1 // 2 // 3 // Copyright 2023 gRPC authors. 4 // 5 // Licensed under the Apache License, Version 2.0 (the "License"); 6 // you may not use this file except in compliance with the License. 7 // You may obtain a copy of the License at 8 // 9 // http://www.apache.org/licenses/LICENSE-2.0 10 // 11 // Unless required by applicable law or agreed to in writing, software 12 // distributed under the License is distributed on an "AS IS" BASIS, 13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 // See the License for the specific language governing permissions and 15 // limitations under the License. 16 // 17 // 18 19 #ifndef GRPC_GRPC_AUDIT_LOGGING_H 20 #define GRPC_GRPC_AUDIT_LOGGING_H 21 22 #include <grpc/support/port_platform.h> 23 24 #include <memory> 25 #include <string> 26 27 #include "absl/status/statusor.h" 28 #include "absl/strings/string_view.h" 29 30 #include <grpc/support/json.h> 31 32 namespace grpc_core { 33 namespace experimental { 34 35 // The class containing the context for an audited RPC. 36 class AuditContext { 37 public: AuditContext(absl::string_view rpc_method,absl::string_view principal,absl::string_view policy_name,absl::string_view matched_rule,bool authorized)38 AuditContext(absl::string_view rpc_method, absl::string_view principal, 39 absl::string_view policy_name, absl::string_view matched_rule, 40 bool authorized) 41 : rpc_method_(rpc_method), 42 principal_(principal), 43 policy_name_(policy_name), 44 matched_rule_(matched_rule), 45 authorized_(authorized) {} 46 rpc_method()47 absl::string_view rpc_method() const { return rpc_method_; } principal()48 absl::string_view principal() const { return principal_; } policy_name()49 absl::string_view policy_name() const { return policy_name_; } matched_rule()50 absl::string_view matched_rule() const { return matched_rule_; } authorized()51 bool authorized() const { return authorized_; } 52 53 private: 54 absl::string_view rpc_method_; 55 absl::string_view principal_; 56 absl::string_view policy_name_; 57 absl::string_view matched_rule_; 58 bool authorized_; 59 }; 60 61 // This base class for audit logger implementations. 62 class AuditLogger { 63 public: 64 virtual ~AuditLogger() = default; 65 virtual absl::string_view name() const = 0; 66 virtual void Log(const AuditContext& audit_context) = 0; 67 }; 68 69 // This is the base class for audit logger factory implementations. 70 class AuditLoggerFactory { 71 public: 72 class Config { 73 public: 74 virtual ~Config() = default; 75 virtual absl::string_view name() const = 0; 76 virtual std::string ToString() const = 0; 77 }; 78 79 virtual ~AuditLoggerFactory() = default; 80 virtual absl::string_view name() const = 0; 81 82 virtual absl::StatusOr<std::unique_ptr<Config>> ParseAuditLoggerConfig( 83 const Json& json) = 0; 84 85 virtual std::unique_ptr<AuditLogger> CreateAuditLogger( 86 std::unique_ptr<AuditLoggerFactory::Config>) = 0; 87 }; 88 89 // Registers an audit logger factory. This should only be called during 90 // initialization. 91 void RegisterAuditLoggerFactory(std::unique_ptr<AuditLoggerFactory> factory); 92 93 } // namespace experimental 94 } // namespace grpc_core 95 96 #endif // GRPC_GRPC_AUDIT_LOGGING_H 97