xref: /aosp_15_r20/external/grpc-grpc/include/grpc/grpc_audit_logging.h (revision cc02d7e222339f7a4f6ba5f422e6413f4bd931f2) 
1 //
2 //
3 // Copyright 2023 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 //     http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18 
19 #ifndef GRPC_GRPC_AUDIT_LOGGING_H
20 #define GRPC_GRPC_AUDIT_LOGGING_H
21 
22 #include <memory>
23 #include <string>
24 
25 #include "absl/status/statusor.h"
26 #include "absl/strings/string_view.h"
27 
28 #include <grpc/support/json.h>
29 #include <grpc/support/port_platform.h>
30 
31 namespace grpc_core {
32 namespace experimental {
33 
34 // The class containing the context for an audited RPC.
35 class AuditContext {
36  public:
AuditContext(absl::string_view rpc_method,absl::string_view principal,absl::string_view policy_name,absl::string_view matched_rule,bool authorized)37   AuditContext(absl::string_view rpc_method, absl::string_view principal,
38                absl::string_view policy_name, absl::string_view matched_rule,
39                bool authorized)
40       : rpc_method_(rpc_method),
41         principal_(principal),
42         policy_name_(policy_name),
43         matched_rule_(matched_rule),
44         authorized_(authorized) {}
45 
rpc_method()46   absl::string_view rpc_method() const { return rpc_method_; }
principal()47   absl::string_view principal() const { return principal_; }
policy_name()48   absl::string_view policy_name() const { return policy_name_; }
matched_rule()49   absl::string_view matched_rule() const { return matched_rule_; }
authorized()50   bool authorized() const { return authorized_; }
51 
52  private:
53   absl::string_view rpc_method_;
54   absl::string_view principal_;
55   absl::string_view policy_name_;
56   absl::string_view matched_rule_;
57   bool authorized_;
58 };
59 
60 // This base class for audit logger implementations.
61 class AuditLogger {
62  public:
63   virtual ~AuditLogger() = default;
64   virtual absl::string_view name() const = 0;
65   virtual void Log(const AuditContext& audit_context) = 0;
66 };
67 
68 // This is the base class for audit logger factory implementations.
69 class AuditLoggerFactory {
70  public:
71   class Config {
72    public:
73     virtual ~Config() = default;
74     virtual absl::string_view name() const = 0;
75     virtual std::string ToString() const = 0;
76   };
77 
78   virtual ~AuditLoggerFactory() = default;
79   virtual absl::string_view name() const = 0;
80 
81   virtual absl::StatusOr<std::unique_ptr<Config>> ParseAuditLoggerConfig(
82       const Json& json) = 0;
83 
84   virtual std::unique_ptr<AuditLogger> CreateAuditLogger(
85       std::unique_ptr<AuditLoggerFactory::Config>) = 0;
86 };
87 
88 // Registers an audit logger factory. This should only be called during
89 // initialization.
90 void RegisterAuditLoggerFactory(std::unique_ptr<AuditLoggerFactory> factory);
91 
92 }  // namespace experimental
93 }  // namespace grpc_core
94 
95 #endif  // GRPC_GRPC_AUDIT_LOGGING_H
96