctx context.Context, eventParams RewrapAuditEventParams)

func (*Logger) RewrapSuccess 

func (a *Logger) RewrapSuccess(ctx context.Context, eventParams RewrapAuditEventParams)

func (*Logger) With 

func (a *Logger) With(key string, value string) *Logger

type ObjectType 

type ObjectType int
const (
	ObjectTypeSubjectMapping ObjectType = iota
	ObjectTypeResourceMapping
	ObjectTypeAttributeDefinition
	ObjectTypeAttributeValue
	ObjectTypeNamespace
	ObjectTypeConditionSet
	ObjectTypeKasRegistry
	ObjectTypeKasAttributeNamespaceAssignment
	ObjectTypeKasAttributeDefinitionAssignment
	ObjectTypeKasAttributeValueAssignment
	ObjectTypeKeyObject
	ObjectTypeEntityObject
	ObjectTypeResourceMappingGroup
)

func (ObjectType) MarshalJSON 

func (ot ObjectType) MarshalJSON() ([]byte, error)

func (ObjectType) String 

func (ot ObjectType) String() string

type PolicyEventParams 

type PolicyEventParams struct {
	ActionType ActionType
	ObjectID   string
	ObjectType ObjectType

	Original proto.Message
	Updated  proto.Message
}

type RewrapAuditEventParams 

type RewrapAuditEventParams struct {
	Policy        KasPolicy
	IsSuccess     bool
	TDFFormat     string
	Algorithm     string
	PolicyBinding string
}

type TestPolicyObject added in v0.4.24 

type TestPolicyObject struct {
	Id      string                      `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	Active  *wrapperspb.BoolValue       `protobuf:"bytes,2,opt,name=active,proto3" json:"active,omitempty"`
	Version TestPolicyObjectVersionEnum `protobuf:"varint,3,opt,name=version,proto3,enum=service.logger.audit.TestPolicyObjectVersionEnum" json:"version,omitempty"`
	// add array field
	Tags []string `protobuf:"bytes,5,rep,name=tags,proto3" json:"tags,omitempty"`
	// add oneOf simulated field that has either a scalar or struct value
	//
	// Types that are assignable to PolicyUser:
	//
	//	*TestPolicyObject_Username
	//	*TestPolicyObject_User
	PolicyUser isTestPolicyObject_PolicyUser `protobuf_oneof:"policy_user"`
	Metadata   *common.Metadata              `protobuf:"bytes,4,opt,name=metadata,proto3" json:"metadata,omitempty"`
	// contains filtered or unexported fields
}

func (*TestPolicyObject) Descriptor deprecated added in v0.4.24 

func (*TestPolicyObject) Descriptor() ([]byte, []int)

Deprecated: Use TestPolicyObject.ProtoReflect.Descriptor instead.

func (*TestPolicyObject) GetActive added in v0.4.24 

func (x *TestPolicyObject) GetActive() *wrapperspb.BoolValue

func (*TestPolicyObject) GetId added in v0.4.24 

func (x *TestPolicyObject) GetId() string

func (*TestPolicyObject) GetMetadata added in v0.4.24 

func (x *TestPolicyObject) GetMetadata() *common.Metadata

func (*TestPolicyObject) GetPolicyUser added in v0.4.24 

func (m *TestPolicyObject) GetPolicyUser() isTestPolicyObject_PolicyUser

func (*TestPolicyObject) GetTags added in v0.4.24 

func (x *TestPolicyObject) GetTags() []string

func (*TestPolicyObject) GetUser added in v0.4.24 

func (x *TestPolicyObject) GetUser() *User

func (*TestPolicyObject) GetUsername added in v0.4.24 

func (x *TestPolicyObject) GetUsername() string

func (*TestPolicyObject) GetVersion added in v0.4.24 

func (x *TestPolicyObject) GetVersion() TestPolicyObjectVersionEnum

func (*TestPolicyObject) ProtoMessage added in v0.4.24 

func (*TestPolicyObject) ProtoMessage()

func (*TestPolicyObject) ProtoReflect added in v0.4.24 

func (x *TestPolicyObject) ProtoReflect() protoreflect.Message

func (*TestPolicyObject) Reset added in v0.4.24 

func (x *TestPolicyObject) Reset()

func (*TestPolicyObject) String added in v0.4.24 

func (x *TestPolicyObject) String() string

type TestPolicyObjectVersionEnum added in v0.4.24 

type TestPolicyObjectVersionEnum int32

buflint ENUM_VALUE_PREFIX: to make sure that C++ scoping rules aren't violated when users add new enum values to an enum in a given package 

const (
	TestPolicyObjectVersionEnum_TEST_POLICY_OBJECT_VERSION_ENUM_UNSPECIFIED TestPolicyObjectVersionEnum = 0
	TestPolicyObjectVersionEnum_TEST_POLICY_OBJECT_VERSION_ENUM_OLD         TestPolicyObjectVersionEnum = 1
	TestPolicyObjectVersionEnum_TEST_POLICY_OBJECT_VERSION_ENUM_NEW         TestPolicyObjectVersionEnum = 2
)

func (TestPolicyObjectVersionEnum) Descriptor added in v0.4.24 

func (TestPolicyObjectVersionEnum) Descriptor() protoreflect.EnumDescriptor

func (TestPolicyObjectVersionEnum) Enum added in v0.4.24 

func (x TestPolicyObjectVersionEnum) Enum() *TestPolicyObjectVersionEnum

func (TestPolicyObjectVersionEnum) EnumDescriptor deprecated added in v0.4.24 

func (TestPolicyObjectVersionEnum) EnumDescriptor() ([]byte, []int)

Deprecated: Use TestPolicyObjectVersionEnum.Descriptor instead.

func (TestPolicyObjectVersionEnum) Number added in v0.4.24 

func (x TestPolicyObjectVersionEnum) Number() protoreflect.EnumNumber

func (TestPolicyObjectVersionEnum) String added in v0.4.24 

func (x TestPolicyObjectVersionEnum) String() string

func (TestPolicyObjectVersionEnum) Type added in v0.4.24 

func (TestPolicyObjectVersionEnum) Type() protoreflect.EnumType

type TestPolicyObject_User added in v0.4.24 

type TestPolicyObject_User struct {
	User *User `protobuf:"bytes,7,opt,name=user,proto3,oneof"`
}

type TestPolicyObject_Username added in v0.4.24 

type TestPolicyObject_Username struct {
	Username string `protobuf:"bytes,6,opt,name=username,proto3,oneof"`
}

type User added in v0.4.24 

type User struct {
	Id   string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

func (*User) Descriptor deprecated added in v0.4.24 

func (*User) Descriptor() ([]byte, []int)

Deprecated: Use User.ProtoReflect.Descriptor instead.

func (*User) GetId added in v0.4.24 

func (x *User) GetId() string

func (*User) GetName added in v0.4.24 

func (x *User) GetName() string

func (*User) ProtoMessage added in v0.4.24 

func (*User) ProtoMessage()

func (*User) ProtoReflect added in v0.4.24 

func (x *User) ProtoReflect() protoreflect.Message

func (*User) Reset added in v0.4.24 

func (x *User) Reset()

func (*User) String added in v0.4.24 

func (x *User) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.