duopull

package module

v0.0.0-...-10dc7e0 Latest Latest Go to latest Published: Feb 7, 2020 License: MPL-2.0 Imports: 21 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mozilla-services/foxsec-pipeline-contrib

Links

Open Source Insights

README ¶

Cloud Function for Duo Log Collection

This is a Cloud function that pulls administration/authentication/telephony logs from the Duo API and pushes them into a logging pipeline via Stackdriver.

Basic operation

The function stores state information in Datastore. The state information is essentially timestamp data indicating when the last log message from the API was collected, so the function knows when to begin requesting logs from for the next period. After the function runs it updates the state data for the next iteration.

When log data is read, it is written to Stackdriver.

Deployment

GCP Cloud Function Environment

The following settings are required for deployment.

KMS_KEYNAME

The Cloud KMS key name to use to try and decrypt IKEY and SKEY.

DUOPULL_HOST

The Duo admin API host requests for logs will be made to.

DUOPULL_IKEY

The authentication identity to be used for API requests.

DUOPULL_SKEY

The secret key to be used for API requests.

Development

Running locally

go run cmd/main.go

Environment

GCP_PROJECT

GCP_PROJECT is set automatically by GCP when you deploy it as a Cloud Function, but if you want to test Datastore or Stackdriver locally, you will need to set it.

DEBUGGCP

If the DEBUGGCP environment variable is set to 1, the function will generate mock events and make requests to https://www.mozilla.org instead of the actual Duo API to confirm outbound connectivity from the function. In this mode the function will update the state in datastore and send events to Stackdriver but will not make requests to the actual Duo API.

DEBUGDUO

In this mode the function will not execute as a Cloud Function but will poll the Duo API for log data, write the data to stdout and exit. The DEBUGDUO environment variable should be set to 1 to enable this mode.

Documentation ¶

Index ¶

Constants
Variables
func Duopull(ctx context.Context, psmsg PubSubMessage) error
type PubSubMessage

Constants ¶

View Source

const (
	ADMIN_ENDPOINT     = "/admin/v1/logs/administrator"
	AUTH_ENDPOINT      = "/admin/v2/logs/authentication"
	TELEPHONY_ENDPOINT = "/admin/v1/logs/telephony"

	LOGGER_NAME = "duopull"

	MINTIME_KIND      = "mintime"
	MINTIME_KEY       = "mintime"
	MINTIME_NAMESPACE = "mintime"
)

Variables ¶

View Source

var (
	PROJECT_ID string
	KEYNAME    string
)

Functions ¶

func Duopull ¶

func Duopull(ctx context.Context, psmsg PubSubMessage) error

Types ¶

type PubSubMessage ¶

type PubSubMessage struct {
	Data []byte `json:"data"`
}

PubSubMessage is used for the function signature of the main function (Duopull()) represent the data sent from PubSub. The data is not actually read, this is only used as a mechanism for triggering the function (using Cloud Scheduler or similiar)

Source Files ¶

View all Source files

duopull.go

Directories ¶

Path	Synopsis
cmd module

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL