mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-03 11:45:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
4f9530eec7d1a36db6e0831ff6d7829d724adbd5
pinniped/internal/plog/audit_event.go
Ryan Richard 4f9530eec7 audit logging WIP
2024-11-27 13:53:00 -06:00

48 lines
2.0 KiB
Go
Raw Blame History

// Copyright 2024 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package plog
import (
"net/url"
"k8s.io/apimachinery/pkg/util/sets"
)
type AuditEventMessage string
const (
AuditEventHTTPRequestReceived AuditEventMessage = "HTTP Request Received"
AuditEventHTTPRequestCompleted AuditEventMessage = "HTTP Request Completed"
AuditEventHTTPRequestParameters AuditEventMessage = "HTTP Request Parameters"
AuditEventHTTPRequestCustomHeadersUsed AuditEventMessage = "HTTP Request Custom Headers Used"
AuditEventUsingUpstreamIDP AuditEventMessage = "Using Upstream IDP"
AuditEventIdentityFromUpstreamIDP AuditEventMessage = "Identity From Upstream IDP"
AuditEventIdentityRefreshedFromUpstreamIDP AuditEventMessage = "Identity Refreshed From Upstream IDP"
AuditEventSessionStarted AuditEventMessage = "Session Started"
AuditEventSessionRefreshed AuditEventMessage = "Session Refreshed"
AuditEventAuthenticationRejectedByTransforms AuditEventMessage = "Authentication RejectedBy Transforms"
AuditEventUpstreamOIDCTokenRevoked AuditEventMessage = "Upstream OIDC Token Revoked" //nolint:gosec // this is not a credential
AuditEventSessionGarbageCollected AuditEventMessage = "Session Garbage Collected"
AuditEventTokenCredentialRequest AuditEventMessage = "TokenCredentialRequest" //nolint:gosec // this is not a credential
)
// SanitizeParams can be used to redact all params not included in the allowedKeys set.
// Useful when audit logging AuditEventHTTPRequestParameters events.
func SanitizeParams(params url.Values, allowedKeys sets.Set[string]) string {
if len(params) == 0 {
return ""
}
sanitized := url.Values{}
for key := range params {
if allowedKeys.Has(key) {
sanitized[key] = params[key]
} else {
for range params[key] {
sanitized.Add(key, "redacted")
}
}
}
return sanitized.Encode()
}
Reference in New Issue View Git Blame Copy Permalink