// Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 // protoc (unknown) // source: audit/v1/audit_event.proto package auditV1 import ( _ "buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" structpb "google.golang.org/protobuf/types/known/structpb" timestamppb "google.golang.org/protobuf/types/known/timestamppb" wrapperspb "google.golang.org/protobuf/types/known/wrapperspb" reflect "reflect" sync "sync" unsafe "unsafe" ) const ( // Verify that this generated code is sufficiently up-to-date. _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) // Verify that runtime/protoimpl is sufficiently up-to-date. _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) // The severity of the event described in a log entry, expressed as one of the // standard severity levels listed below. type LogSeverity int32 const ( LogSeverity_LOG_SEVERITY_UNSPECIFIED LogSeverity = 0 // The log entry has no assigned severity level. LogSeverity_LOG_SEVERITY_DEFAULT LogSeverity = 100 // Debug or trace information. LogSeverity_LOG_SEVERITY_DEBUG LogSeverity = 200 // Routine information, such as ongoing status or performance. LogSeverity_LOG_SEVERITY_INFO LogSeverity = 300 // Normal but significant events, such as start up, shut down, or // a configuration change. LogSeverity_LOG_SEVERITY_NOTICE LogSeverity = 400 // Warning events might cause problems. LogSeverity_LOG_SEVERITY_WARNING LogSeverity = 500 // Error events are likely to cause problems. LogSeverity_LOG_SEVERITY_ERROR LogSeverity = 600 // Critical events cause more severe problems or outages. LogSeverity_LOG_SEVERITY_CRITICAL LogSeverity = 700 // A person must take an action immediately. LogSeverity_LOG_SEVERITY_ALERT LogSeverity = 800 // One or more systems are unusable. LogSeverity_LOG_SEVERITY_EMERGENCY LogSeverity = 900 ) // Enum value maps for LogSeverity. var ( LogSeverity_name = map[int32]string{ 0: "LOG_SEVERITY_UNSPECIFIED", 100: "LOG_SEVERITY_DEFAULT", 200: "LOG_SEVERITY_DEBUG", 300: "LOG_SEVERITY_INFO", 400: "LOG_SEVERITY_NOTICE", 500: "LOG_SEVERITY_WARNING", 600: "LOG_SEVERITY_ERROR", 700: "LOG_SEVERITY_CRITICAL", 800: "LOG_SEVERITY_ALERT", 900: "LOG_SEVERITY_EMERGENCY", } LogSeverity_value = map[string]int32{ "LOG_SEVERITY_UNSPECIFIED": 0, "LOG_SEVERITY_DEFAULT": 100, "LOG_SEVERITY_DEBUG": 200, "LOG_SEVERITY_INFO": 300, "LOG_SEVERITY_NOTICE": 400, "LOG_SEVERITY_WARNING": 500, "LOG_SEVERITY_ERROR": 600, "LOG_SEVERITY_CRITICAL": 700, "LOG_SEVERITY_ALERT": 800, "LOG_SEVERITY_EMERGENCY": 900, } ) func (x LogSeverity) Enum() *LogSeverity { p := new(LogSeverity) *p = x return p } func (x LogSeverity) String() string { return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) } func (LogSeverity) Descriptor() protoreflect.EnumDescriptor { return file_audit_v1_audit_event_proto_enumTypes[0].Descriptor() } func (LogSeverity) Type() protoreflect.EnumType { return &file_audit_v1_audit_event_proto_enumTypes[0] } func (x LogSeverity) Number() protoreflect.EnumNumber { return protoreflect.EnumNumber(x) } // Deprecated: Use LogSeverity.Descriptor instead. func (LogSeverity) EnumDescriptor() ([]byte, []int) { return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{0} } type AttributeContext_HttpMethod int32 const ( AttributeContext_HTTP_METHOD_UNSPECIFIED AttributeContext_HttpMethod = 0 AttributeContext_HTTP_METHOD_OTHER AttributeContext_HttpMethod = 1 AttributeContext_HTTP_METHOD_GET AttributeContext_HttpMethod = 2 AttributeContext_HTTP_METHOD_HEAD AttributeContext_HttpMethod = 3 AttributeContext_HTTP_METHOD_POST AttributeContext_HttpMethod = 4 AttributeContext_HTTP_METHOD_PUT AttributeContext_HttpMethod = 5 AttributeContext_HTTP_METHOD_DELETE AttributeContext_HttpMethod = 6 AttributeContext_HTTP_METHOD_CONNECT AttributeContext_HttpMethod = 7 AttributeContext_HTTP_METHOD_OPTIONS AttributeContext_HttpMethod = 8 AttributeContext_HTTP_METHOD_TRACE AttributeContext_HttpMethod = 9 AttributeContext_HTTP_METHOD_PATCH AttributeContext_HttpMethod = 10 ) // Enum value maps for AttributeContext_HttpMethod. var ( AttributeContext_HttpMethod_name = map[int32]string{ 0: "HTTP_METHOD_UNSPECIFIED", 1: "HTTP_METHOD_OTHER", 2: "HTTP_METHOD_GET", 3: "HTTP_METHOD_HEAD", 4: "HTTP_METHOD_POST", 5: "HTTP_METHOD_PUT", 6: "HTTP_METHOD_DELETE", 7: "HTTP_METHOD_CONNECT", 8: "HTTP_METHOD_OPTIONS", 9: "HTTP_METHOD_TRACE", 10: "HTTP_METHOD_PATCH", } AttributeContext_HttpMethod_value = map[string]int32{ "HTTP_METHOD_UNSPECIFIED": 0, "HTTP_METHOD_OTHER": 1, "HTTP_METHOD_GET": 2, "HTTP_METHOD_HEAD": 3, "HTTP_METHOD_POST": 4, "HTTP_METHOD_PUT": 5, "HTTP_METHOD_DELETE": 6, "HTTP_METHOD_CONNECT": 7, "HTTP_METHOD_OPTIONS": 8, "HTTP_METHOD_TRACE": 9, "HTTP_METHOD_PATCH": 10, } ) func (x AttributeContext_HttpMethod) Enum() *AttributeContext_HttpMethod { p := new(AttributeContext_HttpMethod) *p = x return p } func (x AttributeContext_HttpMethod) String() string { return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) } func (AttributeContext_HttpMethod) Descriptor() protoreflect.EnumDescriptor { return file_audit_v1_audit_event_proto_enumTypes[1].Descriptor() } func (AttributeContext_HttpMethod) Type() protoreflect.EnumType { return &file_audit_v1_audit_event_proto_enumTypes[1] } func (x AttributeContext_HttpMethod) Number() protoreflect.EnumNumber { return protoreflect.EnumNumber(x) } // Deprecated: Use AttributeContext_HttpMethod.Descriptor instead. func (AttributeContext_HttpMethod) EnumDescriptor() ([]byte, []int) { return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{4, 0} } // The audit log entry can be used to record an incident in the audit log. type AuditLogEntry struct { state protoimpl.MessageState `protogen:"open.v1"` // The resource name of the log to which this log entry belongs. // // Format: //logs/ // Where: // // Plural-Types: One from the list of supported ObjectType as plural // Event-Types: admin-activity, system-event, policy-denied, data-access // // Examples: // // "projects/00b0f972-59ff-48f2-a4f9-29c57b75c2fa/logs/admin-activity" // "billing-accounts/00b0f972-59ff-48f2-a4f9-29c57b75c2fa/logs/admin-activity" // // Required: true LogName string `protobuf:"bytes,1,opt,name=log_name,json=logName,proto3" json:"log_name,omitempty"` // The log entry payload, which is always an AuditLog for STACKIT Audit Log events. // // Required: true ProtoPayload *AuditLog `protobuf:"bytes,2,opt,name=proto_payload,json=protoPayload,proto3" json:"proto_payload,omitempty"` // A unique identifier for the log entry. // Is used to check completeness of audit events over time. // // Format: /// // Where: // // Unix-Timestamp: A UTC unix timestamp in seconds is expected // Region-Zone: The region and (optional) zone id. If both, separated with a - (dash) // Worker-Id: The ID of the K8s Pod, Service-Instance, etc (must be unique for a sending service) // Sequence-Number: Increasing number, representing the message offset per Worker-Id // If the Worker-Id changes, the sequence-number has to be reset to 0. // // Examples: // // "1721899117/eu01/319a7fb9-edd2-46c6-953a-a724bb377c61/8792726390909855142" // "1721899117/eu01-m/319a7fb9-edd2-46c6-953a-a724bb377c61/8792726390909855142" // // Required: true InsertId string `protobuf:"bytes,3,opt,name=insert_id,json=insertId,proto3" json:"insert_id,omitempty"` // A set of user-defined (key, value) data that provides additional // information about the log entry. // // Required: false Labels map[string]string `protobuf:"bytes,4,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` // Correlate multiple audit logs by setting the same id // // Required: false CorrelationId *string `protobuf:"bytes,5,opt,name=correlation_id,json=correlationId,proto3,oneof" json:"correlation_id,omitempty"` // The time the event described by the log entry occurred. // // Required: true Timestamp *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=timestamp,proto3" json:"timestamp,omitempty"` // The severity of the log entry. // // Required: true Severity LogSeverity `protobuf:"varint,7,opt,name=severity,proto3,enum=audit.v1.LogSeverity" json:"severity,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *AuditLogEntry) Reset() { *x = AuditLogEntry{} mi := &file_audit_v1_audit_event_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *AuditLogEntry) String() string { return protoimpl.X.MessageStringOf(x) } func (*AuditLogEntry) ProtoMessage() {} func (x *AuditLogEntry) ProtoReflect() protoreflect.Message { mi := &file_audit_v1_audit_event_proto_msgTypes[0] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use AuditLogEntry.ProtoReflect.Descriptor instead. func (*AuditLogEntry) Descriptor() ([]byte, []int) { return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{0} } func (x *AuditLogEntry) GetLogName() string { if x != nil { return x.LogName } return "" } func (x *AuditLogEntry) GetProtoPayload() *AuditLog { if x != nil { return x.ProtoPayload } return nil } func (x *AuditLogEntry) GetInsertId() string { if x != nil { return x.InsertId } return "" } func (x *AuditLogEntry) GetLabels() map[string]string { if x != nil { return x.Labels } return nil } func (x *AuditLogEntry) GetCorrelationId() string { if x != nil && x.CorrelationId != nil { return *x.CorrelationId } return "" } func (x *AuditLogEntry) GetTimestamp() *timestamppb.Timestamp { if x != nil { return x.Timestamp } return nil } func (x *AuditLogEntry) GetSeverity() LogSeverity { if x != nil { return x.Severity } return LogSeverity_LOG_SEVERITY_UNSPECIFIED } // Common audit log format for STACKIT API operations. type AuditLog struct { state protoimpl.MessageState `protogen:"open.v1"` // The name of the API service performing the operation. // // Examples: // // "resource-manager" // // Required: true ServiceName string `protobuf:"bytes,1,opt,name=service_name,json=serviceName,proto3" json:"service_name,omitempty"` // The name of the service method or operation. // // Format: stackit.... // Where: // // Product: The name of the service in lowercase // Version: Optional API version // Type-Chain: Chained path to object // Operation: The name of the operation in lowercase // // Examples: // // "stackit.resource-manager.v1.organizations.create" // "stackit.authorization.v1.projects.volumes.create" // "stackit.authorization.v2alpha.projects.volumes.create" // "stackit.authorization.v2.folders.move" // "stackit.resource-manager.health" // // Required: true OperationName string `protobuf:"bytes,2,opt,name=operation_name,json=operationName,proto3" json:"operation_name,omitempty"` // The resource or collection that is the target of the operation. // The name is a scheme-less URI, not including the API service name. // // Format: /[/
] // Where: // // Plural-Type: One from the list of supported ObjectType as plural // Id: The identifier of the object // Details: Optional "/" pairs // // Examples: // // "organizations/40ab14ad-b7b0-4b1c-be41-5bc820a968d1" // "projects/7046e7b6-5ae9-441c-99fe-2cd28a5078ec/locations/_/instances/instance-20240723-174217" // "projects/7046e7b6-5ae9-441c-99fe-2cd28a5078ec/locations/sx-stoi01/instances/instance-20240723-174217" // "projects/dd7d1807-54e9-4426-8994-721758b5b554/locations/eu01/vms/b6851b4e-7a9d-4973-ab0f-a80a13ee3060/ports/78f8bad4-a291-4fa3-b07f-4a1985d3dbe8" // "projects/dd7d1807-54e9-4426-8994-721758b5b554/locations/eu01-m/vms/b6851b4e-7a9d-4973-ab0f-a80a13ee3060/ports/78f8bad4-a291-4fa3-b07f-4a1985d3dbe8" // // Required: true ResourceName string `protobuf:"bytes,3,opt,name=resource_name,json=resourceName,proto3" json:"resource_name,omitempty"` // Authentication information. // // Required: true AuthenticationInfo *AuthenticationInfo `protobuf:"bytes,4,opt,name=authentication_info,json=authenticationInfo,proto3" json:"authentication_info,omitempty"` // Authorization information. If there are multiple resources or permissions involved, then there is // one AuthorizationInfo element for each {resource, permission} tuple. // // Required: false AuthorizationInfo []*AuthorizationInfo `protobuf:"bytes,5,rep,name=authorization_info,json=authorizationInfo,proto3" json:"authorization_info,omitempty"` // Metadata about the operation. // // Required: true RequestMetadata *RequestMetadata `protobuf:"bytes,6,opt,name=request_metadata,json=requestMetadata,proto3" json:"request_metadata,omitempty"` // The operation request. This may not include all request parameters, // such as those that are too large, privacy-sensitive, or duplicated // elsewhere in the log record. // It should never include user-generated data, such as file contents. // // Required: false Request *structpb.Struct `protobuf:"bytes,7,opt,name=request,proto3,oneof" json:"request,omitempty"` // The status of the overall operation. // // Required: true ResponseMetadata *ResponseMetadata `protobuf:"bytes,8,opt,name=response_metadata,json=responseMetadata,proto3" json:"response_metadata,omitempty"` // The operation response. This may not include all response elements, // such as those that are too large, privacy-sensitive, or duplicated // elsewhere in the log record. // // Required: false Response *structpb.Struct `protobuf:"bytes,9,opt,name=response,proto3,oneof" json:"response,omitempty"` // Other service-specific data about the request, response, and other // information associated with the current audited event. // // Required: false Metadata *structpb.Struct `protobuf:"bytes,10,opt,name=metadata,proto3,oneof" json:"metadata,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *AuditLog) Reset() { *x = AuditLog{} mi := &file_audit_v1_audit_event_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *AuditLog) String() string { return protoimpl.X.MessageStringOf(x) } func (*AuditLog) ProtoMessage() {} func (x *AuditLog) ProtoReflect() protoreflect.Message { mi := &file_audit_v1_audit_event_proto_msgTypes[1] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use AuditLog.ProtoReflect.Descriptor instead. func (*AuditLog) Descriptor() ([]byte, []int) { return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{1} } func (x *AuditLog) GetServiceName() string { if x != nil { return x.ServiceName } return "" } func (x *AuditLog) GetOperationName() string { if x != nil { return x.OperationName } return "" } func (x *AuditLog) GetResourceName() string { if x != nil { return x.ResourceName } return "" } func (x *AuditLog) GetAuthenticationInfo() *AuthenticationInfo { if x != nil { return x.AuthenticationInfo } return nil } func (x *AuditLog) GetAuthorizationInfo() []*AuthorizationInfo { if x != nil { return x.AuthorizationInfo } return nil } func (x *AuditLog) GetRequestMetadata() *RequestMetadata { if x != nil { return x.RequestMetadata } return nil } func (x *AuditLog) GetRequest() *structpb.Struct { if x != nil { return x.Request } return nil } func (x *AuditLog) GetResponseMetadata() *ResponseMetadata { if x != nil { return x.ResponseMetadata } return nil } func (x *AuditLog) GetResponse() *structpb.Struct { if x != nil { return x.Response } return nil } func (x *AuditLog) GetMetadata() *structpb.Struct { if x != nil { return x.Metadata } return nil } // Authentication information for the operation. type AuthenticationInfo struct { state protoimpl.MessageState `protogen:"open.v1"` // STACKIT principal id // // Required: true PrincipalId string `protobuf:"bytes,1,opt,name=principal_id,json=principalId,proto3" json:"principal_id,omitempty"` // The email address of the authenticated user. // Service accounts have email addresses that can be used. // // Required: false PrincipalEmail *string `protobuf:"bytes,2,opt,name=principal_email,json=principalEmail,proto3,oneof" json:"principal_email,omitempty"` // The name of the service account used to create or exchange // credentials for authenticating the service account making the request. // // Format: projects//service-accounts/ // // Examples: // // "projects/29b2c56f-f712-4a9c-845b-f0907158e53c/service-accounts/a606dc68-8b97-421b-89a9-116bcbd004df" // // Required: false ServiceAccountName *string `protobuf:"bytes,3,opt,name=service_account_name,json=serviceAccountName,proto3,oneof" json:"service_account_name,omitempty"` // Identity delegation history of an authenticated service account that makes // the request. It contains information on the real authorities that try to // access STACKIT resources by delegating on a service account. When multiple // authorities present, they are guaranteed to be sorted based on the original // ordering of the identity delegation events. // // Required: false ServiceAccountDelegationInfo []*ServiceAccountDelegationInfo `protobuf:"bytes,4,rep,name=service_account_delegation_info,json=serviceAccountDelegationInfo,proto3" json:"service_account_delegation_info,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *AuthenticationInfo) Reset() { *x = AuthenticationInfo{} mi := &file_audit_v1_audit_event_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *AuthenticationInfo) String() string { return protoimpl.X.MessageStringOf(x) } func (*AuthenticationInfo) ProtoMessage() {} func (x *AuthenticationInfo) ProtoReflect() protoreflect.Message { mi := &file_audit_v1_audit_event_proto_msgTypes[2] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use AuthenticationInfo.ProtoReflect.Descriptor instead. func (*AuthenticationInfo) Descriptor() ([]byte, []int) { return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{2} } func (x *AuthenticationInfo) GetPrincipalId() string { if x != nil { return x.PrincipalId } return "" } func (x *AuthenticationInfo) GetPrincipalEmail() string { if x != nil && x.PrincipalEmail != nil { return *x.PrincipalEmail } return "" } func (x *AuthenticationInfo) GetServiceAccountName() string { if x != nil && x.ServiceAccountName != nil { return *x.ServiceAccountName } return "" } func (x *AuthenticationInfo) GetServiceAccountDelegationInfo() []*ServiceAccountDelegationInfo { if x != nil { return x.ServiceAccountDelegationInfo } return nil } // Authorization information for the operation. type AuthorizationInfo struct { state protoimpl.MessageState `protogen:"open.v1"` // The resource being accessed, as a REST-style string. // // Format: /[/
] // Where: // // Plural-Type: One from the list of supported ObjectType as plural // Id: The identifier of the object // Details: Optional "/" pairs // // Examples: // // "organizations/40ab14ad-b7b0-4b1c-be41-5bc820a968d1" // "projects/7046e7b6-5ae9-441c-99fe-2cd28a5078ec/locations/_/instances/instance-20240723-174217" // "projects/7046e7b6-5ae9-441c-99fe-2cd28a5078ec/locations/eu01/instances/instance-20240723-174217" // "projects/7046e7b6-5ae9-441c-99fe-2cd28a5078ec/locations/eu01/vms/b6851b4e-7a9d-4973-ab0f-a80a13ee3060/ports/78f8bad4-a291-4fa3-b07f-4a1985d3dbe8" // // Required: true Resource string `protobuf:"bytes,1,opt,name=resource,proto3" json:"resource,omitempty"` // The required IAM permission. // // Examples: // // "resourcemanager.project.edit" // // Required: false Permission *string `protobuf:"bytes,2,opt,name=permission,proto3,oneof" json:"permission,omitempty"` // IAM permission check result. // // Required: false Granted *bool `protobuf:"varint,3,opt,name=granted,proto3,oneof" json:"granted,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *AuthorizationInfo) Reset() { *x = AuthorizationInfo{} mi := &file_audit_v1_audit_event_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *AuthorizationInfo) String() string { return protoimpl.X.MessageStringOf(x) } func (*AuthorizationInfo) ProtoMessage() {} func (x *AuthorizationInfo) ProtoReflect() protoreflect.Message { mi := &file_audit_v1_audit_event_proto_msgTypes[3] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use AuthorizationInfo.ProtoReflect.Descriptor instead. func (*AuthorizationInfo) Descriptor() ([]byte, []int) { return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{3} } func (x *AuthorizationInfo) GetResource() string { if x != nil { return x.Resource } return "" } func (x *AuthorizationInfo) GetPermission() string { if x != nil && x.Permission != nil { return *x.Permission } return "" } func (x *AuthorizationInfo) GetGranted() bool { if x != nil && x.Granted != nil { return *x.Granted } return false } // This message defines the standard attribute vocabulary for STACKIT APIs. // // An attribute is a piece of metadata that describes an activity on a network // service. type AttributeContext struct { state protoimpl.MessageState `protogen:"open.v1"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *AttributeContext) Reset() { *x = AttributeContext{} mi := &file_audit_v1_audit_event_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *AttributeContext) String() string { return protoimpl.X.MessageStringOf(x) } func (*AttributeContext) ProtoMessage() {} func (x *AttributeContext) ProtoReflect() protoreflect.Message { mi := &file_audit_v1_audit_event_proto_msgTypes[4] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use AttributeContext.ProtoReflect.Descriptor instead. func (*AttributeContext) Descriptor() ([]byte, []int) { return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{4} } // Metadata about the request. type RequestMetadata struct { state protoimpl.MessageState `protogen:"open.v1"` // The IP address of the caller. // For caller from internet, this will be public IPv4 or IPv6 address. // For caller from a VM / K8s Service / etc, this will be the SIT proxy's IPv4 address. // // Required: true CallerIp string `protobuf:"bytes,1,opt,name=caller_ip,json=callerIp,proto3" json:"caller_ip,omitempty"` // The user agent of the caller. // // Examples: // // "OpenAPI-Generator/1.0.0/go" // -> The request was made by the STACKIT SDK GO client, STACKIT CLI or Terraform provider // "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" // -> The request was made by a web browser. // // Required: true CallerSuppliedUserAgent string `protobuf:"bytes,2,opt,name=caller_supplied_user_agent,json=callerSuppliedUserAgent,proto3" json:"caller_supplied_user_agent,omitempty"` // This field contains request attributes like request url, time, etc. // // Required: true RequestAttributes *AttributeContext_Request `protobuf:"bytes,3,opt,name=request_attributes,json=requestAttributes,proto3" json:"request_attributes,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *RequestMetadata) Reset() { *x = RequestMetadata{} mi := &file_audit_v1_audit_event_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *RequestMetadata) String() string { return protoimpl.X.MessageStringOf(x) } func (*RequestMetadata) ProtoMessage() {} func (x *RequestMetadata) ProtoReflect() protoreflect.Message { mi := &file_audit_v1_audit_event_proto_msgTypes[5] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use RequestMetadata.ProtoReflect.Descriptor instead. func (*RequestMetadata) Descriptor() ([]byte, []int) { return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{5} } func (x *RequestMetadata) GetCallerIp() string { if x != nil { return x.CallerIp } return "" } func (x *RequestMetadata) GetCallerSuppliedUserAgent() string { if x != nil { return x.CallerSuppliedUserAgent } return "" } func (x *RequestMetadata) GetRequestAttributes() *AttributeContext_Request { if x != nil { return x.RequestAttributes } return nil } // Metadata about the response type ResponseMetadata struct { state protoimpl.MessageState `protogen:"open.v1"` // The http or gRPC status code. // // Examples: // // https://developer.mozilla.org/en-US/docs/Web/HTTP/Status // https://grpc.github.io/grpc/core/md_doc_statuscodes.html // // Required: true StatusCode *wrapperspb.Int32Value `protobuf:"bytes,1,opt,name=status_code,json=statusCode,proto3" json:"status_code,omitempty"` // Short description of the error // // Required: false ErrorMessage *string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3,oneof" json:"error_message,omitempty"` // Error details // // Required: false ErrorDetails []*structpb.Struct `protobuf:"bytes,3,rep,name=error_details,json=errorDetails,proto3" json:"error_details,omitempty"` // This field contains response attributes like headers, time, etc. // // Required: true ResponseAttributes *AttributeContext_Response `protobuf:"bytes,4,opt,name=response_attributes,json=responseAttributes,proto3" json:"response_attributes,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *ResponseMetadata) Reset() { *x = ResponseMetadata{} mi := &file_audit_v1_audit_event_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *ResponseMetadata) String() string { return protoimpl.X.MessageStringOf(x) } func (*ResponseMetadata) ProtoMessage() {} func (x *ResponseMetadata) ProtoReflect() protoreflect.Message { mi := &file_audit_v1_audit_event_proto_msgTypes[6] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use ResponseMetadata.ProtoReflect.Descriptor instead. func (*ResponseMetadata) Descriptor() ([]byte, []int) { return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{6} } func (x *ResponseMetadata) GetStatusCode() *wrapperspb.Int32Value { if x != nil { return x.StatusCode } return nil } func (x *ResponseMetadata) GetErrorMessage() string { if x != nil && x.ErrorMessage != nil { return *x.ErrorMessage } return "" } func (x *ResponseMetadata) GetErrorDetails() []*structpb.Struct { if x != nil { return x.ErrorDetails } return nil } func (x *ResponseMetadata) GetResponseAttributes() *AttributeContext_Response { if x != nil { return x.ResponseAttributes } return nil } // Identity delegation history of an authenticated service account. type ServiceAccountDelegationInfo struct { state protoimpl.MessageState `protogen:"open.v1"` // Entity that creates credentials for service account and assumes its // identity for authentication. // // Types that are valid to be assigned to Authority: // // *ServiceAccountDelegationInfo_SystemPrincipal_ // *ServiceAccountDelegationInfo_IdpPrincipal_ Authority isServiceAccountDelegationInfo_Authority `protobuf_oneof:"authority"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *ServiceAccountDelegationInfo) Reset() { *x = ServiceAccountDelegationInfo{} mi := &file_audit_v1_audit_event_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *ServiceAccountDelegationInfo) String() string { return protoimpl.X.MessageStringOf(x) } func (*ServiceAccountDelegationInfo) ProtoMessage() {} func (x *ServiceAccountDelegationInfo) ProtoReflect() protoreflect.Message { mi := &file_audit_v1_audit_event_proto_msgTypes[7] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use ServiceAccountDelegationInfo.ProtoReflect.Descriptor instead. func (*ServiceAccountDelegationInfo) Descriptor() ([]byte, []int) { return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{7} } func (x *ServiceAccountDelegationInfo) GetAuthority() isServiceAccountDelegationInfo_Authority { if x != nil { return x.Authority } return nil } func (x *ServiceAccountDelegationInfo) GetSystemPrincipal() *ServiceAccountDelegationInfo_SystemPrincipal { if x != nil { if x, ok := x.Authority.(*ServiceAccountDelegationInfo_SystemPrincipal_); ok { return x.SystemPrincipal } } return nil } func (x *ServiceAccountDelegationInfo) GetIdpPrincipal() *ServiceAccountDelegationInfo_IdpPrincipal { if x != nil { if x, ok := x.Authority.(*ServiceAccountDelegationInfo_IdpPrincipal_); ok { return x.IdpPrincipal } } return nil } type isServiceAccountDelegationInfo_Authority interface { isServiceAccountDelegationInfo_Authority() } type ServiceAccountDelegationInfo_SystemPrincipal_ struct { // System identity SystemPrincipal *ServiceAccountDelegationInfo_SystemPrincipal `protobuf:"bytes,1,opt,name=system_principal,json=systemPrincipal,proto3,oneof"` } type ServiceAccountDelegationInfo_IdpPrincipal_ struct { // STACKIT IDP identity IdpPrincipal *ServiceAccountDelegationInfo_IdpPrincipal `protobuf:"bytes,2,opt,name=idp_principal,json=idpPrincipal,proto3,oneof"` } func (*ServiceAccountDelegationInfo_SystemPrincipal_) isServiceAccountDelegationInfo_Authority() {} func (*ServiceAccountDelegationInfo_IdpPrincipal_) isServiceAccountDelegationInfo_Authority() {} // This message defines request authentication attributes. Terminology is // based on the JSON Web Token (JWT) standard, but the terms also // correlate to concepts in other standards. type AttributeContext_Auth struct { state protoimpl.MessageState `protogen:"open.v1"` // The authenticated principal. Reflects the issuer ("iss") and subject // ("sub") claims within a JWT. // // Format: / // Where: // // Sub-Claim: Sub-Claim from JWT with `/` percent-encoded (url-encoded) // Issuer-Claim: Iss-Claim from JWT with `/` percent-encoded (url-encoded) // // Examples: // // "stackit-resource-manager-dev/https%3A%2F%2Faccounts.dev.stackit.cloud" // // Required: true Principal string `protobuf:"bytes,1,opt,name=principal,proto3" json:"principal,omitempty"` // The intended audience(s) for this authentication information. Reflects // the audience ("aud") claim within a JWT, typically the services intended // to receive the credential. // // Examples: // // ["stackit-resource-manager-dev", "stackit", "api"] // // Required: false Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"` // Structured claims presented with the credential. JWTs include // {"key": } pairs for standard and private claims. // // The following is a subset of the standard required and optional claims that should // typically be presented for a STACKIT JWT. // Don't add other claims to not leak internal or personal information: // // { // "aud": "stackit-resource-manager-dev", // "email": "max@mail.schwarz", // "iss": "https://api.dev.stackit.cloud", // "jti": "45a196e0-480f-4c34-a592-dc5db81c8c3a" // "sub": "cd94f01a-df2e-4456-902f-48f5e57f0b63" // } // // Required: true Claims *structpb.Struct `protobuf:"bytes,3,opt,name=claims,proto3" json:"claims,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *AttributeContext_Auth) Reset() { *x = AttributeContext_Auth{} mi := &file_audit_v1_audit_event_proto_msgTypes[9] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *AttributeContext_Auth) String() string { return protoimpl.X.MessageStringOf(x) } func (*AttributeContext_Auth) ProtoMessage() {} func (x *AttributeContext_Auth) ProtoReflect() protoreflect.Message { mi := &file_audit_v1_audit_event_proto_msgTypes[9] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use AttributeContext_Auth.ProtoReflect.Descriptor instead. func (*AttributeContext_Auth) Descriptor() ([]byte, []int) { return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{4, 0} } func (x *AttributeContext_Auth) GetPrincipal() string { if x != nil { return x.Principal } return "" } func (x *AttributeContext_Auth) GetAudiences() []string { if x != nil { return x.Audiences } return nil } func (x *AttributeContext_Auth) GetClaims() *structpb.Struct { if x != nil { return x.Claims } return nil } // This message defines attributes for an HTTP request. If the actual // request is not an HTTP request, the runtime system should try to map // the actual request to an equivalent HTTP request. type AttributeContext_Request struct { state protoimpl.MessageState `protogen:"open.v1"` // The unique ID for a request, which can be propagated to downstream // systems. The ID should have low probability of collision // within a single day for a specific service. // // More information can be found here: https://google.aip.dev/155 // // Format: // Where: // // Idempotency-key: Typically consists of a id + version // // Examples: // // 5e3952a9-b628-4be6-ac61-b1c6eb4a110c/5 // // Required: false Id *string `protobuf:"bytes,1,opt,name=id,proto3,oneof" json:"id,omitempty"` // The (HTTP) request method, such as `GET`, `POST`. // // Required: true Method AttributeContext_HttpMethod `protobuf:"varint,2,opt,name=method,proto3,enum=audit.v1.AttributeContext_HttpMethod" json:"method,omitempty"` // The (HTTP) request headers / gRPC metadata. If multiple headers share the same key, they // must be merged according to the HTTP spec. All header keys must be // lowercased, because HTTP header keys are case-insensitive. // // Internal IP-Addresses have to be removed (e.g. in x-forwarded-xxx headers). // // Required: true Headers map[string]string `protobuf:"bytes,3,rep,name=headers,proto3" json:"headers,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` // The gRPC / HTTP URL path. // // Required: true Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"` // The HTTP request `Host` header value. // // Required: true Host string `protobuf:"bytes,5,opt,name=host,proto3" json:"host,omitempty"` // The URL scheme, such as `http`, `https` or `gRPC`. // // Required: true Scheme string `protobuf:"bytes,6,opt,name=scheme,proto3" json:"scheme,omitempty"` // The HTTP URL query in the format of "name1=value1&name2=value2", as it // appears in the first line of the HTTP request. // The input should be escaped to not contain any special characters. // // Required: false Query *string `protobuf:"bytes,7,opt,name=query,proto3,oneof" json:"query,omitempty"` // The timestamp when the `destination` service receives the first byte of // the request. // // Required: true Time *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=time,proto3" json:"time,omitempty"` // The network protocol used with the request, such as "http/1.1", // "spdy/3", "h2", "h2c", "webrtc", "tcp", "udp", "quic". See // https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids // for details. // // Required: true Protocol string `protobuf:"bytes,9,opt,name=protocol,proto3" json:"protocol,omitempty"` // The request authentication. // // Required: true Auth *AttributeContext_Auth `protobuf:"bytes,10,opt,name=auth,proto3" json:"auth,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *AttributeContext_Request) Reset() { *x = AttributeContext_Request{} mi := &file_audit_v1_audit_event_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *AttributeContext_Request) String() string { return protoimpl.X.MessageStringOf(x) } func (*AttributeContext_Request) ProtoMessage() {} func (x *AttributeContext_Request) ProtoReflect() protoreflect.Message { mi := &file_audit_v1_audit_event_proto_msgTypes[10] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use AttributeContext_Request.ProtoReflect.Descriptor instead. func (*AttributeContext_Request) Descriptor() ([]byte, []int) { return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{4, 1} } func (x *AttributeContext_Request) GetId() string { if x != nil && x.Id != nil { return *x.Id } return "" } func (x *AttributeContext_Request) GetMethod() AttributeContext_HttpMethod { if x != nil { return x.Method } return AttributeContext_HTTP_METHOD_UNSPECIFIED } func (x *AttributeContext_Request) GetHeaders() map[string]string { if x != nil { return x.Headers } return nil } func (x *AttributeContext_Request) GetPath() string { if x != nil { return x.Path } return "" } func (x *AttributeContext_Request) GetHost() string { if x != nil { return x.Host } return "" } func (x *AttributeContext_Request) GetScheme() string { if x != nil { return x.Scheme } return "" } func (x *AttributeContext_Request) GetQuery() string { if x != nil && x.Query != nil { return *x.Query } return "" } func (x *AttributeContext_Request) GetTime() *timestamppb.Timestamp { if x != nil { return x.Time } return nil } func (x *AttributeContext_Request) GetProtocol() string { if x != nil { return x.Protocol } return "" } func (x *AttributeContext_Request) GetAuth() *AttributeContext_Auth { if x != nil { return x.Auth } return nil } // This message defines attributes for a typical network response. It // generally models semantics of an HTTP response. type AttributeContext_Response struct { state protoimpl.MessageState `protogen:"open.v1"` // The number of items returned to the client if applicable. // // Required: false NumResponseItems *wrapperspb.Int64Value `protobuf:"bytes,1,opt,name=num_response_items,json=numResponseItems,proto3,oneof" json:"num_response_items,omitempty"` // The HTTP response size in bytes. // // Required: false Size *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=size,proto3,oneof" json:"size,omitempty"` // The HTTP response headers. If multiple headers share the same key, they // must be merged according to HTTP spec. All header keys must be // lowercased, because HTTP header keys are case-insensitive. // // Required: false Headers map[string]string `protobuf:"bytes,3,rep,name=headers,proto3" json:"headers,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` // The timestamp when the "destination" service generates the first byte of // the response. // // Required: true Time *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=time,proto3" json:"time,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *AttributeContext_Response) Reset() { *x = AttributeContext_Response{} mi := &file_audit_v1_audit_event_proto_msgTypes[11] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *AttributeContext_Response) String() string { return protoimpl.X.MessageStringOf(x) } func (*AttributeContext_Response) ProtoMessage() {} func (x *AttributeContext_Response) ProtoReflect() protoreflect.Message { mi := &file_audit_v1_audit_event_proto_msgTypes[11] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use AttributeContext_Response.ProtoReflect.Descriptor instead. func (*AttributeContext_Response) Descriptor() ([]byte, []int) { return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{4, 2} } func (x *AttributeContext_Response) GetNumResponseItems() *wrapperspb.Int64Value { if x != nil { return x.NumResponseItems } return nil } func (x *AttributeContext_Response) GetSize() *wrapperspb.Int64Value { if x != nil { return x.Size } return nil } func (x *AttributeContext_Response) GetHeaders() map[string]string { if x != nil { return x.Headers } return nil } func (x *AttributeContext_Response) GetTime() *timestamppb.Timestamp { if x != nil { return x.Time } return nil } // Anonymous system principal to be used when no user identity is available. type ServiceAccountDelegationInfo_SystemPrincipal struct { state protoimpl.MessageState `protogen:"open.v1"` // Metadata about the service that uses the service account. // // Required: false ServiceMetadata *structpb.Struct `protobuf:"bytes,1,opt,name=service_metadata,json=serviceMetadata,proto3,oneof" json:"service_metadata,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *ServiceAccountDelegationInfo_SystemPrincipal) Reset() { *x = ServiceAccountDelegationInfo_SystemPrincipal{} mi := &file_audit_v1_audit_event_proto_msgTypes[14] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *ServiceAccountDelegationInfo_SystemPrincipal) String() string { return protoimpl.X.MessageStringOf(x) } func (*ServiceAccountDelegationInfo_SystemPrincipal) ProtoMessage() {} func (x *ServiceAccountDelegationInfo_SystemPrincipal) ProtoReflect() protoreflect.Message { mi := &file_audit_v1_audit_event_proto_msgTypes[14] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use ServiceAccountDelegationInfo_SystemPrincipal.ProtoReflect.Descriptor instead. func (*ServiceAccountDelegationInfo_SystemPrincipal) Descriptor() ([]byte, []int) { return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{7, 0} } func (x *ServiceAccountDelegationInfo_SystemPrincipal) GetServiceMetadata() *structpb.Struct { if x != nil { return x.ServiceMetadata } return nil } // STACKIT idp principal. type ServiceAccountDelegationInfo_IdpPrincipal struct { state protoimpl.MessageState `protogen:"open.v1"` // STACKIT principal id // // Required: true PrincipalId string `protobuf:"bytes,1,opt,name=principal_id,json=principalId,proto3" json:"principal_id,omitempty"` // The email address of the authenticated user. // Service accounts have email addresses that can be used. // // Required: true PrincipalEmail string `protobuf:"bytes,2,opt,name=principal_email,json=principalEmail,proto3" json:"principal_email,omitempty"` // Metadata about the service that uses the service account. // // Required: false ServiceMetadata *structpb.Struct `protobuf:"bytes,3,opt,name=service_metadata,json=serviceMetadata,proto3,oneof" json:"service_metadata,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *ServiceAccountDelegationInfo_IdpPrincipal) Reset() { *x = ServiceAccountDelegationInfo_IdpPrincipal{} mi := &file_audit_v1_audit_event_proto_msgTypes[15] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } func (x *ServiceAccountDelegationInfo_IdpPrincipal) String() string { return protoimpl.X.MessageStringOf(x) } func (*ServiceAccountDelegationInfo_IdpPrincipal) ProtoMessage() {} func (x *ServiceAccountDelegationInfo_IdpPrincipal) ProtoReflect() protoreflect.Message { mi := &file_audit_v1_audit_event_proto_msgTypes[15] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use ServiceAccountDelegationInfo_IdpPrincipal.ProtoReflect.Descriptor instead. func (*ServiceAccountDelegationInfo_IdpPrincipal) Descriptor() ([]byte, []int) { return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{7, 1} } func (x *ServiceAccountDelegationInfo_IdpPrincipal) GetPrincipalId() string { if x != nil { return x.PrincipalId } return "" } func (x *ServiceAccountDelegationInfo_IdpPrincipal) GetPrincipalEmail() string { if x != nil { return x.PrincipalEmail } return "" } func (x *ServiceAccountDelegationInfo_IdpPrincipal) GetServiceMetadata() *structpb.Struct { if x != nil { return x.ServiceMetadata } return nil } var File_audit_v1_audit_event_proto protoreflect.FileDescriptor const file_audit_v1_audit_event_proto_rawDesc = "" + "\n" + "\x1aaudit/v1/audit_event.proto\x12\baudit.v1\x1a\x1bbuf/validate/validate.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x1egoogle/protobuf/wrappers.proto\"\xe2\x04\n" + "\rAuditLogEntry\x12x\n" + "\blog_name\x18\x01 \x01(\tB]\xbaHZ\xc8\x01\x01rU2S^[a-z-]+/[a-z0-9-]+/logs/(?:admin-activity|system-event|policy-denied|data-access)$R\alogName\x12?\n" + "\rproto_payload\x18\x02 \x01(\v2\x12.audit.v1.AuditLogB\x06\xbaH\x03\xc8\x01\x01R\fprotoPayload\x12L\n" + "\tinsert_id\x18\x03 \x01(\tB/\xbaH,\xc8\x01\x01r'2%^[0-9]+/[a-z0-9-]+/[a-z0-9-]+/[0-9]+$R\binsertId\x12;\n" + "\x06labels\x18\x04 \x03(\v2#.audit.v1.AuditLogEntry.LabelsEntryR\x06labels\x126\n" + "\x0ecorrelation_id\x18\x05 \x01(\tB\n" + "\xbaH\ar\x05\x10\x01\x18\xff\x01H\x00R\rcorrelationId\x88\x01\x01\x12E\n" + "\ttimestamp\x18\x06 \x01(\v2\x1a.google.protobuf.TimestampB\v\xbaH\b\xc8\x01\x01\xb2\x01\x028\x01R\ttimestamp\x12>\n" + "\bseverity\x18\a \x01(\x0e2\x15.audit.v1.LogSeverityB\v\xbaH\b\xc8\x01\x01\x82\x01\x02\x10\x01R\bseverity\x1a9\n" + "\vLabelsEntry\x12\x10\n" + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01B\x11\n" + "\x0f_correlation_id\"\xb3\x06\n" + "\bAuditLog\x125\n" + "\fservice_name\x18\x01 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" + "\x10\x012\x06.*\\S.*R\vserviceName\x12w\n" + "\x0eoperation_name\x18\x02 \x01(\tBP\xbaHM\xc8\x01\x01rH\x10\x01\x18\xff\x012A^stackit\\.[a-z0-9-]+\\.(?:v[0-9]+\\.)?(?:[a-z0-9-.]+\\.)?[a-z0-9-]+$R\roperationName\x12c\n" + "\rresource_name\x18\x03 \x01(\tB>\xbaH;\xc8\x01\x01r6\x10\x01\x18\xff\x012/^[a-z]+/[a-z0-9-]+(?:/[a-z0-9-]+/[a-z0-9-_]+)*$R\fresourceName\x12U\n" + "\x13authentication_info\x18\x04 \x01(\v2\x1c.audit.v1.AuthenticationInfoB\x06\xbaH\x03\xc8\x01\x01R\x12authenticationInfo\x12J\n" + "\x12authorization_info\x18\x05 \x03(\v2\x1b.audit.v1.AuthorizationInfoR\x11authorizationInfo\x12L\n" + "\x10request_metadata\x18\x06 \x01(\v2\x19.audit.v1.RequestMetadataB\x06\xbaH\x03\xc8\x01\x01R\x0frequestMetadata\x126\n" + "\arequest\x18\a \x01(\v2\x17.google.protobuf.StructH\x00R\arequest\x88\x01\x01\x12O\n" + "\x11response_metadata\x18\b \x01(\v2\x1a.audit.v1.ResponseMetadataB\x06\xbaH\x03\xc8\x01\x01R\x10responseMetadata\x128\n" + "\bresponse\x18\t \x01(\v2\x17.google.protobuf.StructH\x01R\bresponse\x88\x01\x01\x128\n" + "\bmetadata\x18\n" + " \x01(\v2\x17.google.protobuf.StructH\x02R\bmetadata\x88\x01\x01B\n" + "\n" + "\b_requestB\v\n" + "\t_responseB\v\n" + "\t_metadata\"\x93\x03\n" + "\x12AuthenticationInfo\x125\n" + "\fprincipal_id\x18\x01 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" + "\x10\x012\x06.*\\S.*R\vprincipalId\x12:\n" + "\x0fprincipal_email\x18\x02 \x01(\tB\f\xbaH\tr\a\x10\x05\x18\xff\x01`\x01H\x00R\x0eprincipalEmail\x88\x01\x01\x12n\n" + "\x14service_account_name\x18\x03 \x01(\tB7\xbaH4r220^[a-z-]+/[a-z0-9-]+/service-accounts/[a-z0-9-]+$H\x01R\x12serviceAccountName\x88\x01\x01\x12m\n" + "\x1fservice_account_delegation_info\x18\x04 \x03(\v2&.audit.v1.ServiceAccountDelegationInfoR\x1cserviceAccountDelegationInfoB\x12\n" + "\x10_principal_emailB\x17\n" + "\x15_service_account_name\"\xf2\x01\n" + "\x11AuthorizationInfo\x12U\n" + "\bresource\x18\x01 \x01(\tB9\xbaH6\xc8\x01\x01r12/^[a-z]+/[a-z0-9-]+(?:/[a-z0-9-]+/[a-z0-9-_]+)*$R\bresource\x12L\n" + "\n" + "permission\x18\x02 \x01(\tB'\xbaH$r\"2 ^[a-z-]+(?:\\.[a-z-]+)*\\.[a-z-]+$H\x00R\n" + "permission\x88\x01\x01\x12\x1d\n" + "\agranted\x18\x03 \x01(\bH\x01R\agranted\x88\x01\x01B\r\n" + "\v_permissionB\n" + "\n" + "\b_granted\"\xaa\v\n" + "\x10AttributeContext\x1a\xa9\x01\n" + "\x04Auth\x12J\n" + "\tprincipal\x18\x01 \x01(\tB,\xbaH)\xc8\x01\x01r$2\"^[a-zA-Z0-9-%._]+/[a-zA-Z0-9-%.]+$R\tprincipal\x12\x1c\n" + "\taudiences\x18\x02 \x03(\tR\taudiences\x127\n" + "\x06claims\x18\x03 \x01(\v2\x17.google.protobuf.StructB\x06\xbaH\x03\xc8\x01\x01R\x06claims\x1a\xce\x04\n" + "\aRequest\x12\x13\n" + "\x02id\x18\x01 \x01(\tH\x00R\x02id\x88\x01\x01\x12J\n" + "\x06method\x18\x02 \x01(\x0e2%.audit.v1.AttributeContext.HttpMethodB\v\xbaH\b\xc8\x01\x01\x82\x01\x02\x10\x01R\x06method\x12Q\n" + "\aheaders\x18\x03 \x03(\v2/.audit.v1.AttributeContext.Request.HeadersEntryB\x06\xbaH\x03\xc8\x01\x01R\aheaders\x12)\n" + "\x04path\x18\x04 \x01(\tB\x15\xbaH\x12\xc8\x01\x01r\r\x10\x01\x18\xff\x012\x06.*\\S.*R\x04path\x12&\n" + "\x04host\x18\x05 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" + "\x10\x012\x06.*\\S.*R\x04host\x12*\n" + "\x06scheme\x18\x06 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" + "\x10\x012\x06.*\\S.*R\x06scheme\x12\x19\n" + "\x05query\x18\a \x01(\tH\x01R\x05query\x88\x01\x01\x12;\n" + "\x04time\x18\b \x01(\v2\x1a.google.protobuf.TimestampB\v\xbaH\b\xc8\x01\x01\xb2\x01\x028\x01R\x04time\x12.\n" + "\bprotocol\x18\t \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" + "\x10\x012\x06.*\\S.*R\bprotocol\x12;\n" + "\x04auth\x18\n" + " \x01(\v2\x1f.audit.v1.AttributeContext.AuthB\x06\xbaH\x03\xc8\x01\x01R\x04auth\x1a:\n" + "\fHeadersEntry\x12\x10\n" + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01B\x05\n" + "\x03_idB\b\n" + "\x06_query\x1a\x87\x03\n" + "\bResponse\x12W\n" + "\x12num_response_items\x18\x01 \x01(\v2\x1b.google.protobuf.Int64ValueB\a\xbaH\x04\"\x02(\x00H\x00R\x10numResponseItems\x88\x01\x01\x12=\n" + "\x04size\x18\x02 \x01(\v2\x1b.google.protobuf.Int64ValueB\a\xbaH\x04\"\x02(\x00H\x01R\x04size\x88\x01\x01\x12J\n" + "\aheaders\x18\x03 \x03(\v20.audit.v1.AttributeContext.Response.HeadersEntryR\aheaders\x12;\n" + "\x04time\x18\x04 \x01(\v2\x1a.google.protobuf.TimestampB\v\xbaH\b\xc8\x01\x01\xb2\x01\x028\x01R\x04time\x1a:\n" + "\fHeadersEntry\x12\x10\n" + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01B\x15\n" + "\x13_num_response_itemsB\a\n" + "\x05_size\"\x8e\x02\n" + "\n" + "HttpMethod\x12\x1b\n" + "\x17HTTP_METHOD_UNSPECIFIED\x10\x00\x12\x15\n" + "\x11HTTP_METHOD_OTHER\x10\x01\x12\x13\n" + "\x0fHTTP_METHOD_GET\x10\x02\x12\x14\n" + "\x10HTTP_METHOD_HEAD\x10\x03\x12\x14\n" + "\x10HTTP_METHOD_POST\x10\x04\x12\x13\n" + "\x0fHTTP_METHOD_PUT\x10\x05\x12\x16\n" + "\x12HTTP_METHOD_DELETE\x10\x06\x12\x17\n" + "\x13HTTP_METHOD_CONNECT\x10\a\x12\x17\n" + "\x13HTTP_METHOD_OPTIONS\x10\b\x12\x15\n" + "\x11HTTP_METHOD_TRACE\x10\t\x12\x15\n" + "\x11HTTP_METHOD_PATCH\x10\n" + "\"\xe9\x01\n" + "\x0fRequestMetadata\x12'\n" + "\tcaller_ip\x18\x01 \x01(\tB\n" + "\xbaH\a\xc8\x01\x01r\x02p\x01R\bcallerIp\x12R\n" + "\x1acaller_supplied_user_agent\x18\x02 \x01(\tB\x15\xbaH\x12\xc8\x01\x01r\r\x10\x01\x18\xff\x012\x06.*\\S.*R\x17callerSuppliedUserAgent\x12Y\n" + "\x12request_attributes\x18\x03 \x01(\v2\".audit.v1.AttributeContext.RequestB\x06\xbaH\x03\xc8\x01\x01R\x11requestAttributes\"\xb4\x02\n" + "\x10ResponseMetadata\x12H\n" + "\vstatus_code\x18\x01 \x01(\v2\x1b.google.protobuf.Int32ValueB\n" + "\xbaH\a\xc8\x01\x01\x1a\x02(\x00R\n" + "statusCode\x12(\n" + "\rerror_message\x18\x02 \x01(\tH\x00R\ferrorMessage\x88\x01\x01\x12<\n" + "\rerror_details\x18\x03 \x03(\v2\x17.google.protobuf.StructR\ferrorDetails\x12\\\n" + "\x13response_attributes\x18\x04 \x01(\v2#.audit.v1.AttributeContext.ResponseB\x06\xbaH\x03\xc8\x01\x01R\x12responseAttributesB\x10\n" + "\x0e_error_message\"\xca\x04\n" + "\x1cServiceAccountDelegationInfo\x12c\n" + "\x10system_principal\x18\x01 \x01(\v26.audit.v1.ServiceAccountDelegationInfo.SystemPrincipalH\x00R\x0fsystemPrincipal\x12Z\n" + "\ridp_principal\x18\x02 \x01(\v23.audit.v1.ServiceAccountDelegationInfo.IdpPrincipalH\x00R\fidpPrincipal\x1ao\n" + "\x0fSystemPrincipal\x12G\n" + "\x10service_metadata\x18\x01 \x01(\v2\x17.google.protobuf.StructH\x00R\x0fserviceMetadata\x88\x01\x01B\x13\n" + "\x11_service_metadata\x1a\xe3\x01\n" + "\fIdpPrincipal\x125\n" + "\fprincipal_id\x18\x01 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" + "\x10\x012\x06.*\\S.*R\vprincipalId\x12>\n" + "\x0fprincipal_email\x18\x02 \x01(\tB\x15\xbaH\x12\xc8\x01\x01r\r\x10\x01\x18\xff\x012\x06.*\\S.*R\x0eprincipalEmail\x12G\n" + "\x10service_metadata\x18\x03 \x01(\v2\x17.google.protobuf.StructH\x00R\x0fserviceMetadata\x88\x01\x01B\x13\n" + "\x11_service_metadataB\x12\n" + "\tauthority\x12\x05\xbaH\x02\b\x01*\x96\x02\n" + "\vLogSeverity\x12\x1c\n" + "\x18LOG_SEVERITY_UNSPECIFIED\x10\x00\x12\x18\n" + "\x14LOG_SEVERITY_DEFAULT\x10d\x12\x17\n" + "\x12LOG_SEVERITY_DEBUG\x10\xc8\x01\x12\x16\n" + "\x11LOG_SEVERITY_INFO\x10\xac\x02\x12\x18\n" + "\x13LOG_SEVERITY_NOTICE\x10\x90\x03\x12\x19\n" + "\x14LOG_SEVERITY_WARNING\x10\xf4\x03\x12\x17\n" + "\x12LOG_SEVERITY_ERROR\x10\xd8\x04\x12\x1a\n" + "\x15LOG_SEVERITY_CRITICAL\x10\xbc\x05\x12\x17\n" + "\x12LOG_SEVERITY_ALERT\x10\xa0\x06\x12\x1b\n" + "\x16LOG_SEVERITY_EMERGENCY\x10\x84\aB1\n" + "\x1ccom.schwarz.stackit.audit.v1P\x01Z\x0f./audit;auditV1b\x06proto3" var ( file_audit_v1_audit_event_proto_rawDescOnce sync.Once file_audit_v1_audit_event_proto_rawDescData []byte ) func file_audit_v1_audit_event_proto_rawDescGZIP() []byte { file_audit_v1_audit_event_proto_rawDescOnce.Do(func() { file_audit_v1_audit_event_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_audit_v1_audit_event_proto_rawDesc), len(file_audit_v1_audit_event_proto_rawDesc))) }) return file_audit_v1_audit_event_proto_rawDescData } var file_audit_v1_audit_event_proto_enumTypes = make([]protoimpl.EnumInfo, 2) var file_audit_v1_audit_event_proto_msgTypes = make([]protoimpl.MessageInfo, 16) var file_audit_v1_audit_event_proto_goTypes = []any{ (LogSeverity)(0), // 0: audit.v1.LogSeverity (AttributeContext_HttpMethod)(0), // 1: audit.v1.AttributeContext.HttpMethod (*AuditLogEntry)(nil), // 2: audit.v1.AuditLogEntry (*AuditLog)(nil), // 3: audit.v1.AuditLog (*AuthenticationInfo)(nil), // 4: audit.v1.AuthenticationInfo (*AuthorizationInfo)(nil), // 5: audit.v1.AuthorizationInfo (*AttributeContext)(nil), // 6: audit.v1.AttributeContext (*RequestMetadata)(nil), // 7: audit.v1.RequestMetadata (*ResponseMetadata)(nil), // 8: audit.v1.ResponseMetadata (*ServiceAccountDelegationInfo)(nil), // 9: audit.v1.ServiceAccountDelegationInfo nil, // 10: audit.v1.AuditLogEntry.LabelsEntry (*AttributeContext_Auth)(nil), // 11: audit.v1.AttributeContext.Auth (*AttributeContext_Request)(nil), // 12: audit.v1.AttributeContext.Request (*AttributeContext_Response)(nil), // 13: audit.v1.AttributeContext.Response nil, // 14: audit.v1.AttributeContext.Request.HeadersEntry nil, // 15: audit.v1.AttributeContext.Response.HeadersEntry (*ServiceAccountDelegationInfo_SystemPrincipal)(nil), // 16: audit.v1.ServiceAccountDelegationInfo.SystemPrincipal (*ServiceAccountDelegationInfo_IdpPrincipal)(nil), // 17: audit.v1.ServiceAccountDelegationInfo.IdpPrincipal (*timestamppb.Timestamp)(nil), // 18: google.protobuf.Timestamp (*structpb.Struct)(nil), // 19: google.protobuf.Struct (*wrapperspb.Int32Value)(nil), // 20: google.protobuf.Int32Value (*wrapperspb.Int64Value)(nil), // 21: google.protobuf.Int64Value } var file_audit_v1_audit_event_proto_depIdxs = []int32{ 3, // 0: audit.v1.AuditLogEntry.proto_payload:type_name -> audit.v1.AuditLog 10, // 1: audit.v1.AuditLogEntry.labels:type_name -> audit.v1.AuditLogEntry.LabelsEntry 18, // 2: audit.v1.AuditLogEntry.timestamp:type_name -> google.protobuf.Timestamp 0, // 3: audit.v1.AuditLogEntry.severity:type_name -> audit.v1.LogSeverity 4, // 4: audit.v1.AuditLog.authentication_info:type_name -> audit.v1.AuthenticationInfo 5, // 5: audit.v1.AuditLog.authorization_info:type_name -> audit.v1.AuthorizationInfo 7, // 6: audit.v1.AuditLog.request_metadata:type_name -> audit.v1.RequestMetadata 19, // 7: audit.v1.AuditLog.request:type_name -> google.protobuf.Struct 8, // 8: audit.v1.AuditLog.response_metadata:type_name -> audit.v1.ResponseMetadata 19, // 9: audit.v1.AuditLog.response:type_name -> google.protobuf.Struct 19, // 10: audit.v1.AuditLog.metadata:type_name -> google.protobuf.Struct 9, // 11: audit.v1.AuthenticationInfo.service_account_delegation_info:type_name -> audit.v1.ServiceAccountDelegationInfo 12, // 12: audit.v1.RequestMetadata.request_attributes:type_name -> audit.v1.AttributeContext.Request 20, // 13: audit.v1.ResponseMetadata.status_code:type_name -> google.protobuf.Int32Value 19, // 14: audit.v1.ResponseMetadata.error_details:type_name -> google.protobuf.Struct 13, // 15: audit.v1.ResponseMetadata.response_attributes:type_name -> audit.v1.AttributeContext.Response 16, // 16: audit.v1.ServiceAccountDelegationInfo.system_principal:type_name -> audit.v1.ServiceAccountDelegationInfo.SystemPrincipal 17, // 17: audit.v1.ServiceAccountDelegationInfo.idp_principal:type_name -> audit.v1.ServiceAccountDelegationInfo.IdpPrincipal 19, // 18: audit.v1.AttributeContext.Auth.claims:type_name -> google.protobuf.Struct 1, // 19: audit.v1.AttributeContext.Request.method:type_name -> audit.v1.AttributeContext.HttpMethod 14, // 20: audit.v1.AttributeContext.Request.headers:type_name -> audit.v1.AttributeContext.Request.HeadersEntry 18, // 21: audit.v1.AttributeContext.Request.time:type_name -> google.protobuf.Timestamp 11, // 22: audit.v1.AttributeContext.Request.auth:type_name -> audit.v1.AttributeContext.Auth 21, // 23: audit.v1.AttributeContext.Response.num_response_items:type_name -> google.protobuf.Int64Value 21, // 24: audit.v1.AttributeContext.Response.size:type_name -> google.protobuf.Int64Value 15, // 25: audit.v1.AttributeContext.Response.headers:type_name -> audit.v1.AttributeContext.Response.HeadersEntry 18, // 26: audit.v1.AttributeContext.Response.time:type_name -> google.protobuf.Timestamp 19, // 27: audit.v1.ServiceAccountDelegationInfo.SystemPrincipal.service_metadata:type_name -> google.protobuf.Struct 19, // 28: audit.v1.ServiceAccountDelegationInfo.IdpPrincipal.service_metadata:type_name -> google.protobuf.Struct 29, // [29:29] is the sub-list for method output_type 29, // [29:29] is the sub-list for method input_type 29, // [29:29] is the sub-list for extension type_name 29, // [29:29] is the sub-list for extension extendee 0, // [0:29] is the sub-list for field type_name } func init() { file_audit_v1_audit_event_proto_init() } func file_audit_v1_audit_event_proto_init() { if File_audit_v1_audit_event_proto != nil { return } file_audit_v1_audit_event_proto_msgTypes[0].OneofWrappers = []any{} file_audit_v1_audit_event_proto_msgTypes[1].OneofWrappers = []any{} file_audit_v1_audit_event_proto_msgTypes[2].OneofWrappers = []any{} file_audit_v1_audit_event_proto_msgTypes[3].OneofWrappers = []any{} file_audit_v1_audit_event_proto_msgTypes[6].OneofWrappers = []any{} file_audit_v1_audit_event_proto_msgTypes[7].OneofWrappers = []any{ (*ServiceAccountDelegationInfo_SystemPrincipal_)(nil), (*ServiceAccountDelegationInfo_IdpPrincipal_)(nil), } file_audit_v1_audit_event_proto_msgTypes[10].OneofWrappers = []any{} file_audit_v1_audit_event_proto_msgTypes[11].OneofWrappers = []any{} file_audit_v1_audit_event_proto_msgTypes[14].OneofWrappers = []any{} file_audit_v1_audit_event_proto_msgTypes[15].OneofWrappers = []any{} type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_audit_v1_audit_event_proto_rawDesc), len(file_audit_v1_audit_event_proto_rawDesc)), NumEnums: 2, NumMessages: 16, NumExtensions: 0, NumServices: 0, }, GoTypes: file_audit_v1_audit_event_proto_goTypes, DependencyIndexes: file_audit_v1_audit_event_proto_depIdxs, EnumInfos: file_audit_v1_audit_event_proto_enumTypes, MessageInfos: file_audit_v1_audit_event_proto_msgTypes, }.Build() File_audit_v1_audit_event_proto = out.File file_audit_v1_audit_event_proto_goTypes = nil file_audit_v1_audit_event_proto_depIdxs = nil }