diff --git a/gen/commonfate/access/v1alpha1/audit_logs.pb.go b/gen/commonfate/access/v1alpha1/audit_logs.pb.go index fa4b5a06..f284b5ff 100644 --- a/gen/commonfate/access/v1alpha1/audit_logs.pb.go +++ b/gen/commonfate/access/v1alpha1/audit_logs.pb.go @@ -30,7 +30,8 @@ type QueryAuditLogsRequest struct { unknownFields protoimpl.UnknownFields // Query for audit logs relating to a particular target - Target *v1alpha1.EID `protobuf:"bytes,1,opt,name=target,proto3" json:"target,omitempty"` + Target *v1alpha1.EID `protobuf:"bytes,1,opt,name=target,proto3" json:"target,omitempty"` + Filters []*Filter `protobuf:"bytes,3,rep,name=filters,proto3" json:"filters,omitempty"` // The token for the next page. PageToken string `protobuf:"bytes,10,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` } @@ -72,6 +73,13 @@ func (x *QueryAuditLogsRequest) GetTarget() *v1alpha1.EID { return nil } +func (x *QueryAuditLogsRequest) GetFilters() []*Filter { + if x != nil { + return x.Filters + } + return nil +} + func (x *QueryAuditLogsRequest) GetPageToken() string { if x != nil { return x.PageToken @@ -319,12 +327,19 @@ var file_commonfate_access_v1alpha1_audit_logs_proto_rawDesc = []byte{ 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, - 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x6f, 0x0a, 0x15, 0x51, - 0x75, 0x65, 0x72, 0x79, 0x41, 0x75, 0x64, 0x69, 0x74, 0x4c, 0x6f, 0x67, 0x73, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x37, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x66, 0x61, 0x74, - 0x65, 0x2e, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x45, 0x49, 0x44, 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x1d, 0x0a, + 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2f, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x66, 0x61, 0x74, 0x65, 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x2f, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x72, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xad, 0x01, 0x0a, + 0x15, 0x51, 0x75, 0x65, 0x72, 0x79, 0x41, 0x75, 0x64, 0x69, 0x74, 0x4c, 0x6f, 0x67, 0x73, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x37, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x66, + 0x61, 0x74, 0x65, 0x2e, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x2e, 0x45, 0x49, 0x44, 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, + 0x3c, 0x0a, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x22, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x66, 0x61, 0x74, 0x65, 0x2e, 0x61, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x46, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x52, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x85, 0x01, 0x0a, 0x16, 0x51, 0x75, 0x65, 0x72, 0x79, 0x41, 0x75, 0x64, 0x69, 0x74, 0x4c, 0x6f, 0x67, 0x73, 0x52, @@ -414,27 +429,29 @@ var file_commonfate_access_v1alpha1_audit_logs_proto_goTypes = []any{ (*AuditLogPreview)(nil), // 2: commonfate.access.v1alpha1.AuditLogPreview (*AuditLog)(nil), // 3: commonfate.access.v1alpha1.AuditLog (*v1alpha1.EID)(nil), // 4: commonfate.entity.v1alpha1.EID - (*User)(nil), // 5: commonfate.access.v1alpha1.User - (*timestamppb.Timestamp)(nil), // 6: google.protobuf.Timestamp - (*structpb.Struct)(nil), // 7: google.protobuf.Struct - (*IdentityLink)(nil), // 8: commonfate.access.v1alpha1.IdentityLink + (*Filter)(nil), // 5: commonfate.access.v1alpha1.Filter + (*User)(nil), // 6: commonfate.access.v1alpha1.User + (*timestamppb.Timestamp)(nil), // 7: google.protobuf.Timestamp + (*structpb.Struct)(nil), // 8: google.protobuf.Struct + (*IdentityLink)(nil), // 9: commonfate.access.v1alpha1.IdentityLink } var file_commonfate_access_v1alpha1_audit_logs_proto_depIdxs = []int32{ - 4, // 0: commonfate.access.v1alpha1.QueryAuditLogsRequest.target:type_name -> commonfate.entity.v1alpha1.EID - 3, // 1: commonfate.access.v1alpha1.QueryAuditLogsResponse.audit_logs:type_name -> commonfate.access.v1alpha1.AuditLog - 3, // 2: commonfate.access.v1alpha1.AuditLogPreview.logs:type_name -> commonfate.access.v1alpha1.AuditLog - 5, // 3: commonfate.access.v1alpha1.AuditLog.actor:type_name -> commonfate.access.v1alpha1.User - 6, // 4: commonfate.access.v1alpha1.AuditLog.occurred_at:type_name -> google.protobuf.Timestamp - 4, // 5: commonfate.access.v1alpha1.AuditLog.targets:type_name -> commonfate.entity.v1alpha1.EID - 7, // 6: commonfate.access.v1alpha1.AuditLog.context:type_name -> google.protobuf.Struct - 8, // 7: commonfate.access.v1alpha1.AuditLog.caller_identity_chain:type_name -> commonfate.access.v1alpha1.IdentityLink - 0, // 8: commonfate.access.v1alpha1.AuditLogService.QueryAuditLogs:input_type -> commonfate.access.v1alpha1.QueryAuditLogsRequest - 1, // 9: commonfate.access.v1alpha1.AuditLogService.QueryAuditLogs:output_type -> commonfate.access.v1alpha1.QueryAuditLogsResponse - 9, // [9:10] is the sub-list for method output_type - 8, // [8:9] is the sub-list for method input_type - 8, // [8:8] is the sub-list for extension type_name - 8, // [8:8] is the sub-list for extension extendee - 0, // [0:8] is the sub-list for field type_name + 4, // 0: commonfate.access.v1alpha1.QueryAuditLogsRequest.target:type_name -> commonfate.entity.v1alpha1.EID + 5, // 1: commonfate.access.v1alpha1.QueryAuditLogsRequest.filters:type_name -> commonfate.access.v1alpha1.Filter + 3, // 2: commonfate.access.v1alpha1.QueryAuditLogsResponse.audit_logs:type_name -> commonfate.access.v1alpha1.AuditLog + 3, // 3: commonfate.access.v1alpha1.AuditLogPreview.logs:type_name -> commonfate.access.v1alpha1.AuditLog + 6, // 4: commonfate.access.v1alpha1.AuditLog.actor:type_name -> commonfate.access.v1alpha1.User + 7, // 5: commonfate.access.v1alpha1.AuditLog.occurred_at:type_name -> google.protobuf.Timestamp + 4, // 6: commonfate.access.v1alpha1.AuditLog.targets:type_name -> commonfate.entity.v1alpha1.EID + 8, // 7: commonfate.access.v1alpha1.AuditLog.context:type_name -> google.protobuf.Struct + 9, // 8: commonfate.access.v1alpha1.AuditLog.caller_identity_chain:type_name -> commonfate.access.v1alpha1.IdentityLink + 0, // 9: commonfate.access.v1alpha1.AuditLogService.QueryAuditLogs:input_type -> commonfate.access.v1alpha1.QueryAuditLogsRequest + 1, // 10: commonfate.access.v1alpha1.AuditLogService.QueryAuditLogs:output_type -> commonfate.access.v1alpha1.QueryAuditLogsResponse + 10, // [10:11] is the sub-list for method output_type + 9, // [9:10] is the sub-list for method input_type + 9, // [9:9] is the sub-list for extension type_name + 9, // [9:9] is the sub-list for extension extendee + 0, // [0:9] is the sub-list for field type_name } func init() { file_commonfate_access_v1alpha1_audit_logs_proto_init() } @@ -444,6 +461,7 @@ func file_commonfate_access_v1alpha1_audit_logs_proto_init() { } file_commonfate_access_v1alpha1_identity_proto_init() file_commonfate_access_v1alpha1_user_proto_init() + file_commonfate_access_v1alpha1_access_request_proto_init() type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/gen/commonfate/access/v1alpha1/audit_logs.pb.validate.go b/gen/commonfate/access/v1alpha1/audit_logs.pb.validate.go index f4e8b46c..b4f0c7da 100644 --- a/gen/commonfate/access/v1alpha1/audit_logs.pb.validate.go +++ b/gen/commonfate/access/v1alpha1/audit_logs.pb.validate.go @@ -86,6 +86,40 @@ func (m *QueryAuditLogsRequest) validate(all bool) error { } } + for idx, item := range m.GetFilters() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, QueryAuditLogsRequestValidationError{ + field: fmt.Sprintf("Filters[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, QueryAuditLogsRequestValidationError{ + field: fmt.Sprintf("Filters[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return QueryAuditLogsRequestValidationError{ + field: fmt.Sprintf("Filters[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + // no validation rules for PageToken if len(errors) > 0 { diff --git a/proto/commonfate/access/v1alpha1/audit_logs.proto b/proto/commonfate/access/v1alpha1/audit_logs.proto index 31904d6f..29b86773 100644 --- a/proto/commonfate/access/v1alpha1/audit_logs.proto +++ b/proto/commonfate/access/v1alpha1/audit_logs.proto @@ -8,6 +8,8 @@ import "commonfate/authz/v1alpha1/read_only.proto"; import "commonfate/entity/v1alpha1/eid.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/timestamp.proto"; +import "commonfate/access/v1alpha1/access_request.proto"; + service AuditLogService { rpc QueryAuditLogs(QueryAuditLogsRequest) returns (QueryAuditLogsResponse) { @@ -22,6 +24,9 @@ message QueryAuditLogsRequest { // Query for audit logs performed by a particular actor // commonfate.entity.v1alpha1.EID actor = 2; + + repeated Filter filters = 3; + // The token for the next page. string page_token = 10; }