diff --git a/audit/api/model.go b/audit/api/model.go index c55282f..ee5f55a 100644 --- a/audit/api/model.go +++ b/audit/api/model.go @@ -28,7 +28,7 @@ var ErrTokenIsNotBearerToken = errors.New("token is not a bearer token") var objectTypeIdPattern, _ = regexp.Compile(".*/(projects|folders|organizations)/([0-9a-fA-F-]{36})(?:/.*)?") -type Request struct { +type ApiRequest struct { Body *[]byte Header map[string][]string Host string @@ -51,8 +51,8 @@ type AuditRequest struct { // elsewhere in the log record. // It should never include user-generated data, such as file contents. // - // Required: false - Request *Request + // Required: true + Request *ApiRequest // The IP address of the caller. // For caller from internet, this will be public IPv4 or IPv6 address. @@ -61,7 +61,7 @@ type AuditRequest struct { // Required: true RequestClientIP string - // Correlate multiple audit logs by setting the same id + // Correlate multiple auFdit logs by setting the same id // // Required: false RequestCorrelationId *string @@ -369,7 +369,7 @@ func NewAuditLogEntry( } // GetCalledServiceNameFromRequest extracts the called service name from subdomain name -func GetCalledServiceNameFromRequest(request *Request, fallbackName string) string { +func GetCalledServiceNameFromRequest(request *ApiRequest, fallbackName string) string { var calledServiceName = fallbackName host := request.Host ip := net.ParseIP(host) @@ -415,7 +415,7 @@ func NewPbInt64Value(value *int64) *wrapperspb.Int64Value { // NewRequestMetadata returns initialized protobuf RequestMetadata object. func NewRequestMetadata( - request *Request, + request *ApiRequest, requestHeaders map[string]string, requestId *string, requestScheme string, @@ -447,7 +447,7 @@ func NewRequestMetadata( // NewRequestAttributes returns initialized protobuf AttributeContext_Request object. func NewRequestAttributes( - request *Request, + request *ApiRequest, requestHeaders map[string]string, requestId *string, requestScheme string, @@ -538,7 +538,7 @@ func NewResponseBody(response *[]byte) (*structpb.Struct, error) { } // NewRequestBody converts the request body into a protobuf struct. -func NewRequestBody(request *Request) (*structpb.Struct, error) { +func NewRequestBody(request *ApiRequest) (*structpb.Struct, error) { if request.Body == nil || len(*request.Body) == 0 { return nil, nil @@ -605,7 +605,7 @@ func NewAuditRoutingIdentifier(objectId string, singularType SingularType) *Rout // - authenticationPrincipal - principal identifier // - audiences - list of audience claims // - authenticationInfo - information about the user or service-account authentication -func AuditAttributesFromAuthorizationHeader(request *Request) ( +func AuditAttributesFromAuthorizationHeader(request *ApiRequest) ( *structpb.Struct, string, []string, diff --git a/audit/api/model_test.go b/audit/api/model_test.go index da0b7a0..26596f7 100644 --- a/audit/api/model_test.go +++ b/audit/api/model_test.go @@ -70,26 +70,26 @@ func Test_TraceParentFromSpan(t *testing.T) { func Test_GetCalledServiceNameFromRequest(t *testing.T) { t.Run("localhost", func(t *testing.T) { - request := Request{Host: "localhost:8080"} + request := ApiRequest{Host: "localhost:8080"} serviceName := GetCalledServiceNameFromRequest(&request, "resource-manager") assert.Equal(t, "resource-manager", serviceName) }) t.Run("cf", func(t *testing.T) { - request := Request{Host: "stackit-resource-manager-go-dev.apps.01.cf.eu01.stackit.cloud"} + request := ApiRequest{Host: "stackit-resource-manager-go-dev.apps.01.cf.eu01.stackit.cloud"} serviceName := GetCalledServiceNameFromRequest(&request, "resource-manager") assert.Equal(t, "stackit-resource-manager-go-dev", serviceName) }) t.Run("cf invalid host", func(t *testing.T) { - request := Request{Host: ""} + request := ApiRequest{Host: ""} serviceName := GetCalledServiceNameFromRequest(&request, "resource-manager") assert.Equal(t, "resource-manager", serviceName) }) t.Run( "ip", func(t *testing.T) { - request := Request{Host: "127.0.0.1"} + request := ApiRequest{Host: "127.0.0.1"} serviceName := GetCalledServiceNameFromRequest(&request, "resource-manager") assert.Equal(t, "resource-manager", serviceName) }, @@ -97,7 +97,7 @@ func Test_GetCalledServiceNameFromRequest(t *testing.T) { t.Run( "ip short", func(t *testing.T) { - request := Request{Host: "::1"} + request := ApiRequest{Host: "::1"} serviceName := GetCalledServiceNameFromRequest(&request, "resource-manager") assert.Equal(t, "resource-manager", serviceName) }, @@ -171,7 +171,7 @@ func Test_NewRequestMetadata(t *testing.T) { requestHeaders["Custom"] = []string{"customHeader"} queryString := "topic=project" - request := Request{ + request := ApiRequest{ Method: "GET", URL: RequestUrl{Path: "/audit/new", RawQuery: &queryString}, Host: "localhost:8080", @@ -235,7 +235,7 @@ func Test_NewRequestMetadata(t *testing.T) { }) t.Run("without query parameters", func(t *testing.T) { - request := Request{ + request := ApiRequest{ Method: "GET", URL: RequestUrl{Path: "/audit/new"}, Host: "localhost:8080", @@ -261,7 +261,7 @@ func Test_NewRequestMetadata(t *testing.T) { t.Run("with empty query parameters", func(t *testing.T) { emptyQuery := "" - request := Request{ + request := ApiRequest{ Method: "GET", URL: RequestUrl{Path: "/audit/new", RawQuery: &emptyQuery}, Host: "localhost:8080", @@ -286,7 +286,7 @@ func Test_NewRequestMetadata(t *testing.T) { }) t.Run("without request id", func(t *testing.T) { - request := Request{ + request := ApiRequest{ Method: "GET", URL: RequestUrl{Path: "/audit/new", RawQuery: &queryString}, Host: "localhost:8080", @@ -310,7 +310,7 @@ func Test_NewRequestMetadata(t *testing.T) { t.Run("various default http methods", func(t *testing.T) { httpMethods := []string{"GET", "HEAD", "POST", "PUT", "DELETE", "CONNECT", "OPTIONS", "TRACE", "PATCH"} for _, httpMethod := range httpMethods { - request := Request{ + request := ApiRequest{ Method: httpMethod, URL: RequestUrl{Path: "/audit/new", RawQuery: &queryString}, Host: "localhost:8080", @@ -334,7 +334,7 @@ func Test_NewRequestMetadata(t *testing.T) { }) t.Run("unknown http method", func(t *testing.T) { - request := Request{ + request := ApiRequest{ Method: "", URL: RequestUrl{Path: "/audit/new", RawQuery: &queryString}, Host: "localhost:8080", @@ -397,7 +397,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) { headerValue := "Basic username:password" headers := make(map[string][]string) headers["Authorization"] = []string{headerValue} - request := Request{Header: headers} + request := ApiRequest{Header: headers} _, _, _, _, err := AuditAttributesFromAuthorizationHeader(&request) assert.ErrorIs(t, err, ErrTokenIsNotBearerToken) @@ -407,7 +407,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) { headerValue := "a b c" headers := make(map[string][]string) headers["Authorization"] = []string{headerValue} - request := Request{Header: headers} + request := ApiRequest{Header: headers} _, _, _, _, err := AuditAttributesFromAuthorizationHeader(&request) assert.ErrorIs(t, err, ErrInvalidAuthorizationHeaderValue) @@ -417,7 +417,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) { headerValue := "Bearer a.b.c.d" headers := make(map[string][]string) headers["Authorization"] = []string{headerValue} - request := Request{Header: headers} + request := ApiRequest{Header: headers} _, _, _, _, err := AuditAttributesFromAuthorizationHeader(&request) assert.ErrorIs(t, err, ErrInvalidBearerToken) @@ -427,7 +427,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) { headerValue := "Bearer a.b.c" headers := make(map[string][]string) headers["Authorization"] = []string{headerValue} - request := Request{Header: headers} + request := ApiRequest{Header: headers} _, _, _, _, err := AuditAttributesFromAuthorizationHeader(&request) assert.ErrorIs(t, err, ErrInvalidBearerToken) @@ -437,7 +437,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) { headerValue := "Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOGJlZjc1LWRmY2QtNGE3My1hMzkxLTU0YTdhZjU3YTdkNiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3RhY2tpdC1yZXNvdXJjZS1tYW5hZ2VyLWRldiJdLCJjbGllbnRfaWQiOiJzdGFja2l0LXJlc291cmNlLW1hbmFnZXItZGV2IiwiZXhwIjoxNzI0NDA1MzI2LCJpYXQiOjE3MjQ0MDQ0MjYsImlzcyI6Imh0dHBzOi8vYWNjb3VudHMuZGV2LnN0YWNraXQuY2xvdWQiLCJqdGkiOiJlNDZlYmEzOC1kZWRiLTQ1NDEtOTRmMy00OWY5N2E5MzRkNTgiLCJuYmYiOjE3MjQ0MDQ0MjYsInNjb3BlIjoidWFhLm5vbmUiLCJzdWIiOiJzdGFja2l0LXJlc291cmNlLW1hbmFnZXItZGV2In0.JP5Uy7AMdK4ukzQ6aOYzbVwEmq0Tp2ppQGRqGOhuVQgbqs6yJ33GKXo7RPsJVLw3FR7XAxENIVqNvzGotbDXr0NjBGdzyxIHzrOaUqM4w1iLzD1KF51dXFwkoigqDdD7Ze9eI_Uo3tSn8FwGLTSoO-ONQYpnceCiGut2Gc6VIL8HOLdh8dzlRENGQtgYd-3Y5zqpoLrsR2Bd-0sv15sF-5aI0CqcC8gE70JPImKf2u_IYI-TYMDNk86YSCtaYO5-alOrHXXWwgzSoH-r2s5qoOhPbei9myV_P4fdcKXxMqfap9hImXPUooVhpdUr1AabZw3MtW7rION8tJAiauhMQA" headers := make(map[string][]string) headers["Authorization"] = []string{headerValue} - request := Request{Header: headers} + request := ApiRequest{Header: headers} auditClaims, authenticationPrincipal, audiences, authenticationInfo, err := AuditAttributesFromAuthorizationHeader(&request) @@ -467,7 +467,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) { headerValue := "Bearer eyJraWQiOiJaVFJqWlRNek5tSmlNRGt3TldJMU5USTRZVGxpT1RjMllUWXlZVE16WldNIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiIxMGYzOGIwMS01MzRiLTQ3YmItYTAzYS1lMjk0Y2EyYmU0ZGUiLCJhdWQiOlsic3RhY2tpdCIsImFwaSJdLCJzdGFja2l0L3NlcnZpY2VhY2NvdW50L3Rva2VuLnNvdXJjZSI6ImxlZ2FjeSIsInN0YWNraXQvc2VydmljZWFjY291bnQvbmFtZXNwYWNlIjoiYXBpIiwic3RhY2tpdC9wcm9qZWN0L3Byb2plY3QuaWQiOiJkYWNjNzgzMC04NDNlLTRjNWUtODZmZi1hYTBmYjUxZDYzNmYiLCJhenAiOiJjZDk0ZjAxYS1kZjJlLTQ0NTYtOTAyZS00OGY1ZTU3ZjBiNjMiLCJpc3MiOiJzdGFja2l0L3NlcnZpY2VhY2NvdW50Iiwic3RhY2tpdC9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMTBmMzhiMDEtNTM0Yi00N2JiLWEwM2EtZTI5NGNhMmJlNGRlIiwiZXhwIjoxNzIyNjY5MzQzLCJpYXQiOjE3MjI1ODI5NDMsImVtYWlsIjoibXktc2VydmljZS15aWZjOWUxQHNhLnN0YWNraXQuY2xvdWQiLCJqdGkiOiI4NGMzMGE0Ni0xMDAxLTQzNmYtODU5Zi04OWMwYmExOWJlMWUifQ.hb8X9VKc9xViHgNMyFHT9ePj_lyEwTV1D2es8E278WtoCJ9-4GPPQGjhcLGGrigjnvpRYV2LKzNqpQslerT5lFT_pHACsryaAE0ImYjmoe-nutA7BBpYuM_JN6pk5VIjVFLTqRKeIvFexPacqS2Vo3YoK1GvxPB8WPWBbGIsBtMl-PTm8OTwwzooBOoCRhhMR-E1lFbAymLsc1JI4yDQKLLomvhEopgmocCnQ-P1QkiKMqdkNxiD_YYLLYTOApg6d62BhqpH66ziqx493AStdZ8d5Kjvf3e1knDhaxVwNCghQj7lSo2kNAqZe__g2tiXpiZNTXBFJ_5HgQMLh67wng" headers := make(map[string][]string) headers["Authorization"] = []string{headerValue} - request := Request{Header: headers} + request := ApiRequest{Header: headers} auditClaims, authenticationPrincipal, audiences, authenticationInfo, err := AuditAttributesFromAuthorizationHeader(&request) @@ -499,7 +499,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) { headerValue := "Bearer eyJraWQiOiJaVFJqWlRNek5tSmlNRGt3TldJMU5USTRZVGxpT1RjMllUWXlZVE16WldNIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJmNDUwMDliMi02NDMzLTQzYzEtYjZjNy02MThjNDQzNTllNzEiLCJpc3MiOiJzdGFja2l0L3NlcnZpY2VhY2NvdW50IiwiYXVkIjpbInN0YWNraXQiLCJhcGkiXSwic3RhY2tpdC9zZXJ2aWNlYWNjb3VudC90b2tlbi5zb3VyY2UiOiJvYXV0aDIiLCJhY3QiOnsic3ViIjoiMDJhZWY1MTYtMzE3Zi00ZWMxLWExZGYtMWFjYmQ0ZDQ5ZmUzIn0sInN0YWNraXQvc2VydmljZWFjY291bnQvbmFtZXNwYWNlIjoiYXBpIiwic3RhY2tpdC9wcm9qZWN0L3Byb2plY3QuaWQiOiJkYWNjNzgzMC04NDNlLTRjNWUtODZmZi1hYTBmYjUxZDYzNmYiLCJhenAiOiIwMmFlZjUxNi0zMTdmLTRlYzEtYTFkZi0xYWNiZDRkNDlmZTMiLCJzdGFja2l0L3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJmNDUwMDliMi02NDMzLTQzYzEtYjZjNy02MThjNDQzNTllNzEiLCJleHAiOjE3MjQwNjI5MDcsImlhdCI6MTcyNDA1OTMwNywiZW1haWwiOiJzZXJ2aWNlLWFjY291bnQtMi10ajlzcnQxQHNhLnN0YWNraXQuY2xvdWQiLCJqdGkiOiIzNzU1NTE4My0wMWI5LTQyNzAtYmRjMS02OWI0ZmNmZDVlZTkifQ.auBvvsIesFMAlWOCPCPC77DrrHF7gSKZwKs_Zry5KFvu2bpZZC1BcSXOc8b9eh0SzANI9M9aGJBhOzOm39-ZZ5XOQ-6_y1aWuEenYQ6kT5D3GzCUTMDzSi1lcZ4IG5nFMa_AAlVEN_7AMv7LHGtz49bWLJnAgeTo1cvof-OgP4mCQ5O6E0iyAq-5u8V8NJL7HIZy7BDe4J1mjfYhwKagrN7QFWu4fhN4TNS7d922X_6V489BhjRFRYjLW_qDnv912JorbGRz_XwNy_dPA81EkdMyKE0BJUezguJUEKEG2_JEi9O64Flcoi6x8cFHYhaDuMMSLipzePaHdyk2lQtH7Q" headers := make(map[string][]string) headers["Authorization"] = []string{headerValue} - request := Request{Header: headers} + request := ApiRequest{Header: headers} auditClaims, authenticationPrincipal, audiences, authenticationInfo, err := AuditAttributesFromAuthorizationHeader(&request) @@ -535,7 +535,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) { headerValue := "Bearer eyJraWQiOiJaVFJqWlRNek5tSmlNRGt3TldJMU5USTRZVGxpT1RjMllUWXlZVE16WldNIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiIxNzM0YjRiNi0xZDVlLTQ4MTktOWI1MC0yOTkxN2ExYjlhZDUiLCJpc3MiOiJzdGFja2l0L3NlcnZpY2VhY2NvdW50IiwiYXVkIjpbInN0YWNraXQiLCJhcGkiXSwic3RhY2tpdC9zZXJ2aWNlYWNjb3VudC90b2tlbi5zb3VyY2UiOiJvYXV0aDIiLCJhY3QiOnsic3ViIjoiZjQ1MDA5YjItNjQzMy00M2MxLWI2YzctNjE4YzQ0MzU5ZTcxIiwiYWN0Ijp7InN1YiI6IjAyYWVmNTE2LTMxN2YtNGVjMS1hMWRmLTFhY2JkNGQ0OWZlMyJ9fSwic3RhY2tpdC9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJhcGkiLCJzdGFja2l0L3Byb2plY3QvcHJvamVjdC5pZCI6ImRhY2M3ODMwLTg0M2UtNGM1ZS04NmZmLWFhMGZiNTFkNjM2ZiIsImF6cCI6ImY0NTAwOWIyLTY0MzMtNDNjMS1iNmM3LTYxOGM0NDM1OWU3MSIsInN0YWNraXQvc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjE3MzRiNGI2LTFkNWUtNDgxOS05YjUwLTI5OTE3YTFiOWFkNSIsImV4cCI6MTcyNDA2Mjk2MywiaWF0IjoxNzI0MDU5MzYzLCJlbWFpbCI6InNlcnZpY2UtYWNjb3VudC0zLWZnaHN4dzFAc2Euc3RhY2tpdC5jbG91ZCIsImp0aSI6IjFmN2YxZWZjLTMzNDktNDExYS1hNWQ3LTIyNTVlMGE1YThhZSJ9.c1ae17bAtyOdmwXQbK37W-NTyOxo7iER5aHS_C0fU1qKl2BjOz708GLjH-_vxx9eKPeYznfI21_xlTaAvuG4Aco9f5YDK7fooTVHnDaOSSggqcEaDzDPrNXhhKEDxotJeq9zRMVCEStcbirjTounnLbuULRbO5GSY5jo-8n2UKxSZ2j5G_SjFHajdJwmzwvOttp08tdL8ck1uDdgVNBfcm0VIdb6WmgrCIUq5rmoa-cRPkdEurNtIEgEB_9U0Xh-SpmmsvFsWWeNIKz0e_5RCIyJonm_wMkGmblGegemkYL76ypeMNXTQsly1RozDIePfzHuZOWbySHSCd-vKQa2kw" headers := make(map[string][]string) headers["Authorization"] = []string{headerValue} - request := Request{Header: headers} + request := ApiRequest{Header: headers} auditClaims, authenticationPrincipal, audiences, authenticationInfo, err := AuditAttributesFromAuthorizationHeader(&request) @@ -573,7 +573,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) { headerValue := "Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOGJlZjc1LWRmY2QtNGE3My1hMzkxLTU0YTdhZjU3YTdkNiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3RhY2tpdC1wb3J0YWwtbG9naW4tZGV2LWNsaWVudC1pZCJdLCJjbGllbnRfaWQiOiJzdGFja2l0LXBvcnRhbC1sb2dpbi1kZXYtY2xpZW50LWlkIiwiZW1haWwiOiJDaHJpc3RpYW4uU2NoYWlibGVAbm92YXRlYy1nbWJoLmRlIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImV4cCI6MTcyMjU5MDM2NywiaWF0IjoxNzIyNTg2NzY3LCJpc3MiOiJodHRwczovL2FjY291bnRzLmRldi5zdGFja2l0LmNsb3VkIiwianRpIjoiZDczYTY3YWMtZDFlYy00YjU1LTk5ZDQtZTk1MzI3NWYwMjJhIiwibmJmIjoxNzIyNTg2NzY3LCJzY29wZSI6Im9wZW5pZCBlbWFpbCIsInN1YiI6ImNkOTRmMDFhLWRmMmUtNDQ1Ni05MDJlLTQ4ZjVlNTdmMGI2MyJ9.ajhjYbC5l5g7un9NSheoAwBT83YcZM91rH4DJxPTDsB78HzIVrmaKTPrK3AI_E1THlD2Z3_ot9nFr_eX7XcwWp_ZBlataKmakdXlAmeb4xSMGNYefIfzV_3w9ZZAZ66yoeTrtn8dUx5ezquenCYpctB1NcccmK4U09V0kNcq9dFcfF3Sg9YilF3orUCR0ql1d9RnOs3EiFZuUpdBEkyoVsAdSh2P-PRbNViR_FgCcAJem97TsN5CQc9RlvKYe4sYKgqQoqa2GDVi9Niiw3fe1V8SCnROYcpkOzBBWdvuzFMBUjln3uOogYVOz93xkmImV6jidgyQ70fLt-eDUmZZfg" headers := make(map[string][]string) headers["Authorization"] = []string{headerValue} - request := Request{Header: headers} + request := ApiRequest{Header: headers} auditClaims, authenticationPrincipal, audiences, authenticationInfo, err := AuditAttributesFromAuthorizationHeader(&request) @@ -609,7 +609,7 @@ func Test_NewAuditLogEntry(t *testing.T) { requestHeaders["User-Agent"] = []string{userAgent} requestHeaders["Custom"] = []string{"customHeader"} - request := Request{ + request := ApiRequest{ Method: "GET", URL: RequestUrl{Path: "/audit/new"}, Host: "localhost:8080", @@ -722,7 +722,7 @@ func Test_NewAuditLogEntry(t *testing.T) { requestBody["key"] = "request" requestBodyBytes, _ := json.Marshal(requestBody) query := "topic=project" - request := Request{ + request := ApiRequest{ Method: "GET", URL: RequestUrl{Path: "/audit/new", RawQuery: &query}, Host: "localhost:8080",