mirror of
https://github.com/gravitational/teleport
synced 2024-10-22 02:03:24 +00:00
Define cloud billing event types and codes (#6037)
* Exported auth.clientImpersonator and auth.clientUsername for use in e
This commit is contained in:
Lisa Kim
GitHub
parent
32c4ae255f
commit
84a4f00114
File diff suppressed because it is too large
Load diff
|
|
@ -1217,6 +1217,36 @@ message MFADeviceDelete {
|
|||
[ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ];
|
||||
}
|
||||
|
||||
// BillingInformationUpdate is emitted when a user updates the billing information.
|
||||
message BillingInformationUpdate {
|
||||
// Metadata is a common event metadata.
|
||||
Metadata Metadata = 1
|
||||
[ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ];
|
||||
// User is a common user event metadata.
|
||||
UserMetadata User = 2
|
||||
[ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ];
|
||||
}
|
||||
|
||||
// BillingCardCreate is emitted when a user creates or updates a credit card.
|
||||
message BillingCardCreate {
|
||||
// Metadata is a common event metadata.
|
||||
Metadata Metadata = 1
|
||||
[ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ];
|
||||
// User is a common user event metadata.
|
||||
UserMetadata User = 2
|
||||
[ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ];
|
||||
}
|
||||
|
||||
// BillingCardDelete is emitted when a user deletes a credit card.
|
||||
message BillingCardDelete {
|
||||
// Metadata is a common event metadata.
|
||||
Metadata Metadata = 1
|
||||
[ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ];
|
||||
// User is a common user event metadata.
|
||||
UserMetadata User = 2
|
||||
[ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ];
|
||||
}
|
||||
|
||||
// OneOf is a union of one of audit events submitted to the auth service
|
||||
message OneOf {
|
||||
// Event is one of the audit events
|
||||
|
|
@ -1266,6 +1296,9 @@ message OneOf {
|
|||
events.SessionUpload SessionUpload = 43;
|
||||
events.MFADeviceAdd MFADeviceAdd = 44;
|
||||
events.MFADeviceDelete MFADeviceDelete = 45;
|
||||
events.BillingInformationUpdate BillingInformationUpdate = 46;
|
||||
events.BillingCardCreate BillingCardCreate = 47;
|
||||
events.BillingCardDelete BillingCardDelete = 48;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1124,7 +1124,7 @@ func (a *Server) GenerateToken(ctx context.Context, req GenerateTokenRequest) (s
|
|||
return "", trace.Wrap(err)
|
||||
}
|
||||
|
||||
user := clientUsername(ctx)
|
||||
user := ClientUsername(ctx)
|
||||
for _, role := range req.Roles {
|
||||
if role == teleport.RoleTrustedCluster {
|
||||
if err := a.emitter.EmitAuditEvent(ctx, &events.TrustedClusterTokenCreate{
|
||||
|
|
@ -1134,7 +1134,7 @@ func (a *Server) GenerateToken(ctx context.Context, req GenerateTokenRequest) (s
|
|||
},
|
||||
UserMetadata: events.UserMetadata{
|
||||
User: user,
|
||||
Impersonator: clientImpersonator(ctx),
|
||||
Impersonator: ClientImpersonator(ctx),
|
||||
},
|
||||
}); err != nil {
|
||||
log.WithError(err).Warn("Failed to emit trusted cluster token create event.")
|
||||
|
|
@ -1695,8 +1695,8 @@ func (a *Server) DeleteRole(ctx context.Context, name string) error {
|
|||
Code: events.RoleDeletedCode,
|
||||
},
|
||||
UserMetadata: events.UserMetadata{
|
||||
User: clientUsername(ctx),
|
||||
Impersonator: clientImpersonator(ctx),
|
||||
User: ClientUsername(ctx),
|
||||
Impersonator: ClientImpersonator(ctx),
|
||||
},
|
||||
ResourceMetadata: events.ResourceMetadata{
|
||||
Name: name,
|
||||
|
|
@ -1721,7 +1721,7 @@ func (a *Server) upsertRole(ctx context.Context, role services.Role) error {
|
|||
Code: events.RoleCreatedCode,
|
||||
},
|
||||
UserMetadata: events.UserMetadata{
|
||||
User: clientUsername(ctx),
|
||||
User: ClientUsername(ctx),
|
||||
},
|
||||
ResourceMetadata: events.ResourceMetadata{
|
||||
Name: role.GetName(),
|
||||
|
|
@ -1774,7 +1774,7 @@ func (a *Server) CreateAccessRequest(ctx context.Context, req services.AccessReq
|
|||
},
|
||||
UserMetadata: events.UserMetadata{
|
||||
User: req.GetUser(),
|
||||
Impersonator: clientImpersonator(ctx),
|
||||
Impersonator: ClientImpersonator(ctx),
|
||||
},
|
||||
Roles: req.GetRoles(),
|
||||
RequestID: req.GetName(),
|
||||
|
|
@ -1794,7 +1794,7 @@ func (a *Server) SetAccessRequestState(ctx context.Context, params services.Acce
|
|||
Code: events.AccessRequestUpdateCode,
|
||||
},
|
||||
ResourceMetadata: events.ResourceMetadata{
|
||||
UpdatedBy: clientUsername(ctx),
|
||||
UpdatedBy: ClientUsername(ctx),
|
||||
},
|
||||
RequestID: params.RequestID,
|
||||
RequestState: params.State.String(),
|
||||
|
|
|
|||
|
|
@ -72,8 +72,8 @@ func (a *Server) upsertGithubConnector(ctx context.Context, connector services.G
|
|||
Code: events.GithubConnectorCreatedCode,
|
||||
},
|
||||
UserMetadata: events.UserMetadata{
|
||||
User: clientUsername(ctx),
|
||||
Impersonator: clientImpersonator(ctx),
|
||||
User: ClientUsername(ctx),
|
||||
Impersonator: ClientImpersonator(ctx),
|
||||
},
|
||||
ResourceMetadata: events.ResourceMetadata{
|
||||
Name: connector.GetName(),
|
||||
|
|
@ -97,8 +97,8 @@ func (a *Server) deleteGithubConnector(ctx context.Context, connectorName string
|
|||
Code: events.GithubConnectorDeletedCode,
|
||||
},
|
||||
UserMetadata: events.UserMetadata{
|
||||
User: clientUsername(ctx),
|
||||
Impersonator: clientImpersonator(ctx),
|
||||
User: ClientUsername(ctx),
|
||||
Impersonator: ClientImpersonator(ctx),
|
||||
},
|
||||
ResourceMetadata: events.ResourceMetadata{
|
||||
Name: connectorName,
|
||||
|
|
|
|||
|
|
@ -155,8 +155,8 @@ func (a *Server) UpsertOIDCConnector(ctx context.Context, connector services.OID
|
|||
Code: events.OIDCConnectorCreatedCode,
|
||||
},
|
||||
UserMetadata: events.UserMetadata{
|
||||
User: clientUsername(ctx),
|
||||
Impersonator: clientImpersonator(ctx),
|
||||
User: ClientUsername(ctx),
|
||||
Impersonator: ClientImpersonator(ctx),
|
||||
},
|
||||
ResourceMetadata: events.ResourceMetadata{
|
||||
Name: connector.GetName(),
|
||||
|
|
@ -179,8 +179,8 @@ func (a *Server) DeleteOIDCConnector(ctx context.Context, connectorName string)
|
|||
Code: events.OIDCConnectorDeletedCode,
|
||||
},
|
||||
UserMetadata: events.UserMetadata{
|
||||
User: clientUsername(ctx),
|
||||
Impersonator: clientImpersonator(ctx),
|
||||
User: ClientUsername(ctx),
|
||||
Impersonator: ClientImpersonator(ctx),
|
||||
},
|
||||
ResourceMetadata: events.ResourceMetadata{
|
||||
Name: connectorName,
|
||||
|
|
|
|||
|
|
@ -622,10 +622,10 @@ const (
|
|||
// WithDelegator alias for backwards compatibility
|
||||
var WithDelegator = client.WithDelegator
|
||||
|
||||
// clientUsername returns the username of a remote HTTP client making the call.
|
||||
// ClientUsername returns the username of a remote HTTP client making the call.
|
||||
// If ctx didn't pass through auth middleware or did not come from an HTTP
|
||||
// request, teleport.UserSystem is returned.
|
||||
func clientUsername(ctx context.Context) string {
|
||||
func ClientUsername(ctx context.Context) string {
|
||||
userI := ctx.Value(ContextUser)
|
||||
userWithIdentity, ok := userI.(IdentityGetter)
|
||||
if !ok {
|
||||
|
|
@ -638,9 +638,9 @@ func clientUsername(ctx context.Context) string {
|
|||
return identity.Username
|
||||
}
|
||||
|
||||
// clientImpersonator returns the impersonator username of a remote client
|
||||
// ClientImpersonator returns the impersonator username of a remote client
|
||||
// making the call. If not present, returns an empty string
|
||||
func clientImpersonator(ctx context.Context) string {
|
||||
func ClientImpersonator(ctx context.Context) string {
|
||||
userI := ctx.Value(ContextUser)
|
||||
userWithIdentity, ok := userI.(IdentityGetter)
|
||||
if !ok {
|
||||
|
|
|
|||
|
|
@ -138,8 +138,8 @@ func (s *Server) CreateResetPasswordToken(ctx context.Context, req CreateResetPa
|
|||
Code: events.ResetPasswordTokenCreateCode,
|
||||
},
|
||||
UserMetadata: events.UserMetadata{
|
||||
User: clientUsername(ctx),
|
||||
Impersonator: clientImpersonator(ctx),
|
||||
User: ClientUsername(ctx),
|
||||
Impersonator: ClientImpersonator(ctx),
|
||||
},
|
||||
ResourceMetadata: events.ResourceMetadata{
|
||||
Name: req.Name,
|
||||
|
|
|
|||
|
|
@ -46,8 +46,8 @@ func (a *Server) UpsertSAMLConnector(ctx context.Context, connector services.SAM
|
|||
Code: events.SAMLConnectorCreatedCode,
|
||||
},
|
||||
UserMetadata: events.UserMetadata{
|
||||
User: clientUsername(ctx),
|
||||
Impersonator: clientImpersonator(ctx),
|
||||
User: ClientUsername(ctx),
|
||||
Impersonator: ClientImpersonator(ctx),
|
||||
},
|
||||
ResourceMetadata: events.ResourceMetadata{
|
||||
Name: connector.GetName(),
|
||||
|
|
@ -70,8 +70,8 @@ func (a *Server) DeleteSAMLConnector(ctx context.Context, connectorName string)
|
|||
Code: events.SAMLConnectorDeletedCode,
|
||||
},
|
||||
UserMetadata: events.UserMetadata{
|
||||
User: clientUsername(ctx),
|
||||
Impersonator: clientImpersonator(ctx),
|
||||
User: ClientUsername(ctx),
|
||||
Impersonator: ClientImpersonator(ctx),
|
||||
},
|
||||
ResourceMetadata: events.ResourceMetadata{
|
||||
Name: connectorName,
|
||||
|
|
|
|||
|
|
@ -147,8 +147,8 @@ func (a *Server) UpsertTrustedCluster(ctx context.Context, trustedCluster servic
|
|||
Code: events.TrustedClusterCreateCode,
|
||||
},
|
||||
UserMetadata: events.UserMetadata{
|
||||
User: clientUsername(ctx),
|
||||
Impersonator: clientImpersonator(ctx),
|
||||
User: ClientUsername(ctx),
|
||||
Impersonator: ClientImpersonator(ctx),
|
||||
},
|
||||
ResourceMetadata: events.ResourceMetadata{
|
||||
Name: trustedCluster.GetName(),
|
||||
|
|
@ -221,8 +221,8 @@ func (a *Server) DeleteTrustedCluster(ctx context.Context, name string) error {
|
|||
Code: events.TrustedClusterDeleteCode,
|
||||
},
|
||||
UserMetadata: events.UserMetadata{
|
||||
User: clientUsername(ctx),
|
||||
Impersonator: clientImpersonator(ctx),
|
||||
User: ClientUsername(ctx),
|
||||
Impersonator: ClientImpersonator(ctx),
|
||||
},
|
||||
ResourceMetadata: events.ResourceMetadata{
|
||||
Name: name,
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ import (
|
|||
func (s *Server) CreateUser(ctx context.Context, user services.User) error {
|
||||
if user.GetCreatedBy().IsEmpty() {
|
||||
user.SetCreatedBy(services.CreatedBy{
|
||||
User: services.UserRef{Name: clientUsername(ctx)},
|
||||
User: services.UserRef{Name: ClientUsername(ctx)},
|
||||
Time: s.GetClock().Now().UTC(),
|
||||
})
|
||||
}
|
||||
|
|
@ -63,7 +63,7 @@ func (s *Server) CreateUser(ctx context.Context, user services.User) error {
|
|||
},
|
||||
UserMetadata: events.UserMetadata{
|
||||
User: user.GetCreatedBy().User.Name,
|
||||
Impersonator: clientImpersonator(ctx),
|
||||
Impersonator: ClientImpersonator(ctx),
|
||||
},
|
||||
ResourceMetadata: events.ResourceMetadata{
|
||||
Name: user.GetName(),
|
||||
|
|
@ -97,8 +97,8 @@ func (s *Server) UpdateUser(ctx context.Context, user services.User) error {
|
|||
Code: events.UserUpdateCode,
|
||||
},
|
||||
UserMetadata: events.UserMetadata{
|
||||
User: clientUsername(ctx),
|
||||
Impersonator: clientImpersonator(ctx),
|
||||
User: ClientUsername(ctx),
|
||||
Impersonator: ClientImpersonator(ctx),
|
||||
},
|
||||
ResourceMetadata: events.ResourceMetadata{
|
||||
Name: user.GetName(),
|
||||
|
|
@ -175,8 +175,8 @@ func (s *Server) DeleteUser(ctx context.Context, user string) error {
|
|||
Code: events.UserDeleteCode,
|
||||
},
|
||||
UserMetadata: events.UserMetadata{
|
||||
User: clientUsername(ctx),
|
||||
Impersonator: clientImpersonator(ctx),
|
||||
User: ClientUsername(ctx),
|
||||
Impersonator: ClientImpersonator(ctx),
|
||||
},
|
||||
ResourceMetadata: events.ResourceMetadata{
|
||||
Name: user,
|
||||
|
|
|
|||
|
|
@ -192,6 +192,15 @@ const (
|
|||
// AccessRequestID is the ID of an access request.
|
||||
AccessRequestID = "id"
|
||||
|
||||
// BillingCardCreateEvent is emitted when a user creates a new credit card.
|
||||
BillingCardCreateEvent = "billing.create_card"
|
||||
// BillingCardDeleteEvent is emitted when a user deletes a credit card.
|
||||
BillingCardDeleteEvent = "billing.delete_card"
|
||||
// BillingCardUpdateEvent is emitted when a user updates an existing credit card.
|
||||
BillingCardUpdateEvent = "billing.update_card"
|
||||
// BillingInformationUpdateEvent is emitted when a user updates their billing information.
|
||||
BillingInformationUpdateEvent = "billing.update_info"
|
||||
|
||||
// UpdatedBy indicates the user who modified some resource:
|
||||
// - updating a request state
|
||||
// - updating a user record
|
||||
|
|
|
|||
|
|
@ -295,6 +295,15 @@ const (
|
|||
// MFADeviceDeleteEventCode is an event code for users deleting MFA devices.
|
||||
MFADeviceDeleteEventCode = "T1007I"
|
||||
|
||||
// BillingCardCreateCode is an event code for when a user creates a new credit card.
|
||||
BillingCardCreateCode = "TBL00I"
|
||||
// BillingCardDeleteCode is an event code for when a user deletes a credit card.
|
||||
BillingCardDeleteCode = "TBL01I"
|
||||
// BillingCardUpdateCode is an event code for when a user updates an existing credit card.
|
||||
BillingCardUpdateCode = "TBL02I"
|
||||
// BillingInformationUpdateCode is an event code for when a user updates their billing info.
|
||||
BillingInformationUpdateCode = "TBL03I"
|
||||
|
||||
// SessionRejectedCode is an event code for when a user's attempt to create an
|
||||
// session/connection has been rejected.
|
||||
SessionRejectedCode = "T1006W"
|
||||
|
|
|
|||
|
|
@ -100,6 +100,9 @@ type (
|
|||
AppSessionStart = events.AppSessionStart
|
||||
AppSessionChunk = events.AppSessionChunk
|
||||
AppSessionRequest = events.AppSessionRequest
|
||||
BillingInformationUpdate = events.BillingInformationUpdate
|
||||
BillingCardCreate = events.BillingCardCreate
|
||||
BillingCardDelete = events.BillingCardDelete
|
||||
OneOf = events.OneOf
|
||||
OneOf_UserLogin = events.OneOf_UserLogin //nolint
|
||||
OneOf_UserCreate = events.OneOf_UserCreate //nolint
|
||||
|
|
|
|||
Loading…
Reference in a new issue