gcplogs

package
v1.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 10, 2021 License: AGPL-3.0 Imports: 7 Imported by: 0

Documentation

Overview

Package gcplogs has log parsers for Google Cloud Platform

Index

Constants

View Source
const (
	AuditLogActivityLogID = "cloudaudit.googleapis.com%2Factivity"
	AuditLogDataLogID     = "cloudaudit.googleapis.com%2Fdata_access"
	AuditLogSystemLogID   = "cloudaudit.googleapis.com%2Fsystem_event"
)
View Source
const (
	LogTypePrefix = "GCP"
	TypeAuditLog  = LogTypePrefix + ".AuditLog"
)

Variables

This section is empty.

Functions

func LogTypes added in v1.12.0

func LogTypes() logtypes.Group

LogTypes exports the available log type entries

func NewAuditLogParser

func NewAuditLogParser() parsers.LogParser

Types

type AuditData

type AuditData struct {
	PermissionDelta PermissionDelta `json:"permissionDelta" validate:"required" description:" The permissionDelta when when creating or updating a Role."`
}

IAM Data audit log nolint:lll

type AuditLog

type AuditLog struct {
	PayloadType        *string              `json:"@type" validate:"required,eq=type.googleapis.com/google.cloud.audit.AuditLog" description:"The type of payload"`
	ServiceName        *string              `json:"serviceName,omitempty" description:"The name of the API service performing the operation"`
	MethodName         *string              `` /* 144-byte string literal not displayed */
	ResourceName       *string              `` /* 174-byte string literal not displayed */
	NumResponseItems   *numerics.Int64      `json:"numResponseItems,omitempty" description:"The number of items returned from a List or Query API method, if applicable."`
	Status             *Status              `json:"status,omitempty" description:"The status of the overall operation."`
	AuthenticationInfo *AuthenticationInfo  `json:"authenticationInfo,omitempty" description:"Authentication information."`
	AuthorizationInfo  []AuthorizationInfo  `` /* 236-byte string literal not displayed */
	RequestMetadata    *RequestMetadata     `json:"requestMetadata,omitempty" description:"Metadata about the request"`
	Request            *jsoniter.RawMessage `` /* 320-byte string literal not displayed */
	Response           *jsoniter.RawMessage `` /* 323-byte string literal not displayed */
	ServiceData        *jsoniter.RawMessage `json:"serviceData,omitempty" description:"Other service-specific data about the request, response, and other activities."`
	Metadata           *jsoniter.RawMessage `` /* 161-byte string literal not displayed */
}

nolint:lll

type AuditLogParser

type AuditLogParser struct{}

func (*AuditLogParser) LogType

func (p *AuditLogParser) LogType() string

func (*AuditLogParser) New

func (p *AuditLogParser) New() parsers.LogParser

New creates a new log parser instance

func (*AuditLogParser) Parse

func (p *AuditLogParser) Parse(log string) ([]*parsers.PantherLog, error)

Parse implements parsers.LogParser interface

type AuthenticationInfo

type AuthenticationInfo struct {
	PrincipalSubject             *string                        `` /* 155-byte string literal not displayed */
	ServiceAccountKeyName        *string                        `` /* 232-byte string literal not displayed */
	PrincipalEmail               *string                        `json:"principalEmail,omitempty" description:"The email address of the authenticated user making the request."`
	AuthoritySelector            *string                        `` /* 182-byte string literal not displayed */
	ThirdPartyPrincipal          *jsoniter.RawMessage           `` /* 254-byte string literal not displayed */
	ServiceAccountDelegationInfo []ServiceAccountDelegationInfo `` /* 398-byte string literal not displayed */
}

nolint:lll

type AuthorizationInfo

type AuthorizationInfo struct {
	Resource           *string             `json:"resource,omitempty"  description:"The resource being accessed, as a REST-style string."`
	Permission         *string             `json:"permission,omitempty"  description:"The required IAM permission"`
	Granted            *bool               `json:"granted,omitempty" description:" Whether or not authorization for resource and permission was granted."`
	ResourceAttributes *ResourceAttributes `` /* 330-byte string literal not displayed */
}

nolint:lll

type FirstPartyPrincipal added in v1.15.3

type FirstPartyPrincipal struct {
	PrincipalEmail  *string              `json:"principalEmail,omitempty" description:"The email address of a Google account."`
	ServiceMetadata *jsoniter.RawMessage `json:"serviceMetadata,omitempty" description:"Metadata about the service that uses the service account."`
}

nolint:lll

type HTTPRequest

type HTTPRequest struct {
	RequestMethod  *string         `json:"requestMethod,omitempty" description:"The request HTTP method."`
	RequestURL     *string         `` /* 144-byte string literal not displayed */
	RequestSize    *numerics.Int64 `` /* 141-byte string literal not displayed */
	Status         *int16          `json:"status,omitempty" description:"The response HTTP status code"`
	ResponseSize   *numerics.Int64 `` /* 170-byte string literal not displayed */
	UserAgent      *string         `json:"userAgent,omitempty"  description:"The user agent sent by the client."`
	RemoteIP       *string         `json:"remoteIP,omitempty"  description:"The IP address (IPv4 or IPv6) of the client that issued the HTTP request."`
	ServerIP       *string         `json:"serverIP,omitempty"  description:"The IP address (IPv4 or IPv6) of the origin server that the request was sent to."`
	Referer        *string         `json:"referer,omitempty" description:"The referer URL of the request"`
	Latency        *string         `` /* 163-byte string literal not displayed */
	CacheLookup    *bool           `json:"cacheLookup,omitempty"  description:"Whether or not a cache lookup was attempted."`
	CacheHit       *bool           `json:"cacheHit,omitempty"  description:"Whether or not an entity was served from cache (with or without validation)."`
	CacheValidated *bool           `` /* 138-byte string literal not displayed */
	CacheFillBytes *numerics.Int64 `json:"cacheFillBytes,omitempty" description:"Whether or not an entity was served from cache (with or without validation)."`
	Protocol       *string         `json:"protocol,omitempty" description:"Protocol used for the request."`
}

nolint:lll

type Labels

type Labels map[string]string

type LogEntry

type LogEntry struct {
	LogName          *string                 `json:"logName" validate:"required" description:"The resource name of the log to which this log entry belongs."`
	Severity         *string                 `json:"severity,omitempty" description:"The severity of the log entry. The default value is LogSeverity.DEFAULT."`
	InsertID         *string                 `json:"insertId,omitempty" description:"A unique identifier for the log entry."`
	Resource         *MonitoredResource      `json:"resource,omitempty" description:"The monitored resource that produced this log entry."`
	Timestamp        *timestamp.RFC3339      `json:"timestamp,omitempty" description:"The time the event described by the log entry occurred."`
	ReceiveTimestamp *timestamp.RFC3339      `json:"receiveTimestamp" validate:"required" description:"The time the log entry was received by Logging."`
	Labels           Labels                  `` /* 135-byte string literal not displayed */
	Operation        *LogEntryOperation      `json:"operation,omitempty" description:"Information about an operation associated with the log entry, if applicable."`
	Trace            *string                 `json:"trace,omitempty" description:"Resource name of the trace associated with the log entry, if any."`
	HTTPRequest      *HTTPRequest            `json:"httpRequest,omitempty" description:"Information about the HTTP request associated with this log entry, if applicable."`
	SpanID           *string                 `json:"spanId,omitempty" description:"The span ID within the trace associated with the log entry."`
	TraceSampled     *bool                   `json:"traceSampled,omitempty" description:"The sampling decision of the trace associated with the log entry."`
	SourceLocation   *LogEntrySourceLocation `json:"sourceLocation,omitempty" description:"Source code location information associated with the log entry, if any."`
}

nolint:lll

func (*LogEntry) LogID

func (entry *LogEntry) LogID() string

LogID extracts the log ID from a `LogName` field. GCP logs are aggregated and use log id to differentiate different log types. A log ID is URL encoded is always the trailing path segment of a LogName.

type LogEntryAuditLog

type LogEntryAuditLog struct {
	LogEntry
	Payload AuditLog `json:"protoPayload" validate:"required" description:"The AuditLog payload"`

	parsers.PantherLog
}

type LogEntryOperation

type LogEntryOperation struct {
	ID       *string `json:"id,omitempty" description:"Whether or not an entity was served from cache (with or without validation)."`
	Producer *string `` /* 133-byte string literal not displayed */
	First    *bool   `json:"first,omitempty" description:"This is the first entry in an operation"`
	Last     *bool   `json:"last,omitempty" description:"This is the last entry in an operation"`
}

nolint:lll

type LogEntrySourceLocation

type LogEntrySourceLocation struct {
	File     *string         `` /* 146-byte string literal not displayed */
	Line     *numerics.Int64 `json:"line" description:"Line within the source file. 1-based; 0 indicates no line number available."`
	Function *string         `` /* 157-byte string literal not displayed */
}

nolint:lll

type MonitoredResource

type MonitoredResource struct {
	Type   *string `json:"type" validate:"required" description:"Type of resource that produced this log entry"`
	Labels Labels  `json:"labels" validate:"required" description:"Labels describing the resource"`
}

nolint:lll

type PermissionDelta

type PermissionDelta struct {
	AddedPermissions   []string `json:"addedPermissions,omitempty" description:"Added permissions"`
	RemovedPermissions []string `json:"removedPermissions,omitempty" description:"Removed permissions"`
}

nolint:lll

type RequestMetadata

type RequestMetadata struct {
	CallerIP                *string              `json:"callerIP,omitempty"  description:"The IP address of the caller."`
	CallerSuppliedUserAgent *string              `` /* 158-byte string literal not displayed */
	CallerNetwork           *string              `` /* 184-byte string literal not displayed */
	RequestAttributes       *jsoniter.RawMessage `` /* 205-byte string literal not displayed */
	DestinationAttributes   *jsoniter.RawMessage `` /* 127-byte string literal not displayed */
}

nolint:lll Reference https://cloud.google.com/service-infrastructure/docs/service-control/reference/rest/v1/AuditLog#RequestMetadata

type ResourceAttributes added in v1.15.3

type ResourceAttributes struct {
	Service *string `` /* 209-byte string literal not displayed */
	Name    *string `json:"name,omitempty" description:"The stable identifier (name) of a resource on the service."`
	Type    *string `` /* 157-byte string literal not displayed */
	Labels  *string `` /* 131-byte string literal not displayed */
	UID     *string `` /* 356-byte string literal not displayed */
}

nolint:lll

type ServiceAccountDelegationInfo added in v1.15.3

type ServiceAccountDelegationInfo struct {
	FirstPartyPrincipal *FirstPartyPrincipal `json:"firstPartyPrincipal,omitempty" description:"First party (Google) identity as the real authority."`
	ThirdPartyPrincipal *ThirdPartyPrincipal `json:"thirdPartyPrincipal,omitempty" description:"Third party identity as the real authority."`
}

nolint:lll

type Status

type Status struct {
	// https://cloud.google.com/vision/docs/reference/rpc/google.rpc#google.rpc.Code
	Code    *int32               `json:"code,omitempty" description:"The status code, which should be an enum value of google.rpc.Code."`
	Message *string              `json:"message,omitempty" description:"A developer-facing error message, which should be in English."`
	Details *jsoniter.RawMessage `` /* 143-byte string literal not displayed */
}

nolint:lll

type ThirdPartyPrincipal added in v1.15.3

type ThirdPartyPrincipal struct {
	ThirdPartyClaims *jsoniter.RawMessage `json:"thirdPartyClaims,omitempty" description:"Metadata about third party identity."`
}

nolint:lll

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL