mirror of https://github.com/grpc/grpc-go.git
Gregory Cooke
GitHub
parent
875c97a94d
commit
3fc6e0016e
|
|
@ -16,7 +16,8 @@
|
|||
*
|
||||
*/
|
||||
|
||||
package authz
|
||||
// Package audit contains interfaces for audit logging during authorization.
|
||||
package audit
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
|
|
@ -27,38 +28,38 @@ import (
|
|||
// to facilitate thread-safe reading/writing operations.
|
||||
type loggerBuilderRegistry struct {
|
||||
mu sync.Mutex
|
||||
builders map[string]AuditLoggerBuilder
|
||||
builders map[string]LoggerBuilder
|
||||
}
|
||||
|
||||
var (
|
||||
registry = loggerBuilderRegistry{
|
||||
builders: make(map[string]AuditLoggerBuilder),
|
||||
builders: make(map[string]LoggerBuilder),
|
||||
}
|
||||
)
|
||||
|
||||
// RegisterAuditLoggerBuilder registers the builder in a global map
|
||||
// RegisterLoggerBuilder registers the builder in a global map
|
||||
// using b.Name() as the key.
|
||||
//
|
||||
// This should only be called during initialization time (i.e. in an init()
|
||||
// function). If multiple builders are registered with the same name,
|
||||
// the one registered last will take effect.
|
||||
func RegisterAuditLoggerBuilder(b AuditLoggerBuilder) {
|
||||
func RegisterLoggerBuilder(b LoggerBuilder) {
|
||||
registry.mu.Lock()
|
||||
defer registry.mu.Unlock()
|
||||
registry.builders[b.Name()] = b
|
||||
}
|
||||
|
||||
// GetAuditLoggerBuilder returns a builder with the given name.
|
||||
// GetLoggerBuilder returns a builder with the given name.
|
||||
// It returns nil if the builder is not found in the registry.
|
||||
func GetAuditLoggerBuilder(name string) AuditLoggerBuilder {
|
||||
func GetLoggerBuilder(name string) LoggerBuilder {
|
||||
registry.mu.Lock()
|
||||
defer registry.mu.Unlock()
|
||||
return registry.builders[name]
|
||||
}
|
||||
|
||||
// AuditEvent contains information passed to the audit logger as part of an
|
||||
// Event contains information passed to the audit logger as part of an
|
||||
// audit logging event.
|
||||
type AuditEvent struct {
|
||||
type Event struct {
|
||||
// FullMethodName is the full method name of the audited RPC, in the format
|
||||
// of "/pkg.Service/Method". For example, "/helloworld.Greeter/SayHello".
|
||||
FullMethodName string
|
||||
|
|
@ -74,14 +75,14 @@ type AuditEvent struct {
|
|||
Authorized bool
|
||||
}
|
||||
|
||||
// AuditLoggerConfig represents an opaque data structure holding an audit
|
||||
// LoggerConfig represents an opaque data structure holding an audit
|
||||
// logger configuration. Concrete types representing configuration of specific
|
||||
// audit loggers must embed this interface to implement it.
|
||||
type AuditLoggerConfig interface {
|
||||
auditLoggerConfig()
|
||||
type LoggerConfig interface {
|
||||
loggerConfig()
|
||||
}
|
||||
|
||||
// AuditLogger is the interface to be implemented by audit loggers.
|
||||
// Logger is the interface to be implemented by audit loggers.
|
||||
//
|
||||
// An audit logger is a logger instance that can be configured via the
|
||||
// authorization policy API or xDS HTTP RBAC filters. When the authorization
|
||||
|
|
@ -91,35 +92,35 @@ type AuditLoggerConfig interface {
|
|||
// TODO(lwge): Change the link to the merged gRFC once it's ready.
|
||||
// Please refer to https://github.com/grpc/proposal/pull/346 for more details
|
||||
// about audit logging.
|
||||
type AuditLogger interface {
|
||||
type Logger interface {
|
||||
// Log performs audit logging for the provided audit event.
|
||||
//
|
||||
// This method is invoked in the RPC path and therefore implementations
|
||||
// must not block.
|
||||
Log(*AuditEvent)
|
||||
Log(*Event)
|
||||
}
|
||||
|
||||
// AuditLoggerBuilder is the interface to be implemented by audit logger
|
||||
// LoggerBuilder is the interface to be implemented by audit logger
|
||||
// builders that are used at runtime to configure and instantiate audit loggers.
|
||||
//
|
||||
// Users who want to implement their own audit logging logic should
|
||||
// implement this interface, along with the AuditLogger interface, and register
|
||||
// it by calling RegisterAuditLoggerBuilder() at init time.
|
||||
// implement this interface, along with the Logger interface, and register
|
||||
// it by calling RegisterLoggerBuilder() at init time.
|
||||
//
|
||||
// TODO(lwge): Change the link to the merged gRFC once it's ready.
|
||||
// Please refer to https://github.com/grpc/proposal/pull/346 for more details
|
||||
// about audit logging.
|
||||
type AuditLoggerBuilder interface {
|
||||
// ParseAuditLoggerConfig parses the given JSON bytes into a structured
|
||||
type LoggerBuilder interface {
|
||||
// ParseLoggerConfig parses the given JSON bytes into a structured
|
||||
// logger config this builder can use to build an audit logger.
|
||||
ParseAuditLoggerConfig(config json.RawMessage) (AuditLoggerConfig, error)
|
||||
ParseLoggerConfig(config json.RawMessage) (LoggerConfig, error)
|
||||
// Build builds an audit logger with the given logger config.
|
||||
// This will only be called with valid configs returned from
|
||||
// ParseAuditLoggerConfig() and any runtime issues such as failing to
|
||||
// ParseLoggerConfig() and any runtime issues such as failing to
|
||||
// create a file should be handled by the logger implementation instead of
|
||||
// failing the logger instantiation. So implementers need to make sure it
|
||||
// can return a logger without error at this stage.
|
||||
Build(AuditLoggerConfig) AuditLogger
|
||||
Build(LoggerConfig) Logger
|
||||
// Name returns the name of logger built by this builder.
|
||||
// This is used to register and pick the builder.
|
||||
Name() string
|
||||
Loading…
Reference in New Issue