Documentation
¶
Overview ¶
Package audittools provides helper functions for establishing a connection to a RabbitMQ server (with sane defaults) and publishing messages to it.
It comes with a ready-to-use implementation that can be used to publish the audit trail of an application to a RabbitMQ server, or it can be used as a reference to build your own.
One usage of the aforementioned implementation can be:
package yourPackageName
import (
"net/url"
...
"github.com/sapcc/go-bits/audittools"
...
)
var eventPublishSuccessCounter = prometheus.NewCounter(
prometheus.CounterOpts{
Name: "yourApplication_successful_auditevent_publish",
Help: "Counter for successful audit event publish to RabbitMQ server.",
},
)
var eventPublishFailedCounter = prometheus.NewCounter(
prometheus.CounterOpts{
Name: "yourApplication_failed_auditevent_publish",
Help: "Counter for failed audit event publish to RabbitMQ server.",
},
)
var EventSink chan<- cadf.Event
func init() {
s := make(chan cadf.Event, 20)
EventSink = s
onSuccessFunc := func() {
eventPublishSuccessCounter.Inc()
}
onFailFunc() := func() {
eventPublishFailedCounter.Inc()
}
rabbitmqQueueName := "down-the-rabbit-hole"
rabbitmqURI := url.URL{
Scheme: "amqp",
Host: net.JoinHostPort("localhost", "5672"),
User: url.UserPassword("guest", "guest"),
Path: "/",
}
go audittools.AuditTrail{
EventSink: s,
OnSuccessfulPublish: onSuccessFunc,
OnFailedPublish: onFailFunc,
}.Commit(rabbitmqURI.String(), rabbitmqQueueName)
}
func someFunction() {
event := generateCADFEvent()
if EventSink != nil {
EventSink <- event
}
}
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateUUID ¶
func GenerateUUID() string
GenerateUUID generates an UUID based on random numbers (RFC 4122). Failure will result in program termination.
func NewEvent ¶
func NewEvent(p EventParameters) cadf.Event
NewEvent uses EventParameters to generate an audit event. Warning: this function uses GenerateUUID() to generate the Event.ID, if that fails then the concerning error will be logged and it will result in program termination.
Types ¶
type AuditTrail ¶
type AuditTrail struct {
EventSink <-chan cadf.Event
OnSuccessfulPublish func()
OnFailedPublish func()
}
AuditTrail holds an event sink for receiving audit events and closure functions that are executed in case of successful and failed publishing.
func (AuditTrail) Commit ¶
func (t AuditTrail) Commit(rabbitmqURI url.URL, rabbitmqQueueName string)
Commit takes a AuditTrail that receives audit events from an event sink and publishes them to a specific RabbitMQ Connection using the specified amqp URI and queue name. The OnSuccessfulPublish and OnFailedPublish closures are executed as per their respective case.
type EventParameters ¶
type EventParameters struct {
Time time.Time
Request *http.Request
// User is usually a *gopherpolicy.Token instance.
User UserInfo
// ReasonCode is used to determine whether the Event.Outcome was a 'success' or 'failure'.
// It is recommended to use a constant from: https://golang.org/pkg/net/http/#pkg-constants
ReasonCode int
Action cadf.Action
Observer struct {
TypeURI string
Name string
ID string
}
Target TargetRenderer
}
EventParameters contains the necessary parameters for generating a cadf.Event.
type NonStandardUserInfo ¶
NonStandardUserInfo is an extension interface for type UserInfo that allows a UserInfo instance to render its own cadf.Resource. This is useful for UserInfo implementors representing special roles that are not backed by a Keystone user.
type RabbitConnection ¶
type RabbitConnection struct {
Inner *amqp.Connection
Channel *amqp.Channel
QueueName string
LastConnectedAt time.Time
}
RabbitConnection represents a unique connection to some RabbitMQ server with an open Channel and a declared Queue.
func NewRabbitConnection ¶
func NewRabbitConnection(uri url.URL, queueName string) (*RabbitConnection, error)
NewRabbitConnection returns a new RabbitConnection using the specified amqp URI and queue name.
func (*RabbitConnection) Disconnect ¶
func (c *RabbitConnection) Disconnect()
Disconnect is a helper function for closing a RabbitConnection.
func (*RabbitConnection) IsNilOrClosed ¶
func (c *RabbitConnection) IsNilOrClosed() bool
IsNilOrClosed is like (*amqp.Connection).IsClosed() but it also returns true if RabbitConnection or the underlying amqp.Connection are nil.
func (*RabbitConnection) PublishEvent ¶
func (c *RabbitConnection) PublishEvent(event *cadf.Event) error
PublishEvent publishes a cadf.Event to a specific RabbitMQ Connection. A nil pointer for event parameter will return an error.
type TargetRenderer ¶
TargetRenderer is the interface that different event types "must" implement in order to render the respective cadf.Event.Target section.
type UserInfo ¶
type UserInfo interface {
UserUUID() string
UserName() string
UserDomainName() string
// ProjectScopeUUID returns the empty string if the user's token is not for a project scope.
ProjectScopeUUID() string
// ProjectScopeName returns the empty string if the user's token is not for a project scope.
ProjectScopeName() string
// ProjectScopeDomainName returns the empty string if the user's token is not for a project scope.
ProjectScopeDomainName() string
// DomainScopeUUID returns the empty string if the user's token is not for a domain scope.
DomainScopeUUID() string
// DomainScopeName returns the empty string if the user's token is not for a domain scope.
DomainScopeName() string
// ApplicationCredentialID returns the empty string if the user's token was created through a different authentication method.
ApplicationCredentialID() string
}
UserInfo is implemented by types that describe a user who is taking an action on an OpenStack API. The most important implementor of this interface is *gopherpolicy.Token.
Source Files