1*cc02d7e2SAndroid Build Coastguard Worker // 2*cc02d7e2SAndroid Build Coastguard Worker // 3*cc02d7e2SAndroid Build Coastguard Worker // Copyright 2023 gRPC authors. 4*cc02d7e2SAndroid Build Coastguard Worker // 5*cc02d7e2SAndroid Build Coastguard Worker // Licensed under the Apache License, Version 2.0 (the "License"); 6*cc02d7e2SAndroid Build Coastguard Worker // you may not use this file except in compliance with the License. 7*cc02d7e2SAndroid Build Coastguard Worker // You may obtain a copy of the License at 8*cc02d7e2SAndroid Build Coastguard Worker // 9*cc02d7e2SAndroid Build Coastguard Worker // http://www.apache.org/licenses/LICENSE-2.0 10*cc02d7e2SAndroid Build Coastguard Worker // 11*cc02d7e2SAndroid Build Coastguard Worker // Unless required by applicable law or agreed to in writing, software 12*cc02d7e2SAndroid Build Coastguard Worker // distributed under the License is distributed on an "AS IS" BASIS, 13*cc02d7e2SAndroid Build Coastguard Worker // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14*cc02d7e2SAndroid Build Coastguard Worker // See the License for the specific language governing permissions and 15*cc02d7e2SAndroid Build Coastguard Worker // limitations under the License. 16*cc02d7e2SAndroid Build Coastguard Worker // 17*cc02d7e2SAndroid Build Coastguard Worker // 18*cc02d7e2SAndroid Build Coastguard Worker 19*cc02d7e2SAndroid Build Coastguard Worker #ifndef GRPC_GRPC_AUDIT_LOGGING_H 20*cc02d7e2SAndroid Build Coastguard Worker #define GRPC_GRPC_AUDIT_LOGGING_H 21*cc02d7e2SAndroid Build Coastguard Worker 22*cc02d7e2SAndroid Build Coastguard Worker #include <memory> 23*cc02d7e2SAndroid Build Coastguard Worker #include <string> 24*cc02d7e2SAndroid Build Coastguard Worker 25*cc02d7e2SAndroid Build Coastguard Worker #include "absl/status/statusor.h" 26*cc02d7e2SAndroid Build Coastguard Worker #include "absl/strings/string_view.h" 27*cc02d7e2SAndroid Build Coastguard Worker 28*cc02d7e2SAndroid Build Coastguard Worker #include <grpc/support/json.h> 29*cc02d7e2SAndroid Build Coastguard Worker #include <grpc/support/port_platform.h> 30*cc02d7e2SAndroid Build Coastguard Worker 31*cc02d7e2SAndroid Build Coastguard Worker namespace grpc_core { 32*cc02d7e2SAndroid Build Coastguard Worker namespace experimental { 33*cc02d7e2SAndroid Build Coastguard Worker 34*cc02d7e2SAndroid Build Coastguard Worker // The class containing the context for an audited RPC. 35*cc02d7e2SAndroid Build Coastguard Worker class AuditContext { 36*cc02d7e2SAndroid Build Coastguard Worker public: AuditContext(absl::string_view rpc_method,absl::string_view principal,absl::string_view policy_name,absl::string_view matched_rule,bool authorized)37*cc02d7e2SAndroid Build Coastguard Worker AuditContext(absl::string_view rpc_method, absl::string_view principal, 38*cc02d7e2SAndroid Build Coastguard Worker absl::string_view policy_name, absl::string_view matched_rule, 39*cc02d7e2SAndroid Build Coastguard Worker bool authorized) 40*cc02d7e2SAndroid Build Coastguard Worker : rpc_method_(rpc_method), 41*cc02d7e2SAndroid Build Coastguard Worker principal_(principal), 42*cc02d7e2SAndroid Build Coastguard Worker policy_name_(policy_name), 43*cc02d7e2SAndroid Build Coastguard Worker matched_rule_(matched_rule), 44*cc02d7e2SAndroid Build Coastguard Worker authorized_(authorized) {} 45*cc02d7e2SAndroid Build Coastguard Worker rpc_method()46*cc02d7e2SAndroid Build Coastguard Worker absl::string_view rpc_method() const { return rpc_method_; } principal()47*cc02d7e2SAndroid Build Coastguard Worker absl::string_view principal() const { return principal_; } policy_name()48*cc02d7e2SAndroid Build Coastguard Worker absl::string_view policy_name() const { return policy_name_; } matched_rule()49*cc02d7e2SAndroid Build Coastguard Worker absl::string_view matched_rule() const { return matched_rule_; } authorized()50*cc02d7e2SAndroid Build Coastguard Worker bool authorized() const { return authorized_; } 51*cc02d7e2SAndroid Build Coastguard Worker 52*cc02d7e2SAndroid Build Coastguard Worker private: 53*cc02d7e2SAndroid Build Coastguard Worker absl::string_view rpc_method_; 54*cc02d7e2SAndroid Build Coastguard Worker absl::string_view principal_; 55*cc02d7e2SAndroid Build Coastguard Worker absl::string_view policy_name_; 56*cc02d7e2SAndroid Build Coastguard Worker absl::string_view matched_rule_; 57*cc02d7e2SAndroid Build Coastguard Worker bool authorized_; 58*cc02d7e2SAndroid Build Coastguard Worker }; 59*cc02d7e2SAndroid Build Coastguard Worker 60*cc02d7e2SAndroid Build Coastguard Worker // This base class for audit logger implementations. 61*cc02d7e2SAndroid Build Coastguard Worker class AuditLogger { 62*cc02d7e2SAndroid Build Coastguard Worker public: 63*cc02d7e2SAndroid Build Coastguard Worker virtual ~AuditLogger() = default; 64*cc02d7e2SAndroid Build Coastguard Worker virtual absl::string_view name() const = 0; 65*cc02d7e2SAndroid Build Coastguard Worker virtual void Log(const AuditContext& audit_context) = 0; 66*cc02d7e2SAndroid Build Coastguard Worker }; 67*cc02d7e2SAndroid Build Coastguard Worker 68*cc02d7e2SAndroid Build Coastguard Worker // This is the base class for audit logger factory implementations. 69*cc02d7e2SAndroid Build Coastguard Worker class AuditLoggerFactory { 70*cc02d7e2SAndroid Build Coastguard Worker public: 71*cc02d7e2SAndroid Build Coastguard Worker class Config { 72*cc02d7e2SAndroid Build Coastguard Worker public: 73*cc02d7e2SAndroid Build Coastguard Worker virtual ~Config() = default; 74*cc02d7e2SAndroid Build Coastguard Worker virtual absl::string_view name() const = 0; 75*cc02d7e2SAndroid Build Coastguard Worker virtual std::string ToString() const = 0; 76*cc02d7e2SAndroid Build Coastguard Worker }; 77*cc02d7e2SAndroid Build Coastguard Worker 78*cc02d7e2SAndroid Build Coastguard Worker virtual ~AuditLoggerFactory() = default; 79*cc02d7e2SAndroid Build Coastguard Worker virtual absl::string_view name() const = 0; 80*cc02d7e2SAndroid Build Coastguard Worker 81*cc02d7e2SAndroid Build Coastguard Worker virtual absl::StatusOr<std::unique_ptr<Config>> ParseAuditLoggerConfig( 82*cc02d7e2SAndroid Build Coastguard Worker const Json& json) = 0; 83*cc02d7e2SAndroid Build Coastguard Worker 84*cc02d7e2SAndroid Build Coastguard Worker virtual std::unique_ptr<AuditLogger> CreateAuditLogger( 85*cc02d7e2SAndroid Build Coastguard Worker std::unique_ptr<AuditLoggerFactory::Config>) = 0; 86*cc02d7e2SAndroid Build Coastguard Worker }; 87*cc02d7e2SAndroid Build Coastguard Worker 88*cc02d7e2SAndroid Build Coastguard Worker // Registers an audit logger factory. This should only be called during 89*cc02d7e2SAndroid Build Coastguard Worker // initialization. 90*cc02d7e2SAndroid Build Coastguard Worker void RegisterAuditLoggerFactory(std::unique_ptr<AuditLoggerFactory> factory); 91*cc02d7e2SAndroid Build Coastguard Worker 92*cc02d7e2SAndroid Build Coastguard Worker } // namespace experimental 93*cc02d7e2SAndroid Build Coastguard Worker } // namespace grpc_core 94*cc02d7e2SAndroid Build Coastguard Worker 95*cc02d7e2SAndroid Build Coastguard Worker #endif // GRPC_GRPC_AUDIT_LOGGING_H 96