mirror of
https://dev.azure.com/schwarzit/schwarzit.stackit-public/_git/audit-go
synced 2026-02-07 16:47:24 +00:00
b10f6797ff
Security-concept-update-needed: false. JIRA Work Item: [STACKITRMA-697](https://jira.schwarz/browse/STACKITRMA-697)
1717 lines
61 KiB
Go
1717 lines
61 KiB
Go
// Code generated by protoc-gen-go. DO NOT EDIT.
|
|
// versions:
|
|
// protoc-gen-go v1.36.10
|
|
// protoc (unknown)
|
|
// source: audit/v1/audit_event.proto
|
|
|
|
package auditV1
|
|
|
|
import (
|
|
_ "buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate"
|
|
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
|
|
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
|
|
structpb "google.golang.org/protobuf/types/known/structpb"
|
|
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
|
|
wrapperspb "google.golang.org/protobuf/types/known/wrapperspb"
|
|
reflect "reflect"
|
|
sync "sync"
|
|
unsafe "unsafe"
|
|
)
|
|
|
|
const (
|
|
// Verify that this generated code is sufficiently up-to-date.
|
|
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
|
|
// Verify that runtime/protoimpl is sufficiently up-to-date.
|
|
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
|
|
)
|
|
|
|
// The severity of the event described in a log entry, expressed as one of the
|
|
// standard severity levels listed below.
|
|
type LogSeverity int32
|
|
|
|
const (
|
|
LogSeverity_LOG_SEVERITY_UNSPECIFIED LogSeverity = 0
|
|
// The log entry has no assigned severity level.
|
|
LogSeverity_LOG_SEVERITY_DEFAULT LogSeverity = 100
|
|
// Debug or trace information.
|
|
LogSeverity_LOG_SEVERITY_DEBUG LogSeverity = 200
|
|
// Routine information, such as ongoing status or performance.
|
|
LogSeverity_LOG_SEVERITY_INFO LogSeverity = 300
|
|
// Normal but significant events, such as start up, shut down, or
|
|
// a configuration change.
|
|
LogSeverity_LOG_SEVERITY_NOTICE LogSeverity = 400
|
|
// Warning events might cause problems.
|
|
LogSeverity_LOG_SEVERITY_WARNING LogSeverity = 500
|
|
// Error events are likely to cause problems.
|
|
LogSeverity_LOG_SEVERITY_ERROR LogSeverity = 600
|
|
// Critical events cause more severe problems or outages.
|
|
LogSeverity_LOG_SEVERITY_CRITICAL LogSeverity = 700
|
|
// A person must take an action immediately.
|
|
LogSeverity_LOG_SEVERITY_ALERT LogSeverity = 800
|
|
// One or more systems are unusable.
|
|
LogSeverity_LOG_SEVERITY_EMERGENCY LogSeverity = 900
|
|
)
|
|
|
|
// Enum value maps for LogSeverity.
|
|
var (
|
|
LogSeverity_name = map[int32]string{
|
|
0: "LOG_SEVERITY_UNSPECIFIED",
|
|
100: "LOG_SEVERITY_DEFAULT",
|
|
200: "LOG_SEVERITY_DEBUG",
|
|
300: "LOG_SEVERITY_INFO",
|
|
400: "LOG_SEVERITY_NOTICE",
|
|
500: "LOG_SEVERITY_WARNING",
|
|
600: "LOG_SEVERITY_ERROR",
|
|
700: "LOG_SEVERITY_CRITICAL",
|
|
800: "LOG_SEVERITY_ALERT",
|
|
900: "LOG_SEVERITY_EMERGENCY",
|
|
}
|
|
LogSeverity_value = map[string]int32{
|
|
"LOG_SEVERITY_UNSPECIFIED": 0,
|
|
"LOG_SEVERITY_DEFAULT": 100,
|
|
"LOG_SEVERITY_DEBUG": 200,
|
|
"LOG_SEVERITY_INFO": 300,
|
|
"LOG_SEVERITY_NOTICE": 400,
|
|
"LOG_SEVERITY_WARNING": 500,
|
|
"LOG_SEVERITY_ERROR": 600,
|
|
"LOG_SEVERITY_CRITICAL": 700,
|
|
"LOG_SEVERITY_ALERT": 800,
|
|
"LOG_SEVERITY_EMERGENCY": 900,
|
|
}
|
|
)
|
|
|
|
func (x LogSeverity) Enum() *LogSeverity {
|
|
p := new(LogSeverity)
|
|
*p = x
|
|
return p
|
|
}
|
|
|
|
func (x LogSeverity) String() string {
|
|
return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
|
|
}
|
|
|
|
func (LogSeverity) Descriptor() protoreflect.EnumDescriptor {
|
|
return file_audit_v1_audit_event_proto_enumTypes[0].Descriptor()
|
|
}
|
|
|
|
func (LogSeverity) Type() protoreflect.EnumType {
|
|
return &file_audit_v1_audit_event_proto_enumTypes[0]
|
|
}
|
|
|
|
func (x LogSeverity) Number() protoreflect.EnumNumber {
|
|
return protoreflect.EnumNumber(x)
|
|
}
|
|
|
|
// Deprecated: Use LogSeverity.Descriptor instead.
|
|
func (LogSeverity) EnumDescriptor() ([]byte, []int) {
|
|
return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{0}
|
|
}
|
|
|
|
type AttributeContext_HttpMethod int32
|
|
|
|
const (
|
|
AttributeContext_HTTP_METHOD_UNSPECIFIED AttributeContext_HttpMethod = 0
|
|
AttributeContext_HTTP_METHOD_OTHER AttributeContext_HttpMethod = 1
|
|
AttributeContext_HTTP_METHOD_GET AttributeContext_HttpMethod = 2
|
|
AttributeContext_HTTP_METHOD_HEAD AttributeContext_HttpMethod = 3
|
|
AttributeContext_HTTP_METHOD_POST AttributeContext_HttpMethod = 4
|
|
AttributeContext_HTTP_METHOD_PUT AttributeContext_HttpMethod = 5
|
|
AttributeContext_HTTP_METHOD_DELETE AttributeContext_HttpMethod = 6
|
|
AttributeContext_HTTP_METHOD_CONNECT AttributeContext_HttpMethod = 7
|
|
AttributeContext_HTTP_METHOD_OPTIONS AttributeContext_HttpMethod = 8
|
|
AttributeContext_HTTP_METHOD_TRACE AttributeContext_HttpMethod = 9
|
|
AttributeContext_HTTP_METHOD_PATCH AttributeContext_HttpMethod = 10
|
|
)
|
|
|
|
// Enum value maps for AttributeContext_HttpMethod.
|
|
var (
|
|
AttributeContext_HttpMethod_name = map[int32]string{
|
|
0: "HTTP_METHOD_UNSPECIFIED",
|
|
1: "HTTP_METHOD_OTHER",
|
|
2: "HTTP_METHOD_GET",
|
|
3: "HTTP_METHOD_HEAD",
|
|
4: "HTTP_METHOD_POST",
|
|
5: "HTTP_METHOD_PUT",
|
|
6: "HTTP_METHOD_DELETE",
|
|
7: "HTTP_METHOD_CONNECT",
|
|
8: "HTTP_METHOD_OPTIONS",
|
|
9: "HTTP_METHOD_TRACE",
|
|
10: "HTTP_METHOD_PATCH",
|
|
}
|
|
AttributeContext_HttpMethod_value = map[string]int32{
|
|
"HTTP_METHOD_UNSPECIFIED": 0,
|
|
"HTTP_METHOD_OTHER": 1,
|
|
"HTTP_METHOD_GET": 2,
|
|
"HTTP_METHOD_HEAD": 3,
|
|
"HTTP_METHOD_POST": 4,
|
|
"HTTP_METHOD_PUT": 5,
|
|
"HTTP_METHOD_DELETE": 6,
|
|
"HTTP_METHOD_CONNECT": 7,
|
|
"HTTP_METHOD_OPTIONS": 8,
|
|
"HTTP_METHOD_TRACE": 9,
|
|
"HTTP_METHOD_PATCH": 10,
|
|
}
|
|
)
|
|
|
|
func (x AttributeContext_HttpMethod) Enum() *AttributeContext_HttpMethod {
|
|
p := new(AttributeContext_HttpMethod)
|
|
*p = x
|
|
return p
|
|
}
|
|
|
|
func (x AttributeContext_HttpMethod) String() string {
|
|
return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
|
|
}
|
|
|
|
func (AttributeContext_HttpMethod) Descriptor() protoreflect.EnumDescriptor {
|
|
return file_audit_v1_audit_event_proto_enumTypes[1].Descriptor()
|
|
}
|
|
|
|
func (AttributeContext_HttpMethod) Type() protoreflect.EnumType {
|
|
return &file_audit_v1_audit_event_proto_enumTypes[1]
|
|
}
|
|
|
|
func (x AttributeContext_HttpMethod) Number() protoreflect.EnumNumber {
|
|
return protoreflect.EnumNumber(x)
|
|
}
|
|
|
|
// Deprecated: Use AttributeContext_HttpMethod.Descriptor instead.
|
|
func (AttributeContext_HttpMethod) EnumDescriptor() ([]byte, []int) {
|
|
return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{4, 0}
|
|
}
|
|
|
|
// The audit log entry can be used to record an incident in the audit log.
|
|
type AuditLogEntry struct {
|
|
state protoimpl.MessageState `protogen:"open.v1"`
|
|
// The resource name of the log to which this log entry belongs.
|
|
//
|
|
// Format: <pluralType>/<identifier>/logs/<eventType>
|
|
// Where:
|
|
//
|
|
// Plural-Types: One from the list of supported ObjectType as plural
|
|
// Event-Types: admin-activity, system-event, policy-denied, data-access
|
|
//
|
|
// Examples:
|
|
//
|
|
// "projects/00b0f972-59ff-48f2-a4f9-29c57b75c2fa/logs/admin-activity"
|
|
// "billing-accounts/00b0f972-59ff-48f2-a4f9-29c57b75c2fa/logs/admin-activity"
|
|
//
|
|
// Required: true
|
|
LogName string `protobuf:"bytes,1,opt,name=log_name,json=logName,proto3" json:"log_name,omitempty"`
|
|
// The log entry payload, which is always an AuditLog for STACKIT Audit Log events.
|
|
//
|
|
// Required: true
|
|
ProtoPayload *AuditLog `protobuf:"bytes,2,opt,name=proto_payload,json=protoPayload,proto3" json:"proto_payload,omitempty"`
|
|
// A unique identifier for the log entry.
|
|
// Is used to check completeness of audit events over time.
|
|
//
|
|
// Format: <unix-timestamp>/<region-zone>/<worker-id>/<sequence-number>
|
|
// Where:
|
|
//
|
|
// Unix-Timestamp: A UTC unix timestamp in seconds is expected
|
|
// Region-Zone: The region and (optional) zone id. If both, separated with a - (dash)
|
|
// Worker-Id: The ID of the K8s Pod, Service-Instance, etc (must be unique for a sending service)
|
|
// Sequence-Number: Increasing number, representing the message offset per Worker-Id
|
|
// If the Worker-Id changes, the sequence-number has to be reset to 0.
|
|
//
|
|
// Examples:
|
|
//
|
|
// "1721899117/eu01/319a7fb9-edd2-46c6-953a-a724bb377c61/8792726390909855142"
|
|
// "1721899117/eu01-m/319a7fb9-edd2-46c6-953a-a724bb377c61/8792726390909855142"
|
|
//
|
|
// Required: true
|
|
InsertId string `protobuf:"bytes,3,opt,name=insert_id,json=insertId,proto3" json:"insert_id,omitempty"`
|
|
// A set of user-defined (key, value) data that provides additional
|
|
// information about the log entry.
|
|
//
|
|
// Required: false
|
|
Labels map[string]string `protobuf:"bytes,4,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
|
|
// Correlate multiple audit logs by setting the same id
|
|
//
|
|
// Required: false
|
|
CorrelationId *string `protobuf:"bytes,5,opt,name=correlation_id,json=correlationId,proto3,oneof" json:"correlation_id,omitempty"`
|
|
// The time the event described by the log entry occurred.
|
|
//
|
|
// Required: true
|
|
Timestamp *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
|
|
// The severity of the log entry.
|
|
//
|
|
// Required: true
|
|
Severity LogSeverity `protobuf:"varint,7,opt,name=severity,proto3,enum=audit.v1.LogSeverity" json:"severity,omitempty"`
|
|
unknownFields protoimpl.UnknownFields
|
|
sizeCache protoimpl.SizeCache
|
|
}
|
|
|
|
func (x *AuditLogEntry) Reset() {
|
|
*x = AuditLogEntry{}
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[0]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
|
|
func (x *AuditLogEntry) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*AuditLogEntry) ProtoMessage() {}
|
|
|
|
func (x *AuditLogEntry) ProtoReflect() protoreflect.Message {
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[0]
|
|
if x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use AuditLogEntry.ProtoReflect.Descriptor instead.
|
|
func (*AuditLogEntry) Descriptor() ([]byte, []int) {
|
|
return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{0}
|
|
}
|
|
|
|
func (x *AuditLogEntry) GetLogName() string {
|
|
if x != nil {
|
|
return x.LogName
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AuditLogEntry) GetProtoPayload() *AuditLog {
|
|
if x != nil {
|
|
return x.ProtoPayload
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *AuditLogEntry) GetInsertId() string {
|
|
if x != nil {
|
|
return x.InsertId
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AuditLogEntry) GetLabels() map[string]string {
|
|
if x != nil {
|
|
return x.Labels
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *AuditLogEntry) GetCorrelationId() string {
|
|
if x != nil && x.CorrelationId != nil {
|
|
return *x.CorrelationId
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AuditLogEntry) GetTimestamp() *timestamppb.Timestamp {
|
|
if x != nil {
|
|
return x.Timestamp
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *AuditLogEntry) GetSeverity() LogSeverity {
|
|
if x != nil {
|
|
return x.Severity
|
|
}
|
|
return LogSeverity_LOG_SEVERITY_UNSPECIFIED
|
|
}
|
|
|
|
// Common audit log format for STACKIT API operations.
|
|
type AuditLog struct {
|
|
state protoimpl.MessageState `protogen:"open.v1"`
|
|
// The name of the API service performing the operation.
|
|
//
|
|
// Examples:
|
|
//
|
|
// "resource-manager"
|
|
//
|
|
// Required: true
|
|
ServiceName string `protobuf:"bytes,1,opt,name=service_name,json=serviceName,proto3" json:"service_name,omitempty"`
|
|
// The name of the service method or operation.
|
|
//
|
|
// Format: stackit.<product>.<version>.<type-chain>.<operation>
|
|
// Where:
|
|
//
|
|
// Product: The name of the service in lowercase
|
|
// Version: Optional API version
|
|
// Type-Chain: Chained path to object
|
|
// Operation: The name of the operation in lowercase
|
|
//
|
|
// Examples:
|
|
//
|
|
// "stackit.resource-manager.v1.organizations.create"
|
|
// "stackit.authorization.v1.projects.volumes.create"
|
|
// "stackit.authorization.v2alpha.projects.volumes.create"
|
|
// "stackit.authorization.v2.folders.move"
|
|
// "stackit.resource-manager.health"
|
|
//
|
|
// Required: true
|
|
OperationName string `protobuf:"bytes,2,opt,name=operation_name,json=operationName,proto3" json:"operation_name,omitempty"`
|
|
// The resource or collection that is the target of the operation.
|
|
// The name is a scheme-less URI, not including the API service name.
|
|
//
|
|
// Format: <pluralType>/<id>[/<details>]
|
|
// Where:
|
|
//
|
|
// Plural-Type: One from the list of supported ObjectType as plural
|
|
// Id: The identifier of the object
|
|
// Details: Optional "<key>/<id>" pairs
|
|
//
|
|
// Examples:
|
|
//
|
|
// "organizations/40ab14ad-b7b0-4b1c-be41-5bc820a968d1"
|
|
// "projects/7046e7b6-5ae9-441c-99fe-2cd28a5078ec/locations/_/instances/instance-20240723-174217"
|
|
// "projects/7046e7b6-5ae9-441c-99fe-2cd28a5078ec/locations/sx-stoi01/instances/instance-20240723-174217"
|
|
// "projects/dd7d1807-54e9-4426-8994-721758b5b554/locations/eu01/vms/b6851b4e-7a9d-4973-ab0f-a80a13ee3060/ports/78f8bad4-a291-4fa3-b07f-4a1985d3dbe8"
|
|
// "projects/dd7d1807-54e9-4426-8994-721758b5b554/locations/eu01-m/vms/b6851b4e-7a9d-4973-ab0f-a80a13ee3060/ports/78f8bad4-a291-4fa3-b07f-4a1985d3dbe8"
|
|
//
|
|
// Required: true
|
|
ResourceName string `protobuf:"bytes,3,opt,name=resource_name,json=resourceName,proto3" json:"resource_name,omitempty"`
|
|
// Authentication information.
|
|
//
|
|
// Required: true
|
|
AuthenticationInfo *AuthenticationInfo `protobuf:"bytes,4,opt,name=authentication_info,json=authenticationInfo,proto3" json:"authentication_info,omitempty"`
|
|
// Authorization information. If there are multiple resources or permissions involved, then there is
|
|
// one AuthorizationInfo element for each {resource, permission} tuple.
|
|
//
|
|
// Required: false
|
|
AuthorizationInfo []*AuthorizationInfo `protobuf:"bytes,5,rep,name=authorization_info,json=authorizationInfo,proto3" json:"authorization_info,omitempty"`
|
|
// Metadata about the operation.
|
|
//
|
|
// Required: true
|
|
RequestMetadata *RequestMetadata `protobuf:"bytes,6,opt,name=request_metadata,json=requestMetadata,proto3" json:"request_metadata,omitempty"`
|
|
// The operation request. This may not include all request parameters,
|
|
// such as those that are too large, privacy-sensitive, or duplicated
|
|
// elsewhere in the log record.
|
|
// It should never include user-generated data, such as file contents.
|
|
//
|
|
// Required: false
|
|
Request *structpb.Struct `protobuf:"bytes,7,opt,name=request,proto3,oneof" json:"request,omitempty"`
|
|
// The status of the overall operation.
|
|
//
|
|
// Required: true
|
|
ResponseMetadata *ResponseMetadata `protobuf:"bytes,8,opt,name=response_metadata,json=responseMetadata,proto3" json:"response_metadata,omitempty"`
|
|
// The operation response. This may not include all response elements,
|
|
// such as those that are too large, privacy-sensitive, or duplicated
|
|
// elsewhere in the log record.
|
|
//
|
|
// Required: false
|
|
Response *structpb.Struct `protobuf:"bytes,9,opt,name=response,proto3,oneof" json:"response,omitempty"`
|
|
// Other service-specific data about the request, response, and other
|
|
// information associated with the current audited event.
|
|
//
|
|
// Required: false
|
|
Metadata *structpb.Struct `protobuf:"bytes,10,opt,name=metadata,proto3,oneof" json:"metadata,omitempty"`
|
|
unknownFields protoimpl.UnknownFields
|
|
sizeCache protoimpl.SizeCache
|
|
}
|
|
|
|
func (x *AuditLog) Reset() {
|
|
*x = AuditLog{}
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[1]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
|
|
func (x *AuditLog) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*AuditLog) ProtoMessage() {}
|
|
|
|
func (x *AuditLog) ProtoReflect() protoreflect.Message {
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[1]
|
|
if x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use AuditLog.ProtoReflect.Descriptor instead.
|
|
func (*AuditLog) Descriptor() ([]byte, []int) {
|
|
return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{1}
|
|
}
|
|
|
|
func (x *AuditLog) GetServiceName() string {
|
|
if x != nil {
|
|
return x.ServiceName
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AuditLog) GetOperationName() string {
|
|
if x != nil {
|
|
return x.OperationName
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AuditLog) GetResourceName() string {
|
|
if x != nil {
|
|
return x.ResourceName
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AuditLog) GetAuthenticationInfo() *AuthenticationInfo {
|
|
if x != nil {
|
|
return x.AuthenticationInfo
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *AuditLog) GetAuthorizationInfo() []*AuthorizationInfo {
|
|
if x != nil {
|
|
return x.AuthorizationInfo
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *AuditLog) GetRequestMetadata() *RequestMetadata {
|
|
if x != nil {
|
|
return x.RequestMetadata
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *AuditLog) GetRequest() *structpb.Struct {
|
|
if x != nil {
|
|
return x.Request
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *AuditLog) GetResponseMetadata() *ResponseMetadata {
|
|
if x != nil {
|
|
return x.ResponseMetadata
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *AuditLog) GetResponse() *structpb.Struct {
|
|
if x != nil {
|
|
return x.Response
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *AuditLog) GetMetadata() *structpb.Struct {
|
|
if x != nil {
|
|
return x.Metadata
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Authentication information for the operation.
|
|
type AuthenticationInfo struct {
|
|
state protoimpl.MessageState `protogen:"open.v1"`
|
|
// STACKIT principal id
|
|
//
|
|
// Required: true
|
|
PrincipalId string `protobuf:"bytes,1,opt,name=principal_id,json=principalId,proto3" json:"principal_id,omitempty"`
|
|
// The email address of the authenticated user.
|
|
// Service accounts have email addresses that can be used.
|
|
//
|
|
// Required: false
|
|
PrincipalEmail *string `protobuf:"bytes,2,opt,name=principal_email,json=principalEmail,proto3,oneof" json:"principal_email,omitempty"`
|
|
// The name of the service account used to create or exchange
|
|
// credentials for authenticating the service account making the request.
|
|
//
|
|
// Format: projects/<id>/service-accounts/<accountId>
|
|
//
|
|
// Examples:
|
|
//
|
|
// "projects/29b2c56f-f712-4a9c-845b-f0907158e53c/service-accounts/a606dc68-8b97-421b-89a9-116bcbd004df"
|
|
//
|
|
// Required: false
|
|
ServiceAccountName *string `protobuf:"bytes,3,opt,name=service_account_name,json=serviceAccountName,proto3,oneof" json:"service_account_name,omitempty"`
|
|
// Identity delegation history of an authenticated service account that makes
|
|
// the request. It contains information on the real authorities that try to
|
|
// access STACKIT resources by delegating on a service account. When multiple
|
|
// authorities present, they are guaranteed to be sorted based on the original
|
|
// ordering of the identity delegation events.
|
|
//
|
|
// Required: false
|
|
ServiceAccountDelegationInfo []*ServiceAccountDelegationInfo `protobuf:"bytes,4,rep,name=service_account_delegation_info,json=serviceAccountDelegationInfo,proto3" json:"service_account_delegation_info,omitempty"`
|
|
unknownFields protoimpl.UnknownFields
|
|
sizeCache protoimpl.SizeCache
|
|
}
|
|
|
|
func (x *AuthenticationInfo) Reset() {
|
|
*x = AuthenticationInfo{}
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[2]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
|
|
func (x *AuthenticationInfo) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*AuthenticationInfo) ProtoMessage() {}
|
|
|
|
func (x *AuthenticationInfo) ProtoReflect() protoreflect.Message {
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[2]
|
|
if x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use AuthenticationInfo.ProtoReflect.Descriptor instead.
|
|
func (*AuthenticationInfo) Descriptor() ([]byte, []int) {
|
|
return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{2}
|
|
}
|
|
|
|
func (x *AuthenticationInfo) GetPrincipalId() string {
|
|
if x != nil {
|
|
return x.PrincipalId
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AuthenticationInfo) GetPrincipalEmail() string {
|
|
if x != nil && x.PrincipalEmail != nil {
|
|
return *x.PrincipalEmail
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AuthenticationInfo) GetServiceAccountName() string {
|
|
if x != nil && x.ServiceAccountName != nil {
|
|
return *x.ServiceAccountName
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AuthenticationInfo) GetServiceAccountDelegationInfo() []*ServiceAccountDelegationInfo {
|
|
if x != nil {
|
|
return x.ServiceAccountDelegationInfo
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Authorization information for the operation.
|
|
type AuthorizationInfo struct {
|
|
state protoimpl.MessageState `protogen:"open.v1"`
|
|
// The resource being accessed, as a REST-style string.
|
|
//
|
|
// Format: <pluralType>/<id>[/<details>]
|
|
// Where:
|
|
//
|
|
// Plural-Type: One from the list of supported ObjectType as plural
|
|
// Id: The identifier of the object
|
|
// Details: Optional "<key>/<id>" pairs
|
|
//
|
|
// Examples:
|
|
//
|
|
// "organizations/40ab14ad-b7b0-4b1c-be41-5bc820a968d1"
|
|
// "projects/7046e7b6-5ae9-441c-99fe-2cd28a5078ec/locations/_/instances/instance-20240723-174217"
|
|
// "projects/7046e7b6-5ae9-441c-99fe-2cd28a5078ec/locations/eu01/instances/instance-20240723-174217"
|
|
// "projects/7046e7b6-5ae9-441c-99fe-2cd28a5078ec/locations/eu01/vms/b6851b4e-7a9d-4973-ab0f-a80a13ee3060/ports/78f8bad4-a291-4fa3-b07f-4a1985d3dbe8"
|
|
//
|
|
// Required: true
|
|
Resource string `protobuf:"bytes,1,opt,name=resource,proto3" json:"resource,omitempty"`
|
|
// The required IAM permission.
|
|
//
|
|
// Examples:
|
|
//
|
|
// "resourcemanager.project.edit"
|
|
//
|
|
// Required: false
|
|
Permission *string `protobuf:"bytes,2,opt,name=permission,proto3,oneof" json:"permission,omitempty"`
|
|
// IAM permission check result.
|
|
//
|
|
// Required: false
|
|
Granted *bool `protobuf:"varint,3,opt,name=granted,proto3,oneof" json:"granted,omitempty"`
|
|
unknownFields protoimpl.UnknownFields
|
|
sizeCache protoimpl.SizeCache
|
|
}
|
|
|
|
func (x *AuthorizationInfo) Reset() {
|
|
*x = AuthorizationInfo{}
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[3]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
|
|
func (x *AuthorizationInfo) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*AuthorizationInfo) ProtoMessage() {}
|
|
|
|
func (x *AuthorizationInfo) ProtoReflect() protoreflect.Message {
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[3]
|
|
if x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use AuthorizationInfo.ProtoReflect.Descriptor instead.
|
|
func (*AuthorizationInfo) Descriptor() ([]byte, []int) {
|
|
return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{3}
|
|
}
|
|
|
|
func (x *AuthorizationInfo) GetResource() string {
|
|
if x != nil {
|
|
return x.Resource
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AuthorizationInfo) GetPermission() string {
|
|
if x != nil && x.Permission != nil {
|
|
return *x.Permission
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AuthorizationInfo) GetGranted() bool {
|
|
if x != nil && x.Granted != nil {
|
|
return *x.Granted
|
|
}
|
|
return false
|
|
}
|
|
|
|
// This message defines the standard attribute vocabulary for STACKIT APIs.
|
|
//
|
|
// An attribute is a piece of metadata that describes an activity on a network
|
|
// service.
|
|
type AttributeContext struct {
|
|
state protoimpl.MessageState `protogen:"open.v1"`
|
|
unknownFields protoimpl.UnknownFields
|
|
sizeCache protoimpl.SizeCache
|
|
}
|
|
|
|
func (x *AttributeContext) Reset() {
|
|
*x = AttributeContext{}
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[4]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
|
|
func (x *AttributeContext) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*AttributeContext) ProtoMessage() {}
|
|
|
|
func (x *AttributeContext) ProtoReflect() protoreflect.Message {
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[4]
|
|
if x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use AttributeContext.ProtoReflect.Descriptor instead.
|
|
func (*AttributeContext) Descriptor() ([]byte, []int) {
|
|
return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{4}
|
|
}
|
|
|
|
// Metadata about the request.
|
|
type RequestMetadata struct {
|
|
state protoimpl.MessageState `protogen:"open.v1"`
|
|
// The IP address of the caller.
|
|
// For caller from internet, this will be public IPv4 or IPv6 address.
|
|
// For caller from a VM / K8s Service / etc, this will be the SIT proxy's IPv4 address.
|
|
//
|
|
// Required: true
|
|
CallerIp string `protobuf:"bytes,1,opt,name=caller_ip,json=callerIp,proto3" json:"caller_ip,omitempty"`
|
|
// The user agent of the caller.
|
|
//
|
|
// Examples:
|
|
//
|
|
// "OpenAPI-Generator/1.0.0/go"
|
|
// -> The request was made by the STACKIT SDK GO client, STACKIT CLI or Terraform provider
|
|
// "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
|
|
// -> The request was made by a web browser.
|
|
//
|
|
// Required: true
|
|
CallerSuppliedUserAgent string `protobuf:"bytes,2,opt,name=caller_supplied_user_agent,json=callerSuppliedUserAgent,proto3" json:"caller_supplied_user_agent,omitempty"`
|
|
// This field contains request attributes like request url, time, etc.
|
|
//
|
|
// Required: true
|
|
RequestAttributes *AttributeContext_Request `protobuf:"bytes,3,opt,name=request_attributes,json=requestAttributes,proto3" json:"request_attributes,omitempty"`
|
|
unknownFields protoimpl.UnknownFields
|
|
sizeCache protoimpl.SizeCache
|
|
}
|
|
|
|
func (x *RequestMetadata) Reset() {
|
|
*x = RequestMetadata{}
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[5]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
|
|
func (x *RequestMetadata) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*RequestMetadata) ProtoMessage() {}
|
|
|
|
func (x *RequestMetadata) ProtoReflect() protoreflect.Message {
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[5]
|
|
if x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use RequestMetadata.ProtoReflect.Descriptor instead.
|
|
func (*RequestMetadata) Descriptor() ([]byte, []int) {
|
|
return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{5}
|
|
}
|
|
|
|
func (x *RequestMetadata) GetCallerIp() string {
|
|
if x != nil {
|
|
return x.CallerIp
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *RequestMetadata) GetCallerSuppliedUserAgent() string {
|
|
if x != nil {
|
|
return x.CallerSuppliedUserAgent
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *RequestMetadata) GetRequestAttributes() *AttributeContext_Request {
|
|
if x != nil {
|
|
return x.RequestAttributes
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Metadata about the response
|
|
type ResponseMetadata struct {
|
|
state protoimpl.MessageState `protogen:"open.v1"`
|
|
// The http or gRPC status code.
|
|
//
|
|
// Examples:
|
|
//
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Status
|
|
// https://grpc.github.io/grpc/core/md_doc_statuscodes.html
|
|
//
|
|
// Required: true
|
|
StatusCode *wrapperspb.Int32Value `protobuf:"bytes,1,opt,name=status_code,json=statusCode,proto3" json:"status_code,omitempty"`
|
|
// Short description of the error
|
|
//
|
|
// Required: false
|
|
ErrorMessage *string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3,oneof" json:"error_message,omitempty"`
|
|
// Error details
|
|
//
|
|
// Required: false
|
|
ErrorDetails []*structpb.Struct `protobuf:"bytes,3,rep,name=error_details,json=errorDetails,proto3" json:"error_details,omitempty"`
|
|
// This field contains response attributes like headers, time, etc.
|
|
//
|
|
// Required: true
|
|
ResponseAttributes *AttributeContext_Response `protobuf:"bytes,4,opt,name=response_attributes,json=responseAttributes,proto3" json:"response_attributes,omitempty"`
|
|
unknownFields protoimpl.UnknownFields
|
|
sizeCache protoimpl.SizeCache
|
|
}
|
|
|
|
func (x *ResponseMetadata) Reset() {
|
|
*x = ResponseMetadata{}
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[6]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
|
|
func (x *ResponseMetadata) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*ResponseMetadata) ProtoMessage() {}
|
|
|
|
func (x *ResponseMetadata) ProtoReflect() protoreflect.Message {
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[6]
|
|
if x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use ResponseMetadata.ProtoReflect.Descriptor instead.
|
|
func (*ResponseMetadata) Descriptor() ([]byte, []int) {
|
|
return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{6}
|
|
}
|
|
|
|
func (x *ResponseMetadata) GetStatusCode() *wrapperspb.Int32Value {
|
|
if x != nil {
|
|
return x.StatusCode
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *ResponseMetadata) GetErrorMessage() string {
|
|
if x != nil && x.ErrorMessage != nil {
|
|
return *x.ErrorMessage
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *ResponseMetadata) GetErrorDetails() []*structpb.Struct {
|
|
if x != nil {
|
|
return x.ErrorDetails
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *ResponseMetadata) GetResponseAttributes() *AttributeContext_Response {
|
|
if x != nil {
|
|
return x.ResponseAttributes
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Identity delegation history of an authenticated service account.
|
|
type ServiceAccountDelegationInfo struct {
|
|
state protoimpl.MessageState `protogen:"open.v1"`
|
|
// Entity that creates credentials for service account and assumes its
|
|
// identity for authentication.
|
|
//
|
|
// Types that are valid to be assigned to Authority:
|
|
//
|
|
// *ServiceAccountDelegationInfo_SystemPrincipal_
|
|
// *ServiceAccountDelegationInfo_IdpPrincipal_
|
|
Authority isServiceAccountDelegationInfo_Authority `protobuf_oneof:"authority"`
|
|
unknownFields protoimpl.UnknownFields
|
|
sizeCache protoimpl.SizeCache
|
|
}
|
|
|
|
func (x *ServiceAccountDelegationInfo) Reset() {
|
|
*x = ServiceAccountDelegationInfo{}
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[7]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
|
|
func (x *ServiceAccountDelegationInfo) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*ServiceAccountDelegationInfo) ProtoMessage() {}
|
|
|
|
func (x *ServiceAccountDelegationInfo) ProtoReflect() protoreflect.Message {
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[7]
|
|
if x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use ServiceAccountDelegationInfo.ProtoReflect.Descriptor instead.
|
|
func (*ServiceAccountDelegationInfo) Descriptor() ([]byte, []int) {
|
|
return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{7}
|
|
}
|
|
|
|
func (x *ServiceAccountDelegationInfo) GetAuthority() isServiceAccountDelegationInfo_Authority {
|
|
if x != nil {
|
|
return x.Authority
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *ServiceAccountDelegationInfo) GetSystemPrincipal() *ServiceAccountDelegationInfo_SystemPrincipal {
|
|
if x != nil {
|
|
if x, ok := x.Authority.(*ServiceAccountDelegationInfo_SystemPrincipal_); ok {
|
|
return x.SystemPrincipal
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *ServiceAccountDelegationInfo) GetIdpPrincipal() *ServiceAccountDelegationInfo_IdpPrincipal {
|
|
if x != nil {
|
|
if x, ok := x.Authority.(*ServiceAccountDelegationInfo_IdpPrincipal_); ok {
|
|
return x.IdpPrincipal
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
type isServiceAccountDelegationInfo_Authority interface {
|
|
isServiceAccountDelegationInfo_Authority()
|
|
}
|
|
|
|
type ServiceAccountDelegationInfo_SystemPrincipal_ struct {
|
|
// System identity
|
|
SystemPrincipal *ServiceAccountDelegationInfo_SystemPrincipal `protobuf:"bytes,1,opt,name=system_principal,json=systemPrincipal,proto3,oneof"`
|
|
}
|
|
|
|
type ServiceAccountDelegationInfo_IdpPrincipal_ struct {
|
|
// STACKIT IDP identity
|
|
IdpPrincipal *ServiceAccountDelegationInfo_IdpPrincipal `protobuf:"bytes,2,opt,name=idp_principal,json=idpPrincipal,proto3,oneof"`
|
|
}
|
|
|
|
func (*ServiceAccountDelegationInfo_SystemPrincipal_) isServiceAccountDelegationInfo_Authority() {}
|
|
|
|
func (*ServiceAccountDelegationInfo_IdpPrincipal_) isServiceAccountDelegationInfo_Authority() {}
|
|
|
|
// This message defines request authentication attributes. Terminology is
|
|
// based on the JSON Web Token (JWT) standard, but the terms also
|
|
// correlate to concepts in other standards.
|
|
type AttributeContext_Auth struct {
|
|
state protoimpl.MessageState `protogen:"open.v1"`
|
|
// The authenticated principal. Reflects the issuer ("iss") and subject
|
|
// ("sub") claims within a JWT.
|
|
//
|
|
// Format: <sub-claim>/<iss-claim>
|
|
// Where:
|
|
//
|
|
// Sub-Claim: Sub-Claim from JWT with `/` percent-encoded (url-encoded)
|
|
// Issuer-Claim: Iss-Claim from JWT with `/` percent-encoded (url-encoded)
|
|
//
|
|
// Examples:
|
|
//
|
|
// "stackit-resource-manager-dev/https%3A%2F%2Faccounts.dev.stackit.cloud"
|
|
//
|
|
// Required: true
|
|
Principal string `protobuf:"bytes,1,opt,name=principal,proto3" json:"principal,omitempty"`
|
|
// The intended audience(s) for this authentication information. Reflects
|
|
// the audience ("aud") claim within a JWT, typically the services intended
|
|
// to receive the credential.
|
|
//
|
|
// Examples:
|
|
//
|
|
// ["stackit-resource-manager-dev", "stackit", "api"]
|
|
//
|
|
// Required: false
|
|
Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"`
|
|
// Structured claims presented with the credential. JWTs include
|
|
// {"key": <value>} pairs for standard and private claims.
|
|
//
|
|
// The following is a subset of the standard required and optional claims that should
|
|
// typically be presented for a STACKIT JWT.
|
|
// Don't add other claims to not leak internal or personal information:
|
|
//
|
|
// {
|
|
// "aud": "stackit-resource-manager-dev",
|
|
// "email": "max@mail.schwarz",
|
|
// "iss": "https://api.dev.stackit.cloud",
|
|
// "jti": "45a196e0-480f-4c34-a592-dc5db81c8c3a"
|
|
// "sub": "cd94f01a-df2e-4456-902f-48f5e57f0b63"
|
|
// }
|
|
//
|
|
// Required: true
|
|
Claims *structpb.Struct `protobuf:"bytes,3,opt,name=claims,proto3" json:"claims,omitempty"`
|
|
unknownFields protoimpl.UnknownFields
|
|
sizeCache protoimpl.SizeCache
|
|
}
|
|
|
|
func (x *AttributeContext_Auth) Reset() {
|
|
*x = AttributeContext_Auth{}
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[9]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
|
|
func (x *AttributeContext_Auth) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*AttributeContext_Auth) ProtoMessage() {}
|
|
|
|
func (x *AttributeContext_Auth) ProtoReflect() protoreflect.Message {
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[9]
|
|
if x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use AttributeContext_Auth.ProtoReflect.Descriptor instead.
|
|
func (*AttributeContext_Auth) Descriptor() ([]byte, []int) {
|
|
return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{4, 0}
|
|
}
|
|
|
|
func (x *AttributeContext_Auth) GetPrincipal() string {
|
|
if x != nil {
|
|
return x.Principal
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AttributeContext_Auth) GetAudiences() []string {
|
|
if x != nil {
|
|
return x.Audiences
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *AttributeContext_Auth) GetClaims() *structpb.Struct {
|
|
if x != nil {
|
|
return x.Claims
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// This message defines attributes for an HTTP request. If the actual
|
|
// request is not an HTTP request, the runtime system should try to map
|
|
// the actual request to an equivalent HTTP request.
|
|
type AttributeContext_Request struct {
|
|
state protoimpl.MessageState `protogen:"open.v1"`
|
|
// The unique ID for a request, which can be propagated to downstream
|
|
// systems. The ID should have low probability of collision
|
|
// within a single day for a specific service.
|
|
//
|
|
// More information can be found here: https://google.aip.dev/155
|
|
//
|
|
// Format: <idempotency-key>
|
|
// Where:
|
|
//
|
|
// Idempotency-key: Typically consists of a id + version
|
|
//
|
|
// Examples:
|
|
//
|
|
// 5e3952a9-b628-4be6-ac61-b1c6eb4a110c/5
|
|
//
|
|
// Required: false
|
|
Id *string `protobuf:"bytes,1,opt,name=id,proto3,oneof" json:"id,omitempty"`
|
|
// The (HTTP) request method, such as `GET`, `POST`.
|
|
//
|
|
// Required: true
|
|
Method AttributeContext_HttpMethod `protobuf:"varint,2,opt,name=method,proto3,enum=audit.v1.AttributeContext_HttpMethod" json:"method,omitempty"`
|
|
// The (HTTP) request headers / gRPC metadata. If multiple headers share the same key, they
|
|
// must be merged according to the HTTP spec. All header keys must be
|
|
// lowercased, because HTTP header keys are case-insensitive.
|
|
//
|
|
// Internal IP-Addresses have to be removed (e.g. in x-forwarded-xxx headers).
|
|
//
|
|
// Required: true
|
|
Headers map[string]string `protobuf:"bytes,3,rep,name=headers,proto3" json:"headers,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
|
|
// The gRPC / HTTP URL path.
|
|
//
|
|
// Required: true
|
|
Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"`
|
|
// The HTTP request `Host` header value.
|
|
//
|
|
// Required: true
|
|
Host string `protobuf:"bytes,5,opt,name=host,proto3" json:"host,omitempty"`
|
|
// The URL scheme, such as `http`, `https` or `gRPC`.
|
|
//
|
|
// Required: true
|
|
Scheme string `protobuf:"bytes,6,opt,name=scheme,proto3" json:"scheme,omitempty"`
|
|
// The HTTP URL query in the format of "name1=value1&name2=value2", as it
|
|
// appears in the first line of the HTTP request.
|
|
// The input should be escaped to not contain any special characters.
|
|
//
|
|
// Required: false
|
|
Query *string `protobuf:"bytes,7,opt,name=query,proto3,oneof" json:"query,omitempty"`
|
|
// The timestamp when the `destination` service receives the first byte of
|
|
// the request.
|
|
//
|
|
// Required: true
|
|
Time *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=time,proto3" json:"time,omitempty"`
|
|
// The network protocol used with the request, such as "http/1.1",
|
|
// "spdy/3", "h2", "h2c", "webrtc", "tcp", "udp", "quic". See
|
|
// https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
|
|
// for details.
|
|
//
|
|
// Required: true
|
|
Protocol string `protobuf:"bytes,9,opt,name=protocol,proto3" json:"protocol,omitempty"`
|
|
// The request authentication.
|
|
//
|
|
// Required: true
|
|
Auth *AttributeContext_Auth `protobuf:"bytes,10,opt,name=auth,proto3" json:"auth,omitempty"`
|
|
unknownFields protoimpl.UnknownFields
|
|
sizeCache protoimpl.SizeCache
|
|
}
|
|
|
|
func (x *AttributeContext_Request) Reset() {
|
|
*x = AttributeContext_Request{}
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[10]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
|
|
func (x *AttributeContext_Request) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*AttributeContext_Request) ProtoMessage() {}
|
|
|
|
func (x *AttributeContext_Request) ProtoReflect() protoreflect.Message {
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[10]
|
|
if x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use AttributeContext_Request.ProtoReflect.Descriptor instead.
|
|
func (*AttributeContext_Request) Descriptor() ([]byte, []int) {
|
|
return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{4, 1}
|
|
}
|
|
|
|
func (x *AttributeContext_Request) GetId() string {
|
|
if x != nil && x.Id != nil {
|
|
return *x.Id
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AttributeContext_Request) GetMethod() AttributeContext_HttpMethod {
|
|
if x != nil {
|
|
return x.Method
|
|
}
|
|
return AttributeContext_HTTP_METHOD_UNSPECIFIED
|
|
}
|
|
|
|
func (x *AttributeContext_Request) GetHeaders() map[string]string {
|
|
if x != nil {
|
|
return x.Headers
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *AttributeContext_Request) GetPath() string {
|
|
if x != nil {
|
|
return x.Path
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AttributeContext_Request) GetHost() string {
|
|
if x != nil {
|
|
return x.Host
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AttributeContext_Request) GetScheme() string {
|
|
if x != nil {
|
|
return x.Scheme
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AttributeContext_Request) GetQuery() string {
|
|
if x != nil && x.Query != nil {
|
|
return *x.Query
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AttributeContext_Request) GetTime() *timestamppb.Timestamp {
|
|
if x != nil {
|
|
return x.Time
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *AttributeContext_Request) GetProtocol() string {
|
|
if x != nil {
|
|
return x.Protocol
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AttributeContext_Request) GetAuth() *AttributeContext_Auth {
|
|
if x != nil {
|
|
return x.Auth
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// This message defines attributes for a typical network response. It
|
|
// generally models semantics of an HTTP response.
|
|
type AttributeContext_Response struct {
|
|
state protoimpl.MessageState `protogen:"open.v1"`
|
|
// The number of items returned to the client if applicable.
|
|
//
|
|
// Required: false
|
|
NumResponseItems *wrapperspb.Int64Value `protobuf:"bytes,1,opt,name=num_response_items,json=numResponseItems,proto3,oneof" json:"num_response_items,omitempty"`
|
|
// The HTTP response size in bytes.
|
|
//
|
|
// Required: false
|
|
Size *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=size,proto3,oneof" json:"size,omitempty"`
|
|
// The HTTP response headers. If multiple headers share the same key, they
|
|
// must be merged according to HTTP spec. All header keys must be
|
|
// lowercased, because HTTP header keys are case-insensitive.
|
|
//
|
|
// Required: false
|
|
Headers map[string]string `protobuf:"bytes,3,rep,name=headers,proto3" json:"headers,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
|
|
// The timestamp when the "destination" service generates the first byte of
|
|
// the response.
|
|
//
|
|
// Required: true
|
|
Time *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=time,proto3" json:"time,omitempty"`
|
|
unknownFields protoimpl.UnknownFields
|
|
sizeCache protoimpl.SizeCache
|
|
}
|
|
|
|
func (x *AttributeContext_Response) Reset() {
|
|
*x = AttributeContext_Response{}
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[11]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
|
|
func (x *AttributeContext_Response) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*AttributeContext_Response) ProtoMessage() {}
|
|
|
|
func (x *AttributeContext_Response) ProtoReflect() protoreflect.Message {
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[11]
|
|
if x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use AttributeContext_Response.ProtoReflect.Descriptor instead.
|
|
func (*AttributeContext_Response) Descriptor() ([]byte, []int) {
|
|
return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{4, 2}
|
|
}
|
|
|
|
func (x *AttributeContext_Response) GetNumResponseItems() *wrapperspb.Int64Value {
|
|
if x != nil {
|
|
return x.NumResponseItems
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *AttributeContext_Response) GetSize() *wrapperspb.Int64Value {
|
|
if x != nil {
|
|
return x.Size
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *AttributeContext_Response) GetHeaders() map[string]string {
|
|
if x != nil {
|
|
return x.Headers
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *AttributeContext_Response) GetTime() *timestamppb.Timestamp {
|
|
if x != nil {
|
|
return x.Time
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Anonymous system principal to be used when no user identity is available.
|
|
type ServiceAccountDelegationInfo_SystemPrincipal struct {
|
|
state protoimpl.MessageState `protogen:"open.v1"`
|
|
// Metadata about the service that uses the service account.
|
|
//
|
|
// Required: false
|
|
ServiceMetadata *structpb.Struct `protobuf:"bytes,1,opt,name=service_metadata,json=serviceMetadata,proto3,oneof" json:"service_metadata,omitempty"`
|
|
unknownFields protoimpl.UnknownFields
|
|
sizeCache protoimpl.SizeCache
|
|
}
|
|
|
|
func (x *ServiceAccountDelegationInfo_SystemPrincipal) Reset() {
|
|
*x = ServiceAccountDelegationInfo_SystemPrincipal{}
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[14]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
|
|
func (x *ServiceAccountDelegationInfo_SystemPrincipal) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*ServiceAccountDelegationInfo_SystemPrincipal) ProtoMessage() {}
|
|
|
|
func (x *ServiceAccountDelegationInfo_SystemPrincipal) ProtoReflect() protoreflect.Message {
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[14]
|
|
if x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use ServiceAccountDelegationInfo_SystemPrincipal.ProtoReflect.Descriptor instead.
|
|
func (*ServiceAccountDelegationInfo_SystemPrincipal) Descriptor() ([]byte, []int) {
|
|
return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{7, 0}
|
|
}
|
|
|
|
func (x *ServiceAccountDelegationInfo_SystemPrincipal) GetServiceMetadata() *structpb.Struct {
|
|
if x != nil {
|
|
return x.ServiceMetadata
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// STACKIT idp principal.
|
|
type ServiceAccountDelegationInfo_IdpPrincipal struct {
|
|
state protoimpl.MessageState `protogen:"open.v1"`
|
|
// STACKIT principal id
|
|
//
|
|
// Required: true
|
|
PrincipalId string `protobuf:"bytes,1,opt,name=principal_id,json=principalId,proto3" json:"principal_id,omitempty"`
|
|
// The email address of the authenticated user.
|
|
// Service accounts have email addresses that can be used.
|
|
//
|
|
// Required: true
|
|
PrincipalEmail string `protobuf:"bytes,2,opt,name=principal_email,json=principalEmail,proto3" json:"principal_email,omitempty"`
|
|
// Metadata about the service that uses the service account.
|
|
//
|
|
// Required: false
|
|
ServiceMetadata *structpb.Struct `protobuf:"bytes,3,opt,name=service_metadata,json=serviceMetadata,proto3,oneof" json:"service_metadata,omitempty"`
|
|
unknownFields protoimpl.UnknownFields
|
|
sizeCache protoimpl.SizeCache
|
|
}
|
|
|
|
func (x *ServiceAccountDelegationInfo_IdpPrincipal) Reset() {
|
|
*x = ServiceAccountDelegationInfo_IdpPrincipal{}
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[15]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
|
|
func (x *ServiceAccountDelegationInfo_IdpPrincipal) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*ServiceAccountDelegationInfo_IdpPrincipal) ProtoMessage() {}
|
|
|
|
func (x *ServiceAccountDelegationInfo_IdpPrincipal) ProtoReflect() protoreflect.Message {
|
|
mi := &file_audit_v1_audit_event_proto_msgTypes[15]
|
|
if x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use ServiceAccountDelegationInfo_IdpPrincipal.ProtoReflect.Descriptor instead.
|
|
func (*ServiceAccountDelegationInfo_IdpPrincipal) Descriptor() ([]byte, []int) {
|
|
return file_audit_v1_audit_event_proto_rawDescGZIP(), []int{7, 1}
|
|
}
|
|
|
|
func (x *ServiceAccountDelegationInfo_IdpPrincipal) GetPrincipalId() string {
|
|
if x != nil {
|
|
return x.PrincipalId
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *ServiceAccountDelegationInfo_IdpPrincipal) GetPrincipalEmail() string {
|
|
if x != nil {
|
|
return x.PrincipalEmail
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *ServiceAccountDelegationInfo_IdpPrincipal) GetServiceMetadata() *structpb.Struct {
|
|
if x != nil {
|
|
return x.ServiceMetadata
|
|
}
|
|
return nil
|
|
}
|
|
|
|
var File_audit_v1_audit_event_proto protoreflect.FileDescriptor
|
|
|
|
const file_audit_v1_audit_event_proto_rawDesc = "" +
|
|
"\n" +
|
|
"\x1aaudit/v1/audit_event.proto\x12\baudit.v1\x1a\x1bbuf/validate/validate.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x1egoogle/protobuf/wrappers.proto\"\xe2\x04\n" +
|
|
"\rAuditLogEntry\x12x\n" +
|
|
"\blog_name\x18\x01 \x01(\tB]\xbaHZ\xc8\x01\x01rU2S^[a-z-]+/[a-z0-9-]+/logs/(?:admin-activity|system-event|policy-denied|data-access)$R\alogName\x12?\n" +
|
|
"\rproto_payload\x18\x02 \x01(\v2\x12.audit.v1.AuditLogB\x06\xbaH\x03\xc8\x01\x01R\fprotoPayload\x12L\n" +
|
|
"\tinsert_id\x18\x03 \x01(\tB/\xbaH,\xc8\x01\x01r'2%^[0-9]+/[a-z0-9-]+/[a-z0-9-]+/[0-9]+$R\binsertId\x12;\n" +
|
|
"\x06labels\x18\x04 \x03(\v2#.audit.v1.AuditLogEntry.LabelsEntryR\x06labels\x126\n" +
|
|
"\x0ecorrelation_id\x18\x05 \x01(\tB\n" +
|
|
"\xbaH\ar\x05\x10\x01\x18\xff\x01H\x00R\rcorrelationId\x88\x01\x01\x12E\n" +
|
|
"\ttimestamp\x18\x06 \x01(\v2\x1a.google.protobuf.TimestampB\v\xbaH\b\xc8\x01\x01\xb2\x01\x028\x01R\ttimestamp\x12>\n" +
|
|
"\bseverity\x18\a \x01(\x0e2\x15.audit.v1.LogSeverityB\v\xbaH\b\xc8\x01\x01\x82\x01\x02\x10\x01R\bseverity\x1a9\n" +
|
|
"\vLabelsEntry\x12\x10\n" +
|
|
"\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" +
|
|
"\x05value\x18\x02 \x01(\tR\x05value:\x028\x01B\x11\n" +
|
|
"\x0f_correlation_id\"\xb3\x06\n" +
|
|
"\bAuditLog\x125\n" +
|
|
"\fservice_name\x18\x01 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" +
|
|
"\x10\x012\x06.*\\S.*R\vserviceName\x12w\n" +
|
|
"\x0eoperation_name\x18\x02 \x01(\tBP\xbaHM\xc8\x01\x01rH\x10\x01\x18\xff\x012A^stackit\\.[a-z0-9-]+\\.(?:v[0-9]+\\.)?(?:[a-z0-9-.]+\\.)?[a-z0-9-]+$R\roperationName\x12c\n" +
|
|
"\rresource_name\x18\x03 \x01(\tB>\xbaH;\xc8\x01\x01r6\x10\x01\x18\xff\x012/^[a-z]+/[a-z0-9-]+(?:/[a-z0-9-]+/[a-z0-9-_]+)*$R\fresourceName\x12U\n" +
|
|
"\x13authentication_info\x18\x04 \x01(\v2\x1c.audit.v1.AuthenticationInfoB\x06\xbaH\x03\xc8\x01\x01R\x12authenticationInfo\x12J\n" +
|
|
"\x12authorization_info\x18\x05 \x03(\v2\x1b.audit.v1.AuthorizationInfoR\x11authorizationInfo\x12L\n" +
|
|
"\x10request_metadata\x18\x06 \x01(\v2\x19.audit.v1.RequestMetadataB\x06\xbaH\x03\xc8\x01\x01R\x0frequestMetadata\x126\n" +
|
|
"\arequest\x18\a \x01(\v2\x17.google.protobuf.StructH\x00R\arequest\x88\x01\x01\x12O\n" +
|
|
"\x11response_metadata\x18\b \x01(\v2\x1a.audit.v1.ResponseMetadataB\x06\xbaH\x03\xc8\x01\x01R\x10responseMetadata\x128\n" +
|
|
"\bresponse\x18\t \x01(\v2\x17.google.protobuf.StructH\x01R\bresponse\x88\x01\x01\x128\n" +
|
|
"\bmetadata\x18\n" +
|
|
" \x01(\v2\x17.google.protobuf.StructH\x02R\bmetadata\x88\x01\x01B\n" +
|
|
"\n" +
|
|
"\b_requestB\v\n" +
|
|
"\t_responseB\v\n" +
|
|
"\t_metadata\"\x93\x03\n" +
|
|
"\x12AuthenticationInfo\x125\n" +
|
|
"\fprincipal_id\x18\x01 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" +
|
|
"\x10\x012\x06.*\\S.*R\vprincipalId\x12:\n" +
|
|
"\x0fprincipal_email\x18\x02 \x01(\tB\f\xbaH\tr\a\x10\x05\x18\xff\x01`\x01H\x00R\x0eprincipalEmail\x88\x01\x01\x12n\n" +
|
|
"\x14service_account_name\x18\x03 \x01(\tB7\xbaH4r220^[a-z-]+/[a-z0-9-]+/service-accounts/[a-z0-9-]+$H\x01R\x12serviceAccountName\x88\x01\x01\x12m\n" +
|
|
"\x1fservice_account_delegation_info\x18\x04 \x03(\v2&.audit.v1.ServiceAccountDelegationInfoR\x1cserviceAccountDelegationInfoB\x12\n" +
|
|
"\x10_principal_emailB\x17\n" +
|
|
"\x15_service_account_name\"\xf2\x01\n" +
|
|
"\x11AuthorizationInfo\x12U\n" +
|
|
"\bresource\x18\x01 \x01(\tB9\xbaH6\xc8\x01\x01r12/^[a-z]+/[a-z0-9-]+(?:/[a-z0-9-]+/[a-z0-9-_]+)*$R\bresource\x12L\n" +
|
|
"\n" +
|
|
"permission\x18\x02 \x01(\tB'\xbaH$r\"2 ^[a-z-]+(?:\\.[a-z-]+)*\\.[a-z-]+$H\x00R\n" +
|
|
"permission\x88\x01\x01\x12\x1d\n" +
|
|
"\agranted\x18\x03 \x01(\bH\x01R\agranted\x88\x01\x01B\r\n" +
|
|
"\v_permissionB\n" +
|
|
"\n" +
|
|
"\b_granted\"\xaa\v\n" +
|
|
"\x10AttributeContext\x1a\xa9\x01\n" +
|
|
"\x04Auth\x12J\n" +
|
|
"\tprincipal\x18\x01 \x01(\tB,\xbaH)\xc8\x01\x01r$2\"^[a-zA-Z0-9-%._]+/[a-zA-Z0-9-%.]+$R\tprincipal\x12\x1c\n" +
|
|
"\taudiences\x18\x02 \x03(\tR\taudiences\x127\n" +
|
|
"\x06claims\x18\x03 \x01(\v2\x17.google.protobuf.StructB\x06\xbaH\x03\xc8\x01\x01R\x06claims\x1a\xce\x04\n" +
|
|
"\aRequest\x12\x13\n" +
|
|
"\x02id\x18\x01 \x01(\tH\x00R\x02id\x88\x01\x01\x12J\n" +
|
|
"\x06method\x18\x02 \x01(\x0e2%.audit.v1.AttributeContext.HttpMethodB\v\xbaH\b\xc8\x01\x01\x82\x01\x02\x10\x01R\x06method\x12Q\n" +
|
|
"\aheaders\x18\x03 \x03(\v2/.audit.v1.AttributeContext.Request.HeadersEntryB\x06\xbaH\x03\xc8\x01\x01R\aheaders\x12)\n" +
|
|
"\x04path\x18\x04 \x01(\tB\x15\xbaH\x12\xc8\x01\x01r\r\x10\x01\x18\xff\x012\x06.*\\S.*R\x04path\x12&\n" +
|
|
"\x04host\x18\x05 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" +
|
|
"\x10\x012\x06.*\\S.*R\x04host\x12*\n" +
|
|
"\x06scheme\x18\x06 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" +
|
|
"\x10\x012\x06.*\\S.*R\x06scheme\x12\x19\n" +
|
|
"\x05query\x18\a \x01(\tH\x01R\x05query\x88\x01\x01\x12;\n" +
|
|
"\x04time\x18\b \x01(\v2\x1a.google.protobuf.TimestampB\v\xbaH\b\xc8\x01\x01\xb2\x01\x028\x01R\x04time\x12.\n" +
|
|
"\bprotocol\x18\t \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" +
|
|
"\x10\x012\x06.*\\S.*R\bprotocol\x12;\n" +
|
|
"\x04auth\x18\n" +
|
|
" \x01(\v2\x1f.audit.v1.AttributeContext.AuthB\x06\xbaH\x03\xc8\x01\x01R\x04auth\x1a:\n" +
|
|
"\fHeadersEntry\x12\x10\n" +
|
|
"\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" +
|
|
"\x05value\x18\x02 \x01(\tR\x05value:\x028\x01B\x05\n" +
|
|
"\x03_idB\b\n" +
|
|
"\x06_query\x1a\x87\x03\n" +
|
|
"\bResponse\x12W\n" +
|
|
"\x12num_response_items\x18\x01 \x01(\v2\x1b.google.protobuf.Int64ValueB\a\xbaH\x04\"\x02(\x00H\x00R\x10numResponseItems\x88\x01\x01\x12=\n" +
|
|
"\x04size\x18\x02 \x01(\v2\x1b.google.protobuf.Int64ValueB\a\xbaH\x04\"\x02(\x00H\x01R\x04size\x88\x01\x01\x12J\n" +
|
|
"\aheaders\x18\x03 \x03(\v20.audit.v1.AttributeContext.Response.HeadersEntryR\aheaders\x12;\n" +
|
|
"\x04time\x18\x04 \x01(\v2\x1a.google.protobuf.TimestampB\v\xbaH\b\xc8\x01\x01\xb2\x01\x028\x01R\x04time\x1a:\n" +
|
|
"\fHeadersEntry\x12\x10\n" +
|
|
"\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" +
|
|
"\x05value\x18\x02 \x01(\tR\x05value:\x028\x01B\x15\n" +
|
|
"\x13_num_response_itemsB\a\n" +
|
|
"\x05_size\"\x8e\x02\n" +
|
|
"\n" +
|
|
"HttpMethod\x12\x1b\n" +
|
|
"\x17HTTP_METHOD_UNSPECIFIED\x10\x00\x12\x15\n" +
|
|
"\x11HTTP_METHOD_OTHER\x10\x01\x12\x13\n" +
|
|
"\x0fHTTP_METHOD_GET\x10\x02\x12\x14\n" +
|
|
"\x10HTTP_METHOD_HEAD\x10\x03\x12\x14\n" +
|
|
"\x10HTTP_METHOD_POST\x10\x04\x12\x13\n" +
|
|
"\x0fHTTP_METHOD_PUT\x10\x05\x12\x16\n" +
|
|
"\x12HTTP_METHOD_DELETE\x10\x06\x12\x17\n" +
|
|
"\x13HTTP_METHOD_CONNECT\x10\a\x12\x17\n" +
|
|
"\x13HTTP_METHOD_OPTIONS\x10\b\x12\x15\n" +
|
|
"\x11HTTP_METHOD_TRACE\x10\t\x12\x15\n" +
|
|
"\x11HTTP_METHOD_PATCH\x10\n" +
|
|
"\"\xe9\x01\n" +
|
|
"\x0fRequestMetadata\x12'\n" +
|
|
"\tcaller_ip\x18\x01 \x01(\tB\n" +
|
|
"\xbaH\a\xc8\x01\x01r\x02p\x01R\bcallerIp\x12R\n" +
|
|
"\x1acaller_supplied_user_agent\x18\x02 \x01(\tB\x15\xbaH\x12\xc8\x01\x01r\r\x10\x01\x18\xff\x012\x06.*\\S.*R\x17callerSuppliedUserAgent\x12Y\n" +
|
|
"\x12request_attributes\x18\x03 \x01(\v2\".audit.v1.AttributeContext.RequestB\x06\xbaH\x03\xc8\x01\x01R\x11requestAttributes\"\xb4\x02\n" +
|
|
"\x10ResponseMetadata\x12H\n" +
|
|
"\vstatus_code\x18\x01 \x01(\v2\x1b.google.protobuf.Int32ValueB\n" +
|
|
"\xbaH\a\xc8\x01\x01\x1a\x02(\x00R\n" +
|
|
"statusCode\x12(\n" +
|
|
"\rerror_message\x18\x02 \x01(\tH\x00R\ferrorMessage\x88\x01\x01\x12<\n" +
|
|
"\rerror_details\x18\x03 \x03(\v2\x17.google.protobuf.StructR\ferrorDetails\x12\\\n" +
|
|
"\x13response_attributes\x18\x04 \x01(\v2#.audit.v1.AttributeContext.ResponseB\x06\xbaH\x03\xc8\x01\x01R\x12responseAttributesB\x10\n" +
|
|
"\x0e_error_message\"\xca\x04\n" +
|
|
"\x1cServiceAccountDelegationInfo\x12c\n" +
|
|
"\x10system_principal\x18\x01 \x01(\v26.audit.v1.ServiceAccountDelegationInfo.SystemPrincipalH\x00R\x0fsystemPrincipal\x12Z\n" +
|
|
"\ridp_principal\x18\x02 \x01(\v23.audit.v1.ServiceAccountDelegationInfo.IdpPrincipalH\x00R\fidpPrincipal\x1ao\n" +
|
|
"\x0fSystemPrincipal\x12G\n" +
|
|
"\x10service_metadata\x18\x01 \x01(\v2\x17.google.protobuf.StructH\x00R\x0fserviceMetadata\x88\x01\x01B\x13\n" +
|
|
"\x11_service_metadata\x1a\xe3\x01\n" +
|
|
"\fIdpPrincipal\x125\n" +
|
|
"\fprincipal_id\x18\x01 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" +
|
|
"\x10\x012\x06.*\\S.*R\vprincipalId\x12>\n" +
|
|
"\x0fprincipal_email\x18\x02 \x01(\tB\x15\xbaH\x12\xc8\x01\x01r\r\x10\x01\x18\xff\x012\x06.*\\S.*R\x0eprincipalEmail\x12G\n" +
|
|
"\x10service_metadata\x18\x03 \x01(\v2\x17.google.protobuf.StructH\x00R\x0fserviceMetadata\x88\x01\x01B\x13\n" +
|
|
"\x11_service_metadataB\x12\n" +
|
|
"\tauthority\x12\x05\xbaH\x02\b\x01*\x96\x02\n" +
|
|
"\vLogSeverity\x12\x1c\n" +
|
|
"\x18LOG_SEVERITY_UNSPECIFIED\x10\x00\x12\x18\n" +
|
|
"\x14LOG_SEVERITY_DEFAULT\x10d\x12\x17\n" +
|
|
"\x12LOG_SEVERITY_DEBUG\x10\xc8\x01\x12\x16\n" +
|
|
"\x11LOG_SEVERITY_INFO\x10\xac\x02\x12\x18\n" +
|
|
"\x13LOG_SEVERITY_NOTICE\x10\x90\x03\x12\x19\n" +
|
|
"\x14LOG_SEVERITY_WARNING\x10\xf4\x03\x12\x17\n" +
|
|
"\x12LOG_SEVERITY_ERROR\x10\xd8\x04\x12\x1a\n" +
|
|
"\x15LOG_SEVERITY_CRITICAL\x10\xbc\x05\x12\x17\n" +
|
|
"\x12LOG_SEVERITY_ALERT\x10\xa0\x06\x12\x1b\n" +
|
|
"\x16LOG_SEVERITY_EMERGENCY\x10\x84\aB1\n" +
|
|
"\x1ccom.schwarz.stackit.audit.v1P\x01Z\x0f./audit;auditV1b\x06proto3"
|
|
|
|
var (
|
|
file_audit_v1_audit_event_proto_rawDescOnce sync.Once
|
|
file_audit_v1_audit_event_proto_rawDescData []byte
|
|
)
|
|
|
|
func file_audit_v1_audit_event_proto_rawDescGZIP() []byte {
|
|
file_audit_v1_audit_event_proto_rawDescOnce.Do(func() {
|
|
file_audit_v1_audit_event_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_audit_v1_audit_event_proto_rawDesc), len(file_audit_v1_audit_event_proto_rawDesc)))
|
|
})
|
|
return file_audit_v1_audit_event_proto_rawDescData
|
|
}
|
|
|
|
var file_audit_v1_audit_event_proto_enumTypes = make([]protoimpl.EnumInfo, 2)
|
|
var file_audit_v1_audit_event_proto_msgTypes = make([]protoimpl.MessageInfo, 16)
|
|
var file_audit_v1_audit_event_proto_goTypes = []any{
|
|
(LogSeverity)(0), // 0: audit.v1.LogSeverity
|
|
(AttributeContext_HttpMethod)(0), // 1: audit.v1.AttributeContext.HttpMethod
|
|
(*AuditLogEntry)(nil), // 2: audit.v1.AuditLogEntry
|
|
(*AuditLog)(nil), // 3: audit.v1.AuditLog
|
|
(*AuthenticationInfo)(nil), // 4: audit.v1.AuthenticationInfo
|
|
(*AuthorizationInfo)(nil), // 5: audit.v1.AuthorizationInfo
|
|
(*AttributeContext)(nil), // 6: audit.v1.AttributeContext
|
|
(*RequestMetadata)(nil), // 7: audit.v1.RequestMetadata
|
|
(*ResponseMetadata)(nil), // 8: audit.v1.ResponseMetadata
|
|
(*ServiceAccountDelegationInfo)(nil), // 9: audit.v1.ServiceAccountDelegationInfo
|
|
nil, // 10: audit.v1.AuditLogEntry.LabelsEntry
|
|
(*AttributeContext_Auth)(nil), // 11: audit.v1.AttributeContext.Auth
|
|
(*AttributeContext_Request)(nil), // 12: audit.v1.AttributeContext.Request
|
|
(*AttributeContext_Response)(nil), // 13: audit.v1.AttributeContext.Response
|
|
nil, // 14: audit.v1.AttributeContext.Request.HeadersEntry
|
|
nil, // 15: audit.v1.AttributeContext.Response.HeadersEntry
|
|
(*ServiceAccountDelegationInfo_SystemPrincipal)(nil), // 16: audit.v1.ServiceAccountDelegationInfo.SystemPrincipal
|
|
(*ServiceAccountDelegationInfo_IdpPrincipal)(nil), // 17: audit.v1.ServiceAccountDelegationInfo.IdpPrincipal
|
|
(*timestamppb.Timestamp)(nil), // 18: google.protobuf.Timestamp
|
|
(*structpb.Struct)(nil), // 19: google.protobuf.Struct
|
|
(*wrapperspb.Int32Value)(nil), // 20: google.protobuf.Int32Value
|
|
(*wrapperspb.Int64Value)(nil), // 21: google.protobuf.Int64Value
|
|
}
|
|
var file_audit_v1_audit_event_proto_depIdxs = []int32{
|
|
3, // 0: audit.v1.AuditLogEntry.proto_payload:type_name -> audit.v1.AuditLog
|
|
10, // 1: audit.v1.AuditLogEntry.labels:type_name -> audit.v1.AuditLogEntry.LabelsEntry
|
|
18, // 2: audit.v1.AuditLogEntry.timestamp:type_name -> google.protobuf.Timestamp
|
|
0, // 3: audit.v1.AuditLogEntry.severity:type_name -> audit.v1.LogSeverity
|
|
4, // 4: audit.v1.AuditLog.authentication_info:type_name -> audit.v1.AuthenticationInfo
|
|
5, // 5: audit.v1.AuditLog.authorization_info:type_name -> audit.v1.AuthorizationInfo
|
|
7, // 6: audit.v1.AuditLog.request_metadata:type_name -> audit.v1.RequestMetadata
|
|
19, // 7: audit.v1.AuditLog.request:type_name -> google.protobuf.Struct
|
|
8, // 8: audit.v1.AuditLog.response_metadata:type_name -> audit.v1.ResponseMetadata
|
|
19, // 9: audit.v1.AuditLog.response:type_name -> google.protobuf.Struct
|
|
19, // 10: audit.v1.AuditLog.metadata:type_name -> google.protobuf.Struct
|
|
9, // 11: audit.v1.AuthenticationInfo.service_account_delegation_info:type_name -> audit.v1.ServiceAccountDelegationInfo
|
|
12, // 12: audit.v1.RequestMetadata.request_attributes:type_name -> audit.v1.AttributeContext.Request
|
|
20, // 13: audit.v1.ResponseMetadata.status_code:type_name -> google.protobuf.Int32Value
|
|
19, // 14: audit.v1.ResponseMetadata.error_details:type_name -> google.protobuf.Struct
|
|
13, // 15: audit.v1.ResponseMetadata.response_attributes:type_name -> audit.v1.AttributeContext.Response
|
|
16, // 16: audit.v1.ServiceAccountDelegationInfo.system_principal:type_name -> audit.v1.ServiceAccountDelegationInfo.SystemPrincipal
|
|
17, // 17: audit.v1.ServiceAccountDelegationInfo.idp_principal:type_name -> audit.v1.ServiceAccountDelegationInfo.IdpPrincipal
|
|
19, // 18: audit.v1.AttributeContext.Auth.claims:type_name -> google.protobuf.Struct
|
|
1, // 19: audit.v1.AttributeContext.Request.method:type_name -> audit.v1.AttributeContext.HttpMethod
|
|
14, // 20: audit.v1.AttributeContext.Request.headers:type_name -> audit.v1.AttributeContext.Request.HeadersEntry
|
|
18, // 21: audit.v1.AttributeContext.Request.time:type_name -> google.protobuf.Timestamp
|
|
11, // 22: audit.v1.AttributeContext.Request.auth:type_name -> audit.v1.AttributeContext.Auth
|
|
21, // 23: audit.v1.AttributeContext.Response.num_response_items:type_name -> google.protobuf.Int64Value
|
|
21, // 24: audit.v1.AttributeContext.Response.size:type_name -> google.protobuf.Int64Value
|
|
15, // 25: audit.v1.AttributeContext.Response.headers:type_name -> audit.v1.AttributeContext.Response.HeadersEntry
|
|
18, // 26: audit.v1.AttributeContext.Response.time:type_name -> google.protobuf.Timestamp
|
|
19, // 27: audit.v1.ServiceAccountDelegationInfo.SystemPrincipal.service_metadata:type_name -> google.protobuf.Struct
|
|
19, // 28: audit.v1.ServiceAccountDelegationInfo.IdpPrincipal.service_metadata:type_name -> google.protobuf.Struct
|
|
29, // [29:29] is the sub-list for method output_type
|
|
29, // [29:29] is the sub-list for method input_type
|
|
29, // [29:29] is the sub-list for extension type_name
|
|
29, // [29:29] is the sub-list for extension extendee
|
|
0, // [0:29] is the sub-list for field type_name
|
|
}
|
|
|
|
func init() { file_audit_v1_audit_event_proto_init() }
|
|
func file_audit_v1_audit_event_proto_init() {
|
|
if File_audit_v1_audit_event_proto != nil {
|
|
return
|
|
}
|
|
file_audit_v1_audit_event_proto_msgTypes[0].OneofWrappers = []any{}
|
|
file_audit_v1_audit_event_proto_msgTypes[1].OneofWrappers = []any{}
|
|
file_audit_v1_audit_event_proto_msgTypes[2].OneofWrappers = []any{}
|
|
file_audit_v1_audit_event_proto_msgTypes[3].OneofWrappers = []any{}
|
|
file_audit_v1_audit_event_proto_msgTypes[6].OneofWrappers = []any{}
|
|
file_audit_v1_audit_event_proto_msgTypes[7].OneofWrappers = []any{
|
|
(*ServiceAccountDelegationInfo_SystemPrincipal_)(nil),
|
|
(*ServiceAccountDelegationInfo_IdpPrincipal_)(nil),
|
|
}
|
|
file_audit_v1_audit_event_proto_msgTypes[10].OneofWrappers = []any{}
|
|
file_audit_v1_audit_event_proto_msgTypes[11].OneofWrappers = []any{}
|
|
file_audit_v1_audit_event_proto_msgTypes[14].OneofWrappers = []any{}
|
|
file_audit_v1_audit_event_proto_msgTypes[15].OneofWrappers = []any{}
|
|
type x struct{}
|
|
out := protoimpl.TypeBuilder{
|
|
File: protoimpl.DescBuilder{
|
|
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
|
|
RawDescriptor: unsafe.Slice(unsafe.StringData(file_audit_v1_audit_event_proto_rawDesc), len(file_audit_v1_audit_event_proto_rawDesc)),
|
|
NumEnums: 2,
|
|
NumMessages: 16,
|
|
NumExtensions: 0,
|
|
NumServices: 0,
|
|
},
|
|
GoTypes: file_audit_v1_audit_event_proto_goTypes,
|
|
DependencyIndexes: file_audit_v1_audit_event_proto_depIdxs,
|
|
EnumInfos: file_audit_v1_audit_event_proto_enumTypes,
|
|
MessageInfos: file_audit_v1_audit_event_proto_msgTypes,
|
|
}.Build()
|
|
File_audit_v1_audit_event_proto = out.File
|
|
file_audit_v1_audit_event_proto_goTypes = nil
|
|
file_audit_v1_audit_event_proto_depIdxs = nil
|
|
}
|