Documentation ¶
Index ¶
- Variables
- func ContentTypeValid(s string) bool
- func OAuthClient(ctx context.Context, c *Credentials) *http.Client
- type AuditLogRecordType
- type AuditLogScope
- type AuditRecord
- type AuditService
- type Client
- type Content
- type ContentService
- type ContentType
- type Credentials
- type HumanReadableHandler
- type JSONHandler
- type JSONRecord
- type MemoryState
- type QueryParams
- type ResourceAudits
- type ResourceContent
- type ResourceHandler
- type ResourceSubscription
- type State
- type StateData
- type Subscription
- type SubscriptionService
- func (s *SubscriptionService) List(ctx context.Context) ([]Subscription, error)
- func (s *SubscriptionService) Start(ctx context.Context, ct *ContentType, webhook *Webhook) (*Subscription, error)
- func (s *SubscriptionService) Stop(ctx context.Context, ct *ContentType) error
- func (s *SubscriptionService) Watch(ctx context.Context, conf SubscriptionWatcherConfig, state State, ...) error
- type SubscriptionWatcher
- type SubscriptionWatcherConfig
- type UserType
- type Watcher
- type Webhook
Constants ¶
This section is empty.
Variables ¶
var ( // ErrBadRequest is a 400 http error. ErrBadRequest = errors.New("bad request") // ErrNotFound is a 404 http error. ErrNotFound = errors.New("not found") )
var ( RequestDateFormat = "2006-01-02" RequestDatetimeFormat = "2006-01-02T15:04" RequestDatetimeLargeFormat = "2006-01-02T15:04:05" CreatedDatetimeFormat = "2006-01-02T15:04:05.999Z" )
RequestFormats are the time.Format vars we must follow when providing datetime params to an API endpoint.
var ( ErrContentTypeRequired = errors.New("ContentType queryParam is required") ErrIntervalMismatch = errors.New("StartTime and EndTime must both be provided or not at all") ErrIntervalNegative = errors.New("interval given is 0 or negative") ErrIntervalDay = errors.New("interval given is more than 24 hours") ErrIntervalWeek = errors.New("StartTime given is more than 7 days in the past") )
error definition.
Functions ¶
func ContentTypeValid ¶
ContentTypeValid validates that a string is a valid ContentType.
func OAuthClient ¶
func OAuthClient(ctx context.Context, c *Credentials) *http.Client
OAuthClient returns an authenticated httpClient using the provided credentials.
Types ¶
type AuditLogRecordType ¶
type AuditLogRecordType int
AuditLogRecordType identifies the type of AuditRecord. https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-schema#enum-auditlogrecordtype---type-edmint32
const ( ExchangeAdmin AuditLogRecordType = iota + 1 ExchangeItem ExchangeItemGroup AzureActiveDirectory AzureActiveDirectoryAccountLogon DataCenterSecurityCmdlet Sway ComplianceDLPExchange AzureActiveDirectoryStsLogon SecurityComplianceCenterEOPCmdlet PowerBIAudit CRM Yammer SkypeForBusinessCmdlets Discovery MicrosoftTeams ThreatIntelligence MailSubmission MicrosoftFlow AeD MicrosoftStream Project DataGovernance SecurityComplianceAlerts ThreatIntelligenceURL SecurityComplianceInsights WorkplaceAnalytics PowerAppsApp ThreatIntelligenceAtpContent TeamsHealthcare DataInsightsRestAPIAudit AirInvestigation Quarantine MicrosoftForms )
AuditLogRecordType enum.
func (AuditLogRecordType) String ¶
func (a AuditLogRecordType) String() string
type AuditLogScope ¶
type AuditLogScope int
AuditLogScope identifies the scope of an AuditRecord. https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-schema#auditlogscope
const ( Online AuditLogScope = iota Onprem )
AuditLogScope enum.
func (AuditLogScope) String ¶
func (a AuditLogScope) String() string
type AuditRecord ¶
type AuditRecord struct { ID string `json:"Id"` RecordType AuditLogRecordType `json:"RecordType"` CreationTime string `json:"CreationTime"` Operation string `json:"Operation"` OrganizationID string `json:"OrganizationId"` UserType UserType `json:"UserType"` UserKey string `json:"UserKey"` Workload string `json:"Workload,omitempty"` ResultStatus string `json:"ResultStatus,omitempty"` ObjectID string `json:"ObjectId,omitempty"` UserID string `json:"UserId"` ClientIP string `json:"ClientIP"` Scope AuditLogScope `json:"Scope,omitempty"` }
AuditRecord represents an event or action returned by Audit endpoint.
type AuditService ¶
type AuditService service
AuditService .
func (*AuditService) List ¶
func (s *AuditService) List(ctx context.Context, contentID string) ([]AuditRecord, error)
List returns a list of events or actions.
Microsoft API Reference: https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference#retrieving-content To retrieve a content blob, make a GET request against the corresponding content URI that is included in the list of available content and in the notifications sent to a webhook. The returned content will be a collection of one more actions or events in JSON format.
type Client ¶
type Client struct { BaseURL *url.URL UserAgent string Subscription *SubscriptionService Content *ContentService Audit *AuditService // contains filtered or unexported fields }
A Client handles communication with the Microsoft Graph REST API.
func NewClient ¶
func NewClient(httpClient *http.Client, tenantID string, pubIdentifier string, l *logrus.Logger) *Client
NewClient creates a Client using the provided httpClient. If nil is provided, a default httpClient with a default timeout value is created. Note that the default client has no way of authenticating itself against the Microsoft Office365 Management Activity API. A convenience function is provided just for that: NewClientAuthenticated.
func NewClientAuthenticated ¶
func NewClientAuthenticated(c *Credentials, pubIdentifier string, l *logrus.Logger) *Client
NewClientAuthenticated returns an authenticated Client. pubIdentifier is used on Microsoft side to group queries together in terms of quotas and limitations.
type Content ¶
type Content struct { ContentType string `json:"contentType"` ContentID string `json:"contentId"` ContentURI string `json:"contentUri"` ContentCreated string `json:"contentCreated"` ContentExpiration string `json:"contentExpiration"` }
Content represents metadata needed for retreiving aggregated data.
type ContentService ¶
type ContentService service
ContentService .
func (*ContentService) List ¶
func (s *ContentService) List(ctx context.Context, ct *ContentType, startTime time.Time, endTime time.Time) ([]Content, error)
List returns a list of content available for retrieval.
Microsoft API Reference: https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference#list-available-content
This operation lists the content currently available for retrieval for the specified content type. The content is an aggregation of actions and events harvested from multiple servers across multiple datacenters. The content will be listed in the order in which the aggregations become available, but the events and actions within the aggregations are not guaranteed to be sequential. An error is returned if the subscription status is disabled.
type ContentType ¶
type ContentType int
ContentType represents a type and source of aggregated actions and events generated by the Microsoft Office 365 Management Activity API.
const ( AuditAzureActiveDirectory ContentType = iota AuditExchange AuditGeneral DLPAll )
ContentType enum.
func GetContentType ¶
func GetContentType(s string) (*ContentType, error)
GetContentType returns the ContentType represented by the provided string literal.
func GetContentTypes ¶
func GetContentTypes() []ContentType
GetContentTypes returns the list of ContentType.
func (ContentType) String ¶
func (c ContentType) String() string
type Credentials ¶
Credentials are used by OAuthClient.
type HumanReadableHandler ¶
type HumanReadableHandler struct {
// contains filtered or unexported fields
}
HumanReadableHandler implements the ResourceHandler interface. It prints a human readable formatted resource on the provided writer.
func NewHumanReadableHandler ¶
func NewHumanReadableHandler(w io.Writer) *HumanReadableHandler
NewHumanReadableHandler returns a printer using the provided writer.
func (HumanReadableHandler) Handle ¶
func (h HumanReadableHandler) Handle(in <-chan ResourceAudits, l *logrus.Logger) error
Handle .
type JSONHandler ¶
type JSONHandler struct {
// contains filtered or unexported fields
}
JSONHandler implements the ResourceHandler interface. It writes json representation of a resource on the provided writer.
func NewJSONHandler ¶
func NewJSONHandler(w io.Writer) *JSONHandler
NewJSONHandler returns a JSONHandler using the provided writer.
func (JSONHandler) Handle ¶
func (h JSONHandler) Handle(in <-chan ResourceAudits, l *logrus.Logger) error
Handle .
type JSONRecord ¶
type JSONRecord struct { ContentType string RequestTime time.Time Record AuditRecord }
JSONRecord is used for enriching AuditRecords with Request params.
type MemoryState ¶
type MemoryState struct {
// contains filtered or unexported fields
}
MemoryState is an in-memory State interface implementation.
type QueryParams ¶
QueryParams .
func (*QueryParams) AddContentType ¶
func (p *QueryParams) AddContentType(ct *ContentType) error
AddContentType .
func (*QueryParams) AddPubIdentifier ¶
func (p *QueryParams) AddPubIdentifier(pubIdentifier string)
AddPubIdentifier .
func (*QueryParams) AddStartEndTime ¶
AddStartEndTime .
type ResourceAudits ¶
type ResourceAudits struct { ContentType *ContentType RequestTime time.Time AuditRecord AuditRecord }
ResourceAudits .
type ResourceContent ¶
type ResourceContent struct { ContentType *ContentType RequestTime time.Time Content Content }
ResourceContent .
type ResourceHandler ¶
type ResourceHandler interface {
Handle(<-chan ResourceAudits, *logrus.Logger) error
}
ResourceHandler is an interface for handling streamed resources.
type ResourceSubscription ¶
type ResourceSubscription struct { ContentType *ContentType RequestTime time.Time Subscription Subscription }
ResourceSubscription .
type State ¶
type State interface { Read(io.Reader) error Write(io.Writer) error // contains filtered or unexported methods }
State is an interface for storinm and retrievinm Watcher state.
type StateData ¶
type StateData struct { LastContentCreated map[ContentType]time.Time LastRequestTime map[ContentType]time.Time }
StateData holds the internal state of MemoryState.
type Subscription ¶
type Subscription struct { ContentType string `json:"contentType"` Status string `json:"status"` Webhook *Webhook `json:"webhook"` }
Subscription represents a response.
type SubscriptionService ¶
type SubscriptionService service
SubscriptionService .
func (*SubscriptionService) List ¶
func (s *SubscriptionService) List(ctx context.Context) ([]Subscription, error)
List returns the list of subscriptions.
Microsoft API Reference: https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference#list-current-subscriptions
List current subscriptions This operation returns a collection of the current subscriptions together with the associated webhooks.
func (*SubscriptionService) Start ¶
func (s *SubscriptionService) Start(ctx context.Context, ct *ContentType, webhook *Webhook) (*Subscription, error)
Start will start a subscription for the specified content type. A payload can optionnaly be provided to enable a webhook that will send notifications periodically about available content. See below webhgook section for details.
Microsoft API Reference: https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference#start-a-subscription
This operation starts a subscription to the specified content type. If a subscription to the specified content type already exists, this operation is used to: - Update the properties of an active webhook. - Enable a webhook that was disabled because of excessive failed notifications. - Re-enable an expired webhook by specifying a later or null expiration date. - Remove a webhook.
Webhook validation ¶
When the /start operation is called and a webhook is specified, we will send a validation notification to the specified webhook address to validate that an active listener can accept and process notifications.
If we do not receive an HTTP 200 OK response, the subscription will not be created. Or, if /start is being called to add a webhook to an existing subscription and a response of HTTP 200 OK is not received, the webhook will not be added and the subscription will remain unchanged.
func (*SubscriptionService) Stop ¶
func (s *SubscriptionService) Stop(ctx context.Context, ct *ContentType) error
Stop stops a subscription for the provided ContentType.
Microsoft API Reference: https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference#stop-a-subscription
This operation stops a subscription to the specified content type. When a subscription is stopped, you will no longer receive notifications and you will not be able to retrieve available content. If the subscription is later restarted, you will have access to new content from that point forward. You will not be able to retrieve content that was available between the time the subscription was stopped and restarted.
func (*SubscriptionService) Watch ¶
func (s *SubscriptionService) Watch(ctx context.Context, conf SubscriptionWatcherConfig, state State, handler ResourceHandler) error
Watch is used as a dynamic way for fetching events. It will poll the current subscriptions for available content at regular intervals and returns a channel for consuming returned events. The context passed will ensure the channel is closed and any underlying API queries are notified.
type SubscriptionWatcher ¶
type SubscriptionWatcher struct { State Handler ResourceHandler // contains filtered or unexported fields }
SubscriptionWatcher implements the Watcher interface. It fecthes current subscriptions, then queries content available for a given interval and proceed to query audit records.
func NewSubscriptionWatcher ¶
func NewSubscriptionWatcher(client *Client, conf SubscriptionWatcherConfig, s State, h ResourceHandler) (*SubscriptionWatcher, error)
NewSubscriptionWatcher returns a new watcher that uses the provided client for querying the API.
type SubscriptionWatcherConfig ¶
SubscriptionWatcherConfig .
type UserType ¶
type UserType int
UserType identifies the type of user in AuditRecord. https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-schema#enum-user-type---type-edmint32
type Watcher ¶
type Watcher interface {
Run(context.Context) chan ResourceAudits
}
Watcher is an interface used by Watch for generating a stream of records.