Documentation
¶
Overview ¶
Package audit provides an audit log writer for access to secrets.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Entry ¶
type Entry struct {
// ID is the entry's ID.
ID uint64 `json:"id"`
// Time is the entry's timestamp.
Time time.Time `json:"time"`
// Principal is the client who is doing something.
Principal Principal `json:"principal"`
// Action is the action being performed on a secret.
Action acl.Action `json:"action"`
// Authorized is whether the action in this entry took place, or
// was attempted and denied due to ACLs.
Authorized bool `json:"authorized"`
// Secret is the name of the secret being acted upon. Set for all
// actions, except acl.ActionInfo where an empty secret indicates
// a list operation.
Secret string `json:"secret,omitempty"`
// SecretVersion is the version of the secret being acted
// upon. Set for acl.ActionGet, acl.ActionPut,
// acl.ActionSetActive.
SecretVersion api.SecretVersion `json:"secretVersion,omitempty"`
}
Entry is an audit log entry.
type Principal ¶
type Principal struct {
// Hostname is the principal's Tailscale FQDN.
Hostname string `json:"hostname"`
// IP is one of the principal's Tailscale IPs that correspond to
// Hostname. The specific IP here depends on the builder of an
// instance of Principal, but is usually the IP from which a
// request was received.
IP netip.Addr `json:"ip"`
// User is the human identity of the principal, or the empty
// string if the principal is a tagged device.
User string `json:"user,omitempty"`
// Tags is the tags of the principal, or nil if the principal is
// not a tagged device.
Tags []string `json:"tags,omitempty"`
}
Principal is the identity of a client taking action on the secrets service.
type Writer ¶
type Writer struct {
// contains filtered or unexported fields
}
Writer is an audit log writer.
func New ¶
New returns a Writer that outputs audit log entries to w as JSON objects. If w also implements io.Closer, Writer.Close closes w. If w also implements a Sync method with the same signature as os.File, Writer.Sync calls w.Sync.
func NewFile ¶
NewFile returns a Writer that outputs audit log entries to a file at path, creating it if necessary.
func (*Writer) Close ¶
Close closes the Writer if the writer was created with a sink that implements io.Closer, or else does nothing successfully.
func (*Writer) Sync ¶
Sync commits the current contents of the file to stable storage if the Writer was created with a sink that itself implements Sync, or else does nothing successfully.
func (*Writer) WriteEntries ¶
WriteEntries writes entries to the audit log. Each entry's ID and Time fields are set prior to writing, any existing value is overwritten.
Source Files