Skip to content

Commit

Permalink
Add the user.cert.create event
Browse files Browse the repository at this point in the history
  • Loading branch information
@espadolini
espadolini committed Jan 19, 2022
1 parent d3dca90 commit ac80782
Show file tree
Hide file tree
Showing 7 changed files with 812 additions and 357 deletions.
1,116 changes: 759 additions & 357 deletions api/types/events/events.pb.go
View file

Large diffs are not rendered by default.

22 changes: 22 additions & 0 deletions api/types/events/events.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1673,6 +1673,27 @@ message WindowsDesktopSessionEnd {
map<string, string> DesktopLabels = 8 [ (gogoproto.jsontag) = "desktop_labels" ];
}

// UserCertificateCreate is emitted when a user certificate pair (X.509+SSH) is issued.
message UserCertificateCreate {
// Metadata is a common event metadata.
Metadata Metadata = 1
[ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ];

// User is a common user event metadata
UserMetadata User = 2
[ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ];

// Subject is the string form of the Subject of the X.509 certificate
string Subject = 3 [ (gogoproto.jsontag) = "subject,omitempty" ];

// Expires is the expiration time point of the certificates
google.protobuf.Timestamp Expires = 4 [
(gogoproto.stdtime) = true,
(gogoproto.nullable) = false,
(gogoproto.jsontag) = "expires,omitempty"
];
}

// OneOf is a union of one of audit events submitted to the auth service
message OneOf {
// Event is one of the audit events
Expand Down Expand Up @@ -1744,6 +1765,7 @@ message OneOf {
events.PostgresFunctionCall PostgresFunctionCall = 65;
events.AccessRequestDelete AccessRequestDelete = 66;
events.SessionConnect SessionConnect = 67;
events.UserCertificateCreate UserCertificateCreate = 68;
}
}

Expand Down
4 changes: 4 additions & 0 deletions api/types/events/oneof.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -305,6 +305,10 @@ func ToOneOf(in AuditEvent) (*OneOf, error) {
out.Event = &OneOf_AccessRequestDelete{
AccessRequestDelete: e,
}
case *UserCertificateCreate:
out.Event = &OneOf_UserCertificateCreate{
UserCertificateCreate: e,
}
default:
return nil, trace.BadParameter("event type %T is not supported", in)
}
Expand Down
16 changes: 16 additions & 0 deletions lib/auth/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1012,6 +1012,22 @@ func (a *Server) generateUserCert(req certRequest) (*proto.Certs, error) {
if err != nil {
return nil, trace.Wrap(err)
}

if a.emitter.EmitAuditEvent(a.closeCtx, &apievents.UserCertificateCreate{
Metadata: apievents.Metadata{
Type: events.UserCertificateCreateEvent,
Code: events.UserCertificateCreateCode,
},
UserMetadata: apievents.UserMetadata{
User: identity.Username,
Impersonator: identity.Impersonator,
},
Subject: subject.String(),
Expires: certRequest.NotAfter,
}); err != nil {
log.WithError(err).Warn("Failed to emit user certificate create event.")
}

return &proto.Certs{
SSH: sshCert,
TLS: tlsCert,
Expand Down
3 changes: 3 additions & 0 deletions lib/events/api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,9 @@ const (
// UserPasswordChangeEvent is when the user changes their own password.
UserPasswordChangeEvent = "user.password_change"

// UserCertificateCreateEvent is emitted when a user certificate pair (X.509+SSH) is issued.
UserCertificateCreateEvent = "user.cert.create"

// UserExpires is when the user will expire.
UserExpires = "expires"

Expand Down
2 changes: 2 additions & 0 deletions lib/events/codes.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -302,6 +302,8 @@ const (
// RecoveryCodeUseFailureCode is an event code for when a
// recovery code was not used successfully.
RecoveryCodeUseFailureCode = "T1009W"
// UserCertificateCreateCode is the user certificate pair issuance code.
UserCertificateCreateCode = "T1010I"

// BillingCardCreateCode is an event code for when a user creates a new credit card.
BillingCardCreateCode = "TBL00I"
Expand Down
6 changes: 6 additions & 0 deletions lib/events/dynamic.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -482,6 +482,12 @@ func FromEventFields(fields EventFields) (apievents.AuditEvent, error) {
return nil, trace.Wrap(err)
}
return &e, nil
case UserCertificateCreateEvent:
var e events.UserCertificateCreate
if err := utils.FastUnmarshal(data, &e); err != nil {
return nil, trace.Wrap(err)
}
return &e, nil
default:
return nil, trace.BadParameter("unknown event type: %q", eventType)
}
Expand Down

0 comments on commit ac80782

Please sign in to comment.