audit-go/proto/audit/v1/audit_event.proto

syntax = "proto3";

import "buf/validate/validate.proto";
import "google/protobuf/struct.proto";
import "google/protobuf/timestamp.proto";
import "google/protobuf/wrappers.proto";

package audit.v1;

option go_package = "./audit;auditV1";
option java_multiple_files = true;
option java_package = "com.schwarz.stackit.audit.v1";

enum EventTrigger {
  EVENT_TRIGGER_UNSPECIFIED = 0;
  // Event from messaging system
  EVENT_TRIGGER_EVENT = 1;
  // Time based scheduler
  EVENT_TRIGGER_SCHEDULER = 2;
  // Network request (REST, gRPC, etc.)
  EVENT_TRIGGER_REQUEST = 3;
}

message Principal {
  // A UUID or another kind of identifier
  string id = 1 [(buf.validate.field).required = true];
  optional string email = 2 [(buf.validate.field).string.email = true, (buf.validate.field).string.max_len = 255];
}

message RequestDetails {
  string endpoint = 1 [(buf.validate.field).required = true, (buf.validate.field).string.min_len = 1, (buf.validate.field).string.max_len = 255];
  // Accepts ipv4 and ipv6
  string source_ip_address = 2 [(buf.validate.field).required = true, (buf.validate.field).string.ip = true];
  optional string user_agent = 3 [(buf.validate.field).required = true, (buf.validate.field).string.min_len = 1, (buf.validate.field).string.max_len = 255];
  optional google.protobuf.Struct parameters = 4;
  optional google.protobuf.Struct body = 5;
  repeated RequestHeader headers = 6;
}

// Key-value pair for request headers. Key and value are mandatory.
message RequestHeader {
  string key = 1 [(buf.validate.field).required = true, (buf.validate.field).string.min_len = 1];
  string value = 2 [(buf.validate.field).required = true, (buf.validate.field).string.min_len = 1];
}

message AuditEvent {
  // Validate that "request" details are set if the event trigger is set to "EVENT_REQUEST"
  option (buf.validate.message).cel = {
    id: "request.details"
    message: "request details must be set"
    expression: "this.event_trigger == 3 && has(this.request) || this.event_trigger != 3"
  };

  // Sequence number of event sent by the service to identify missing events.
  google.protobuf.Int64Value sequence_number = 1 [(buf.validate.field).required = true, (buf.validate.field).int64.gte = -1];

  // Functional event name with pattern <TYPE>_<ACTION>, e.g. ORGANIZATION_CREATED
  // Important for filtering and translation / verbalization of event types
  // in the UI or data sinks.
  string event_name = 2 [(buf.validate.field).required = true, (buf.validate.field).string.pattern = "^[A-Z]+_[A-Z]+$"];

  // The time when the event happened. Must not be a value in the future.
  google.protobuf.Timestamp event_time_stamp = 3 [(buf.validate.field).required = true, (buf.validate.field).timestamp.lt_now = true];

  EventTrigger event_trigger = 4 [(buf.validate.field).required = true, (buf.validate.field).enum.defined_only = true];

  // Request details - mandatory if event_trigger is set to "EVENT_REQUEST"
  optional RequestDetails request = 5;

  Principal initiator = 6 [(buf.validate.field).required = true];

  // List of service account delegation principals.
  // -> Chain from service account to the actual user who initiated the action.
  repeated Principal principals = 7;

  optional string resource_id = 8 [(buf.validate.field).string.min_len = 1, (buf.validate.field).string.max_len = 255];

  optional string resource_name = 9 [(buf.validate.field).string.min_len = 1, (buf.validate.field).string.max_len = 255];

  optional string correlation_id = 10 [(buf.validate.field).string.min_len = 1, (buf.validate.field).string.max_len = 255];

  // Result of the operation to publish with the event
  optional google.protobuf.Struct result = 11;

  // Additional information to publish with the event
  optional google.protobuf.Struct details = 12;
}