mirror of
https://dev.azure.com/schwarzit/schwarzit.stackit-public/_git/audit-go
synced 2026-02-08 00:57:24 +00:00
372 lines
13 KiB
Go
372 lines
13 KiB
Go
package api
|
|
|
|
import (
|
|
"fmt"
|
|
"time"
|
|
|
|
"google.golang.org/protobuf/types/known/wrapperspb"
|
|
|
|
auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-core-platform/audit-go.git/gen/go/audit/v1"
|
|
|
|
"github.com/google/uuid"
|
|
"google.golang.org/protobuf/types/known/structpb"
|
|
"google.golang.org/protobuf/types/known/timestamppb"
|
|
)
|
|
|
|
func NewOrganizationAuditEvent(
|
|
customization *func(
|
|
*auditV1.AuditLogEntry,
|
|
*auditV1.ObjectIdentifier,
|
|
)) (
|
|
*auditV1.AuditLogEntry,
|
|
*auditV1.ObjectIdentifier,
|
|
) {
|
|
|
|
identifier := uuid.New()
|
|
permission := "resourcemanager.organization.edit"
|
|
permissionGranted := true
|
|
requestId := fmt.Sprintf("%s/1", identifier)
|
|
claims, _ := structpb.NewStruct(map[string]interface{}{})
|
|
correlationId := "cad100e2-e139-43b9-8c3b-335731e032bc"
|
|
headers := make(map[string]string)
|
|
headers["Content-Type"] = "application/json"
|
|
labels := make(map[string]string)
|
|
labels["label1"] = "value1"
|
|
auditEvent := &auditV1.AuditLogEntry{
|
|
LogName: fmt.Sprintf("%s/%s/logs/%s", PluralTypeOrganization, identifier, EventTypeAdminActivity),
|
|
ProtoPayload: &auditV1.AuditLog{
|
|
ServiceName: "resource-manager",
|
|
OperationName: "stackit.resourcemanager.v2.organization.created",
|
|
ResourceName: fmt.Sprintf("%s/%s", PluralTypeOrganization, identifier),
|
|
AuthenticationInfo: &auditV1.AuthenticationInfo{
|
|
PrincipalId: uuid.NewString(),
|
|
PrincipalEmail: "user@example.com",
|
|
ServiceAccountName: nil,
|
|
ServiceAccountDelegationInfo: nil,
|
|
},
|
|
AuthorizationInfo: []*auditV1.AuthorizationInfo{{
|
|
Resource: fmt.Sprintf("%s/%s", PluralTypeOrganization, identifier),
|
|
Permission: &permission,
|
|
Granted: &permissionGranted,
|
|
}},
|
|
RequestMetadata: &auditV1.RequestMetadata{
|
|
CallerIp: "127.0.0.1",
|
|
CallerSuppliedUserAgent: "OpenAPI-Generator/ 1.0.0/ go",
|
|
RequestAttributes: &auditV1.AttributeContext_Request{
|
|
Id: &requestId,
|
|
Method: auditV1.AttributeContext_HTTP_METHOD_POST,
|
|
Headers: headers,
|
|
Path: "/v2/organizations",
|
|
Host: "stackit-resource-manager-dev.apps.01.cf.eu01.stackit.cloud",
|
|
Scheme: "https",
|
|
Query: nil,
|
|
Time: timestamppb.New(time.Now().UTC()),
|
|
Protocol: "http/1.1",
|
|
Auth: &auditV1.AttributeContext_Auth{
|
|
Principal: "https%3A%2F%2Faccounts.dev.stackit.cloud/stackit-resource-manager-dev",
|
|
Audiences: []string{"https:// stackit-resource-manager-dev.apps.01.cf.eu01.stackit.cloud", "stackit", "api"},
|
|
Claims: claims,
|
|
},
|
|
},
|
|
},
|
|
Request: nil,
|
|
ResponseMetadata: &auditV1.ResponseMetadata{
|
|
StatusCode: wrapperspb.Int32(200),
|
|
ErrorMessage: nil,
|
|
ErrorDetails: nil,
|
|
ResponseAttributes: &auditV1.AttributeContext_Response{
|
|
NumResponseItems: nil,
|
|
Size: nil,
|
|
Headers: nil,
|
|
Time: timestamppb.New(time.Now().UTC()),
|
|
},
|
|
},
|
|
Response: nil,
|
|
Metadata: nil,
|
|
},
|
|
InsertId: fmt.Sprintf("%d/eu01/e72182e8-0bb9-4be2-a19f-87fc0dd6e738/00000000001", time.Now().UnixNano()),
|
|
Labels: labels,
|
|
CorrelationId: &correlationId,
|
|
Timestamp: timestamppb.New(time.Now()),
|
|
Severity: auditV1.LogSeverity_LOG_SEVERITY_DEFAULT,
|
|
TraceParent: nil,
|
|
TraceState: nil,
|
|
}
|
|
|
|
objectIdentifier := &auditV1.ObjectIdentifier{
|
|
Identifier: identifier.String(),
|
|
Type: string(SingularTypeOrganization),
|
|
}
|
|
|
|
if customization != nil {
|
|
(*customization)(auditEvent, objectIdentifier)
|
|
}
|
|
|
|
return auditEvent, objectIdentifier
|
|
}
|
|
|
|
func NewFolderAuditEvent(
|
|
customization *func(
|
|
*auditV1.AuditLogEntry,
|
|
*auditV1.ObjectIdentifier,
|
|
)) (
|
|
*auditV1.AuditLogEntry,
|
|
*auditV1.ObjectIdentifier,
|
|
) {
|
|
|
|
identifier := uuid.New()
|
|
permission := "resourcemanager.folder.edit"
|
|
permissionGranted := true
|
|
requestId := fmt.Sprintf("%s/1", identifier)
|
|
claims, _ := structpb.NewStruct(map[string]interface{}{})
|
|
correlationId := "9c71cedf-ca52-4f9c-a519-ed006e810cdd"
|
|
headers := make(map[string]string)
|
|
headers["Content-Type"] = "application/json"
|
|
labels := make(map[string]string)
|
|
labels["label1"] = "value1"
|
|
auditEvent := &auditV1.AuditLogEntry{
|
|
LogName: fmt.Sprintf("%s/%s/logs/%s", PluralTypeFolder, identifier, EventTypeAdminActivity),
|
|
ProtoPayload: &auditV1.AuditLog{
|
|
ServiceName: "resource-manager",
|
|
OperationName: "stackit.resourcemanager.v2.folder.created",
|
|
ResourceName: fmt.Sprintf("%s/%s", PluralTypeFolder, identifier),
|
|
AuthenticationInfo: &auditV1.AuthenticationInfo{
|
|
PrincipalId: uuid.NewString(),
|
|
PrincipalEmail: "user@example.com",
|
|
ServiceAccountName: nil,
|
|
ServiceAccountDelegationInfo: nil,
|
|
},
|
|
AuthorizationInfo: []*auditV1.AuthorizationInfo{{
|
|
Resource: fmt.Sprintf("%s/%s", PluralTypeFolder, identifier),
|
|
Permission: &permission,
|
|
Granted: &permissionGranted,
|
|
}},
|
|
RequestMetadata: &auditV1.RequestMetadata{
|
|
CallerIp: "127.0.0.1",
|
|
CallerSuppliedUserAgent: "OpenAPI-Generator/ 1.0.0/ go",
|
|
RequestAttributes: &auditV1.AttributeContext_Request{
|
|
Id: &requestId,
|
|
Method: auditV1.AttributeContext_HTTP_METHOD_POST,
|
|
Headers: headers,
|
|
Path: "/v2/folders",
|
|
Host: "stackit-resource-manager-dev.apps.01.cf.eu01.stackit.cloud",
|
|
Scheme: "https",
|
|
Query: nil,
|
|
Time: timestamppb.New(time.Now().UTC()),
|
|
Protocol: "http/1.1",
|
|
Auth: &auditV1.AttributeContext_Auth{
|
|
Principal: "https%3A%2F%2Faccounts.dev.stackit.cloud/stackit-resource-manager-dev",
|
|
Audiences: []string{"https:// stackit-resource-manager-dev.apps.01.cf.eu01.stackit.cloud", "stackit", "api"},
|
|
Claims: claims,
|
|
},
|
|
},
|
|
},
|
|
Request: nil,
|
|
ResponseMetadata: &auditV1.ResponseMetadata{
|
|
StatusCode: wrapperspb.Int32(200),
|
|
ErrorMessage: nil,
|
|
ErrorDetails: nil,
|
|
ResponseAttributes: &auditV1.AttributeContext_Response{
|
|
NumResponseItems: nil,
|
|
Size: nil,
|
|
Headers: nil,
|
|
Time: timestamppb.New(time.Now().UTC()),
|
|
},
|
|
},
|
|
Response: nil,
|
|
Metadata: nil,
|
|
},
|
|
InsertId: fmt.Sprintf("%d/eu01/e72182e8-0bb9-4be2-a19f-87fc0dd6e738/00000000001", time.Now().UnixNano()),
|
|
Labels: labels,
|
|
CorrelationId: &correlationId,
|
|
Timestamp: timestamppb.New(time.Now()),
|
|
Severity: auditV1.LogSeverity_LOG_SEVERITY_DEFAULT,
|
|
TraceParent: nil,
|
|
TraceState: nil,
|
|
}
|
|
|
|
objectIdentifier := &auditV1.ObjectIdentifier{
|
|
Identifier: identifier.String(),
|
|
Type: string(SingularTypeFolder),
|
|
}
|
|
|
|
if customization != nil {
|
|
(*customization)(auditEvent, objectIdentifier)
|
|
}
|
|
|
|
return auditEvent, objectIdentifier
|
|
}
|
|
|
|
func NewProjectAuditEvent(
|
|
customization *func(
|
|
*auditV1.AuditLogEntry,
|
|
*auditV1.ObjectIdentifier,
|
|
)) (
|
|
*auditV1.AuditLogEntry,
|
|
*auditV1.ObjectIdentifier,
|
|
) {
|
|
|
|
identifier := uuid.New()
|
|
permission := "resourcemanager.project.edit"
|
|
permissionGranted := true
|
|
requestId := fmt.Sprintf("%s/1", identifier)
|
|
claims, _ := structpb.NewStruct(map[string]interface{}{})
|
|
correlationId := "14d5b611-ccce-4cfa-9085-9ccbfccce3cb"
|
|
headers := make(map[string]string)
|
|
headers["Content-Type"] = "application/json"
|
|
labels := make(map[string]string)
|
|
labels["label1"] = "value1"
|
|
auditEvent := &auditV1.AuditLogEntry{
|
|
LogName: fmt.Sprintf("%s/%s/logs/%s", PluralTypeProject, identifier, EventTypeAdminActivity),
|
|
ProtoPayload: &auditV1.AuditLog{
|
|
ServiceName: "resource-manager",
|
|
OperationName: "stackit.resourcemanager.v2.project.created",
|
|
ResourceName: fmt.Sprintf("%s/%s", PluralTypeProject, identifier),
|
|
AuthenticationInfo: &auditV1.AuthenticationInfo{
|
|
PrincipalId: uuid.NewString(),
|
|
PrincipalEmail: "user@example.com",
|
|
ServiceAccountName: nil,
|
|
ServiceAccountDelegationInfo: nil,
|
|
},
|
|
AuthorizationInfo: []*auditV1.AuthorizationInfo{{
|
|
Resource: fmt.Sprintf("%s/%s", PluralTypeProject, identifier),
|
|
Permission: &permission,
|
|
Granted: &permissionGranted,
|
|
}},
|
|
RequestMetadata: &auditV1.RequestMetadata{
|
|
CallerIp: "127.0.0.1",
|
|
CallerSuppliedUserAgent: "OpenAPI-Generator/ 1.0.0/ go",
|
|
RequestAttributes: &auditV1.AttributeContext_Request{
|
|
Id: &requestId,
|
|
Method: auditV1.AttributeContext_HTTP_METHOD_POST,
|
|
Headers: headers,
|
|
Path: "/v2/projects",
|
|
Host: "stackit-resource-manager-dev.apps.01.cf.eu01.stackit.cloud",
|
|
Scheme: "https",
|
|
Query: nil,
|
|
Time: timestamppb.New(time.Now().UTC()),
|
|
Protocol: "http/1.1",
|
|
Auth: &auditV1.AttributeContext_Auth{
|
|
Principal: "https%3A%2F%2Faccounts.dev.stackit.cloud/stackit-resource-manager-dev",
|
|
Audiences: []string{"https:// stackit-resource-manager-dev.apps.01.cf.eu01.stackit.cloud", "stackit", "api"},
|
|
Claims: claims,
|
|
},
|
|
},
|
|
},
|
|
Request: nil,
|
|
ResponseMetadata: &auditV1.ResponseMetadata{
|
|
StatusCode: wrapperspb.Int32(200),
|
|
ErrorMessage: nil,
|
|
ErrorDetails: nil,
|
|
ResponseAttributes: &auditV1.AttributeContext_Response{
|
|
NumResponseItems: nil,
|
|
Size: nil,
|
|
Headers: nil,
|
|
Time: timestamppb.New(time.Now().UTC()),
|
|
},
|
|
},
|
|
Response: nil,
|
|
Metadata: nil,
|
|
},
|
|
InsertId: fmt.Sprintf("%d/eu01/e72182e8-0bb9-4be2-a19f-87fc0dd6e738/00000000001", time.Now().UnixNano()),
|
|
Labels: labels,
|
|
CorrelationId: &correlationId,
|
|
Timestamp: timestamppb.New(time.Now()),
|
|
Severity: auditV1.LogSeverity_LOG_SEVERITY_DEFAULT,
|
|
TraceParent: nil,
|
|
TraceState: nil,
|
|
}
|
|
|
|
objectIdentifier := &auditV1.ObjectIdentifier{
|
|
Identifier: identifier.String(),
|
|
Type: string(SingularTypeProject),
|
|
}
|
|
|
|
if customization != nil {
|
|
(*customization)(auditEvent, objectIdentifier)
|
|
}
|
|
|
|
return auditEvent, objectIdentifier
|
|
}
|
|
|
|
func NewSystemAuditEvent(
|
|
customization *func(*auditV1.AuditLogEntry)) *auditV1.AuditLogEntry {
|
|
|
|
identifier := uuid.Nil
|
|
requestId := fmt.Sprintf("%s/1", identifier)
|
|
claims, _ := structpb.NewStruct(map[string]interface{}{})
|
|
correlationId := "14d5b611-ccce-4cfa-9085-9ccbfccce3cb"
|
|
headers := make(map[string]string)
|
|
headers["Content-Type"] = "application/json"
|
|
labels := make(map[string]string)
|
|
labels["label1"] = "value1"
|
|
serviceAccountId := uuid.NewString()
|
|
serviceAccountName := fmt.Sprintf("projects/%s/serviceAccounts/%s", identifier, serviceAccountId)
|
|
delegationPrincipal := auditV1.ServiceAccountDelegationInfo{Authority: &auditV1.ServiceAccountDelegationInfo_SystemPrincipal_{}}
|
|
auditEvent := &auditV1.AuditLogEntry{
|
|
LogName: fmt.Sprintf("%s/%s/logs/%s", PluralTypeSystem, identifier, EventTypeSystemEvent),
|
|
ProtoPayload: &auditV1.AuditLog{
|
|
ServiceName: "resource-manager",
|
|
OperationName: "stackit.resourcemanager.v2.system.changed",
|
|
ResourceName: fmt.Sprintf("%s/%s", PluralTypeSystem, identifier),
|
|
AuthenticationInfo: &auditV1.AuthenticationInfo{
|
|
PrincipalId: serviceAccountId,
|
|
PrincipalEmail: "service-account@sa.stackit.cloud",
|
|
ServiceAccountName: &serviceAccountName,
|
|
ServiceAccountDelegationInfo: []*auditV1.ServiceAccountDelegationInfo{&delegationPrincipal},
|
|
},
|
|
AuthorizationInfo: []*auditV1.AuthorizationInfo{{
|
|
Resource: fmt.Sprintf("%s/%s", PluralTypeSystem, identifier),
|
|
Permission: nil,
|
|
Granted: nil,
|
|
}},
|
|
RequestMetadata: &auditV1.RequestMetadata{
|
|
CallerIp: "127.0.0.1",
|
|
CallerSuppliedUserAgent: "OpenAPI-Generator/ 1.0.0/ go",
|
|
RequestAttributes: &auditV1.AttributeContext_Request{
|
|
Id: &requestId,
|
|
Method: auditV1.AttributeContext_HTTP_METHOD_POST,
|
|
Headers: headers,
|
|
Path: "/v2/projects",
|
|
Host: "stackit-resource-manager-dev.apps.01.cf.eu01.stackit.cloud",
|
|
Scheme: "https",
|
|
Query: nil,
|
|
Time: timestamppb.New(time.Now().UTC()),
|
|
Protocol: "http/1.1",
|
|
Auth: &auditV1.AttributeContext_Auth{
|
|
Principal: "https%3A%2F%2Faccounts.dev.stackit.cloud/stackit-resource-manager-dev",
|
|
Audiences: []string{"https:// stackit-resource-manager-dev.apps.01.cf.eu01.stackit.cloud", "stackit", "api"},
|
|
Claims: claims,
|
|
},
|
|
},
|
|
},
|
|
Request: nil,
|
|
ResponseMetadata: &auditV1.ResponseMetadata{
|
|
StatusCode: wrapperspb.Int32(200),
|
|
ErrorMessage: nil,
|
|
ErrorDetails: nil,
|
|
ResponseAttributes: &auditV1.AttributeContext_Response{
|
|
NumResponseItems: nil,
|
|
Size: nil,
|
|
Headers: nil,
|
|
Time: timestamppb.New(time.Now().UTC()),
|
|
},
|
|
},
|
|
Response: nil,
|
|
Metadata: nil,
|
|
},
|
|
InsertId: fmt.Sprintf("%d/eu01/e72182e8-0bb9-4be2-a19f-87fc0dd6e738/00000000001", time.Now().UnixNano()),
|
|
Labels: labels,
|
|
CorrelationId: &correlationId,
|
|
Timestamp: timestamppb.New(time.Now()),
|
|
Severity: auditV1.LogSeverity_LOG_SEVERITY_DEFAULT,
|
|
TraceParent: nil,
|
|
TraceState: nil,
|
|
}
|
|
|
|
if customization != nil {
|
|
(*customization)(auditEvent)
|
|
}
|
|
|
|
return auditEvent
|
|
}
|