Documentation ¶
Overview ¶
Package audit provides an audit log writer for access to secrets.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Entry ¶
type Entry struct { // ID is the entry's ID. ID uint64 `json:"id"` // Time is the entry's timestamp. Time time.Time `json:"time"` // Principal is the client who is doing something. Principal Principal `json:"principal"` // Action is the action being performed on a secret. Action acl.Action `json:"action"` // Authorized is whether the action in this entry took place, or // was attempted and denied due to ACLs. Authorized bool `json:"authorized"` // Secret is the name of the secret being acted upon. Set for all // actions, except acl.ActionInfo where an empty secret indicates // a list operation. Secret string `json:"secret,omitempty"` // SecretVersion is the version of the secret being acted // upon. Set for acl.ActionGet, acl.ActionPut, // acl.ActionSetActive. SecretVersion api.SecretVersion `json:"secretVersion,omitempty"` }
Entry is an audit log entry.
type Principal ¶
type Principal struct { // Hostname is the principal's Tailscale FQDN. Hostname string `json:"hostname"` // IP is one of the principal's Tailscale IPs that correspond to // Hostname. The specific IP here depends on the builder of an // instance of Principal, but is usually the IP from which a // request was received. IP netip.Addr `json:"ip"` // User is the human identity of the principal, or the empty // string if the principal is a tagged device. User string `json:"user,omitempty"` // Tags is the tags of the principal, or nil if the principal is // not a tagged device. Tags []string `json:"tags,omitempty"` }
Principal is the identity of a client taking action on the secrets service.
type Writer ¶
type Writer struct {
// contains filtered or unexported fields
}
Writer is an audit log writer.
func New ¶
New returns a Writer that outputs audit log entries to w as JSON objects. If w also implements io.Closer, Writer.Close closes w. If w also implements a Sync method with the same signature as os.File, Writer.Sync calls w.Sync.
func NewFile ¶
NewFile returns a Writer that outputs audit log entries to a file at path, creating it if necessary.
func (*Writer) Close ¶
Close closes the Writer if the writer was created with a sink that implements io.Closer, or else does nothing successfully.
func (*Writer) Sync ¶
Sync commits the current contents of the file to stable storage if the Writer was created with a sink that itself implements Sync, or else does nothing successfully.
func (*Writer) WriteEntries ¶
WriteEntries writes entries to the audit log. Each entry's ID and Time fields are set prior to writing, any existing value is overwritten.