syntax = "proto3"; import "buf/validate/validate.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/timestamp.proto"; import "google/protobuf/wrappers.proto"; package audit.v1; option go_package = "./audit;auditV1"; option java_multiple_files = true; option java_package = "com.schwarz.stackit.audit.v1"; enum EventTrigger { EVENT_TRIGGER_UNSPECIFIED = 0; // Event from messaging system EVENT_TRIGGER_EVENT = 1; // Time based scheduler EVENT_TRIGGER_SCHEDULER = 2; // Network request (REST, gRPC, etc.) EVENT_TRIGGER_REQUEST = 3; } message Principal { // A UUID or another kind of identifier string id = 1 [(buf.validate.field).required = true]; optional string email = 2 [(buf.validate.field).string.email = true, (buf.validate.field).string.max_len = 255]; } message RequestDetails { string endpoint = 1 [(buf.validate.field).required = true, (buf.validate.field).string.min_len = 1, (buf.validate.field).string.max_len = 255]; // Accepts ipv4 and ipv6 string source_ip_address = 2 [(buf.validate.field).required = true, (buf.validate.field).string.ip = true]; optional string user_agent = 3 [(buf.validate.field).required = true, (buf.validate.field).string.min_len = 1, (buf.validate.field).string.max_len = 255]; optional google.protobuf.Struct parameters = 4; optional google.protobuf.Struct body = 5; repeated RequestHeader headers = 6; } // Key-value pair for request headers. Key and value are mandatory. message RequestHeader { string key = 1 [(buf.validate.field).required = true, (buf.validate.field).string.min_len = 1]; string value = 2 [(buf.validate.field).required = true, (buf.validate.field).string.min_len = 1]; } message AuditEvent { // Validate that "request" details are set if the event trigger is set to "EVENT_REQUEST" option (buf.validate.message).cel = { id: "request.details" message: "request details must be set" expression: "this.event_trigger == 3 && has(this.request) || this.event_trigger != 3" }; // Sequence number of event sent by the service to identify missing events. google.protobuf.Int64Value sequence_number = 1 [(buf.validate.field).required = true, (buf.validate.field).int64.gte = -1]; // Functional event name with pattern _, e.g. ORGANIZATION_CREATED // Important for filtering and translation / verbalization of event types // in the UI or data sinks. string event_name = 2 [(buf.validate.field).required = true, (buf.validate.field).string.pattern = "^[A-Z]+_[A-Z]+$"]; // The time when the event happened. Must not be a value in the future. google.protobuf.Timestamp event_time_stamp = 3 [(buf.validate.field).required = true, (buf.validate.field).timestamp.lt_now = true]; EventTrigger event_trigger = 4 [(buf.validate.field).required = true, (buf.validate.field).enum.defined_only = true]; // Request details - mandatory if event_trigger is set to "EVENT_REQUEST" optional RequestDetails request = 5; Principal initiator = 6 [(buf.validate.field).required = true]; // List of service account delegation principals. // -> Chain from service account to the actual user who initiated the action. repeated Principal principals = 7; optional string resource_id = 8 [(buf.validate.field).string.min_len = 1, (buf.validate.field).string.max_len = 255]; optional string resource_name = 9 [(buf.validate.field).string.min_len = 1, (buf.validate.field).string.max_len = 255]; optional string correlation_id = 10 [(buf.validate.field).string.min_len = 1, (buf.validate.field).string.max_len = 255]; // Result of the operation to publish with the event optional google.protobuf.Struct result = 11; // Additional information to publish with the event optional google.protobuf.Struct details = 12; }