schwarzit.stackit-public/audit-go
1
0
Fork 0
mirror of https://dev.azure.com/schwarzit/schwarzit.stackit-public/_git/audit-go synced 2026-02-07 16:47:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
audit-go/proto/audit/v1/routable_event.proto
Christian Schaible 9337231a6f Merged PR 666097: feat: Add implementation of core library 
Related work items: #687250
2024-10-30 10:32:07 +00:00

135 lines
3.6 KiB
Protocol Buffer
Raw Permalink Blame History

syntax = "proto3";
package audit.v1;
import "buf/validate/validate.proto";
option go_package = "./audit;auditV1";
option java_multiple_files = true;
option java_package = "com.schwarz.stackit.audit.v1";
enum Visibility {
VISIBILITY_UNSPECIFIED = 0;
// Will be routed to customer data sinks
VISIBILITY_PUBLIC = 1;
// Will NOT be routed to customer data sinks
VISIBILITY_PRIVATE = 2;
}
// Identifier of an object.
//
// For system events, the nil UUID must be used: 00000000-0000-0000-0000-000000000000.
message ObjectIdentifier {
// Identifier of the respective entity (e.g. Identifier of an organization)
//
// Required: true
string identifier = 1 [
(buf.validate.field).required = true,
(buf.validate.field).string.uuid = true
];
// Entity data type relevant for routing - one of the list of supported object types.
//
// Required: true
string type = 2 [
(buf.validate.field).required = true,
(buf.validate.field).string.min_len = 1
];
}
message EncryptedData {
// Encrypted serialized protobuf content (the actual audit event)
//
// Required: true
bytes data = 1 [
(buf.validate.field).required = true,
(buf.validate.field).bytes.min_len = 1
];
// Name of the protobuf type
//
// Required: true
string protobuf_type = 2 [
(buf.validate.field).required = true,
(buf.validate.field).string.min_len = 1
];
// The password taken to derive the encryption key from
//
// Required: true
string encrypted_password = 3 [
(buf.validate.field).required = true,
(buf.validate.field).string.min_len = 1
];
// Version of the encrypted key
//
// Required: true
int32 key_version = 4 [(buf.validate.field).int32.gte = 1];
}
message UnencryptedData {
// Unencrypted serialized protobuf content (the actual audit event)
//
// Required: true
bytes data = 1 [
(buf.validate.field).required = true,
(buf.validate.field).bytes.min_len = 1
];
// Name of the protobuf type
//
// Required: true
string protobuf_type = 2 [
(buf.validate.field).required = true,
(buf.validate.field).string.min_len = 1
];
}
message RoutableAuditEvent {
// Functional event name with pattern
//
// Format: stackit.<product>.<version>.<type-chain>.<operation>
// Where:
// Product: The name of the service in lowercase
// Version: Optional API version
// Type-Chain: Chained path to object
// Operation: The name of the operation in lowercase
//
// Examples:
// "stackit.resource-manager.v1.organizations.create"
// "stackit.authorization.v1.projects.volumes.create"
// "stackit.authorization.v2alpha.projects.volumes.create"
// "stackit.authorization.v2.folders.move"
// "stackit.resource-manager.health"
//
// Required: true
string operation_name = 1 [
(buf.validate.field).required = true,
(buf.validate.field).string.pattern = "^stackit\\.[a-z0-9-]+\\.(?:v[0-9]+\\.)?(?:[a-z0-9-.]+\\.)?[a-z0-9-]+$"
];
// Visibility relevant for differentiating between internal and public events
//
// Required: true
Visibility visibility = 2 [
(buf.validate.field).required = true,
(buf.validate.field).enum.defined_only = true
];
// Identifier the audit log event refers to.
//
// System events, will not be routed to the end-user.
//
// Required: true
ObjectIdentifier object_identifier = 3 [(buf.validate.field).required = true];
// The actual audit event is transferred in one of the attributes below
//
// Required: true
oneof data {
option (buf.validate.oneof).required = true;
UnencryptedData unencrypted_data = 4;
EncryptedData encrypted_data = 5;
}
}
Reference in a new issue View git blame Copy permalink