audit

package
v0.0.0-...-e5a2e49 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 18, 2026 License: BSD-3-Clause Imports: 9 Imported by: 0

Documentation

Overview

Package audit provides an audit log writer for access to secrets.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Entry 

type Entry struct {
	// ID is the entry's ID.
	ID uint64 `json:"id"`
	// Time is the entry's timestamp.
	Time time.Time `json:"time"`
	// Principal is the client who is doing something.
	Principal Principal `json:"principal"`
	// Action is the action being performed on a secret.
	Action acl.Action `json:"action"`
	// Authorized is whether the action in this entry took place, or
	// was attempted and denied due to ACLs.
	Authorized bool `json:"authorized"`

	// Secret is the name of the secret being acted upon. Set for all
	// actions, except acl.ActionInfo where an empty secret indicates
	// a list operation.
	Secret string `json:"secret,omitempty"`
	// SecretVersion is the version of the secret being acted
	// upon. Set for acl.ActionGet, acl.ActionPut,
	// acl.ActionSetActive.
	SecretVersion api.SecretVersion `json:"secretVersion,omitempty"`
}

Entry is an audit log entry.

type Principal 

type Principal struct {
	// Hostname is the principal's Tailscale FQDN.
	Hostname string `json:"hostname"`
	// IP is one of the principal's Tailscale IPs that correspond to
	// Hostname. The specific IP here depends on the builder of an
	// instance of Principal, but is usually the IP from which a
	// request was received.
	IP netip.Addr `json:"ip"`
	// User is the human identity of the principal, or the empty
	// string if the principal is a tagged device.
	User string `json:"user,omitempty"`
	// Tags is the tags of the principal, or nil if the principal is
	// not a tagged device.
	Tags []string `json:"tags,omitempty"`
}

Principal is the identity of a client taking action on the secrets service.

type Writer 

type Writer struct {
	// contains filtered or unexported fields
}

Writer is an audit log writer.

func New 

func New(w io.Writer) *Writer

New returns a Writer that outputs audit log entries to w as JSON objects. If w also implements io.Closer, Writer.Close closes w. If w also implements a Sync method with the same signature as os.File, Writer.Sync calls w.Sync.

func NewFile 

func NewFile(path string) (*Writer, error)

NewFile returns a Writer that outputs audit log entries to a file at path, creating it if necessary.

func (*Writer) Close 

func (l *Writer) Close() error

Close closes the Writer if the writer was created with a sink that implements io.Closer, or else does nothing successfully.

func (*Writer) Sync 

func (l *Writer) Sync() error

Sync commits the current contents of the file to stable storage if the Writer was created with a sink that itself implements Sync, or else does nothing successfully.

func (*Writer) WriteEntries 

func (l *Writer) WriteEntries(entries ...*Entry) error

WriteEntries writes entries to the audit log. Each entry's ID and Time fields are set prior to writing, any existing value is overwritten.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.