audit

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 14, 2026 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation

Overview

Package audit provides the audit log interface and NoOp implementation for compliance-grade event recording. It does not own storage backends — the Redis implementation is wired in v0.3. Primary dependency: context for request-scoped operations.

Index

Constants

View Source 
const (
	RevocationScopeToken    = "token"
	RevocationScopeAudience = "audience"
	RevocationScopeUser     = "user"
)

Sentinel scope values for RevocationEvent.Scope.

Variables

This section is empty.

Functions

This section is empty.

Types

type NoOpAuditStore 

type NoOpAuditStore struct{}

NoOpAuditStore is a no-op implementation of the Store interface. All methods return nil safely — suitable for testing and optional audit pipelines.

func NewNoOpAuditStore 

func NewNoOpAuditStore() *NoOpAuditStore

NewNoOpAuditStore returns a new NoOpAuditStore.

func (*NoOpAuditStore) Ping 

func (s *NoOpAuditStore) Ping(ctx context.Context) error

Ping verifies the store is reachable. Always returns nil.

func (*NoOpAuditStore) RecordRevocation 

func (s *NoOpAuditStore) RecordRevocation(ctx context.Context, event RevocationEvent) error

RecordRevocation records a revocation event. Always returns nil.

type RevocationEvent 

type RevocationEvent struct {
	TenantID       string
	CallerIdentity string
	TokenID        string // populated for Scope="token"; "" otherwise
	Target         string // populated for Scope="audience" (audience value) and Scope="user" (user ID); "" for Scope="token"
	Scope          string // "token", "audience", "user"
	OccurredAt     time.Time
}

RevocationEvent captures a token revocation event for audit logging.

type SlogAuditStore added in v0.3.0 

type SlogAuditStore struct {
	// contains filtered or unexported fields
}

SlogAuditStore is an audit.Store implementation that writes structured log lines via the service's observability.Logger. All methods are safe for concurrent use.

func NewSlogAuditStore added in v0.3.0 

func NewSlogAuditStore(logger observability.Logger) *SlogAuditStore

NewSlogAuditStore constructs a SlogAuditStore that writes audit records via logger. Logger must not be nil.

func (*SlogAuditStore) Ping added in v0.3.0 

func (s *SlogAuditStore) Ping(ctx context.Context) error

Ping verifies the store is reachable. Always returns nil for SlogAuditStore.

func (*SlogAuditStore) RecordRevocation added in v0.3.0 

func (s *SlogAuditStore) RecordRevocation(ctx context.Context, event RevocationEvent) error

RecordRevocation writes a structured log line for a revocation event. All RevocationEvent fields are emitted as key-value pairs in declaration order. Always returns nil.

type Store 

type Store interface {
	// RecordRevocation writes a durable audit record for a revocation event.
	// Returns an error if the record cannot be durably written.
	// D2: Revocation operations are gated on Store availability — a Store error aborts revocation.
	RecordRevocation(ctx context.Context, event RevocationEvent) error

	// Ping verifies the store is reachable. Used by the readiness probe.
	Ping(ctx context.Context) error
}

Store provides the audit log interface for recording compliance-grade events.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.