Documentation
¶
Index ¶
Constants ¶
const ( // AuditLogsEndpoint is the API endpoint for creating audit logs AuditLogsEndpoint = "/api/audit-logs" // DefaultHTTPTimeout is the default timeout for HTTP requests to the audit service DefaultHTTPTimeout = 10 * time.Second )
const ( StatusSuccess = "SUCCESS" StatusFailure = "FAILURE" )
Audit log status constants
Variables ¶
This section is empty.
Functions ¶
func InitializeGlobalAudit ¶
func InitializeGlobalAudit(client Auditor)
InitializeGlobalAudit initializes the global audit middleware instance. This should be called once during application startup. Subsequent calls will be ignored (safe to call multiple times).
The client parameter should be an implementation of Auditor interface. When client is nil or IsEnabled() returns false, audit logging will be skipped but services will continue to function normally.
func LogAuditEvent ¶
func LogAuditEvent(ctx context.Context, auditRequest *AuditLogRequest)
LogAuditEvent logs an audit event using global audit middleware instance This is the public function that should be called from handlers and other components
func ResetGlobalAuditMiddleware ¶
func ResetGlobalAuditMiddleware()
ResetGlobalAuditMiddleware is a helper function for tests to reset the global audit middleware instance This should only be used in tests to reset state between test cases
Types ¶
type AuditClient ¶
type AuditClient = Auditor
AuditClient is an alias for Auditor to maintain backward compatibility. Deprecated: Use Auditor instead. This will be removed in a future version.
type AuditLogRequest ¶
type AuditLogRequest struct {
// Trace & Correlation
TraceID *string `json:"traceId,omitempty"` // UUID string, nullable for standalone events
// Temporal
Timestamp string `json:"timestamp"` // ISO 8601 format, required
// Event Classification
EventType *string `json:"eventType,omitempty"` // MANAGEMENT_EVENT, USER_MANAGEMENT (user-defined custom names)
EventAction *string `json:"eventAction,omitempty"` // CREATE, READ, UPDATE, DELETE
Status string `json:"status"` // SUCCESS, FAILURE
// Actor Information (unified approach)
ActorType string `json:"actorType"` // SERVICE, ADMIN, MEMBER, SYSTEM
ActorID string `json:"actorId"` // email, uuid, or service-name (required)
// Target Information (unified approach)
TargetType string `json:"targetType"` // SERVICE, RESOURCE
TargetID *string `json:"targetId,omitempty"` // resource_id or service_name
// Metadata (Payload without PII/sensitive data)
RequestMetadata json.RawMessage `json:"requestMetadata,omitempty"` // Request payload without PII/sensitive data
ResponseMetadata json.RawMessage `json:"responseMetadata,omitempty"` // Response or Error details
AdditionalMetadata json.RawMessage `json:"additionalMetadata,omitempty"` // Additional context-specific data
}
AuditLogRequest represents the request payload for creating an audit log Any service can use this without importing the full audit service implementation
type AuditMiddleware ¶
type AuditMiddleware struct {
// contains filtered or unexported fields
}
AuditMiddleware handles audit logging operations
func GetGlobalAuditMiddleware ¶
func GetGlobalAuditMiddleware() *AuditMiddleware
GetGlobalAuditMiddleware returns the global audit middleware instance This can be used by service-specific wrappers that need access to the global instance
func NewAuditMiddleware ¶
func NewAuditMiddleware(client Auditor) *AuditMiddleware
NewAuditMiddleware creates a new audit middleware with thread-safe global initialization This function should typically only be called once during application startup. Subsequent calls will return a new instance but won't update the global instance.
The client parameter should be an implementation of Auditor interface. When client is nil or IsEnabled() returns false, the middleware will skip all audit logging operations but services will continue to function normally.
func (*AuditMiddleware) Client ¶
func (m *AuditMiddleware) Client() Auditor
Client returns the audit client instance This allows service-specific wrappers to access the client
func (*AuditMiddleware) LogAuditEvent ¶
func (m *AuditMiddleware) LogAuditEvent(ctx context.Context, auditRequest *AuditLogRequest)
LogAuditEvent sends an audit event to the audit service API This function is used to log audit events using the unified audit log structure
type Auditor ¶
type Auditor interface {
// LogEvent logs an audit event asynchronously.
// The implementation should handle the event in a background goroutine
// to avoid blocking the calling code.
//
// If the audit service is disabled or unavailable, this method should
// return immediately without error (graceful degradation).
LogEvent(ctx context.Context, event *AuditLogRequest)
// IsEnabled returns whether audit logging is currently enabled.
// This can be used by callers to skip expensive audit event preparation
// when audit logging is disabled.
IsEnabled() bool
}
Auditor is the primary interface for audit logging operations. This interface provides a clean abstraction for audit capabilities, making it easy to swap implementations and integrate audit logging into any service.
Implementations should handle: - Asynchronous logging (fire-and-forget) - Graceful degradation when audit service is unavailable - Thread-safe operations
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is a client for sending audit events to the audit service
func NewClient ¶
NewClient creates a new audit client Audit can be disabled by:
- Setting ENABLE_AUDIT=false environment variable
- Providing an empty baseURL
When disabled, all LogEvent calls will be no-ops.
Source Files