office365

package
v0.1.0-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 4, 2020 License: MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrBadRequest is a 400 http error.
	ErrBadRequest = errors.New("bad request")
	// ErrNotFound is a 404 http error.
	ErrNotFound = errors.New("not found")
)
View Source 
var (
	RequestDateFormat          = "2006-01-02"
	RequestDatetimeFormat      = "2006-01-02T15:04"
	RequestDatetimeLargeFormat = "2006-01-02T15:04:05"

	CreatedDatetimeFormat = "2006-01-02T15:04:05.999Z"
)

RequestFormats are the time.Format vars we must follow when providing datetime params to an API endpoint.

View Source 
var (
	ErrContentTypeRequired = errors.New("ContentType queryParam is required")
	ErrIntervalMismatch    = errors.New("StartTime and EndTime must both be provided or not at all")
	ErrIntervalNegative    = errors.New("interval given is 0 or negative")
	ErrIntervalDay         = errors.New("interval given is more than 24 hours")
	ErrIntervalWeek        = errors.New("StartTime given is more than 7 days in the past")
)

error definition.

Functions

func ContentTypeValid 

func ContentTypeValid(s string) bool

ContentTypeValid validates that a string is a valid ContentType.

func OAuthClient 

func OAuthClient(ctx context.Context, c *Credentials) *http.Client

OAuthClient returns an authenticated httpClient using the provided credentials.

Types

type AuditLogRecordType 

type AuditLogRecordType int

AuditLogRecordType identifies the type of AuditRecord. https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-schema#enum-auditlogrecordtype---type-edmint32 

const (
	ExchangeAdmin AuditLogRecordType = iota + 1
	ExchangeItem
	ExchangeItemGroup
	SharePoint
	SharePointFileOperation
	AzureActiveDirectory
	AzureActiveDirectoryAccountLogon
	DataCenterSecurityCmdlet
	ComplianceDLPSharePoint
	Sway
	ComplianceDLPExchange
	SharePointSharingOperation
	AzureActiveDirectoryStsLogon
	SecurityComplianceCenterEOPCmdlet
	PowerBIAudit
	CRM
	Yammer
	SkypeForBusinessCmdlets
	Discovery
	MicrosoftTeams
	ThreatIntelligence
	MailSubmission
	MicrosoftFlow
	AeD
	MicrosoftStream
	ComplianceDLPSharePointClassification
	Project
	SharePointListOperation
	DataGovernance
	SecurityComplianceAlerts
	ThreatIntelligenceURL
	SecurityComplianceInsights
	WorkplaceAnalytics
	PowerAppsApp
	ThreatIntelligenceAtpContent
	TeamsHealthcare
	DataInsightsRestAPIAudit
	SharePointListItemOperation
	SharePointContentTypeOperation
	SharePointFieldOperation
	AirInvestigation
	Quarantine
	MicrosoftForms
)

AuditLogRecordType enum.

func (AuditLogRecordType) String 

func (a AuditLogRecordType) String() string

type AuditLogScope 

type AuditLogScope int

AuditLogScope identifies the scope of an AuditRecord. https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-schema#auditlogscope 

const (
	Online AuditLogScope = iota
	Onprem
)

AuditLogScope enum.

func (AuditLogScope) String 

func (a AuditLogScope) String() string

type AuditRecord 

type AuditRecord struct {
	ID             string             `json:"Id"`
	RecordType     AuditLogRecordType `json:"RecordType"`
	CreationTime   string             `json:"CreationTime"`
	Operation      string             `json:"Operation"`
	OrganizationID string             `json:"OrganizationId"`
	UserType       UserType           `json:"UserType"`
	UserKey        string             `json:"UserKey"`
	Workload       string             `json:"Workload,omitempty"`
	ResultStatus   string             `json:"ResultStatus,omitempty"`
	ObjectID       string             `json:"ObjectId,omitempty"`
	UserID         string             `json:"UserId"`
	ClientIP       string             `json:"ClientIP"`
	Scope          AuditLogScope      `json:"Scope,omitempty"`
}

AuditRecord represents an event or action returned by Audit endpoint.

type AuditService 

type AuditService service

AuditService .

func (*AuditService) List 

func (s *AuditService) List(ctx context.Context, contentID string) ([]AuditRecord, error)

List returns a list of events or actions.

Microsoft API Reference: https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference#retrieving-content To retrieve a content blob, make a GET request against the corresponding content URI that is included in the list of available content and in the notifications sent to a webhook. The returned content will be a collection of one more actions or events in JSON format.

type Client 

type Client struct {
	BaseURL   *url.URL
	UserAgent string

	Subscription *SubscriptionService
	Content      *ContentService
	Audit        *AuditService
	// contains filtered or unexported fields
}

A Client handles communication with the Microsoft Graph REST API.

func NewClient 

func NewClient(httpClient *http.Client, tenantID string, pubIdentifier string, l *logrus.Logger) *Client

NewClient creates a Client using the provided httpClient. If nil is provided, a default httpClient with a default timeout value is created. Note that the default client has no way of authenticating itself against the Microsoft Office365 Management Activity API. A convenience function is provided just for that: NewClientAuthenticated.

func NewClientAuthenticated 

func NewClientAuthenticated(c *Credentials, pubIdentifier string, l *logrus.Logger) *Client

NewClientAuthenticated returns an authenticated Client. pubIdentifier is used on Microsoft side to group queries together in terms of quotas and limitations.

func (*Client) Version 

func (c *Client) Version() string

Version returns the client version.

type Content 

type Content struct {
	ContentType       string `json:"contentType"`
	ContentID         string `json:"contentId"`
	ContentURI        string `json:"contentUri"`
	ContentCreated    string `json:"contentCreated"`
	ContentExpiration string `json:"contentExpiration"`
}

Content represents metadata needed for retreiving aggregated data.

type ContentService 

type ContentService service

ContentService .

func (*ContentService) List 

func (s *ContentService) List(ctx context.Context, ct *ContentType, startTime time.Time, endTime time.Time) ([]Content, error)

List returns a list of content available for retrieval.

Microsoft API Reference: https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference#list-available-content

This operation lists the content currently available for retrieval for the specified content type. The content is an aggregation of actions and events harvested from multiple servers across multiple datacenters. The content will be listed in the order in which the aggregations become available, but the events and actions within the aggregations are not guaranteed to be sequential. An error is returned if the subscription status is disabled.

type ContentType 

type ContentType int

ContentType represents a type and source of aggregated actions and events generated by the Microsoft Office 365 Management Activity API. 

const (
	AuditAzureActiveDirectory ContentType = iota
	AuditExchange
	AuditSharePoint
	AuditGeneral
	DLPAll
)

ContentType enum.

func GetContentType 

func GetContentType(s string) (*ContentType, error)

GetContentType returns the ContentType represented by the provided string literal.

func GetContentTypes 

func GetContentTypes() []ContentType

GetContentTypes returns the list of ContentType.

func (ContentType) String 

func (c ContentType) String() string

type Credentials 

type Credentials struct {
	ClientID     string
	ClientSecret string
	TenantDomain string
	TenantID     string
}

Credentials are used by OAuthClient.

type HumanReadableHandler 

type HumanReadableHandler struct {
	// contains filtered or unexported fields
}

HumanReadableHandler implements the ResourceHandler interface. It prints a human readable formatted resource on the provided writer.

func NewHumanReadableHandler 

func NewHumanReadableHandler(w io.Writer) *HumanReadableHandler

NewHumanReadableHandler returns a printer using the provided writer.

func (HumanReadableHandler) Handle 

func (h HumanReadableHandler) Handle(in <-chan ResourceAudits, l *logrus.Logger) error

Handle .

type JSONHandler 

type JSONHandler struct {
	// contains filtered or unexported fields
}

JSONHandler implements the ResourceHandler interface. It writes json representation of a resource on the provided writer.

func NewJSONHandler 

func NewJSONHandler(w io.Writer) *JSONHandler

NewJSONHandler returns a JSONHandler using the provided writer.

func (JSONHandler) Handle 

func (h JSONHandler) Handle(in <-chan ResourceAudits, l *logrus.Logger) error

Handle .

type JSONRecord 

type JSONRecord struct {
	ContentType string
	RequestTime time.Time
	Record      AuditRecord
}

JSONRecord is used for enriching AuditRecords with Request params.

type MemoryState 

type MemoryState struct {
	// contains filtered or unexported fields
}

MemoryState is an in-memory State interface implementation.

func NewMemoryState 

func NewMemoryState() *MemoryState

NewMemoryState returns a new MemoryState.

func (*MemoryState) Read 

func (m *MemoryState) Read(r io.Reader) error

Read will decode json from a reader and populate its state.

func (*MemoryState) Write 

func (m *MemoryState) Write(w io.Writer) error

Write will encode its state as json to a writer.

type QueryParams 

type QueryParams struct {
	url.Values
}

QueryParams .

func NewQueryParams 

func NewQueryParams() *QueryParams

NewQueryParams .

func (*QueryParams) AddContentType 

func (p *QueryParams) AddContentType(ct *ContentType) error

AddContentType .

func (*QueryParams) AddPubIdentifier 

func (p *QueryParams) AddPubIdentifier(pubIdentifier string)

AddPubIdentifier .

func (*QueryParams) AddStartEndTime 

func (p *QueryParams) AddStartEndTime(startTime time.Time, endTime time.Time) error

AddStartEndTime .

type ResourceAudits 

type ResourceAudits struct {
	ContentType *ContentType
	RequestTime time.Time
	AuditRecord AuditRecord
}

ResourceAudits .

type ResourceContent 

type ResourceContent struct {
	ContentType *ContentType
	RequestTime time.Time
	Content     Content
}

ResourceContent .

type ResourceHandler 

type ResourceHandler interface {
	Handle(<-chan ResourceAudits, *logrus.Logger) error
}

ResourceHandler is an interface for handling streamed resources.

type ResourceSubscription 

type ResourceSubscription struct {
	ContentType  *ContentType
	RequestTime  time.Time
	Subscription Subscription
}

ResourceSubscription .

type State 

type State interface {
	Read(io.Reader) error
	Write(io.Writer) error
	// contains filtered or unexported methods
}

State is an interface for storinm and retrievinm Watcher state.

type StateData 

type StateData struct {
	LastContentCreated map[ContentType]time.Time
	LastRequestTime    map[ContentType]time.Time
}

StateData holds the internal state of MemoryState.

type Subscription 

type Subscription struct {
	ContentType string   `json:"contentType"`
	Status      string   `json:"status"`
	Webhook     *Webhook `json:"webhook"`
}

Subscription represents a response.

type SubscriptionService 

type SubscriptionService service

SubscriptionService .

func (*SubscriptionService) List 

func (s *SubscriptionService) List(ctx context.Context) ([]Subscription, error)

List returns the list of subscriptions.

Microsoft API Reference: https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference#list-current-subscriptions

List current subscriptions This operation returns a collection of the current subscriptions together with the associated webhooks.

func (*SubscriptionService) Start 

func (s *SubscriptionService) Start(ctx context.Context, ct *ContentType, webhook *Webhook) (*Subscription, error)

Start will start a subscription for the specified content type. A payload can optionnaly be provided to enable a webhook that will send notifications periodically about available content. See below webhgook section for details.

Microsoft API Reference: https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference#start-a-subscription

This operation starts a subscription to the specified content type. If a subscription to the specified content type already exists, this operation is used to: - Update the properties of an active webhook. - Enable a webhook that was disabled because of excessive failed notifications. - Re-enable an expired webhook by specifying a later or null expiration date. - Remove a webhook.

Webhook validation

When the /start operation is called and a webhook is specified, we will send a validation notification to the specified webhook address to validate that an active listener can accept and process notifications.

If we do not receive an HTTP 200 OK response, the subscription will not be created. Or, if /start is being called to add a webhook to an existing subscription and a response of HTTP 200 OK is not received, the webhook will not be added and the subscription will remain unchanged.

func (*SubscriptionService) Stop 

func (s *SubscriptionService) Stop(ctx context.Context, ct *ContentType) error

Stop stops a subscription for the provided ContentType.

Microsoft API Reference: https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference#stop-a-subscription

This operation stops a subscription to the specified content type. When a subscription is stopped, you will no longer receive notifications and you will not be able to retrieve available content. If the subscription is later restarted, you will have access to new content from that point forward. You will not be able to retrieve content that was available between the time the subscription was stopped and restarted.

func (*SubscriptionService) Watch 

func (s *SubscriptionService) Watch(ctx context.Context, conf SubscriptionWatcherConfig, state State, handler ResourceHandler) error

Watch is used as a dynamic way for fetching events. It will poll the current subscriptions for available content at regular intervals and returns a channel for consuming returned events. The context passed will ensure the channel is closed and any underlying API queries are notified.

type SubscriptionWatcher 

type SubscriptionWatcher struct {
	State
	Handler ResourceHandler
	// contains filtered or unexported fields
}

SubscriptionWatcher implements the Watcher interface. It fecthes current subscriptions, then queries content available for a given interval and proceed to query audit records.

func NewSubscriptionWatcher 

func NewSubscriptionWatcher(client *Client, conf SubscriptionWatcherConfig, s State, h ResourceHandler) (*SubscriptionWatcher, error)

NewSubscriptionWatcher returns a new watcher that uses the provided client for querying the API.

func (*SubscriptionWatcher) Run 

func (s *SubscriptionWatcher) Run(ctx context.Context) error

Run implements the Watcher interface.

type SubscriptionWatcherConfig 

type SubscriptionWatcherConfig struct {
	LookBehindMinutes     int
	TickerIntervalSeconds int
}

SubscriptionWatcherConfig .

type UserType 

type UserType int

UserType identifies the type of user in AuditRecord. https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-schema#enum-user-type---type-edmint32 

const (
	Regular UserType = iota
	Reserved
	Admin
	DcAdmin
	System
	Application
	ServicePrincipal
	CustomPolicy
	SystemPolicy
)

UserType enum.

func (UserType) String 

func (u UserType) String() string

type Watcher 

type Watcher interface {
	Run(context.Context) chan ResourceAudits
}

Watcher is an interface used by Watch for generating a stream of records.

type Webhook 

type Webhook struct {
	Status     string `json:"status,omitempty"`
	Address    string `json:"address"`
	AuthID     string `json:"authId,omitempty"`
	Expiration string `json:"expiration,omitempty"`
}

Webhook represents both a response and a request payload.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.