-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathlogging.go
149 lines (127 loc) · 6.21 KB
/
logging.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
// Copyright (c) David Bond, Tailscale Inc, & Contributors
// SPDX-License-Identifier: MIT
package tailscale
import (
"context"
"net/http"
)
// LoggingResource provides access to https://tailscale.com/api#tag/logging.
type LoggingResource struct {
*Client
}
const (
LogstreamSplunkEndpoint LogstreamEndpointType = "splunk"
LogstreamElasticEndpoint LogstreamEndpointType = "elastic"
LogstreamPantherEndpoint LogstreamEndpointType = "panther"
LogstreamCriblEndpoint LogstreamEndpointType = "cribl"
LogstreamDatadogEndpoint LogstreamEndpointType = "datadog"
LogstreamAxiomEndpoint LogstreamEndpointType = "axiom"
LogstreamS3Endpoint LogstreamEndpointType = "s3"
)
const (
LogTypeConfig LogType = "configuration"
LogTypeNetwork LogType = "network"
)
const (
CompressionFormatNone CompressionFormat = "none"
CompressionFormatZstd CompressionFormat = "zstd"
CompressionFormatGzip CompressionFormat = "gzip"
)
const (
S3AccessKeyAuthentication S3AuthenticationType = "accesskey"
S3RoleARNAuthentication S3AuthenticationType = "rolearn"
)
// LogstreamConfiguration type defines a log stream entity in tailscale.
type LogstreamConfiguration struct {
LogType LogType `json:"logType,omitempty"`
DestinationType LogstreamEndpointType `json:"destinationType,omitempty"`
URL string `json:"url,omitempty"`
User string `json:"user,omitempty"`
UploadPeriodMinutes int `json:"uploadPeriodMinutes,omitempty"`
CompressionFormat CompressionFormat `json:"compressionFormat,omitempty"`
S3Bucket string `json:"s3Bucket,omitempty"`
S3Region string `json:"s3Region,omitempty"`
S3KeyPrefix string `json:"s3KeyPrefix,omitempty"`
S3AuthenticationType S3AuthenticationType `json:"s3AuthenticationType,omitempty"`
S3AccessKeyID string `json:"s3AccessKeyId,omitempty"`
S3RoleARN string `json:"s3RoleArn,omitempty"`
S3ExternalID string `json:"s3ExternalId,omitempty"`
}
// SetLogstreamConfigurationRequest type defines a request for setting a LogstreamConfiguration.
type SetLogstreamConfigurationRequest struct {
DestinationType LogstreamEndpointType `json:"destinationType,omitempty"`
URL string `json:"url,omitempty"`
User string `json:"user,omitempty"`
Token string `json:"token,omitempty"`
UploadPeriodMinutes int `json:"uploadPeriodMinutes,omitempty"`
CompressionFormat CompressionFormat `json:"compressionFormat,omitempty"`
S3Bucket string `json:"s3Bucket,omitempty"`
S3Region string `json:"s3Region,omitempty"`
S3KeyPrefix string `json:"s3KeyPrefix,omitempty"`
S3AuthenticationType S3AuthenticationType `json:"s3AuthenticationType,omitempty"`
S3AccessKeyID string `json:"s3AccessKeyId,omitempty"`
S3SecretAccessKey string `json:"s3SecretAccessKey,omitempty"`
S3RoleARN string `json:"s3RoleArn,omitempty"`
S3ExternalID string `json:"s3ExternalId,omitempty"`
}
// LogstreamEndpointType describes the type of the endpoint.
type LogstreamEndpointType string
// LogType describes the type of logging.
type LogType string
// CompressionFormat specifies what kind of compression to use on logs.
type CompressionFormat string
// S3AuthenticationType describes the type of authentication used to stream logs to a LogstreamS3Endpoint.
type S3AuthenticationType string
// LogstreamConfiguration retrieves the tailnet's [LogstreamConfiguration] for the given [LogType].
func (lr *LoggingResource) LogstreamConfiguration(ctx context.Context, logType LogType) (*LogstreamConfiguration, error) {
req, err := lr.buildRequest(ctx, http.MethodGet, lr.buildTailnetURL("logging", logType, "stream"))
if err != nil {
return nil, err
}
return body[LogstreamConfiguration](lr, req)
}
// SetLogstreamConfiguration sets the tailnet's [LogstreamConfiguration] for the given [LogType].
func (lr *LoggingResource) SetLogstreamConfiguration(ctx context.Context, logType LogType, request SetLogstreamConfigurationRequest) error {
req, err := lr.buildRequest(ctx, http.MethodPut, lr.buildTailnetURL("logging", logType, "stream"), requestBody(request))
if err != nil {
return err
}
return lr.do(req, nil)
}
// DeleteLogstreamConfiguration deletes the tailnet's [LogstreamConfiguration] for the given [LogType].
func (lr *LoggingResource) DeleteLogstreamConfiguration(ctx context.Context, logType LogType) error {
req, err := lr.buildRequest(ctx, http.MethodDelete, lr.buildTailnetURL("logging", logType, "stream"))
if err != nil {
return err
}
return lr.do(req, nil)
}
// AWSExternalID represents an AWS External ID that Tailscale can use to stream logs from a
// particular Tailscale AWS account to a LogstreamS3Endpoint that uses S3RoleARNAuthentication.
type AWSExternalID struct {
ExternalID string `json:"externalId,omitempty"`
TailscaleAWSAccountID string `json:"tailscaleAwsAccountId,omitempty"`
}
// CreateOrGetAwsExternalId gets an AWS External ID that Tailscale can use to stream logs to
// a LogstreamS3Endpoint using S3RoleARNAuthentication, creating a new one for this tailnet
// when necessary.
func (lr *LoggingResource) CreateOrGetAwsExternalId(ctx context.Context, reusable bool) (*AWSExternalID, error) {
req, err := lr.buildRequest(ctx, http.MethodPost, lr.buildTailnetURL("aws-external-id"), requestBody(map[string]bool{
"reusable": reusable,
}))
if err != nil {
return nil, err
}
return body[AWSExternalID](lr, req)
}
// ValidateAWSTrustPolicy validates that Tailscale can assume your AWS IAM role with (and only
// with) the given AWS External ID.
func (lr *LoggingResource) ValidateAWSTrustPolicy(ctx context.Context, awsExternalID string, roleARN string) error {
req, err := lr.buildRequest(ctx, http.MethodPost, lr.buildTailnetURL("aws-external-id", awsExternalID, "validate-aws-trust-policy"), requestBody(map[string]string{
"roleArn": roleARN,
}))
if err != nil {
return err
}
return lr.do(req, nil)
}