Documentation
¶
Overview ¶
Package cadf provides data structures for working with CADF events as per the CADF spec.
SAP CCloud developers wishing to publish audit events to Hermes are advised to use the github.com/sapcc/go-bits/audittools package.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Action ¶
type Action string
Action enumerates some of the valid values for CADF actions. Note that this list is not complete and there are other action types that are also valid.
const ( BackupAction Action = "backup" CaptureAction Action = "capture" CreateAction Action = "create" ConfigureAction Action = "configure" ReadAction Action = "read" ListAction Action = "list" UpdateAction Action = "update" DeleteAction Action = "delete" MonitorAction Action = "monitor" StartAction Action = "start" StopAction Action = "stop" DeployAction Action = "deploy" UndeployAction Action = "undeploy" EnableAction Action = "enable" DisableAction Action = "disable" SendAction Action = "send" ReceiveAction Action = "receive" AuthenticateAction Action = "authenticate" LoginAction Action = "authenticate/login" RevokeAction Action = "revoke" RenewAction Action = "renew" RestoreAction Action = "restore" EvaluateAction Action = "evaluate" AllowAction Action = "allow" DenyAction Action = "deny" NotifyAction Action = "notify" UnknownAction Action = "unknown" )
type Attachment ¶
type Attachment struct {
// Note: name is optional in CADF spec. to permit unnamed attachments
Name string `json:"name,omitempty"`
// this is messed-up in the spec.: the schema and examples says contentType. But the text often refers to typeURI.
// Using typeURI would surely be more consistent. OpenStack uses typeURI, IBM supports both
// (but forgot the name property)
TypeURI string `json:"typeURI"`
// Content contains the payload of the attachment. In theory this means any type.
// In practise we have to decide because otherwise ES does based one first value
// An interface allows arrays of json content. This should be json in the content.
Content any `json:"content"`
}
Attachment contains self-describing extensions to the event
type Event ¶
type Event struct {
// CADF Event Schema
TypeURI string `json:"typeURI"`
// CADF generated event id
ID string `json:"id"`
// CADF generated timestamp
EventTime string `json:"eventTime"`
// Characterizes events: eg. activity
EventType string `json:"eventType"`
// CADF action mapping for GET call on an OpenStack REST API
Action Action `json:"action"`
// Outcome of REST API call, eg. success/failure
Outcome Outcome `json:"outcome"`
// Standard response for successful HTTP requests
Reason Reason `json:"reason,omitempty"`
// CADF component that contains the RESOURCE
// that initiated, originated, or instigated the event's
// ACTION, according to the OBSERVER
Initiator Resource `json:"initiator"`
// CADF component that contains the RESOURCE
// against which the ACTION of a CADF Event
// Record was performed, was attempted, or is
// pending, according to the OBSERVER.
Target Resource `json:"target"`
// CADF component that contains the RESOURCE
// that generates the CADF Event Record based on
// its observation (directly or indirectly) of the Actual Event
Observer Resource `json:"observer"`
// Attachment contains self-describing extensions to the event
Attachments []Attachment `json:"attachments,omitempty"`
// Request path on the OpenStack service REST API call
RequestPath string `json:"requestPath,omitempty"`
}
Event contains the CADF event according to CADF spec, section 6.6.1 Event (data) Extensions: requestPath (OpenStack, IBM), initiator.project_id/domain_id Omissions: everything that we do not use or not expose to API users
The JSON annotations are for parsing the result from ElasticSearch AND for generating the Hermes API response
type Host ¶
type Host struct {
ID string `json:"id,omitempty"`
Address string `json:"address,omitempty"`
Agent string `json:"agent,omitempty"`
Platform string `json:"platform,omitempty"`
}
Host contains optional Information about the Host
type Reason ¶
type Reason struct {
ReasonType string `json:"reasonType,omitempty"`
ReasonCode string `json:"reasonCode,omitempty"`
}
Reason contains HTTP Code and Type, and is optional in the CADF spec
type Resource ¶
type Resource struct {
TypeURI string `json:"typeURI"`
Name string `json:"name,omitempty"`
Domain string `json:"domain,omitempty"`
ID string `json:"id,omitempty"`
Addresses []struct {
URL string `json:"url"`
Name string `json:"name,omitempty"`
} `json:"addresses,omitempty"`
Host *Host `json:"host,omitempty"`
Attachments []Attachment `json:"attachments,omitempty"`
// project_id and domain_id are OpenStack extensions (introduced by Keystone and keystone(audit)middleware)
ProjectID string `json:"project_id,omitempty"`
DomainID string `json:"domain_id,omitempty"`
// project_name, project_domain_name, domain_name, application_credential_id, request_id and global_request_id
// are Hermes extensions for initiator resources only (not for target or observer)
ProjectName string `json:"project_name,omitempty"`
ProjectDomainName string `json:"project_domain_name,omitempty"`
DomainName string `json:"domain_name,omitempty"`
AppCredentialID string `json:"application_credential_id,omitempty"`
RequestID string `json:"request_id,omitempty"`
GlobalRequestID string `json:"global_request_id,omitempty"`
}
Resource contains attributes describing a (OpenStack-) Resource
Source Files
Click to show internal directories.
Click to hide internal directories.