Documentation ¶
Index ¶
Constants ¶
View Source
const (
Backend = "hub"
)
Variables ¶
View Source
var ( SyncStatusPrefix = []byte("bs") // "b" for contiguity with audit log keys in LSM, "s" because "sync" AccessSyncPrefix = []byte("bsac") // these need to be len(4) to correctly reuse `local.GenKey` DecisionSyncPrefix = []byte("bsde") )
Functions ¶
Types ¶
type AuditLogFilter ¶ added in v0.36.0
type AuditLogFilter struct {
// contains filtered or unexported fields
}
func NewAuditLogFilter ¶ added in v0.36.0
func NewAuditLogFilter(conf MaskConf) (*AuditLogFilter, error)
func (*AuditLogFilter) Filter ¶ added in v0.36.0
func (f *AuditLogFilter) Filter(ingestBatch *logsv1.IngestBatch) error
type Conf ¶
type Conf struct { Ingest IngestConf `yaml:"ingest" conf:",ignore"` // Mask defines a list of attributes to exclude from the audit logs, specified as lists of JSONPaths Mask MaskConf `yaml:"mask"` local.Conf `yaml:",inline"` }
func (*Conf) SetDefaults ¶
func (c *Conf) SetDefaults()
type ErrIngestBackoff ¶
func (ErrIngestBackoff) Error ¶
func (e ErrIngestBackoff) Error() string
type Impl ¶
type Impl struct {
// contains filtered or unexported fields
}
func NewIngestSyncer ¶
func NewIngestSyncer(conf *IngestConf, logger *zap.Logger) (*Impl, error)
type IngestConf ¶
type IngestConf struct { // Credentials holds Cerbos Hub credentials. Credentials *hub.CredentialsConf `yaml:"credentials" conf:",ignore"` // Connection defines settings for the remote server connection. Connection *hub.ConnectionConf `yaml:"connection" conf:",ignore"` // MaxBatchSize defines the max number of log entries to send in each Ingest request. MaxBatchSize uint `yaml:"maxBatchSize" conf:",example=32"` // MinFlushInterval is the minimal duration between Ingest requests. MinFlushInterval time.Duration `yaml:"minFlushInterval" conf:",example=3s"` // FlushTimeout defines the max allowable timeout for each Ingest request. FlushTimeout time.Duration `yaml:"flushTimeout" conf:",example=5s"` // NumGoRoutines defines the max number of goroutines used when streaming log entries from the local DB. NumGoRoutines uint `yaml:"numGoRoutines" conf:",example=8"` }
type IngestSyncer ¶
type IngestSyncer interface {
Sync(context.Context, *logsv1.IngestBatch) error
}
type Log ¶
func NewLog ¶
func NewLog(conf *Conf, decisionFilter audit.DecisionLogEntryFilter, syncer IngestSyncer, logger *zap.Logger) (*Log, error)
func (*Log) WriteAccessLogEntry ¶
func (*Log) WriteDecisionLogEntry ¶
type MaskConf ¶ added in v0.36.0
type MaskConf struct { Peer []string `yaml:"peer" conf:",example=\n - address\n - forwarded_for"` Metadata []string `yaml:"metadata" conf:",example=['authorization']"` CheckResources []string `yaml:"checkResources" conf:",example=\n - inputs[*].principal.attr.foo\n - inputs[*].auxData\n - outputs"` PlanResources []string `yaml:"planResources" conf:",example=['input.principal.attr.nestedMap.foo']"` }
Click to show internal directories.
Click to hide internal directories.