This repository was archived by the owner on Oct 2, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathconfig.go
More file actions
106 lines (95 loc) · 3.22 KB
/
config.go
File metadata and controls
106 lines (95 loc) · 3.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
package auditlog
import (
"fmt"
"github.com/containerssh/auditlog/storage/file"
"github.com/containerssh/auditlog/storage/s3"
)
// Format describes the audit log format in use.
type Format string
const (
// FormatNone signals that no audit logging should take place.
FormatNone Format = "none"
// FormatBinary signals that audit logging should take place in CBOR+GZIP format
// (see https://containerssh.github.io/advanced/audit/format/ )
FormatBinary Format = "binary"
// FormatAsciinema signals that audit logging should take place in Asciicast v2 format
// (see https://github.com/asciinema/asciinema/blob/develop/doc/asciicast-v2.md )
FormatAsciinema Format = "asciinema"
)
// Validate checks the format.
func (f Format) Validate() error {
switch f {
case FormatBinary:
case FormatAsciinema:
case FormatNone:
default:
return fmt.Errorf("invalid audit log format: %s", f)
}
return nil
}
// Storage describes the storage backend to use.
type Storage string
const (
// StorageNone signals that no storage should be used.
StorageNone Storage = "none"
// StorageFile signals that audit logs should be stored in a local directory.
StorageFile Storage = "file"
// StorageS3 signals that audit logs should be stored in an S3-compatible object storage.
StorageS3 Storage = "s3"
)
// Validate checks the storage.
func (s Storage) Validate() error {
switch s {
case StorageNone:
case StorageFile:
case StorageS3:
default:
return fmt.Errorf("invalid audit log storage: %s", s)
}
return nil
}
// Config is the configuration structure for audit logging.
type Config struct {
// Enable turns on audit logging.
Enable bool `json:"enable" yaml:"enable" default:"false"`
// Format audit format
Format Format `json:"format" yaml:"format" default:"none"`
// Storage audit storage type
Storage Storage `json:"storage" yaml:"storage" default:"none"`
// File audit logger configuration
File file.Config `json:"file" yaml:"file"`
// S3 configuration
S3 s3.Config `json:"s3" yaml:"s3"`
// Intercept configures what should be intercepted
Intercept InterceptConfig `json:"intercept" yaml:"intercept"`
}
// InterceptConfig configures what should be intercepted by the auditing facility.
type InterceptConfig struct {
// Stdin signals that the standard input from the user should be captured.
Stdin bool `json:"stdin" yaml:"stdin" default:"false"`
// Stdout signals that the standard output to the user should be captured.
Stdout bool `json:"stdout" yaml:"stdout" default:"false"`
// Stderr signals that the standard error to the user should be captured.
Stderr bool `json:"stderr" yaml:"stderr" default:"false"`
// Passwords signals that passwords during authentication should be captured.
Passwords bool `json:"passwords" yaml:"passwords" default:"false"`
}
// Validate checks the configuration to enable global configuration check.
func (config *Config) Validate() error {
if !config.Enable {
return nil
}
if err := config.Format.Validate(); err != nil {
return err
}
if err := config.Storage.Validate(); err != nil {
return fmt.Errorf("invalid audit log storage (%w)", err)
}
switch config.Storage {
case StorageFile:
return config.File.Validate()
case StorageS3:
return config.S3.Validate()
}
return nil
}