The highest tagged major version is
Documentation
¶
Index ¶
- Constants
- func SearchAll(ctx context.Context, client Client, input *SearchInput) (*Root, SearchEvents, error)
- type ArweaveRootsProvider
- type Client
- type DownloadFormat
- type DownloadRequest
- type DownloadResult
- type EventEnvelope
- type EventVerification
- type ExportRequest
- type LogBulkRequest
- type LogBulkResult
- type LogEvent
- type LogRequest
- type LogResult
- type LogSigningMode
- type Option
- func DisableEventVerification() Option
- func SetPublicKeyInfo(pkinfo map[string]string) Option
- func WithConfigID(cid string) Option
- func WithCustomSchema(schema any) Option
- func WithLogLocalSigning(filename string) Option
- func WithLogProofVerificationEnabled() Option
- func WithTenantID(tenantID string) Option
- type Root
- type RootInput
- type RootOutput
- type RootsProvider
- type SearchEvent
- type SearchEvents
- type SearchInput
- type SearchOutput
- type SearchRestriction
- type SearchResultsInput
- type SearchResultsOutput
- type StandardEvent
- type Tenanter
- type ValidateEvents
- type ValidatedEvent
Constants ¶
View Source
const ( Left proofSide = iota Right )
Variables ¶
This section is empty.
Functions ¶
func SearchAll ¶
func SearchAll(ctx context.Context, client Client, input *SearchInput) (*Root, SearchEvents, error)
SearchAll is a helper function to return all the search results for a search with pages
Types ¶
type ArweaveRootsProvider ¶
func NewArweaveRootsProvider ¶
func NewArweaveRootsProvider(treeName string) *ArweaveRootsProvider
func (*ArweaveRootsProvider) OverrideRoots ¶ added in v3.10.0
func (rp *ArweaveRootsProvider) OverrideRoots(roots map[int]Root) map[int]Root
func (*ArweaveRootsProvider) UpdateRoots ¶
type Client ¶
type Client interface {
Log(ctx context.Context, event any, verbose bool) (*pangea.PangeaResponse[LogResult], error)
LogBulk(ctx context.Context, event []any, verbose bool) (*pangea.PangeaResponse[LogBulkResult], error)
LogBulkAsync(ctx context.Context, event []any, verbose bool) (*pangea.PangeaResponse[LogBulkResult], error)
Search(ctx context.Context, req *SearchInput) (*pangea.PangeaResponse[SearchOutput], error)
SearchResults(ctx context.Context, req *SearchResultsInput) (*pangea.PangeaResponse[SearchResultsOutput], error)
Root(ctx context.Context, req *RootInput) (*pangea.PangeaResponse[RootOutput], error)
// Get all search results as a compressed (gzip) CSV file.
DownloadResults(ctx context.Context, input *DownloadRequest) (*pangea.PangeaResponse[DownloadResult], error)
// This API allows 3rd party vendors (like Auth0) to stream events to this
// endpoint where the structure of the payload varies across different
// vendors.
LogStream(ctx context.Context, input pangea.ConfigIDer) (*pangea.PangeaResponse[struct{}], error)
// Bulk export of data from the Secure Audit Log, with optional filtering.
Export(ctx context.Context, input *ExportRequest) (*pangea.PangeaResponse[struct{}], error)
// Base service methods
pangea.BaseServicer
}
type DownloadFormat ¶ added in v3.8.0
type DownloadFormat string
const ( DFjson DownloadFormat = "json" // JSON. DFcsv DownloadFormat = "csv" // CSV. )
type DownloadRequest ¶ added in v3.8.0
type DownloadRequest struct {
pangea.BaseRequest
// ID returned by the export API.
RequestID string `json:"request_id,omitempty"`
// ID returned by the search API.
ResultID string `json:"result_id,omitempty"`
// Format for the records.
Format DownloadFormat `json:"format,omitempty"`
// Return the context data needed to decrypt secure audit events that have been redacted with format preserving encryption.
ReturnContext *bool `json:"return_context,omitempty"`
}
type DownloadResult ¶ added in v3.8.0
type DownloadResult struct {
// URL where search results can be downloaded.
DestURL string `json:"dest_url"`
}
type EventEnvelope ¶
type EventEnvelope struct {
// A structured record describing that <actor> did <action> on <target>
// changing it from <old> to <new> and the operation was <status>,
// and/or a free-form <message>.
Event any `json:"event"`
// An optional client-side signature for forgery protection.
// max len of 256 bytes
Signature *string `json:"signature,omitempty"`
// The base64-encoded ed25519 public key used for the signature, if one is provided
PublicKey *string `json:"public_key,omitempty"`
// A server-supplied timestamp.
ReceivedAt *pu.PangeaTimestamp `json:"received_at,omitempty"`
}
func (*EventEnvelope) VerifySignature ¶
func (ee *EventEnvelope) VerifySignature() EventVerification
type EventVerification ¶
type EventVerification int
const ( NotVerified EventVerification = iota Success Failed )
func VerifyHash ¶
func VerifyHash(ee map[string]any, h string) EventVerification
func VerifyMembershipProof ¶
func VerifyMembershipProof(rootHashEnc, h string, membershipProof string) (EventVerification, error)
func (EventVerification) String ¶
func (ev EventVerification) String() string
type ExportRequest ¶ added in v3.8.0
type ExportRequest struct {
pangea.BaseRequest
// Format for the records.
Format *DownloadFormat `json:"format,omitempty"`
// The start of the time range to perform the search on.
Start *string `json:"start,omitempty"`
// The end of the time range to perform the search on. If omitted, then all
// records up to the latest will be searched.
End *string `json:"end,omitempty"`
// Specify the sort order of the response, "asc" or "desc".
Order *string `json:"order,omitempty"`
// Name of column to sort the results by.
OrderBy *string `json:"order_by,omitempty"`
// Whether or not to include the root hash of the tree and the membership
// proof for each record.
Verbose *bool `json:"verbose,omitempty"`
}
type LogBulkRequest ¶ added in v3.2.0
type LogBulkRequest struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
Events []*LogEvent `json:"events"`
// If true, be verbose in the response; include root, membership and consistency proof, etc.
// default: false
Verbose bool `json:"verbose"`
}
type LogBulkResult ¶ added in v3.2.0
type LogBulkResult struct {
Results []LogResult `json:"results"`
}
type LogEvent ¶ added in v3.2.0
type LogEvent struct {
// A structured event describing an auditable activity.
Event any `json:"event"`
// An optional client-side signature for forgery protection.
// max len of 256 bytes
Signature *string `json:"signature,omitempty"`
// The base64-encoded ed25519 public key used for the signature, if one is provided
PublicKey *string `json:"public_key,omitempty"`
}
type LogRequest ¶
type LogRequest struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
LogEvent
// If true, be verbose in the response; include root, membership and consistency proof, etc.
// default: false
Verbose bool `json:"verbose"`
// Previous unpublished root
PrevRoot *string `json:"prev_root,omitempty"`
}
type LogResult ¶
type LogResult struct {
EventEnvelope *EventEnvelope
RawEnvelope map[string]any `json:"envelope"`
// The hash of the event data.
// max len of 64 bytes
Hash string `json:"hash"`
UnpublishedRootHash *string `json:"unpublished_root,omitempty"`
MembershipProof *string `json:"membership_proof,omitempty"`
ConsistencyProof *[]string `json:"consistency_proof,omitempty"`
MembershipVerification EventVerification
ConcistencyVerification EventVerification
SignatureVerification EventVerification
}
type LogSigningMode ¶
type LogSigningMode int
const ( Unsigned LogSigningMode = 0 LocalSign LogSigningMode = 1 )
type Option ¶
type Option func(*audit) error
func DisableEventVerification ¶
func DisableEventVerification() Option
func SetPublicKeyInfo ¶
func WithConfigID ¶
func WithCustomSchema ¶
func WithLogLocalSigning ¶
func WithLogProofVerificationEnabled ¶
func WithLogProofVerificationEnabled() Option
func WithTenantID ¶
type Root ¶
type Root struct {
// The name of the Merkle Tree
TreeName string `json:"tree_name"`
// The size of the tree (the number of records)
Size int `json:"size"`
// The root hash
// max len of 64 bytes
RootHash string `json:"root_hash"`
// The URL where this root has been published
URL *string `json:"url"`
// The date/time when this root was published
PublishedAt *time.Time `json:"published_at"`
// Consistency proof to verify that this root is a continuation of the previous one
ConsistencyProof *[]string `json:"consistency_proof"`
}
type RootInput ¶
type RootInput struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
// The size of the tree (the number of records)
TreeSize int `json:"tree_size,omitempty"`
}
type RootOutput ¶
type RootOutput struct {
Data Root `json:"data"`
}
type RootsProvider ¶
type SearchEvent ¶
type SearchEvent struct {
// Include Event data and security information
EventEnvelope *EventEnvelope
RawEnvelope map[string]any `json:"envelope"`
// The record's hash
// len of 64 bytes
Hash string `json:"hash"`
// The index of the leaf of the Merkle Tree where this record was inserted.
LeafIndex *int `json:"leaf_index"`
// A cryptographic proof that the record has been persisted in the log.
MembershipProof *string `json:"membership_proof"`
Published *bool `json:"published"`
MembershipVerification EventVerification
ConsistencyVerification EventVerification
SignatureVerification EventVerification
// The context data needed to decrypt secure audit events that have been redacted with format preserving encryption.
FPEContext *string `json:"fpe_context,omitempty"`
}
func (*SearchEvent) IsVerifiable ¶
func (event *SearchEvent) IsVerifiable() bool
IsVerifiable checks if a record can be verifiable with the published proof
func (*SearchEvent) VerifyConsistencyProof ¶
func (ee *SearchEvent) VerifyConsistencyProof(publishedRoots map[int]Root)
func (*SearchEvent) VerifyMembershipProof ¶
func (ee *SearchEvent) VerifyMembershipProof(root *Root)
type SearchEvents ¶
type SearchEvents []*SearchEvent
func (SearchEvents) VerifiableRecords ¶
func (events SearchEvents) VerifiableRecords() SearchEvents
VerifiableRecords returns a slice of records that can be verifiable by the published proof
type SearchInput ¶
type SearchInput struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
// Natural search string; list of keywords with optional `<option>:<value>` qualifiers.
//
// Query is a required field.
//
// The following optional qualifiers are supported:
// * action:
// * actor:
// * message:
// * new:
// * old:
// * status:
// * target:
//
// examples:
// actor:root target:/etc/shadow
Query string `json:"query"`
// Specify the sort order of the response. "asc" or "desc"
Order string `json:"order,omitempty"`
// Name of column to sort the results by.
OrderBy string `json:"order_by,omitempty"`
// The start of the time range to perform the search on.
Start *time.Time `json:"start,omitempty"`
// The end of the time range to perform the search on. All records up to the latest if left out.
End *time.Time `json:"end,omitempty"`
// Number of audit records to include from the first page of the results.
Limit int `json:"limit,omitempty"`
// Maximum number of results to return.
// min 1 max 10000
MaxResults int `json:"max_results,omitempty"`
// If true include root, membership and consistency proof
Verbose *bool `json:"verbose,omitempty"`
// A list of keys to restrict the search results to. Useful for partitioning data available to the query string.
SearchRestriction *SearchRestriction `json:"search_restriction,omitempty"`
// Return the context data needed to decrypt secure audit events that have been redacted with format preserving encryption.
ReturnContext *bool `json:"return_context,omitempty"`
}
type SearchOutput ¶
type SearchOutput struct {
// Identifier to supply to search_results API to fetch/paginate through search results.
// ID is always populated on a successful response.
ID string `json:"id"`
// The time when the results will no longer be available to page through via the results API.
// ExpiresAt is always populated on a successful response.
ExpiresAt *time.Time `json:"expires_at"`
// The total number of results that were returned by the search.
// Count is always populated on a successful response.
Count int `json:"count"`
// A list of matching audit records.
// Events is always populated on a successful response.
Events SearchEvents `json:"events"`
// A root of a Merkle Tree
Root *Root `json:"root,omitempty"`
// A unpublished root of a Merkle Tree
UnpublishedRoot *Root `json:"unpublished_root,omitempty"`
}
type SearchRestriction ¶
type SearchRestriction struct {
// A list of actors to restrict the search to.
Actor []string `json:"actor,omitempty"`
// A list of sources to restrict the search to.
Source []string `json:"source,omitempty"`
// A list of targets to restrict the search to.
Target []string `json:"target,omitempty"`
// A list of actions to restrict the search to.
Action []string `json:"action,omitempty"`
// A list of statuses to restrict the search to.
Status []string `json:"status,omitempty"`
}
type SearchResultsInput ¶
type SearchResultsInput struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
// A search results identifier returned by the search call
// ID is a required field
ID string `json:"id"`
// Number of audit records to include from the first page of the results.
Limit int `json:"limit,omitempty"`
// Offset from the start of the result set to start returning results from.
Offset *int `json:"offset,omitempty"`
// If provided, fail if the original search was performed with anything but the provided search_restriction parameter.
AssertSearchRestriction *SearchRestriction `json:"assert_search_restriction,omitempty"`
// Return the context data needed to decrypt secure audit events that have been redacted with format preserving encryption.
ReturnContext *bool `json:"return_context,omitempty"`
}
type SearchResultsOutput ¶
type SearchResultsOutput struct {
// The total number of results that were returned by the search.
// Count is always populated on a successful response.
Count int `json:"count"`
// A list of matching audit records.
// Events is always populated on a successful response.
Events SearchEvents `json:"events"`
// A root of a Merkle Tree
Root *Root `json:"root"`
// A unpublished root of a Merkle Tree
UnpublishedRoot *Root `json:"unpublished_root"`
}
type StandardEvent ¶
type StandardEvent struct {
// Record who performed the auditable activity.
// max len is 128 bytes
// examples:
// John Doe
// user-id
// DennisNedry@InGen.com
Actor string `json:"actor,omitempty"`
// The auditable action that occurred."
// max len is 32 bytes
// examples:
// created
// deleted
// updated
Action string `json:"action,omitempty"`
// A message describing a detailed account of what happened.
// This can be recorded as free-form text or as a JSON-formatted string.
// Message is a required field.
// max len of 65536 bytes
Message string `json:"message"`
// The value of a record after it was changed.
// max len of 65536 bytes
New string `json:"new,omitempty"`
// The value of a record before it was changed.
// max len of 65536 bytes
Old string `json:"old,omitempty"`
// Used to record the location from where an activity occurred.
// max len of 128 bytes
Source string `json:"source,omitempty"`
// Record whether or not the activity was successful.
// examples:
// failure
// success
// max len of 32 bytes
Status string `json:"status,omitempty"`
// Used to record the specific record that was targeted by the auditable activity.
// max len of 128 bytes
Target string `json:"target,omitempty"`
// An optional client-supplied timestamp.
Timestamp *pu.PangeaTimestamp `json:"timestamp,omitempty"`
// TenantID field
TenantID string `json:"tenant_id,omitempty"`
}
func (*StandardEvent) SetTenant ¶
func (e *StandardEvent) SetTenant(tid string)
func (*StandardEvent) Tenant ¶
func (e *StandardEvent) Tenant() string
type ValidateEvents ¶
type ValidateEvents []*ValidatedEvent
type ValidatedEvent ¶
type ValidatedEvent struct {
// the event that was validated
Event *EventEnvelope
// True if the event was successfully validated nil if there is no membership to validate
MembershipProofStatus *bool
// True if the event was successfully validated nil if there is no hash to validate
ConsistencyProofStatus *bool
}
Source Files
Click to show internal directories.
Click to hide internal directories.