Skip to content

Commit ca4ea9b

Browse files
author
Praveenrajmani
committed
use separate Details struct and avoid interface{} or any
1 parent 8fe7f59 commit ca4ea9b

File tree

5 files changed

+6022
-866
lines changed

5 files changed

+6022
-866
lines changed

log/audit.go

Lines changed: 187 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@ const (
6363
AuditCategoryIDP AuditCategory = "idp"
6464
AuditCategoryLogRecorder AuditCategory = "log-recorder"
6565
AuditCategoryHeal AuditCategory = "heal"
66+
AuditCategoryBatch AuditCategory = "batch"
6667
)
6768

6869
// AuditAction represents the type of action performed
@@ -87,6 +88,28 @@ const (
8788
AuditActionDetach AuditAction = "detach"
8889
)
8990

91+
// AuditDetails is a union type containing category-specific audit details
92+
type AuditDetails struct {
93+
Config *ConfigAuditDetails `json:"config,omitempty"`
94+
User *UserAuditDetails `json:"user,omitempty"`
95+
ServiceAccount *ServiceAccountAuditDetails `json:"serviceAccount,omitempty"`
96+
Policy *PolicyAuditDetails `json:"policy,omitempty"`
97+
Group *GroupAuditDetails `json:"group,omitempty"`
98+
BucketConfig *BucketConfigAuditDetails `json:"bucketConfig,omitempty"`
99+
BucketQuota *BucketQuotaAuditDetails `json:"bucketQuota,omitempty"`
100+
BucketQOS *BucketQOSAuditDetails `json:"bucketQOS,omitempty"`
101+
BucketInventory *BucketInventoryAuditDetails `json:"bucketInventory,omitempty"`
102+
Tier *TierAuditDetails `json:"tier,omitempty"`
103+
Service *ServiceAuditDetails `json:"service,omitempty"`
104+
KMS *KMSAuditDetails `json:"kms,omitempty"`
105+
Pool *PoolAuditDetails `json:"pool,omitempty"`
106+
SiteRepl *SiteReplicationAuditDetails `json:"siteRepl,omitempty"`
107+
IDP *IDPAuditDetails `json:"idp,omitempty"`
108+
Recorder *RecorderAuditDetails `json:"recorder,omitempty"`
109+
Heal *HealAuditDetails `json:"heal,omitempty"`
110+
Batch *BatchAuditDetails `json:"batch,omitempty"`
111+
}
112+
90113
// Audit represents the user triggered audit events
91114
type Audit struct {
92115
Version string `json:"version"`
@@ -102,7 +125,7 @@ type Audit struct {
102125
SourceHost string `json:"sourceHost,omitempty"`
103126
AccessKey string `json:"accessKey,omitempty"`
104127
ParentUser string `json:"parentUser,omitempty"`
105-
Details interface{} `json:"details,omitempty"`
128+
Details *AuditDetails `json:"details,omitempty"`
106129
}
107130

108131
// ConfigAuditDetails captures config mutation details
@@ -299,26 +322,170 @@ type HealAuditDetails struct {
299322
// Redact redacts sensitive fields in HealAuditDetails
300323
func (h *HealAuditDetails) Redact() {}
301324

302-
// String returns a canonical string for Audit
325+
// BatchAuditDetails captures batch job operation details
326+
type BatchAuditDetails struct {
327+
JobID string `json:"jobID,omitempty"`
328+
JobType string `json:"jobType,omitempty"`
329+
User string `json:"user,omitempty"`
330+
}
331+
332+
// Redact redacts sensitive fields in BatchAuditDetails
333+
func (b *BatchAuditDetails) Redact() {}
334+
335+
// Message returns a human-readable message for batch audit
336+
func (b BatchAuditDetails) Message() string {
337+
if b.JobType != "" && b.JobID != "" {
338+
return "Batch job '" + b.JobType + "' (" + b.JobID + ")"
339+
}
340+
if b.JobID != "" {
341+
return "Batch job " + b.JobID
342+
}
343+
return "Batch job operation"
344+
}
345+
346+
// Details returns specific parameter changes for batch audit
347+
func (b BatchAuditDetails) Details() string {
348+
var parts []string
349+
if b.User != "" {
350+
parts = append(parts, "user:"+b.User)
351+
}
352+
return strings.Join(parts, " ")
353+
}
354+
355+
// BucketQuotaAuditDetails captures bucket quota configuration changes
356+
type BucketQuotaAuditDetails struct {
357+
BucketName string `json:"bucketName"`
358+
QuotaSize uint64 `json:"quotaSize,omitempty"`
359+
QuotaType string `json:"quotaType,omitempty"`
360+
}
361+
362+
// Redact redacts sensitive fields in BucketQuotaAuditDetails
363+
func (q *BucketQuotaAuditDetails) Redact() {}
364+
365+
// Message returns a human-readable message for bucket quota audit
366+
func (q BucketQuotaAuditDetails) Message() string {
367+
if q.BucketName != "" {
368+
return "Bucket quota for '" + q.BucketName + "'"
369+
}
370+
return "Bucket quota modified"
371+
}
372+
373+
// Details returns specific parameter changes for bucket quota audit
374+
func (q BucketQuotaAuditDetails) Details() string {
375+
var parts []string
376+
if q.QuotaSize > 0 {
377+
parts = append(parts, fmt.Sprintf("size:%d", q.QuotaSize))
378+
}
379+
if q.QuotaType != "" {
380+
parts = append(parts, "type:"+q.QuotaType)
381+
}
382+
return strings.Join(parts, " ")
383+
}
384+
385+
// BucketQOSAuditDetails captures bucket QoS configuration changes
386+
type BucketQOSAuditDetails struct {
387+
BucketName string `json:"bucketName"`
388+
Enabled bool `json:"enabled"`
389+
Rules []QOSRuleDetail `json:"rules,omitempty"`
390+
}
391+
392+
// QOSRuleDetail captures details of a single QoS rule
393+
type QOSRuleDetail struct {
394+
ID string `json:"id,omitempty"`
395+
Label string `json:"label,omitempty"`
396+
Priority int `json:"priority,omitempty"`
397+
ObjectPrefix string `json:"objectPrefix,omitempty"`
398+
API string `json:"api,omitempty"`
399+
Rate int64 `json:"rate,omitempty"`
400+
Burst int64 `json:"burst,omitempty"`
401+
LimitType string `json:"limitType,omitempty"`
402+
}
403+
404+
// Redact redacts sensitive fields in BucketQOSAuditDetails
405+
func (q *BucketQOSAuditDetails) Redact() {}
406+
407+
// Message returns a human-readable message for bucket QoS audit
408+
func (q BucketQOSAuditDetails) Message() string {
409+
if q.BucketName != "" {
410+
status := "disabled"
411+
if q.Enabled {
412+
status = "enabled"
413+
}
414+
return "Bucket QoS for '" + q.BucketName + "' " + status
415+
}
416+
return "Bucket QoS modified"
417+
}
418+
419+
// Details returns specific parameter changes for bucket QoS audit
420+
func (q BucketQOSAuditDetails) Details() string {
421+
if len(q.Rules) > 0 {
422+
return fmt.Sprintf("rules:%d", len(q.Rules))
423+
}
424+
return ""
425+
}
426+
427+
// BucketInventoryAuditDetails captures bucket inventory configuration changes
428+
type BucketInventoryAuditDetails struct {
429+
BucketName string `json:"bucketName"`
430+
InventoryID string `json:"inventoryID,omitempty"`
431+
DestinationBucket string `json:"destinationBucket,omitempty"`
432+
Schedule string `json:"schedule,omitempty"`
433+
}
434+
435+
// Redact redacts sensitive fields in BucketInventoryAuditDetails
436+
func (i *BucketInventoryAuditDetails) Redact() {}
437+
438+
// Message returns a human-readable message for bucket inventory audit
439+
func (i BucketInventoryAuditDetails) Message() string {
440+
if i.BucketName != "" && i.InventoryID != "" {
441+
return "Bucket inventory '" + i.InventoryID + "' for '" + i.BucketName + "'"
442+
}
443+
if i.BucketName != "" {
444+
return "Bucket inventory for '" + i.BucketName + "'"
445+
}
446+
return "Bucket inventory modified"
447+
}
448+
449+
// Details returns specific parameter changes for bucket inventory audit
450+
func (i BucketInventoryAuditDetails) Details() string {
451+
var parts []string
452+
if i.DestinationBucket != "" {
453+
parts = append(parts, "dest:"+i.DestinationBucket)
454+
}
455+
if i.Schedule != "" {
456+
parts = append(parts, "schedule:"+i.Schedule)
457+
}
458+
return strings.Join(parts, " ")
459+
}
460+
461+
// TierAuditDetails captures tier configuration changes
462+
type TierAuditDetails struct {
463+
TierName string `json:"tierName"`
464+
TierType string `json:"tierType,omitempty"`
465+
}
466+
467+
// Redact redacts sensitive fields in TierAuditDetails
468+
func (t *TierAuditDetails) Redact() {}
469+
470+
// Message returns a human-readable message for tier audit
471+
func (t TierAuditDetails) Message() string {
472+
if t.TierName != "" && t.TierType != "" {
473+
return "Tier '" + t.TierName + "' (" + t.TierType + ")"
474+
}
475+
if t.TierName != "" {
476+
return "Tier '" + t.TierName + "'"
477+
}
478+
return "Tier configuration modified"
479+
}
480+
481+
// Details returns specific parameter changes for tier audit
482+
func (t TierAuditDetails) Details() string {
483+
return ""
484+
}
485+
486+
// String returns a simple string representation for Audit (required by eos LogEntry interface)
303487
func (a Audit) String() string {
304-
values := []string{
305-
toString("version", a.Version),
306-
toTime("time", a.Time),
307-
toString("node", a.Node),
308-
toString("apiName", a.APIName),
309-
toString("category", string(a.Category)),
310-
toString("action", string(a.Action)),
311-
toString("bucket", a.Bucket),
312-
toMap("tags", a.Tags),
313-
toString("requestID", a.RequestID),
314-
toInterfaceMap("requestClaims", a.ReqClaims),
315-
toString("sourceHost", a.SourceHost),
316-
toString("accessKey", a.AccessKey),
317-
toString("parentUser", a.ParentUser),
318-
toInterface("details", a.Details),
319-
}
320-
values = filterAndSort(values)
321-
return strings.Join(values, ",")
488+
return fmt.Sprintf("audit: category=%s action=%s api=%s", a.Category, a.Action, a.APIName)
322489
}
323490

324491
// Message returns a short summary of the config mutation

0 commit comments

Comments
 (0)