github.com/gravitational/teleport/api@v0.0.0-20240507183017-3110591cbafc/types/audit.go (about) 1 /* 2 Copyright 2021 Gravitational, Inc. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package types 18 19 import ( 20 "time" 21 22 "github.com/gravitational/trace" 23 24 "github.com/gravitational/teleport/api/utils" 25 ) 26 27 // ClusterAuditConfig defines cluster-wide audit log configuration. This is 28 // a configuration resource, never create more than one instance of it. 29 type ClusterAuditConfig interface { 30 Resource 31 32 // Type gets the audit backend type. 33 Type() string 34 // SetType sets the audit backend type. 35 SetType(string) 36 37 // Region gets a cloud provider region. 38 Region() string 39 // SetRegion sets a cloud provider region. 40 SetRegion(string) 41 42 // ShouldUploadSessions returns whether audit config 43 // instructs server to upload sessions. 44 ShouldUploadSessions() bool 45 46 // AuditSessionsURI gets the audit sessions URI. 47 AuditSessionsURI() string 48 // SetAuditSessionsURI sets the audit sessions URI. 49 SetAuditSessionsURI(string) 50 51 // AuditEventsURIs gets the audit events URIs. 52 AuditEventsURIs() []string 53 // SetAuditEventsURIs sets the audit events URIs. 54 SetAuditEventsURIs([]string) 55 56 // SetUseFIPSEndpoint sets the FIPS endpoint state for S3/Dynamo backends. 57 SetUseFIPSEndpoint(state ClusterAuditConfigSpecV2_FIPSEndpointState) 58 // GetUseFIPSEndpoint gets the current FIPS endpoint setting 59 GetUseFIPSEndpoint() ClusterAuditConfigSpecV2_FIPSEndpointState 60 61 // EnableContinuousBackups is used to enable (or disable) PITR (Point-In-Time Recovery). 62 EnableContinuousBackups() bool 63 // EnableAutoScaling is used to enable (or disable) auto scaling policy. 64 EnableAutoScaling() bool 65 // ReadMaxCapacity is the maximum provisioned read capacity. 66 ReadMaxCapacity() int64 67 // ReadMinCapacity is the minimum provisioned read capacity. 68 ReadMinCapacity() int64 69 // ReadTargetValue is the ratio of consumed read to provisioned capacity. 70 ReadTargetValue() float64 71 // WriteMaxCapacity is the maximum provisioned write capacity. 72 WriteMaxCapacity() int64 73 // WriteMinCapacity is the minimum provisioned write capacity. 74 WriteMinCapacity() int64 75 // WriteTargetValue is the ratio of consumed write to provisioned capacity. 76 WriteTargetValue() float64 77 // RetentionPeriod is the retention period for audit events. 78 RetentionPeriod() *Duration 79 // Clone performs a deep copy. 80 Clone() ClusterAuditConfig 81 } 82 83 // NewClusterAuditConfig is a convenience method to to create ClusterAuditConfigV2. 84 func NewClusterAuditConfig(spec ClusterAuditConfigSpecV2) (ClusterAuditConfig, error) { 85 auditConfig := &ClusterAuditConfigV2{Spec: spec} 86 if err := auditConfig.CheckAndSetDefaults(); err != nil { 87 return nil, trace.Wrap(err) 88 } 89 return auditConfig, nil 90 } 91 92 // DefaultClusterAuditConfig returns the default audit log configuration. 93 func DefaultClusterAuditConfig() ClusterAuditConfig { 94 config, _ := NewClusterAuditConfig(ClusterAuditConfigSpecV2{}) 95 return config 96 } 97 98 // GetVersion returns resource version. 99 func (c *ClusterAuditConfigV2) GetVersion() string { 100 return c.Version 101 } 102 103 // GetName returns the name of the resource. 104 func (c *ClusterAuditConfigV2) GetName() string { 105 return c.Metadata.Name 106 } 107 108 // SetName sets the name of the resource. 109 func (c *ClusterAuditConfigV2) SetName(e string) { 110 c.Metadata.Name = e 111 } 112 113 // SetExpiry sets expiry time for the object. 114 func (c *ClusterAuditConfigV2) SetExpiry(expires time.Time) { 115 c.Metadata.SetExpiry(expires) 116 } 117 118 // Expiry returns object expiry setting. 119 func (c *ClusterAuditConfigV2) Expiry() time.Time { 120 return c.Metadata.Expiry() 121 } 122 123 // GetMetadata returns object metadata. 124 func (c *ClusterAuditConfigV2) GetMetadata() Metadata { 125 return c.Metadata 126 } 127 128 // GetResourceID returns resource ID. 129 func (c *ClusterAuditConfigV2) GetResourceID() int64 { 130 return c.Metadata.ID 131 } 132 133 // SetResourceID sets resource ID. 134 func (c *ClusterAuditConfigV2) SetResourceID(id int64) { 135 c.Metadata.ID = id 136 } 137 138 // GetRevision returns the revision 139 func (c *ClusterAuditConfigV2) GetRevision() string { 140 return c.Metadata.GetRevision() 141 } 142 143 // SetRevision sets the revision 144 func (c *ClusterAuditConfigV2) SetRevision(rev string) { 145 c.Metadata.SetRevision(rev) 146 } 147 148 // GetKind returns resource kind. 149 func (c *ClusterAuditConfigV2) GetKind() string { 150 return c.Kind 151 } 152 153 // GetSubKind returns resource subkind. 154 func (c *ClusterAuditConfigV2) GetSubKind() string { 155 return c.SubKind 156 } 157 158 // SetSubKind sets resource subkind. 159 func (c *ClusterAuditConfigV2) SetSubKind(sk string) { 160 c.SubKind = sk 161 } 162 163 // Type gets the audit backend type. 164 func (c *ClusterAuditConfigV2) Type() string { 165 return c.Spec.Type 166 } 167 168 // SetType sets the audit backend type. 169 func (c *ClusterAuditConfigV2) SetType(backendType string) { 170 c.Spec.Type = backendType 171 } 172 173 // Region gets a cloud provider region. 174 func (c *ClusterAuditConfigV2) Region() string { 175 return c.Spec.Region 176 } 177 178 // SetRegion sets a cloud provider region. 179 func (c *ClusterAuditConfigV2) SetRegion(region string) { 180 c.Spec.Region = region 181 } 182 183 // ShouldUploadSessions returns whether audit config 184 // instructs server to upload sessions. 185 func (c *ClusterAuditConfigV2) ShouldUploadSessions() bool { 186 return c.Spec.AuditSessionsURI != "" 187 } 188 189 // AuditSessionsURI gets the audit sessions URI. 190 func (c *ClusterAuditConfigV2) AuditSessionsURI() string { 191 return c.Spec.AuditSessionsURI 192 } 193 194 // SetAuditSessionsURI sets the audit sessions URI. 195 func (c *ClusterAuditConfigV2) SetAuditSessionsURI(uri string) { 196 c.Spec.AuditSessionsURI = uri 197 } 198 199 // AuditEventsURIs gets the audit events URIs. 200 func (c *ClusterAuditConfigV2) AuditEventsURIs() []string { 201 return c.Spec.AuditEventsURI 202 } 203 204 // SetAuditEventsURIs sets the audit events URIs. 205 func (c *ClusterAuditConfigV2) SetAuditEventsURIs(uris []string) { 206 c.Spec.AuditEventsURI = uris 207 } 208 209 // SetUseFIPSEndpoint sets the FIPS endpoint state for S3/Dynamo backends. 210 func (c *ClusterAuditConfigV2) SetUseFIPSEndpoint(state ClusterAuditConfigSpecV2_FIPSEndpointState) { 211 c.Spec.UseFIPSEndpoint = state 212 } 213 214 // GetUseFIPSEndpoint gets the current FIPS endpoint setting 215 func (c *ClusterAuditConfigV2) GetUseFIPSEndpoint() ClusterAuditConfigSpecV2_FIPSEndpointState { 216 return c.Spec.UseFIPSEndpoint 217 } 218 219 // EnableContinuousBackups is used to enable (or disable) PITR (Point-In-Time Recovery). 220 func (c *ClusterAuditConfigV2) EnableContinuousBackups() bool { 221 return c.Spec.EnableContinuousBackups 222 } 223 224 // EnableAutoScaling is used to enable (or disable) auto scaling policy. 225 func (c *ClusterAuditConfigV2) EnableAutoScaling() bool { 226 return c.Spec.EnableAutoScaling 227 } 228 229 // ReadMaxCapacity is the maximum provisioned read capacity. 230 func (c *ClusterAuditConfigV2) ReadMaxCapacity() int64 { 231 return c.Spec.ReadMaxCapacity 232 } 233 234 // ReadMinCapacity is the minimum provisioned read capacity. 235 func (c *ClusterAuditConfigV2) ReadMinCapacity() int64 { 236 return c.Spec.ReadMinCapacity 237 } 238 239 // ReadTargetValue is the ratio of consumed read to provisioned capacity. 240 func (c *ClusterAuditConfigV2) ReadTargetValue() float64 { 241 return c.Spec.ReadTargetValue 242 } 243 244 // WriteMaxCapacity is the maximum provisioned write capacity. 245 func (c *ClusterAuditConfigV2) WriteMaxCapacity() int64 { 246 return c.Spec.WriteMaxCapacity 247 } 248 249 // WriteMinCapacity is the minimum provisioned write capacity. 250 func (c *ClusterAuditConfigV2) WriteMinCapacity() int64 { 251 return c.Spec.WriteMinCapacity 252 } 253 254 // WriteTargetValue is the ratio of consumed write to provisioned capacity. 255 func (c *ClusterAuditConfigV2) WriteTargetValue() float64 { 256 return c.Spec.WriteTargetValue 257 } 258 259 // RetentionPeriod is the retention period for audit events. 260 func (c *ClusterAuditConfigV2) RetentionPeriod() *Duration { 261 value := c.Spec.RetentionPeriod 262 return &value 263 } 264 265 // Clone performs a deep copy. 266 func (c *ClusterAuditConfigV2) Clone() ClusterAuditConfig { 267 return utils.CloneProtoMsg(c) 268 } 269 270 // setStaticFields sets static resource header and metadata fields. 271 func (c *ClusterAuditConfigV2) setStaticFields() { 272 c.Kind = KindClusterAuditConfig 273 c.Version = V2 274 c.Metadata.Name = MetaNameClusterAuditConfig 275 } 276 277 // CheckAndSetDefaults verifies the constraints for ClusterAuditConfig. 278 func (c *ClusterAuditConfigV2) CheckAndSetDefaults() error { 279 c.setStaticFields() 280 if err := c.Metadata.CheckAndSetDefaults(); err != nil { 281 return trace.Wrap(err) 282 } 283 284 return nil 285 }