Add session recording access format to audit event

api/client/client.go

@@ -2434,10 +2434,11 @@ func (c *Client) DeleteAllNodes(ctx context.Context, namespace string) error {
 }
 
 // StreamSessionEvents streams audit events from a given session recording.
-func (c *Client) StreamSessionEvents(ctx context.Context, sessionID string, startIndex int64) (chan events.AuditEvent, chan error) {
+func (c *Client) StreamSessionEvents(ctx context.Context, sessionID string, startIndex int64, format string) (chan events.AuditEvent, chan error) {
 	request := &proto.StreamSessionEventsRequest{
 		SessionID:  sessionID,
 		StartIndex: int32(startIndex),
+		Format:     format,
 	}
 
 	ch := make(chan events.AuditEvent)

api/proto/teleport/legacy/client/proto/authservice.proto

@@ -1435,6 +1435,8 @@ message StreamSessionEventsRequest {
   // StartIndex is the index of the event to resume the stream after.
   // A StartIndex of 0 creates a new stream.
   int32 StartIndex = 2;
+  // Format is the format the session recording was accessed.
+  string Format = 3;
 }
 
 // NodeLogin specifies an SSH node and OS login.

api/proto/teleport/legacy/types/events/events.proto

@@ -5599,6 +5599,8 @@ message SessionRecordingAccess {
     (gogoproto.embed) = true,
     (gogoproto.jsontag) = ""
   ];
+  // Format is the format the session recording was accessed.
+  string Format = 4 [(gogoproto.jsontag) = "format"];
 }
 
 // KubeClusterMetadata contains common kubernetes cluster information.

integration/integration_test.go

@@ -608,7 +608,7 @@ func streamSession(
 	sessionID string,
 ) (string, []apievents.AuditEvent) {
 	t.Helper()
-	evtCh, errCh := streamer.StreamSessionEvents(ctx, session.ID(sessionID), 0)
+	evtCh, errCh := streamer.StreamSessionEvents(ctx, session.ID(sessionID), 0, "" /* format */)
 	capturedStream := &bytes.Buffer{}
 	evts := make([]apievents.AuditEvent, 0)
 readLoop:
@@ -1220,7 +1220,7 @@ func testLeafProxySessionRecording(t *testing.T, suite *integrationTestSuite) {
 			require.EventuallyWithT(t, func(t *assert.CollectT) {
 				ctx, cancel := context.WithCancel(ctx)
 				defer cancel()
-				eventsCh, errCh := authSrv.StreamSessionEvents(ctx, session.ID(sessionID), 0)
+				eventsCh, errCh := authSrv.StreamSessionEvents(ctx, session.ID(sessionID), 0, "" /* format */)
 				for {
 					select {
 					case err := <-errCh:
@@ -4970,7 +4970,7 @@ func testAuditOff(t *testing.T, suite *integrationTestSuite) {
 
 	// however, attempts to read the actual sessions should fail because it was
 	// not actually recorded
-	eventsCh, errCh := site.StreamSessionEvents(ctx, session.ID(tracker.GetSessionID()), 0)
+	eventsCh, errCh := site.StreamSessionEvents(ctx, session.ID(tracker.GetSessionID()), 0, "" /* format */)
 	err = nil
 readLoop:
 	for {
@@ -7394,7 +7394,7 @@ outer:
 		time.Sleep(time.Second * 5)
 
 		receivedSession := make([]apievents.AuditEvent, 0)
-		sessionPlayback, e := api.StreamSessionEvents(ctx, sessionID, 0)
+		sessionPlayback, e := api.StreamSessionEvents(ctx, sessionID, 0, "" /* format */)
 
 	inner:
 		for {

integrations/event-handler/teleport_events_watcher.go

@@ -46,7 +46,7 @@ type TeleportSearchEventsClient interface {
 	// SearchEvents searches for events in the audit log and returns them using their protobuf representation.
 	SearchEvents(ctx context.Context, fromUTC, toUTC time.Time, namespace string, eventTypes []string, limit int, order types.EventOrder, startKey string) ([]events.AuditEvent, string, error)
 	// StreamSessionEvents returns session events stream for a given session ID using their protobuf representation.
-	StreamSessionEvents(ctx context.Context, sessionID string, startIndex int64) (chan events.AuditEvent, chan error)
+	StreamSessionEvents(ctx context.Context, sessionID string, startIndex int64, format string) (chan events.AuditEvent, chan error)
 	// SearchUnstructuredEvents searches for events in the audit log and returns them using an unstructured representation (structpb.Struct).
 	SearchUnstructuredEvents(ctx context.Context, fromUTC, toUTC time.Time, namespace string, eventTypes []string, limit int, order types.EventOrder, startKey string) ([]*auditlogpb.EventUnstructured, string, error)
 	// StreamUnstructuredSessionEvents returns session events stream for a given session ID using an unstructured representation (structpb.Struct).
@@ -401,7 +401,7 @@ func (t *TeleportEventsWatcher) Events(ctx context.Context) (chan *TeleportEvent
 
 // StreamSessionEvents returns session event stream, that's the simple delegate to an API function
 func (t *TeleportEventsWatcher) StreamUnstructuredSessionEvents(ctx context.Context, id string, index int64) (chan *auditlogpb.EventUnstructured, chan error) {
-	return t.client.StreamUnstructuredSessionEvents(ctx, id, index)
+	return t.client.StreamUnstructuredSessionEvents(ctx, id, index, "" /* format */)
 }
 
 // UpsertLock upserts user lock

lib/auth/auth_with_roles.go

@@ -6086,7 +6086,7 @@ func (a *ServerWithRoles) ReplaceRemoteLocks(ctx context.Context, clusterName st
 // StreamSessionEvents streams all events from a given session recording. An error is returned on the first
 // channel if one is encountered. Otherwise the event channel is closed when the stream ends.
 // The event channel is not closed on error to prevent race conditions in downstream select statements.
-func (a *ServerWithRoles) StreamSessionEvents(ctx context.Context, sessionID session.ID, startIndex int64) (chan apievents.AuditEvent, chan error) {
+func (a *ServerWithRoles) StreamSessionEvents(ctx context.Context, sessionID session.ID, startIndex int64, format string) (chan apievents.AuditEvent, chan error) {
 	createErrorChannel := func(err error) (chan apievents.AuditEvent, chan error) {
 		e := make(chan error, 1)
 		e <- trace.Wrap(err)
@@ -6114,12 +6114,13 @@ func (a *ServerWithRoles) StreamSessionEvents(ctx context.Context, sessionID ses
 			},
 			SessionID:    sessionID.String(),
 			UserMetadata: a.context.Identity.GetIdentity().GetUserMetadata(),
+			Format:       format,
 		}); err != nil {
 			return createErrorChannel(err)
 		}
 	}
 
-	return a.alog.StreamSessionEvents(ctx, sessionID, startIndex)
+	return a.alog.StreamSessionEvents(ctx, sessionID, startIndex, format)
 }
 
 // CreateApp creates a new application resource.

lib/auth/auth_with_roles_test.go

@@ -2146,7 +2146,7 @@ func TestStreamSessionEventsRBAC(t *testing.T) {
 
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
-	_, errC := clt.StreamSessionEvents(ctx, "foo", 0)
+	_, errC := clt.StreamSessionEvents(ctx, "foo", 0, "" /* format */)
 	select {
 	case err := <-errC:
 		require.ErrorAs(t, err, new(*trace.AccessDeniedError))
@@ -2172,7 +2172,7 @@ func TestStreamSessionEvents_User(t *testing.T) {
 	require.NoError(t, err)
 
 	// ignore the response as we don't want the events or the error (the session will not exist)
-	_, _ = clt.StreamSessionEvents(ctx, "44c6cea8-362f-11ea-83aa-125400432324", 0)
+	_, _ = clt.StreamSessionEvents(ctx, "44c6cea8-362f-11ea-83aa-125400432324", 0, teleport.JSON)
 
 	// we need to wait for a short period to ensure the event is returned
 	time.Sleep(500 * time.Millisecond)
@@ -2188,6 +2188,7 @@ func TestStreamSessionEvents_User(t *testing.T) {
 
 	event := searchEvents[0].(*apievents.SessionRecordingAccess)
 	require.Equal(t, username, event.User)
+	require.Equal(t, teleport.JSON, event.Format)
 }
 
 // TestStreamSessionEvents_Builtin ensures that when a builtin role streams a session's events, it does not emit
@@ -2204,7 +2205,7 @@ func TestStreamSessionEvents_Builtin(t *testing.T) {
 	require.NoError(t, err)
 
 	// ignore the response as we don't want the events or the error (the session will not exist)
-	_, _ = clt.StreamSessionEvents(ctx, "44c6cea8-362f-11ea-83aa-125400432324", 0)
+	_, _ = clt.StreamSessionEvents(ctx, "44c6cea8-362f-11ea-83aa-125400432324", 0, "" /* format */)
 
 	// we need to wait for a short period to ensure the event is returned
 	time.Sleep(500 * time.Millisecond)
@@ -2240,7 +2241,7 @@ func TestStreamSessionEvents(t *testing.T) {
 	t.Cleanup(cancel)
 
 	// ignore the response as we don't want the events or the error (the session will not exist)
-	clt.StreamSessionEvents(ctx, session.ID("44c6cea8-362f-11ea-83aa-125400432324"), 0)
+	clt.StreamSessionEvents(ctx, session.ID("44c6cea8-362f-11ea-83aa-125400432324"), 0, teleport.JSON)
 
 	// we need to wait for a short period to ensure the event is returned
 	time.Sleep(500 * time.Millisecond)
@@ -2255,6 +2256,7 @@ func TestStreamSessionEvents(t *testing.T) {
 
 	event := searchEvents[0].(*apievents.SessionRecordingAccess)
 	require.Equal(t, username, event.User)
+	require.Equal(t, teleport.JSON, event.Format)
 }
 
 // TestAPILockedOut tests Auth API when there are locks involved.
@@ -6172,7 +6174,7 @@ func TestLocalServiceRolesHavePermissionsForUploaderService(t *testing.T) {
 				t.Cleanup(func() { s.alog = originalLog })
 				s.alog = events.NewDiscardAuditLog()
 
-				eventC, errC := s.StreamSessionEvents(ctx, "foo", 0)
+				eventC, errC := s.StreamSessionEvents(ctx, "foo", 0, "" /* format */)
 				select {
 				case err := <-errC:
 					require.NoError(t, err)

lib/auth/authclient/clt.go

@@ -337,8 +337,8 @@ func (c *Client) CompareAndSwapUser(ctx context.Context, new, expected types.Use
 // StreamSessionEvents streams all events from a given session recording. An error is returned on the first
 // channel if one is encountered. Otherwise the event channel is closed when the stream ends.
 // The event channel is not closed on error to prevent race conditions in downstream select statements.
-func (c *Client) StreamSessionEvents(ctx context.Context, sessionID session.ID, startIndex int64) (chan apievents.AuditEvent, chan error) {
-	return c.APIClient.StreamSessionEvents(ctx, string(sessionID), startIndex)
+func (c *Client) StreamSessionEvents(ctx context.Context, sessionID session.ID, startIndex int64, format string) (chan apievents.AuditEvent, chan error) {
+	return c.APIClient.StreamSessionEvents(ctx, string(sessionID), startIndex, format)
 }
 
 // SearchEvents allows searching for audit events with pagination support.

lib/auth/grpcserver.go

@@ -3385,7 +3385,7 @@ func (g *GRPCServer) StreamSessionEvents(req *authpb.StreamSessionEventsRequest,
 		return trace.Wrap(err)
 	}
 
-	c, e := auth.ServerWithRoles.StreamSessionEvents(stream.Context(), session.ID(req.SessionID), int64(req.StartIndex))
+	c, e := auth.ServerWithRoles.StreamSessionEvents(stream.Context(), session.ID(req.SessionID), int64(req.StartIndex), req.Format)
 	for {
 		select {
 		case event, more := <-c:
@@ -5573,7 +5573,7 @@ func (g *GRPCServer) StreamUnstructuredSessionEvents(req *auditlogpb.StreamUnstr
 		return trace.Wrap(err)
 	}
 
-	c, e := auth.ServerWithRoles.StreamSessionEvents(stream.Context(), session.ID(req.SessionId), int64(req.StartIndex))
+	c, e := auth.ServerWithRoles.StreamSessionEvents(stream.Context(), session.ID(req.SessionId), int64(req.StartIndex), "" /* format */)
 
 	for {
 		select {

lib/client/player.go

@@ -39,6 +39,7 @@ func (p *playFromFileStreamer) StreamSessionEvents(
 	ctx context.Context,
 	sessionID session.ID,
 	startIndex int64,
+	_ string,
 ) (chan apievents.AuditEvent, chan error) {
 	evts := make(chan apievents.AuditEvent)
 	errs := make(chan error, 1)

lib/events/api.go

@@ -1011,7 +1011,7 @@ type SessionStreamer interface {
 	// statements. Both returned channels must be driven until the event channel
 	// is exhausted or the error channel reports an error, or until the context
 	// is canceled.
-	StreamSessionEvents(ctx context.Context, sessionID session.ID, startIndex int64) (chan apievents.AuditEvent, chan error)
+	StreamSessionEvents(ctx context.Context, sessionID session.ID, startIndex int64, format string) (chan apievents.AuditEvent, chan error)
 }
 
 type SearchEventsRequest struct {

lib/events/auditlog.go

@@ -504,7 +504,7 @@ func (l *AuditLog) GetEventExportChunks(ctx context.Context, req *auditlogpb.Get
 }
 
 // StreamSessionEvents implements [SessionStreamer].
-func (l *AuditLog) StreamSessionEvents(ctx context.Context, sessionID session.ID, startIndex int64) (chan apievents.AuditEvent, chan error) {
+func (l *AuditLog) StreamSessionEvents(ctx context.Context, sessionID session.ID, startIndex int64, _ string) (chan apievents.AuditEvent, chan error) {
 	l.log.DebugContext(ctx, "StreamSessionEvents", "session_id", string(sessionID))
 	e := make(chan error, 1)
 	c := make(chan apievents.AuditEvent)

lib/events/auditlog_test.go

@@ -132,7 +132,7 @@ func TestConcurrentStreaming(t *testing.T) {
 	errors := make(chan error, streams)
 	for i := 0; i < streams; i++ {
 		go func() {
-			eventsC, errC := alog.StreamSessionEvents(ctx, sid, 0)
+			eventsC, errC := alog.StreamSessionEvents(ctx, sid, 0, "" /* format */)
 			for {
 				select {
 				case err := <-errC:

lib/events/complete.go

@@ -350,7 +350,7 @@ func (u *UploadCompleter) ensureSessionEndEvent(ctx context.Context, uploadData
 	var lastEvent events.AuditEvent
 	ctx, cancel := context.WithCancel(ctx)
 	defer cancel()
-	evts, errors := u.cfg.AuditLog.StreamSessionEvents(ctx, uploadData.SessionID, 0)
+	evts, errors := u.cfg.AuditLog.StreamSessionEvents(ctx, uploadData.SessionID, 0, "" /* format */)
 
 loop:
 	for {

lib/events/discard.go

@@ -65,7 +65,7 @@ func (d *DiscardAuditLog) EmitAuditEvent(ctx context.Context, event apievents.Au
 	return nil
 }
 
-func (d *DiscardAuditLog) StreamSessionEvents(ctx context.Context, sessionID session.ID, startIndex int64) (chan apievents.AuditEvent, chan error) {
+func (d *DiscardAuditLog) StreamSessionEvents(ctx context.Context, sessionID session.ID, startIndex int64, _ string) (chan apievents.AuditEvent, chan error) {
 	c, e := make(chan apievents.AuditEvent), make(chan error, 1)
 	close(c)
 	return c, e

lib/events/eventstest/mock_auditlog.go

@@ -33,7 +33,7 @@ type MockAuditLog struct {
 	SessionEvents []apievents.AuditEvent
 }
 
-func (m *MockAuditLog) StreamSessionEvents(ctx context.Context, sid session.ID, startIndex int64) (chan apievents.AuditEvent, chan error) {
+func (m *MockAuditLog) StreamSessionEvents(ctx context.Context, sid session.ID, startIndex int64, _ string) (chan apievents.AuditEvent, chan error) {
 	errors := make(chan error, 1)
 	events := make(chan apievents.AuditEvent)
 

lib/events/eventstest/streamer.go

@@ -42,7 +42,7 @@ type fakeStreamer struct {
 	interval time.Duration
 }
 
-func (f fakeStreamer) StreamSessionEvents(ctx context.Context, sessionID session.ID, startIndex int64) (chan apievents.AuditEvent, chan error) {
+func (f fakeStreamer) StreamSessionEvents(ctx context.Context, sessionID session.ID, startIndex int64, _ string) (chan apievents.AuditEvent, chan error) {
 	errors := make(chan error, 1)
 	events := make(chan apievents.AuditEvent)
 

lib/player/player.go

@@ -90,6 +90,7 @@ type Streamer interface {
 		ctx context.Context,
 		sessionID session.ID,
 		startIndex int64,
+		format string,
 	) (chan events.AuditEvent, chan error)
 }
 
@@ -182,7 +183,7 @@ func (p *Player) stream() {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
-	eventsC, errC := p.streamer.StreamSessionEvents(ctx, p.sessionID, 0)
+	eventsC, errC := p.streamer.StreamSessionEvents(ctx, p.sessionID, 0, teleport.PTY)
 	lastDelay := int64(0)
 	for {
 		select {

lib/player/player_test.go

@@ -328,7 +328,7 @@ type simpleStreamer struct {
 	delay int64 // milliseconds
 }
 
-func (s *simpleStreamer) StreamSessionEvents(ctx context.Context, sessionID session.ID, startIndex int64) (chan apievents.AuditEvent, chan error) {
+func (s *simpleStreamer) StreamSessionEvents(ctx context.Context, sessionID session.ID, startIndex int64, _ string) (chan apievents.AuditEvent, chan error) {
 	errors := make(chan error, 1)
 	evts := make(chan apievents.AuditEvent)
 
@@ -366,7 +366,7 @@ type databaseStreamer struct {
 	idx      int64
 }
 
-func (d *databaseStreamer) StreamSessionEvents(ctx context.Context, sessionID session.ID, startIndex int64) (chan apievents.AuditEvent, chan error) {
+func (d *databaseStreamer) StreamSessionEvents(ctx context.Context, sessionID session.ID, startIndex int64, _ string) (chan apievents.AuditEvent, chan error) {
 	errors := make(chan error, 1)
 	evts := make(chan apievents.AuditEvent)
 

tool/tsh/common/play.go

@@ -137,7 +137,7 @@ func exportSession(cf *CLIConf) error {
 	}
 	defer clusterClient.Close()
 
-	eventC, errC := clusterClient.AuthClient.StreamSessionEvents(cf.Context, *sid, 0)
+	eventC, errC := clusterClient.AuthClient.StreamSessionEvents(cf.Context, *sid, 0, format)
 
 	var exporter sessionExporter
 	switch format {

tool/tsh/common/recording_export.go

@@ -91,7 +91,8 @@ func writeMovie(ctx context.Context, ss events.SessionStreamer, sid session.ID,
 	var width, height int32
 	currentFilename := makeAVIFileName(prefix, fileCount)
 
-	evts, errs := ss.StreamSessionEvents(ctx, sid, 0)
+	// TODO(gabrielcorado): Define a recording format for this.
+	evts, errs := ss.StreamSessionEvents(ctx, sid, 0, "" /* format */)
 	fastPathReceived := false
 loop:
 	for {