[plugins] add plugin audit events boilerplate to CUD operations (#45161)

* [plugins] add plugin audit events boilerplate to CUD operations This PR adds the required boilerplate code to emit audit events for `create`, `update` and `delete` operations. Signed-off-by: Tiago Silva <tiago.silva@goteleport.com> * handle comments --------- Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
gravitational · Sep 21, 2024 · 4d8814b · 4d8814b
1 parent 7aeb9f9
commit 4d8814b
Show file tree

Hide file tree

Showing 8 changed files with 3,252 additions and 1,414 deletions.
diff --git a/api/proto/teleport/legacy/types/events/events.proto b/api/proto/teleport/legacy/types/events/events.proto
@@ -3799,6 +3799,133 @@ message AzureOIDCIntegrationMetadata {
   string ClientID = 2 [(gogoproto.jsontag) = "client_id,omitempty"];
 }
 
+// PluginCreate is emitted when a plugin resource is created.
+message PluginCreate {
+  // Metadata is a common event metadata.
+  Metadata metadata = 1 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // User is a common user event metadata.
+  UserMetadata user = 2 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // ResourceMetadata is a common resource event metadata.
+  ResourceMetadata resource = 3 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  PluginMetadata plugin = 4 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // ConnectionMetadata holds information about the connection.
+  ConnectionMetadata connection = 5 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+}
+
+// PluginUpdate is emitted when a plugin resource is updated.
+message PluginUpdate {
+  // Metadata is a common event metadata.
+  Metadata metadata = 1 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // User is a common user event metadata.
+  UserMetadata user = 2 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // ResourceMetadata is a common resource event metadata.
+  ResourceMetadata resource = 3 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  PluginMetadata plugin = 4 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // ConnectionMetadata holds information about the connection.
+  ConnectionMetadata connection = 5 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+}
+
+// PluginDelete is emitted when a plugin is deleted.
+message PluginDelete {
+  // metadata is a common event metadata.
+  Metadata metadata = 1 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // User is a common user event metadata.
+  UserMetadata user = 2 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // ResourceMetadata is a common resource event metadata.
+  ResourceMetadata resource = 3 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  PluginMetadata plugin = 4 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // ConnectionMetadata holds information about the connection.
+  ConnectionMetadata connection = 5 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+}
+
+// PluginMetadata contains information about plugin resources.
+message PluginMetadata {
+  // plugin_type is the plugin type of the plugin resource.
+  // The value matches the types.PluginV1.Spec.Type field.
+  string plugin_type = 1 [(gogoproto.jsontag) = "plugin_type"];
+
+  // plugin is the resource without secrets.
+  types.PluginV1 plugin = 2 [(gogoproto.jsontag) = "plugin,omitempty"];
+
+  // has_credentials indicates whether the plugin has credentials.
+  bool has_credentials = 3 [(gogoproto.jsontag) = "has_credentials"];
+
+  // reuses_credentials indicates whether the plugin reuses credentials.
+  bool reuses_credentials = 4 [(gogoproto.jsontag) = "reuses_credentials"];
+}
+
 // OneOf is a union of one of audit events submitted to the auth service
 message OneOf {
   // Event is one of the audit events
@@ -3946,6 +4073,9 @@ message OneOf {
     events.IntegrationCreate IntegrationCreate = 165;
     events.IntegrationUpdate IntegrationUpdate = 166;
     events.IntegrationDelete IntegrationDelete = 167;
+    events.PluginCreate PluginCreate = 170;
+    events.PluginUpdate PluginUpdate = 171;
+    events.PluginDelete PluginDelete = 172;
     events.AutoUpdateConfigCreate AutoUpdateConfigCreate = 173;
     events.AutoUpdateConfigUpdate AutoUpdateConfigUpdate = 174;
     events.AutoUpdateConfigDelete AutoUpdateConfigDelete = 175;

diff --git a/api/types/events/events.go b/api/types/events/events.go
@@ -1980,3 +1980,15 @@ func (m *IntegrationUpdate) TrimToMaxSize(maxSize int) AuditEvent {
 func (m *IntegrationDelete) TrimToMaxSize(maxSize int) AuditEvent {
 	return m
 }
+
+func (m *PluginCreate) TrimToMaxSize(maxSize int) AuditEvent {
+	return m
+}
+
+func (m *PluginUpdate) TrimToMaxSize(maxSize int) AuditEvent {
+	return m
+}
+
+func (m *PluginDelete) TrimToMaxSize(maxSize int) AuditEvent {
+	return m
+}