audit

package
v0.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 25, 2022 License: AGPL-3.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// ActionIgnore ignores diffing for the field.
	ActionIgnore = "ignore"
	// ActionTrack includes the value in the diff if the value changed.
	ActionTrack = "track"
	// ActionSecret includes a zero value of the same type if the value changed.
	// It lets you indicate that a value changed, but without leaking its
	// contents.
	ActionSecret = "secret"
)

Variables

View Source 
var AuditableResources = auditMap(map[any]map[string]Action{
	&database.GitSSHKey{}: {
		"user_id":     ActionTrack,
		"created_at":  ActionIgnore,
		"updated_at":  ActionIgnore,
		"private_key": ActionSecret,
		"public_key":  ActionTrack,
	},
	&database.OrganizationMember{}: {
		"user_id":         ActionTrack,
		"organization_id": ActionTrack,
		"created_at":      ActionIgnore,
		"updated_at":      ActionIgnore,
		"roles":           ActionTrack,
	},
	&database.Organization{}: {
		"id":          ActionTrack,
		"name":        ActionTrack,
		"description": ActionTrack,
		"created_at":  ActionIgnore,
		"updated_at":  ActionIgnore,
	},
	&database.Template{}: {
		"id":                     ActionTrack,
		"created_at":             ActionIgnore,
		"updated_at":             ActionIgnore,
		"organization_id":        ActionIgnore,
		"deleted":                ActionIgnore,
		"name":                   ActionTrack,
		"provisioner":            ActionTrack,
		"active_version_id":      ActionTrack,
		"description":            ActionTrack,
		"icon":                   ActionTrack,
		"max_ttl":                ActionTrack,
		"min_autostart_interval": ActionTrack,
		"created_by":             ActionTrack,
		"is_private":             ActionTrack,
		"group_acl":              ActionTrack,
		"user_acl":               ActionTrack,
	},
	&database.TemplateVersion{}: {
		"id":              ActionTrack,
		"template_id":     ActionTrack,
		"organization_id": ActionIgnore,
		"created_at":      ActionIgnore,
		"updated_at":      ActionIgnore,
		"name":            ActionTrack,
		"readme":          ActionTrack,
		"job_id":          ActionIgnore,
		"created_by":      ActionTrack,
	},
	&database.User{}: {
		"id":              ActionTrack,
		"email":           ActionTrack,
		"username":        ActionTrack,
		"hashed_password": ActionSecret,
		"created_at":      ActionIgnore,
		"updated_at":      ActionIgnore,
		"status":          ActionTrack,
		"rbac_roles":      ActionTrack,
		"login_type":      ActionIgnore,
		"avatar_url":      ActionIgnore,
		"last_seen_at":    ActionIgnore,
		"deleted":         ActionTrack,
	},
	&database.Workspace{}: {
		"id":                 ActionTrack,
		"created_at":         ActionIgnore,
		"updated_at":         ActionIgnore,
		"owner_id":           ActionTrack,
		"organization_id":    ActionIgnore,
		"template_id":        ActionTrack,
		"deleted":            ActionIgnore,
		"name":               ActionTrack,
		"autostart_schedule": ActionTrack,
		"ttl":                ActionTrack,
		"last_used_at":       ActionIgnore,
	},
	&database.Group{}: {
		"id":              ActionTrack,
		"name":            ActionTrack,
		"organization_id": ActionIgnore,
		"avatar_url":      ActionTrack,
	},
})

AuditableResources contains a definitive list of all auditable resources and which fields are auditable.

Functions

func NewAuditor 

func NewAuditor(filter Filter, backends ...Backend) audit.Auditor

Types

type Action 

type Action string

func (Action) String 

func (t Action) String() string

type Backend 

type Backend interface {
	// Decision determines the FilterDecisions that the backend tolerates.
	Decision() FilterDecision
	// Export sends an audit log to the backend.
	Export(ctx context.Context, alog database.AuditLog) error
}

Backends can store or send audit logs to arbitrary locations.

type Filter 

type Filter interface {
	Check(ctx context.Context, alog database.AuditLog) (FilterDecision, error)
}

Filters produce a FilterDecision for a given audit log. 

var DefaultFilter Filter = FilterFunc(func(ctx context.Context, alog database.AuditLog) (FilterDecision, error) {

	return FilterDecisionStore | FilterDecisionExport, nil
})

DefaultFilter is the default filter used when exporting audit logs. It allows storage and exporting for all audit logs.

type FilterDecision 

type FilterDecision uint8

FilterDecision is a bitwise flag describing the actions a given filter allows for a given audit log. 

const (
	// FilterDecisionDrop indicates that the audit log should be dropped. It
	// should not be stored or exported anywhere.
	FilterDecisionDrop FilterDecision = 0
	// FilterDecisionStore indicates that the audit log should be allowed to be
	// stored in the Coder database.
	FilterDecisionStore FilterDecision = 1 << iota
	// FilterDecisionExport indicates that the audit log should be exported
	// externally of Coder.
	FilterDecisionExport
)

type FilterFunc 

type FilterFunc func(ctx context.Context, alog database.AuditLog) (FilterDecision, error)

FilterFunc constructs a Filter from a simple function.

func (FilterFunc) Check 

func (f FilterFunc) Check(ctx context.Context, alog database.AuditLog) (FilterDecision, error)

type Table 

type Table map[string]map[string]Action

Table is a map of struct names to a map of field names that indicate that field's AuditType.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.