mirror of
https://dev.azure.com/schwarzit/schwarzit.stackit-public/_git/audit-go
synced 2026-02-17 13:21:44 +00:00
89 lines
No EOL
3.2 KiB
Protocol Buffer
89 lines
No EOL
3.2 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
import "buf/validate/validate.proto";
|
|
|
|
package audit.v1;
|
|
|
|
option go_package = "./audit;auditV1";
|
|
option java_multiple_files = true;
|
|
option java_package = "com.schwarz.stackit.audit.v1";
|
|
|
|
enum Visibility {
|
|
VISIBILITY_UNSPECIFIED = 0;
|
|
// Will be routed to customer data sinks
|
|
VISIBILITY_PUBLIC = 1;
|
|
// Will NOT be routed to customer data sinks
|
|
VISIBILITY_PRIVATE = 2;
|
|
}
|
|
|
|
enum ObjectName {
|
|
OBJECT_NAME_UNSPECIFIED = 0;
|
|
// If the action happens on system level and doesn't relate to a known ObjectType.
|
|
OBJECT_NAME_SYSTEM = 1;
|
|
}
|
|
|
|
// The type of the object the audit event refers to.
|
|
// Relevant for type-detection and lookups in the routing.
|
|
enum ObjectType {
|
|
OBJECT_TYPE_UNSPECIFIED = 0;
|
|
OBJECT_TYPE_ORGANIZATION = 1;
|
|
OBJECT_TYPE_FOLDER = 2;
|
|
OBJECT_TYPE_PROJECT = 3;
|
|
}
|
|
|
|
message ObjectIdentifier {
|
|
// Identifier of the respective entity (e.g. Identifier of an organization)
|
|
string identifier = 1 [(buf.validate.field).required = true, (buf.validate.field).string.uuid = true];
|
|
|
|
// Type of the respective entity relevant for routing
|
|
ObjectType type = 2 [(buf.validate.field).required = true, (buf.validate.field).enum.defined_only = true];
|
|
}
|
|
|
|
message EncryptedData {
|
|
// Encrypted serialized protobuf content (the actual audit event)
|
|
bytes data = 1 [(buf.validate.field).required = true, (buf.validate.field).bytes.min_len = 1];
|
|
|
|
// Name of the protobuf type
|
|
string protobuf_type = 2 [(buf.validate.field).required = true, (buf.validate.field).string.min_len = 1];
|
|
|
|
// The password taken to derive the encryption key from
|
|
string encrypted_password = 3 [(buf.validate.field).required = true, (buf.validate.field).string.min_len = 1];
|
|
|
|
// Version of the encrypted key
|
|
int32 key_version = 4 [(buf.validate.field).int32.gte = 1];
|
|
}
|
|
|
|
message UnencryptedData {
|
|
// Unencrypted serialized protobuf content (the actual audit event)
|
|
bytes data = 1 [(buf.validate.field).required = true, (buf.validate.field).bytes.min_len = 1];
|
|
|
|
// Name of the protobuf type
|
|
string protobuf_type = 2 [(buf.validate.field).required = true, (buf.validate.field).string.min_len = 1];
|
|
}
|
|
|
|
message RoutableAuditEvent {
|
|
|
|
// Functional event name with pattern <TYPE>_<ACTION>, e.g. ORGANIZATION_CREATED
|
|
// Will be copied over by the SDK from the AuditEvent
|
|
string event_name = 1 [(buf.validate.field).required = true, (buf.validate.field).string.pattern = "^[A-Z]+_[A-Z]+$"];
|
|
|
|
// Visibility relevant for differentiating between internal and public events
|
|
Visibility visibility = 2 [(buf.validate.field).required = true, (buf.validate.field).enum.defined_only = true];
|
|
|
|
// Identifier the audit log event refers to
|
|
oneof resource_reference {
|
|
option (buf.validate.oneof).required = true;
|
|
// If it is a technical event not related to an organization, folder or project
|
|
// Will NOT be routed to the end-user, only for internal analysis ->
|
|
// Clarify what do in the router
|
|
ObjectName object_name = 3;
|
|
ObjectIdentifier object_identifier = 4;
|
|
}
|
|
|
|
// The actual audit event is transferred in one of the attributes below
|
|
oneof data {
|
|
option (buf.validate.oneof).required = true;
|
|
UnencryptedData unencrypted_data = 5;
|
|
EncryptedData encrypted_data = 6;
|
|
}
|
|
} |