Skip to content

Commit

Permalink
Add SAML SSO audit log fields
Browse files Browse the repository at this point in the history
  • Loading branch information
patriknordlen committed Sep 29, 2023
1 parent e6f58e6 commit f937137
Show file tree
Hide file tree
Showing 2 changed files with 128 additions and 122 deletions.
158 changes: 80 additions & 78 deletions github/orgs_audit_log.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,84 +43,86 @@ type PolicyOverrideReason struct {
// AuditEntry describes the fields that may be represented by various audit-log "action" entries.
// For a list of actions see - https://docs.github.com/en/github/setting-up-and-managing-organizations-and-teams/reviewing-the-audit-log-for-your-organization#audit-log-actions
type AuditEntry struct {
ActorIP *string `json:"actor_ip,omitempty"`
Action *string `json:"action,omitempty"` // The name of the action that was performed, for example `user.login` or `repo.create`.
Active *bool `json:"active,omitempty"`
ActiveWas *bool `json:"active_was,omitempty"`
Actor *string `json:"actor,omitempty"` // The actor who performed the action.
ActorLocation *ActorLocation `json:"actor_location,omitempty"`
BlockedUser *string `json:"blocked_user,omitempty"`
Business *string `json:"business,omitempty"`
CancelledAt *Timestamp `json:"cancelled_at,omitempty"`
CompletedAt *Timestamp `json:"completed_at,omitempty"`
Conclusion *string `json:"conclusion,omitempty"`
Config *HookConfig `json:"config,omitempty"`
ConfigWas *HookConfig `json:"config_was,omitempty"`
ContentType *string `json:"content_type,omitempty"`
CreatedAt *Timestamp `json:"created_at,omitempty"`
DeployKeyFingerprint *string `json:"deploy_key_fingerprint,omitempty"`
DocumentID *string `json:"_document_id,omitempty"`
Emoji *string `json:"emoji,omitempty"`
EnvironmentName *string `json:"environment_name,omitempty"`
Event *string `json:"event,omitempty"`
Events []string `json:"events,omitempty"`
EventsWere []string `json:"events_were,omitempty"`
Explanation *string `json:"explanation,omitempty"`
Fingerprint *string `json:"fingerprint,omitempty"`
HashedToken *string `json:"hashed_token,omitempty"`
HeadBranch *string `json:"head_branch,omitempty"`
HeadSHA *string `json:"head_sha,omitempty"`
HookID *int64 `json:"hook_id,omitempty"`
IsHostedRunner *bool `json:"is_hosted_runner,omitempty"`
JobName *string `json:"job_name,omitempty"`
JobWorkflowRef *string `json:"job_workflow_ref,omitempty"`
LimitedAvailability *bool `json:"limited_availability,omitempty"`
Message *string `json:"message,omitempty"`
Name *string `json:"name,omitempty"`
OAuthApplicationID *int64 `json:"oauth_application_id,omitempty"`
OldUser *string `json:"old_user,omitempty"`
OldPermission *string `json:"old_permission,omitempty"` // The permission level for membership changes, for example `admin` or `read`.
OpenSSHPublicKey *string `json:"openssh_public_key,omitempty"`
OperationType *string `json:"operation_type,omitempty"`
Org *string `json:"org,omitempty"`
OrgID *int64 `json:"org_id,omitempty"`
OverriddenCodes []string `json:"overridden_codes,omitempty"`
Permission *string `json:"permission,omitempty"` // The permission level for membership changes, for example `admin` or `read`.
PreviousVisibility *string `json:"previous_visibility,omitempty"`
ProgrammaticAccessType *string `json:"programmatic_access_type,omitempty"`
PullRequestID *int64 `json:"pull_request_id,omitempty"`
PullRequestTitle *string `json:"pull_request_title,omitempty"`
PullRequestURL *string `json:"pull_request_url,omitempty"`
ReadOnly *string `json:"read_only,omitempty"`
Reasons []*PolicyOverrideReason `json:"reasons,omitempty"`
Repo *string `json:"repo,omitempty"`
Repository *string `json:"repository,omitempty"`
RepositoryPublic *bool `json:"repository_public,omitempty"`
RunAttempt *int64 `json:"run_attempt,omitempty"`
RunnerGroupID *int64 `json:"runner_group_id,omitempty"`
RunnerGroupName *string `json:"runner_group_name,omitempty"`
RunnerID *int64 `json:"runner_id,omitempty"`
RunnerLabels []string `json:"runner_labels,omitempty"`
RunnerName *string `json:"runner_name,omitempty"`
RunNumber *int64 `json:"run_number,omitempty"`
SecretsPassed []string `json:"secrets_passed,omitempty"`
SourceVersion *string `json:"source_version,omitempty"`
StartedAt *Timestamp `json:"started_at,omitempty"`
TargetLogin *string `json:"target_login,omitempty"`
TargetVersion *string `json:"target_version,omitempty"`
Team *string `json:"team,omitempty"`
Timestamp *Timestamp `json:"@timestamp,omitempty"` // The time the audit log event occurred, given as a [Unix timestamp](http://en.wikipedia.org/wiki/Unix_time).
TokenID *int64 `json:"token_id,omitempty"`
TokenScopes *string `json:"token_scopes,omitempty"`
Topic *string `json:"topic,omitempty"`
TransportProtocolName *string `json:"transport_protocol_name,omitempty"` // A human readable name for the protocol (for example, HTTP or SSH) used to transfer Git data.
TransportProtocol *int `json:"transport_protocol,omitempty"` // The type of protocol (for example, HTTP=1 or SSH=2) used to transfer Git data.
TriggerID *int64 `json:"trigger_id,omitempty"`
User *string `json:"user,omitempty"` // The user that was affected by the action performed (if available).
UserAgent *string `json:"user_agent,omitempty"`
Visibility *string `json:"visibility,omitempty"` // The repository visibility, for example `public` or `private`.
WorkflowID *int64 `json:"workflow_id,omitempty"`
WorkflowRunID *int64 `json:"workflow_run_id,omitempty"`
ActorIP *string `json:"actor_ip,omitempty"`
Action *string `json:"action,omitempty"` // The name of the action that was performed, for example `user.login` or `repo.create`.
Active *bool `json:"active,omitempty"`
ActiveWas *bool `json:"active_was,omitempty"`
Actor *string `json:"actor,omitempty"` // The actor who performed the action.
ActorLocation *ActorLocation `json:"actor_location,omitempty"`
BlockedUser *string `json:"blocked_user,omitempty"`
Business *string `json:"business,omitempty"`
CancelledAt *Timestamp `json:"cancelled_at,omitempty"`
CompletedAt *Timestamp `json:"completed_at,omitempty"`
Conclusion *string `json:"conclusion,omitempty"`
Config *HookConfig `json:"config,omitempty"`
ConfigWas *HookConfig `json:"config_was,omitempty"`
ContentType *string `json:"content_type,omitempty"`
CreatedAt *Timestamp `json:"created_at,omitempty"`
DeployKeyFingerprint *string `json:"deploy_key_fingerprint,omitempty"`
DocumentID *string `json:"_document_id,omitempty"`
Emoji *string `json:"emoji,omitempty"`
EnvironmentName *string `json:"environment_name,omitempty"`
Event *string `json:"event,omitempty"`
Events []string `json:"events,omitempty"`
EventsWere []string `json:"events_were,omitempty"`
Explanation *string `json:"explanation,omitempty"`
ExternalIdentityNameID *string `json:"external_identity_nameid,omitempty"`
ExternalIdentityUsername *string `json:"external_identity_username,omitempty"`
Fingerprint *string `json:"fingerprint,omitempty"`
HashedToken *string `json:"hashed_token,omitempty"`
HeadBranch *string `json:"head_branch,omitempty"`
HeadSHA *string `json:"head_sha,omitempty"`
HookID *int64 `json:"hook_id,omitempty"`
IsHostedRunner *bool `json:"is_hosted_runner,omitempty"`
JobName *string `json:"job_name,omitempty"`
JobWorkflowRef *string `json:"job_workflow_ref,omitempty"`
LimitedAvailability *bool `json:"limited_availability,omitempty"`
Message *string `json:"message,omitempty"`
Name *string `json:"name,omitempty"`
OAuthApplicationID *int64 `json:"oauth_application_id,omitempty"`
OldUser *string `json:"old_user,omitempty"`
OldPermission *string `json:"old_permission,omitempty"` // The permission level for membership changes, for example `admin` or `read`.
OpenSSHPublicKey *string `json:"openssh_public_key,omitempty"`
OperationType *string `json:"operation_type,omitempty"`
Org *string `json:"org,omitempty"`
OrgID *int64 `json:"org_id,omitempty"`
OverriddenCodes []string `json:"overridden_codes,omitempty"`
Permission *string `json:"permission,omitempty"` // The permission level for membership changes, for example `admin` or `read`.
PreviousVisibility *string `json:"previous_visibility,omitempty"`
ProgrammaticAccessType *string `json:"programmatic_access_type,omitempty"`
PullRequestID *int64 `json:"pull_request_id,omitempty"`
PullRequestTitle *string `json:"pull_request_title,omitempty"`
PullRequestURL *string `json:"pull_request_url,omitempty"`
ReadOnly *string `json:"read_only,omitempty"`
Reasons []*PolicyOverrideReason `json:"reasons,omitempty"`
Repo *string `json:"repo,omitempty"`
Repository *string `json:"repository,omitempty"`
RepositoryPublic *bool `json:"repository_public,omitempty"`
RunAttempt *int64 `json:"run_attempt,omitempty"`
RunnerGroupID *int64 `json:"runner_group_id,omitempty"`
RunnerGroupName *string `json:"runner_group_name,omitempty"`
RunnerID *int64 `json:"runner_id,omitempty"`
RunnerLabels []string `json:"runner_labels,omitempty"`
RunnerName *string `json:"runner_name,omitempty"`
RunNumber *int64 `json:"run_number,omitempty"`
SecretsPassed []string `json:"secrets_passed,omitempty"`
SourceVersion *string `json:"source_version,omitempty"`
StartedAt *Timestamp `json:"started_at,omitempty"`
TargetLogin *string `json:"target_login,omitempty"`
TargetVersion *string `json:"target_version,omitempty"`
Team *string `json:"team,omitempty"`
Timestamp *Timestamp `json:"@timestamp,omitempty"` // The time the audit log event occurred, given as a [Unix timestamp](http://en.wikipedia.org/wiki/Unix_time).
TokenID *int64 `json:"token_id,omitempty"`
TokenScopes *string `json:"token_scopes,omitempty"`
Topic *string `json:"topic,omitempty"`
TransportProtocolName *string `json:"transport_protocol_name,omitempty"` // A human readable name for the protocol (for example, HTTP or SSH) used to transfer Git data.
TransportProtocol *int `json:"transport_protocol,omitempty"` // The type of protocol (for example, HTTP=1 or SSH=2) used to transfer Git data.
TriggerID *int64 `json:"trigger_id,omitempty"`
User *string `json:"user,omitempty"` // The user that was affected by the action performed (if available).
UserAgent *string `json:"user_agent,omitempty"`
Visibility *string `json:"visibility,omitempty"` // The repository visibility, for example `public` or `private`.
WorkflowID *int64 `json:"workflow_id,omitempty"`
WorkflowRunID *int64 `json:"workflow_run_id,omitempty"`

Data *AuditEntryData `json:"data,omitempty"`
}
Expand Down
92 changes: 48 additions & 44 deletions github/orgs_audit_log_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -223,50 +223,52 @@ func TestAuditEntry_Marshal(t *testing.T) {
testJSONMarshal(t, &AuditEntry{}, "{}")

u := &AuditEntry{
Action: String("a"),
Active: Bool(false),
ActiveWas: Bool(false),
Actor: String("ac"),
ActorIP: String("aip"),
ActorLocation: &ActorLocation{CountryCode: String("alcc")},
BlockedUser: String("bu"),
Business: String("b"),
CancelledAt: &Timestamp{referenceTime},
CompletedAt: &Timestamp{referenceTime},
Conclusion: String("c"),
Config: &HookConfig{URL: String("s")},
ConfigWas: &HookConfig{URL: String("s")},
ContentType: String("ct"),
CreatedAt: &Timestamp{referenceTime},
DeployKeyFingerprint: String("dkf"),
DocumentID: String("did"),
Emoji: String("e"),
EnvironmentName: String("en"),
Event: String("e"),
Events: []string{"s"},
EventsWere: []string{"s"},
Explanation: String("e"),
Fingerprint: String("f"),
HashedToken: String("ht"),
HeadBranch: String("hb"),
HeadSHA: String("hsha"),
HookID: Int64(1),
IsHostedRunner: Bool(false),
JobName: String("jn"),
LimitedAvailability: Bool(false),
Message: String("m"),
Name: String("n"),
OldPermission: String("op"),
OldUser: String("ou"),
OpenSSHPublicKey: String("osshpk"),
Org: String("o"),
OrgID: Int64(1),
Permission: String("p"),
PreviousVisibility: String("pv"),
ProgrammaticAccessType: String("pat"),
PullRequestID: Int64(1),
PullRequestTitle: String("prt"),
PullRequestURL: String("pru"),
Action: String("a"),
Active: Bool(false),
ActiveWas: Bool(false),
Actor: String("ac"),
ActorIP: String("aip"),
ActorLocation: &ActorLocation{CountryCode: String("alcc")},
BlockedUser: String("bu"),
Business: String("b"),
CancelledAt: &Timestamp{referenceTime},
CompletedAt: &Timestamp{referenceTime},
Conclusion: String("c"),
Config: &HookConfig{URL: String("s")},
ConfigWas: &HookConfig{URL: String("s")},
ContentType: String("ct"),
CreatedAt: &Timestamp{referenceTime},
DeployKeyFingerprint: String("dkf"),
DocumentID: String("did"),
Emoji: String("e"),
EnvironmentName: String("en"),
Event: String("e"),
Events: []string{"s"},
EventsWere: []string{"s"},
Explanation: String("e"),
ExternalIdentityNameID: String("ein"),
ExternalIdentityUsername: String("eiu"),
Fingerprint: String("f"),
HashedToken: String("ht"),
HeadBranch: String("hb"),
HeadSHA: String("hsha"),
HookID: Int64(1),
IsHostedRunner: Bool(false),
JobName: String("jn"),
LimitedAvailability: Bool(false),
Message: String("m"),
Name: String("n"),
OldPermission: String("op"),
OldUser: String("ou"),
OpenSSHPublicKey: String("osshpk"),
Org: String("o"),
OrgID: Int64(1),
Permission: String("p"),
PreviousVisibility: String("pv"),
ProgrammaticAccessType: String("pat"),
PullRequestID: Int64(1),
PullRequestTitle: String("prt"),
PullRequestURL: String("pru"),
Reasons: []*PolicyOverrideReason{{
Code: String("c"),
Message: String("m"),
Expand Down Expand Up @@ -339,6 +341,8 @@ func TestAuditEntry_Marshal(t *testing.T) {
"s"
],
"explanation": "e",
"external_identity_nameid": "ein",
"external_identity_username": "eiu",
"fingerprint": "f",
"hashed_token": "ht",
"head_branch": "hb",
Expand Down

0 comments on commit f937137

Please sign in to comment.