-
Notifications
You must be signed in to change notification settings - Fork 9
/
auditlogsapi.go
85 lines (74 loc) · 2.66 KB
/
auditlogsapi.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
// Copyright 2020 Google LLC.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package auditlogsapi
import (
"context"
"strings"
glog "github.com/golang/glog" /* copybara-comment */
lgrpcpb "google.golang.org/genproto/googleapis/logging/v2" /* copybara-comment: logging_go_grpc */
lpb "google.golang.org/genproto/googleapis/logging/v2" /* copybara-comment: logging_go_proto */
apb "github.com/GoogleCloudPlatform/healthcare-federated-access-services/proto/auditlogs/v0" /* copybara-comment: auditlogs_go_proto */
)
// AuditLogs is implments the audit logs API for DAM.
// Currently support GCP tokens.
type AuditLogs struct {
// sdl is the Stackdriver Logging Client.
sdl lgrpcpb.LoggingServiceV2Client
// projectID identifies the GCP project where the auditlogs are located.
projectID string
// serviceName of current instance
serviceName string
}
// NewAuditLogs creates a new AuditLogs.
func NewAuditLogs(sdl lgrpcpb.LoggingServiceV2Client, projectID, serviceName string) *AuditLogs {
return &AuditLogs{sdl: sdl, projectID: projectID, serviceName: serviceName}
}
// ListAuditLogs lists the audit logs.
func (s *AuditLogs) ListAuditLogs(ctx context.Context, req *apb.ListAuditLogsRequest) (*apb.ListAuditLogsResponse, error) {
filters := []string{
`logName="projects/` + s.projectID + `/logs/federated-access-audit"`,
`labels.token_subject="` + req.UserId + `"`,
`labels.service_name="` + s.serviceName + `"`,
}
f, err := extractFilters(req.Filter)
if err != nil {
return nil, err
}
if len(f) > 0 {
filters = append(filters, f)
}
sdlReq := &lpb.ListLogEntriesRequest{
ResourceNames: []string{"projects/" + s.projectID},
PageSize: req.PageSize,
PageToken: req.PageToken,
OrderBy: "timestamp desc",
Filter: strings.Join(filters, " AND "),
}
sdlResp, err := s.sdl.ListLogEntries(ctx, sdlReq)
if err != nil {
return nil, err
}
resp := &apb.ListAuditLogsResponse{
NextPageToken: sdlResp.GetNextPageToken(),
}
for _, e := range sdlResp.GetEntries() {
a, err := ToAuditLog(e)
if err != nil {
glog.Warningf("ToAuditLog() failed: %v", err)
continue
}
resp.AuditLogs = append(resp.AuditLogs, a)
}
return resp, nil
}