package api import ( "fmt" "time" "github.com/google/uuid" "google.golang.org/protobuf/types/known/structpb" "google.golang.org/protobuf/types/known/timestamppb" "google.golang.org/protobuf/types/known/wrapperspb" auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/gen/go/audit/v1" pkgAuditCommon "dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git/pkg/audit/common" ) const clientCredentialsToken = "Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOGJlZjc1LWRmY2QtNGE3My1hMzkxLTU0YTdhZjU3YTdkNiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3RhY2tpdC1yZXNvdXJjZS1tYW5hZ2VyLWRldiJdLCJjbGllbnRfaWQiOiJzdGFja2l0LXJlc291cmNlLW1hbmFnZXItZGV2IiwiZXhwIjoxNzI0NDA1MzI2LCJpYXQiOjE3MjQ0MDQ0MjYsImlzcyI6Imh0dHBzOi8vYWNjb3VudHMuZGV2LnN0YWNraXQuY2xvdWQiLCJqdGkiOiJlNDZlYmEzOC1kZWRiLTQ1NDEtOTRmMy00OWY5N2E5MzRkNTgiLCJuYmYiOjE3MjQ0MDQ0MjYsInNjb3BlIjoidWFhLm5vbmUiLCJzdWIiOiJzdGFja2l0LXJlc291cmNlLW1hbmFnZXItZGV2In0.JP5Uy7AMdK4ukzQ6aOYzbVwEmq0Tp2ppQGRqGOhuVQgbqs6yJ33GKXo7RPsJVLw3FR7XAxENIVqNvzGotbDXr0NjBGdzyxIHzrOaUqM4w1iLzD1KF51dXFwkoigqDdD7Ze9eI_Uo3tSn8FwGLTSoO-ONQYpnceCiGut2Gc6VIL8HOLdh8dzlRENGQtgYd-3Y5zqpoLrsR2Bd-0sv15sF-5aI0CqcC8gE70JPImKf2u_IYI-TYMDNk86YSCtaYO5-alOrHXXWwgzSoH-r2s5qoOhPbei9myV_P4fdcKXxMqfap9hImXPUooVhpdUr1AabZw3MtW7rION8tJAiauhMQA" const serviceAccountTokenUnderscoreSubject = "Bearer eyJraWQiOiJaVFJqWlRNek5tSmlNRGt3TldJMU5USTRZVGxpT1RjMllUWXlZVE16WldNIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiIxMGYzOGIwMV81MzRiXzQ3YmJfYTAzYV9lMjk0Y2EyYmU0ZGUiLCJhdWQiOlsic3RhY2tpdCIsImFwaSJdLCJzdGFja2l0L3NlcnZpY2VhY2NvdW50L3Rva2VuLnNvdXJjZSI6ImxlZ2FjeSIsInN0YWNraXQvc2VydmljZWFjY291bnQvbmFtZXNwYWNlIjoiYXBpIiwic3RhY2tpdC9wcm9qZWN0L3Byb2plY3QuaWQiOiJkYWNjNzgzMC04NDNlLTRjNWUtODZmZi1hYTBmYjUxZDYzNmYiLCJhenAiOiJjZDk0ZjAxYS1kZjJlLTQ0NTYtOTAyZS00OGY1ZTU3ZjBiNjMiLCJpc3MiOiJzdGFja2l0L3NlcnZpY2VhY2NvdW50Iiwic3RhY2tpdC9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMTBmMzhiMDEtNTM0Yi00N2JiLWEwM2EtZTI5NGNhMmJlNGRlIiwiZXhwIjoxNzIyNjY5MzQzLCJpYXQiOjE3MjI1ODI5NDMsImVtYWlsIjoibXktc2VydmljZS15aWZjOWUxQHNhLnN0YWNraXQuY2xvdWQiLCJqdGkiOiI4NGMzMGE0Ni0xMDAxLTQzNmYtODU5Zi04OWMwYmExOWJlMWUifQ.bfD2TxfioqaKbqFJvnV_gq5zY_aoKVD2qzySMQjubaLQ5Vx_Tj95HU0q7gdNczNgcT0tBRyUp0pE4g4bwaPpB2MtYtUUunzpwG8sOX_OBchkorhcC4N50cdF5TR2pg0SMp3L6QBo3coHVbjHvaipshCj1NvyXYzARb4dSR0adrsIGnqy3IaScty1A2XQ7PN6SX_OVmxO5swpL0I-afKvCOffnChI3qmFAL5t6sFxm8PoaCWLIrkoxdtqxw5ZqsPPOJ0qDhssTuc3nE4JrQnzX8fZH5FiBVVHGT76KUNgPFd26UsVzbGqBXK20pn3pbIQHwbRiVOh6qanjr9kvHBXpQ" const serviceAccountTokenRepeatedlyImpersonated = "Bearer eyJraWQiOiJaVFJqWlRNek5tSmlNRGt3TldJMU5USTRZVGxpT1RjMllUWXlZVE16WldNIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiIxNzM0YjRiNi0xZDVlLTQ4MTktOWI1MC0yOTkxN2ExYjlhZDUiLCJpc3MiOiJzdGFja2l0L3NlcnZpY2VhY2NvdW50IiwiYXVkIjpbInN0YWNraXQiLCJhcGkiXSwic3RhY2tpdC9zZXJ2aWNlYWNjb3VudC90b2tlbi5zb3VyY2UiOiJvYXV0aDIiLCJhY3QiOnsic3ViIjoiZjQ1MDA5YjItNjQzMy00M2MxLWI2YzctNjE4YzQ0MzU5ZTcxIiwiYWN0Ijp7InN1YiI6IjAyYWVmNTE2LTMxN2YtNGVjMS1hMWRmLTFhY2JkNGQ0OWZlMyJ9fSwic3RhY2tpdC9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJhcGkiLCJzdGFja2l0L3Byb2plY3QvcHJvamVjdC5pZCI6ImRhY2M3ODMwLTg0M2UtNGM1ZS04NmZmLWFhMGZiNTFkNjM2ZiIsImF6cCI6ImY0NTAwOWIyLTY0MzMtNDNjMS1iNmM3LTYxOGM0NDM1OWU3MSIsInN0YWNraXQvc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjE3MzRiNGI2LTFkNWUtNDgxOS05YjUwLTI5OTE3YTFiOWFkNSIsImV4cCI6MTcyNDA2Mjk2MywiaWF0IjoxNzI0MDU5MzYzLCJlbWFpbCI6InNlcnZpY2UtYWNjb3VudC0zLWZnaHN4dzFAc2Euc3RhY2tpdC5jbG91ZCIsImp0aSI6IjFmN2YxZWZjLTMzNDktNDExYS1hNWQ3LTIyNTVlMGE1YThhZSJ9.c1ae17bAtyOdmwXQbK37W-NTyOxo7iER5aHS_C0fU1qKl2BjOz708GLjH-_vxx9eKPeYznfI21_xlTaAvuG4Aco9f5YDK7fooTVHnDaOSSggqcEaDzDPrNXhhKEDxotJeq9zRMVCEStcbirjTounnLbuULRbO5GSY5jo-8n2UKxSZ2j5G_SjFHajdJwmzwvOttp08tdL8ck1uDdgVNBfcm0VIdb6WmgrCIUq5rmoa-cRPkdEurNtIEgEB_9U0Xh-SpmmsvFsWWeNIKz0e_5RCIyJonm_wMkGmblGegemkYL76ypeMNXTQsly1RozDIePfzHuZOWbySHSCd-vKQa2kw" const serviceAccountTokenImpersonated = "Bearer eyJraWQiOiJaVFJqWlRNek5tSmlNRGt3TldJMU5USTRZVGxpT1RjMllUWXlZVE16WldNIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJmNDUwMDliMi02NDMzLTQzYzEtYjZjNy02MThjNDQzNTllNzEiLCJpc3MiOiJzdGFja2l0L3NlcnZpY2VhY2NvdW50IiwiYXVkIjpbInN0YWNraXQiLCJhcGkiXSwic3RhY2tpdC9zZXJ2aWNlYWNjb3VudC90b2tlbi5zb3VyY2UiOiJvYXV0aDIiLCJhY3QiOnsic3ViIjoiMDJhZWY1MTYtMzE3Zi00ZWMxLWExZGYtMWFjYmQ0ZDQ5ZmUzIn0sInN0YWNraXQvc2VydmljZWFjY291bnQvbmFtZXNwYWNlIjoiYXBpIiwic3RhY2tpdC9wcm9qZWN0L3Byb2plY3QuaWQiOiJkYWNjNzgzMC04NDNlLTRjNWUtODZmZi1hYTBmYjUxZDYzNmYiLCJhenAiOiIwMmFlZjUxNi0zMTdmLTRlYzEtYTFkZi0xYWNiZDRkNDlmZTMiLCJzdGFja2l0L3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJmNDUwMDliMi02NDMzLTQzYzEtYjZjNy02MThjNDQzNTllNzEiLCJleHAiOjE3MjQwNjI5MDcsImlhdCI6MTcyNDA1OTMwNywiZW1haWwiOiJzZXJ2aWNlLWFjY291bnQtMi10ajlzcnQxQHNhLnN0YWNraXQuY2xvdWQiLCJqdGkiOiIzNzU1NTE4My0wMWI5LTQyNzAtYmRjMS02OWI0ZmNmZDVlZTkifQ.auBvvsIesFMAlWOCPCPC77DrrHF7gSKZwKs_Zry5KFvu2bpZZC1BcSXOc8b9eh0SzANI9M9aGJBhOzOm39-ZZ5XOQ-6_y1aWuEenYQ6kT5D3GzCUTMDzSi1lcZ4IG5nFMa_AAlVEN_7AMv7LHGtz49bWLJnAgeTo1cvof-OgP4mCQ5O6E0iyAq-5u8V8NJL7HIZy7BDe4J1mjfYhwKagrN7QFWu4fhN4TNS7d922X_6V489BhjRFRYjLW_qDnv912JorbGRz_XwNy_dPA81EkdMyKE0BJUezguJUEKEG2_JEi9O64Flcoi6x8cFHYhaDuMMSLipzePaHdyk2lQtH7Q" const serviceAccountToken = "Bearer eyJraWQiOiJaVFJqWlRNek5tSmlNRGt3TldJMU5USTRZVGxpT1RjMllUWXlZVE16WldNIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiIxMGYzOGIwMS01MzRiLTQ3YmItYTAzYS1lMjk0Y2EyYmU0ZGUiLCJhdWQiOlsic3RhY2tpdCIsImFwaSJdLCJzdGFja2l0L3NlcnZpY2VhY2NvdW50L3Rva2VuLnNvdXJjZSI6ImxlZ2FjeSIsInN0YWNraXQvc2VydmljZWFjY291bnQvbmFtZXNwYWNlIjoiYXBpIiwic3RhY2tpdC9wcm9qZWN0L3Byb2plY3QuaWQiOiJkYWNjNzgzMC04NDNlLTRjNWUtODZmZi1hYTBmYjUxZDYzNmYiLCJhenAiOiJjZDk0ZjAxYS1kZjJlLTQ0NTYtOTAyZS00OGY1ZTU3ZjBiNjMiLCJpc3MiOiJzdGFja2l0L3NlcnZpY2VhY2NvdW50Iiwic3RhY2tpdC9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMTBmMzhiMDEtNTM0Yi00N2JiLWEwM2EtZTI5NGNhMmJlNGRlIiwiZXhwIjoxNzIyNjY5MzQzLCJpYXQiOjE3MjI1ODI5NDMsImVtYWlsIjoibXktc2VydmljZS15aWZjOWUxQHNhLnN0YWNraXQuY2xvdWQiLCJqdGkiOiI4NGMzMGE0Ni0xMDAxLTQzNmYtODU5Zi04OWMwYmExOWJlMWUifQ.hb8X9VKc9xViHgNMyFHT9ePj_lyEwTV1D2es8E278WtoCJ9-4GPPQGjhcLGGrigjnvpRYV2LKzNqpQslerT5lFT_pHACsryaAE0ImYjmoe-nutA7BBpYuM_JN6pk5VIjVFLTqRKeIvFexPacqS2Vo3YoK1GvxPB8WPWBbGIsBtMl-PTm8OTwwzooBOoCRhhMR-E1lFbAymLsc1JI4yDQKLLomvhEopgmocCnQ-P1QkiKMqdkNxiD_YYLLYTOApg6d62BhqpH66ziqx493AStdZ8d5Kjvf3e1knDhaxVwNCghQj7lSo2kNAqZe__g2tiXpiZNTXBFJ_5HgQMLh67wng" const userToken = "Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOGJlZjc1LWRmY2QtNGE3My1hMzkxLTU0YTdhZjU3YTdkNiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3RhY2tpdC1wb3J0YWwtbG9naW4tZGV2LWNsaWVudC1pZCJdLCJjbGllbnRfaWQiOiJzdGFja2l0LXBvcnRhbC1sb2dpbi1kZXYtY2xpZW50LWlkIiwiZW1haWwiOiJDaHJpc3RpYW4uU2NoYWlibGVAbm92YXRlYy1nbWJoLmRlIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImV4cCI6MTcyMjU5MDM2NywiaWF0IjoxNzIyNTg2NzY3LCJpc3MiOiJodHRwczovL2FjY291bnRzLmRldi5zdGFja2l0LmNsb3VkIiwianRpIjoiZDczYTY3YWMtZDFlYy00YjU1LTk5ZDQtZTk1MzI3NWYwMjJhIiwibmJmIjoxNzIyNTg2NzY3LCJzY29wZSI6Im9wZW5pZCBlbWFpbCIsInN1YiI6ImNkOTRmMDFhLWRmMmUtNDQ1Ni05MDJlLTQ4ZjVlNTdmMGI2MyJ9.ajhjYbC5l5g7un9NSheoAwBT83YcZM91rH4DJxPTDsB78HzIVrmaKTPrK3AI_E1THlD2Z3_ot9nFr_eX7XcwWp_ZBlataKmakdXlAmeb4xSMGNYefIfzV_3w9ZZAZ66yoeTrtn8dUx5ezquenCYpctB1NcccmK4U09V0kNcq9dFcfF3Sg9YilF3orUCR0ql1d9RnOs3EiFZuUpdBEkyoVsAdSh2P-PRbNViR_FgCcAJem97TsN5CQc9RlvKYe4sYKgqQoqa2GDVi9Niiw3fe1V8SCnROYcpkOzBBWdvuzFMBUjln3uOogYVOz93xkmImV6jidgyQ70fLt-eDUmZZfg" const userTokenWithSimpleAudience = "Bearer eyJhbGciOiJSUzUxMiIsImtpZCI6InNlcnZpY2UtYWNjb3VudC1mMDdiZjZhOC02MjA3LTRmOGItYjNlOS03M2VkMGJlYjg4ZjUiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJodHRwczovL3N0YWNraXQtc2VydmljZS1hY2NvdW50LWRldi5hcHBzLjAxLmNmLmV1MDEuc3RhY2tpdC5jbG91ZCIsImVtYWlsIjoiTHVrYXMuU2NobWl0dEBzdGFja2l0LmNsb3VkIiwiZXhwIjoxNzMyMTgyMDM1LCJpYXQiOjE3MzIxNzg0MzUsImlzcyI6Imh0dHBzOi8vYXBpLmRldi5zdGFja2l0LmNsb3VkIiwianRpIjoiYzJiZTE2NTEtMWU1NC00ZTZlLWJhYzMtZWYwNzJiM2YwMTQ5IiwibmJmIjoxNzMyMTc4NDE4LCJyb2xlcyI6bnVsbCwic2NvcGUiOiJvcGVuaWQgZW1haWwgcG9ydGFsLWJmZiIsInN1YiI6IjVlNDI2YWVkLWM0ODctNGM0OC1hZjI1LTg3ZjY5Y2Y5Y2RkNCIsInVzZXJfaWQiOiIiLCJ4X2NsaWVudF9pZCI6IiIsInppZCI6IiJ9.notavailable" var TestHeaders = map[string][]string{"user-agent": {"custom"}, "authorization": {userToken}} var TestHeadersSa = map[string][]string{"user-agent": {"custom"}, "authorization": {serviceAccountTokenUnderscoreSubject}} func NewOrganizationAuditEvent( customization *func( *auditV1.AuditLogEntry, *auditV1.ObjectIdentifier, )) ( *auditV1.AuditLogEntry, *auditV1.ObjectIdentifier, ) { identifier := uuid.New() permission := "resourcemanager.organization.edit" permissionGranted := true requestId := fmt.Sprintf("%s/1", identifier) claims, _ := structpb.NewStruct(map[string]interface{}{}) correlationId := "cad100e2-e139-43b9-8c3b-335731e032bc" headers := make(map[string]string) headers["Content-Type"] = "application/json" labels := make(map[string]string) labels["label1"] = "value1" email := "user@example.com" auditEvent := &auditV1.AuditLogEntry{ LogName: fmt.Sprintf("%s/%s/logs/%s", pkgAuditCommon.ObjectTypeOrganization.Plural(), identifier, pkgAuditCommon.EventTypeAdminActivity), ProtoPayload: &auditV1.AuditLog{ ServiceName: "resource-manager", OperationName: "stackit.resourcemanager.v2.organization.created", ResourceName: fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeOrganization.Plural(), identifier), AuthenticationInfo: &auditV1.AuthenticationInfo{ PrincipalId: uuid.NewString(), PrincipalEmail: &email, ServiceAccountName: nil, ServiceAccountDelegationInfo: nil, }, AuthorizationInfo: []*auditV1.AuthorizationInfo{{ Resource: fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeOrganization.Plural(), identifier), Permission: &permission, Granted: &permissionGranted, }}, RequestMetadata: &auditV1.RequestMetadata{ CallerIp: "127.0.0.1", CallerSuppliedUserAgent: "OpenAPI-Generator/ 1.0.0/ go", RequestAttributes: &auditV1.AttributeContext_Request{ Id: &requestId, Method: auditV1.AttributeContext_HTTP_METHOD_POST, Headers: headers, Path: "/v2/organizations", Host: "stackit-resource-manager-dev.apps.01.cf.eu01.stackit.cloud", Scheme: "https", Query: nil, Time: timestamppb.New(time.Now().UTC()), Protocol: "http/1.1", Auth: &auditV1.AttributeContext_Auth{ Principal: "https%3A%2F%2Faccounts.dev.stackit.cloud/stackit-resource-manager-dev", Audiences: []string{"https:// stackit-resource-manager-dev.apps.01.cf.eu01.stackit.cloud", "stackit", "api"}, Claims: claims, }, }, }, Request: nil, ResponseMetadata: &auditV1.ResponseMetadata{ StatusCode: wrapperspb.Int32(200), ErrorMessage: nil, ErrorDetails: nil, ResponseAttributes: &auditV1.AttributeContext_Response{ NumResponseItems: nil, Size: nil, Headers: nil, Time: timestamppb.New(time.Now().UTC()), }, }, Response: nil, Metadata: nil, }, InsertId: fmt.Sprintf("%d/eu01/e72182e8-0bb9-4be2-a19f-87fc0dd6e738/00000000001", time.Now().UnixNano()), Labels: labels, CorrelationId: &correlationId, Timestamp: timestamppb.New(time.Now()), Severity: auditV1.LogSeverity_LOG_SEVERITY_DEFAULT, } objectIdentifier := &auditV1.ObjectIdentifier{ Identifier: identifier.String(), Type: string(pkgAuditCommon.ObjectTypeOrganization), } if customization != nil { (*customization)(auditEvent, objectIdentifier) } return auditEvent, objectIdentifier } func NewFolderAuditEvent( customization *func( *auditV1.AuditLogEntry, *auditV1.ObjectIdentifier, )) ( *auditV1.AuditLogEntry, *auditV1.ObjectIdentifier, ) { identifier := uuid.New() permission := "resourcemanager.folder.edit" permissionGranted := true requestId := fmt.Sprintf("%s/1", identifier) claims, _ := structpb.NewStruct(map[string]interface{}{}) correlationId := "9c71cedf-ca52-4f9c-a519-ed006e810cdd" headers := make(map[string]string) headers["Content-Type"] = "application/json" labels := make(map[string]string) labels["label1"] = "value1" email := "user@example.com" auditEvent := &auditV1.AuditLogEntry{ LogName: fmt.Sprintf("%s/%s/logs/%s", pkgAuditCommon.ObjectTypeFolder.Plural(), identifier, pkgAuditCommon.EventTypeAdminActivity), ProtoPayload: &auditV1.AuditLog{ ServiceName: "resource-manager", OperationName: "stackit.resourcemanager.v2.folder.created", ResourceName: fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeFolder.Plural(), identifier), AuthenticationInfo: &auditV1.AuthenticationInfo{ PrincipalId: uuid.NewString(), PrincipalEmail: &email, ServiceAccountName: nil, ServiceAccountDelegationInfo: nil, }, AuthorizationInfo: []*auditV1.AuthorizationInfo{{ Resource: fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeFolder.Plural(), identifier), Permission: &permission, Granted: &permissionGranted, }}, RequestMetadata: &auditV1.RequestMetadata{ CallerIp: "127.0.0.1", CallerSuppliedUserAgent: "OpenAPI-Generator/ 1.0.0/ go", RequestAttributes: &auditV1.AttributeContext_Request{ Id: &requestId, Method: auditV1.AttributeContext_HTTP_METHOD_POST, Headers: headers, Path: "/v2/folders", Host: "stackit-resource-manager-dev.apps.01.cf.eu01.stackit.cloud", Scheme: "https", Query: nil, Time: timestamppb.New(time.Now().UTC()), Protocol: "http/1.1", Auth: &auditV1.AttributeContext_Auth{ Principal: "https%3A%2F%2Faccounts.dev.stackit.cloud/stackit-resource-manager-dev", Audiences: []string{"https:// stackit-resource-manager-dev.apps.01.cf.eu01.stackit.cloud", "stackit", "api"}, Claims: claims, }, }, }, Request: nil, ResponseMetadata: &auditV1.ResponseMetadata{ StatusCode: wrapperspb.Int32(200), ErrorMessage: nil, ErrorDetails: nil, ResponseAttributes: &auditV1.AttributeContext_Response{ NumResponseItems: nil, Size: nil, Headers: nil, Time: timestamppb.New(time.Now().UTC()), }, }, Response: nil, Metadata: nil, }, InsertId: fmt.Sprintf("%d/eu01/e72182e8-0bb9-4be2-a19f-87fc0dd6e738/00000000001", time.Now().UnixNano()), Labels: labels, CorrelationId: &correlationId, Timestamp: timestamppb.New(time.Now()), Severity: auditV1.LogSeverity_LOG_SEVERITY_DEFAULT, } objectIdentifier := &auditV1.ObjectIdentifier{ Identifier: identifier.String(), Type: string(pkgAuditCommon.ObjectTypeFolder), } if customization != nil { (*customization)(auditEvent, objectIdentifier) } return auditEvent, objectIdentifier } func NewProjectAuditEvent( customization *func( *auditV1.AuditLogEntry, *auditV1.ObjectIdentifier, )) ( *auditV1.AuditLogEntry, *auditV1.ObjectIdentifier, ) { identifier := uuid.New() permission := "resourcemanager.project.edit" permissionGranted := true requestId := fmt.Sprintf("%s/1", identifier) claims, _ := structpb.NewStruct(map[string]interface{}{}) correlationId := "14d5b611-ccce-4cfa-9085-9ccbfccce3cb" headers := make(map[string]string) headers["Content-Type"] = "application/json" labels := make(map[string]string) labels["label1"] = "value1" email := "user@example.com" auditEvent := &auditV1.AuditLogEntry{ LogName: fmt.Sprintf("%s/%s/logs/%s", pkgAuditCommon.ObjectTypeProject.Plural(), identifier, pkgAuditCommon.EventTypeAdminActivity), ProtoPayload: &auditV1.AuditLog{ ServiceName: "resource-manager", OperationName: "stackit.resourcemanager.v2.project.created", ResourceName: fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeProject.Plural(), identifier), AuthenticationInfo: &auditV1.AuthenticationInfo{ PrincipalId: uuid.NewString(), PrincipalEmail: &email, ServiceAccountName: nil, ServiceAccountDelegationInfo: nil, }, AuthorizationInfo: []*auditV1.AuthorizationInfo{{ Resource: fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeProject.Plural(), identifier), Permission: &permission, Granted: &permissionGranted, }}, RequestMetadata: &auditV1.RequestMetadata{ CallerIp: "127.0.0.1", CallerSuppliedUserAgent: "OpenAPI-Generator/ 1.0.0/ go", RequestAttributes: &auditV1.AttributeContext_Request{ Id: &requestId, Method: auditV1.AttributeContext_HTTP_METHOD_POST, Headers: headers, Path: "/v2/projects", Host: "stackit-resource-manager-dev.apps.01.cf.eu01.stackit.cloud", Scheme: "https", Query: nil, Time: timestamppb.New(time.Now().UTC()), Protocol: "http/1.1", Auth: &auditV1.AttributeContext_Auth{ Principal: "https%3A%2F%2Faccounts.dev.stackit.cloud/stackit-resource-manager-dev", Audiences: []string{"https:// stackit-resource-manager-dev.apps.01.cf.eu01.stackit.cloud", "stackit", "api"}, Claims: claims, }, }, }, Request: nil, ResponseMetadata: &auditV1.ResponseMetadata{ StatusCode: wrapperspb.Int32(200), ErrorMessage: nil, ErrorDetails: nil, ResponseAttributes: &auditV1.AttributeContext_Response{ NumResponseItems: nil, Size: nil, Headers: nil, Time: timestamppb.New(time.Now().UTC()), }, }, Response: nil, Metadata: nil, }, InsertId: fmt.Sprintf("%d/eu01/e72182e8-0bb9-4be2-a19f-87fc0dd6e738/00000000001", time.Now().UnixNano()), Labels: labels, CorrelationId: &correlationId, Timestamp: timestamppb.New(time.Now()), Severity: auditV1.LogSeverity_LOG_SEVERITY_DEFAULT, } objectIdentifier := &auditV1.ObjectIdentifier{ Identifier: identifier.String(), Type: string(pkgAuditCommon.ObjectTypeProject), } if customization != nil { (*customization)(auditEvent, objectIdentifier) } return auditEvent, objectIdentifier } func NewProjectSystemAuditEvent( customization *func(*auditV1.AuditLogEntry)) *auditV1.AuditLogEntry { identifier := uuid.New() requestId := fmt.Sprintf("%s/1", identifier) claims, _ := structpb.NewStruct(map[string]interface{}{}) correlationId := "9b5a8e9b-32a0-435f-b97b-a9a42b9e016b" headers := make(map[string]string) headers["Content-Type"] = "application/json" labels := make(map[string]string) labels["label1"] = "value1" serviceAccountId := uuid.NewString() serviceAccountName := fmt.Sprintf("projects/%s/service-accounts/%s", identifier, serviceAccountId) delegationPrincipal := auditV1.ServiceAccountDelegationInfo{Authority: &auditV1.ServiceAccountDelegationInfo_SystemPrincipal_{}} email := "service-account@sa.stackit.cloud" auditEvent := &auditV1.AuditLogEntry{ LogName: fmt.Sprintf("%s/%s/logs/%s", pkgAuditCommon.SystemIdentifier.Type, pkgAuditCommon.SystemIdentifier.Identifier, pkgAuditCommon.EventTypeSystemEvent), ProtoPayload: &auditV1.AuditLog{ ServiceName: "resource-manager", OperationName: "stackit.resourcemanager.v2.system.changed", ResourceName: fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeProject.Plural(), identifier), AuthenticationInfo: &auditV1.AuthenticationInfo{ PrincipalId: serviceAccountId, PrincipalEmail: &email, ServiceAccountName: &serviceAccountName, ServiceAccountDelegationInfo: []*auditV1.ServiceAccountDelegationInfo{&delegationPrincipal}, }, AuthorizationInfo: []*auditV1.AuthorizationInfo{{ Resource: fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeProject.Plural(), identifier), Permission: nil, Granted: nil, }}, RequestMetadata: &auditV1.RequestMetadata{ CallerIp: "127.0.0.1", CallerSuppliedUserAgent: "OpenAPI-Generator/ 1.0.0/ go", RequestAttributes: &auditV1.AttributeContext_Request{ Id: &requestId, Method: auditV1.AttributeContext_HTTP_METHOD_POST, Headers: headers, Path: "/v2/projects", Host: "stackit-resource-manager-dev.apps.01.cf.eu01.stackit.cloud", Scheme: "https", Query: nil, Time: timestamppb.New(time.Now().UTC()), Protocol: "http/1.1", Auth: &auditV1.AttributeContext_Auth{ Principal: "https%3A%2F%2Faccounts.dev.stackit.cloud/stackit-resource-manager-dev", Audiences: []string{"https:// stackit-resource-manager-dev.apps.01.cf.eu01.stackit.cloud", "stackit", "api"}, Claims: claims, }, }, }, Request: nil, ResponseMetadata: &auditV1.ResponseMetadata{ StatusCode: wrapperspb.Int32(200), ErrorMessage: nil, ErrorDetails: nil, ResponseAttributes: &auditV1.AttributeContext_Response{ NumResponseItems: nil, Size: nil, Headers: nil, Time: timestamppb.New(time.Now().UTC()), }, }, Response: nil, Metadata: nil, }, InsertId: fmt.Sprintf("%d/eu01/e72182e8-0bb9-4be2-a19f-87fc0dd6e738/00000000001", time.Now().UnixNano()), Labels: labels, CorrelationId: &correlationId, Timestamp: timestamppb.New(time.Now()), Severity: auditV1.LogSeverity_LOG_SEVERITY_DEFAULT, } if customization != nil { (*customization)(auditEvent) } return auditEvent } func NewSystemAuditEvent( customization *func(*auditV1.AuditLogEntry)) *auditV1.AuditLogEntry { identifier := uuid.Nil requestId := fmt.Sprintf("%s/1", identifier) claims, _ := structpb.NewStruct(map[string]interface{}{}) correlationId := "14d5b611-ccce-4cfa-9085-9ccbfccce3cb" headers := make(map[string]string) headers["Content-Type"] = "application/json" labels := make(map[string]string) labels["label1"] = "value1" serviceAccountId := uuid.NewString() serviceAccountName := fmt.Sprintf("projects/%s/service-accounts/%s", identifier, serviceAccountId) delegationPrincipal := auditV1.ServiceAccountDelegationInfo{Authority: &auditV1.ServiceAccountDelegationInfo_SystemPrincipal_{}} email := "service-account@sa.stackit.cloud" auditEvent := &auditV1.AuditLogEntry{ LogName: fmt.Sprintf("%s/%s/logs/%s", pkgAuditCommon.ObjectTypeSystem.Plural(), identifier, pkgAuditCommon.EventTypeSystemEvent), ProtoPayload: &auditV1.AuditLog{ ServiceName: "resource-manager", OperationName: "stackit.resourcemanager.v2.system.changed", ResourceName: fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeSystem.Plural(), identifier), AuthenticationInfo: &auditV1.AuthenticationInfo{ PrincipalId: serviceAccountId, PrincipalEmail: &email, ServiceAccountName: &serviceAccountName, ServiceAccountDelegationInfo: []*auditV1.ServiceAccountDelegationInfo{&delegationPrincipal}, }, AuthorizationInfo: []*auditV1.AuthorizationInfo{{ Resource: fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeSystem.Plural(), identifier), Permission: nil, Granted: nil, }}, RequestMetadata: &auditV1.RequestMetadata{ CallerIp: "127.0.0.1", CallerSuppliedUserAgent: "OpenAPI-Generator/ 1.0.0/ go", RequestAttributes: &auditV1.AttributeContext_Request{ Id: &requestId, Method: auditV1.AttributeContext_HTTP_METHOD_POST, Headers: headers, Path: "/v2/projects", Host: "stackit-resource-manager-dev.apps.01.cf.eu01.stackit.cloud", Scheme: "https", Query: nil, Time: timestamppb.New(time.Now().UTC()), Protocol: "http/1.1", Auth: &auditV1.AttributeContext_Auth{ Principal: "https%3A%2F%2Faccounts.dev.stackit.cloud/stackit-resource-manager-dev", Audiences: []string{"https:// stackit-resource-manager-dev.apps.01.cf.eu01.stackit.cloud", "stackit", "api"}, Claims: claims, }, }, }, Request: nil, ResponseMetadata: &auditV1.ResponseMetadata{ StatusCode: wrapperspb.Int32(200), ErrorMessage: nil, ErrorDetails: nil, ResponseAttributes: &auditV1.AttributeContext_Response{ NumResponseItems: nil, Size: nil, Headers: nil, Time: timestamppb.New(time.Now().UTC()), }, }, Response: nil, Metadata: nil, }, InsertId: fmt.Sprintf("%d/eu01/e72182e8-0bb9-4be2-a19f-87fc0dd6e738/00000000001", time.Now().UnixNano()), Labels: labels, CorrelationId: &correlationId, Timestamp: timestamppb.New(time.Now()), Severity: auditV1.LogSeverity_LOG_SEVERITY_DEFAULT, } if customization != nil { (*customization)(auditEvent) } return auditEvent }