rename audit event

gravitational · Dec 12, 2024 · 0113110 · 0113110
1 parent f3d62c2
commit 0113110
Show file tree

Hide file tree

Showing 12 changed files with 1,202 additions and 1,204 deletions.
diff --git a/api/proto/teleport/legacy/types/events/events.proto b/api/proto/teleport/legacy/types/events/events.proto
@@ -4708,7 +4708,7 @@ message OneOf {
     events.WorkloadIdentityUpdate WorkloadIdentityUpdate = 195;
     events.WorkloadIdentityDelete WorkloadIdentityDelete = 196;
     events.GitCommand GitCommand = 197;
-    events.UserLoginAccessListSkipped UserLoginAccessListSkipped = 198;
+    events.UserLoginAccessListInvalid UserLoginAccessListInvalid = 198;
   }
 }
 
@@ -7869,28 +7869,27 @@ message GitCommandAction {
   string New = 4 [(gogoproto.jsontag) = "new,omitempty"];
 }
 
-// AccessListSkippedMetadata contains metadata for access list skipped events.
-message AccessListSkippedMetadata {
-  // AccessListName is the name of the access list that was skipped.
+// AccessListInvalidMetadata contains metadata for access list skipped events.
+message AccessListInvalidMetadata {
+  // AccessListName is the name of the invalid access list.
   string AccessListName = 1 [(gogoproto.jsontag) = "access_list_name, omitempty"];
-  // User is the name of the access list member/owner for whom the access list was not applied.
+  // User is the username of the user who attempted to consume this access list.
   string User = 2 [(gogoproto.jsontag) = "user,omitempty"];
-  // MissingRoles are the names of the non-existent roles being referenced by the access list, causing it to be skipped.
+  // MissingRoles are the names of the non-existent roles being referenced by the access list, causing it to be invalid.
   repeated string MissingRoles = 3 [(gogoproto.jsontag) = "missing_roles,omitempty"];
 }
 
-// UserLoginAccessListSkipped is emitted when a user logs in with an invalid access list, resulting in
-// the access list being skipped.
-message UserLoginAccessListSkipped {
+// UserLoginAccessListInvalid is emitted when a user logs in with an invalid access list.
+message UserLoginAccessListInvalid {
   // Metadata is common event metadata
   Metadata Metadata = 1 [
     (gogoproto.nullable) = false,
     (gogoproto.embed) = true,
     (gogoproto.jsontag) = ""
   ];
 
-  // AccessListSkippedMetadata is the metadata for this access list skipped event.
-  AccessListSkippedMetadata AccessListSkippedMetadata = 2 [
+  // AccessListInvalidMetadata is the metadata for this access list invalid event.
+  AccessListInvalidMetadata AccessListInvalidMetadata = 2 [
     (gogoproto.nullable) = false,
     (gogoproto.embed) = true,
     (gogoproto.jsontag) = ""

diff --git a/api/types/events/events.go b/api/types/events/events.go
@@ -1962,7 +1962,7 @@ func (m *AccessListMemberDeleteAllForAccessList) TrimToMaxSize(maxSize int) Audi
 	return out
 }
 
-func (m *UserLoginAccessListSkipped) TrimToMaxSize(maxSize int) AuditEvent {
+func (m *UserLoginAccessListInvalid) TrimToMaxSize(maxSize int) AuditEvent {
 	size := m.Size()
 	if size <= maxSize {
 		return m

diff --git a/api/types/events/events.pb.go b/api/types/events/events.pb.go
diff --git a/api/types/events/oneof.go b/api/types/events/oneof.go
@@ -604,9 +604,9 @@ func ToOneOf(in AuditEvent) (*OneOf, error) {
 		out.Event = &OneOf_AccessListMemberDeleteAllForAccessList{
 			AccessListMemberDeleteAllForAccessList: e,
 		}
-	case *UserLoginAccessListSkipped:
-		out.Event = &OneOf_UserLoginAccessListSkipped{
-			UserLoginAccessListSkipped: e,
+	case *UserLoginAccessListInvalid:
+		out.Event = &OneOf_UserLoginAccessListInvalid{
+			UserLoginAccessListInvalid: e,
 		}
 	case *AuditQueryRun:
 		out.Event = &OneOf_AuditQueryRun{

diff --git a/lib/auth/userloginstate/generator.go b/lib/auth/userloginstate/generator.go
@@ -458,12 +458,12 @@ func (g *Generator) validateRoles(ctx context.Context, roles []string) ([]string
 
 // emitSkippedAccessListEvent emits an audit log event to warn that an access list was skipped due to it referencing a non-existent role.
 func (g *Generator) emitSkippedAccessListEvent(ctx context.Context, accessListName string, missingRoles []string, username string, returnedErr error) {
-	if err := g.emitter.EmitAuditEvent(ctx, &apievents.UserLoginAccessListSkipped{
+	if err := g.emitter.EmitAuditEvent(ctx, &apievents.UserLoginAccessListInvalid{
 		Metadata: apievents.Metadata{
-			Type: events.UserLoginAccessListSkippedEvent,
-			Code: events.UserLoginAccessListSkippedCode,
+			Type: events.UserLoginAccessListInvalidEvent,
+			Code: events.UserLoginAccessListInvalidCode,
 		},
-		AccessListSkippedMetadata: apievents.AccessListSkippedMetadata{
+		AccessListInvalidMetadata: apievents.AccessListInvalidMetadata{
 			AccessListName: accessListName,
 			User:           username,
 			MissingRoles:   missingRoles,

diff --git a/lib/events/api.go b/lib/events/api.go
@@ -737,8 +737,8 @@ const (
 	// AccessListMemberDeleteAllForAccessListEvent is emitted when all members are deleted from an access list.
 	AccessListMemberDeleteAllForAccessListEvent = "access_list.member.delete_all_for_access_list"
 
-	// UserLoginAccessListSkippedEventis emitted when a user logs in as a member of an invalid access list, causing the access list to be skipped.
-	UserLoginAccessListSkippedEvent = "user_login.access_list.skipped.missing_roles"
+	// UserLoginAccessListInvalidEvent is emitted when a user logs in as a member of an invalid access list, causing the access list to be skipped.
+	UserLoginAccessListInvalidEvent = "user_login.invalid_access_list"
 
 	// UnknownEvent is any event received that isn't recognized as any other event type.
 	UnknownEvent = apievents.UnknownEvent

diff --git a/lib/events/codes.go b/lib/events/codes.go
@@ -581,8 +581,8 @@ const (
 	// AccessListMemberDeleteAllForAccessListFailureCode is the access list member delete failure code.
 	AccessListMemberDeleteAllForAccessListFailureCode = "TAL008E"
 
-	// UserLoginAccessListSkippedCode is the access list skipped code. This event is a warning that an access list has an error and was not applied upon login.
-	UserLoginAccessListSkippedCode = "TAL009W"
+	// UserLoginAccessListInvalidCode is the user login access list invalid code. This event is a warning that an access list is invalid and was not applied upon the user's login.
+	UserLoginAccessListInvalidCode = "TAL009W"
 
 	// SecReportsAuditQueryRunCode is used when a custom Security Reports Query is run.
 	SecReportsAuditQueryRunCode = "SRE001I"

diff --git a/lib/events/dynamic.go b/lib/events/dynamic.go
@@ -362,8 +362,8 @@ func FromEventFields(fields EventFields) (events.AuditEvent, error) {
 		e = &events.AccessListMemberDelete{}
 	case AccessListMemberDeleteAllForAccessListEvent:
 		e = &events.AccessListMemberDeleteAllForAccessList{}
-	case UserLoginAccessListSkippedEvent:
-		e = &events.UserLoginAccessListSkipped{}
+	case UserLoginAccessListInvalidEvent:
+		e = &events.UserLoginAccessListInvalid{}
 	case SecReportsAuditQueryRunEvent:
 		e = &events.AuditQueryRun{}
 	case SecReportsReportRunEvent:

diff --git a/lib/events/events_test.go b/lib/events/events_test.go
@@ -197,7 +197,7 @@ var eventsMap = map[string]apievents.AuditEvent{
 	AccessListMemberUpdateEvent:                 &apievents.AccessListMemberUpdate{},
 	AccessListMemberDeleteEvent:                 &apievents.AccessListMemberDelete{},
 	AccessListMemberDeleteAllForAccessListEvent: &apievents.AccessListMemberDeleteAllForAccessList{},
-	UserLoginAccessListSkippedEvent:             &apievents.UserLoginAccessListSkipped{},
+	UserLoginAccessListInvalidEvent:             &apievents.UserLoginAccessListInvalid{},
 	SecReportsAuditQueryRunEvent:                &apievents.AuditQueryRun{},
 	SecReportsReportRunEvent:                    &apievents.SecurityReportRun{},
 	ExternalAuditStorageEnableEvent:             &apievents.ExternalAuditStorageEnable{},

diff --git a/web/packages/teleport/src/Audit/EventList/EventTypeCell.tsx b/web/packages/teleport/src/Audit/EventList/EventTypeCell.tsx
@@ -258,7 +258,7 @@ const EventIconMap: Record<EventCode, any> = {
   [eventCodes.ACCESS_LIST_MEMBER_DELETE_ALL_FOR_ACCESS_LIST]: Icons.User,
   [eventCodes.ACCESS_LIST_MEMBER_DELETE_ALL_FOR_ACCESS_LIST_FAILURE]:
     Icons.Warning,
-  [eventCodes.USER_LOGIN_ACCESS_LIST_SKIPPED_MISSING_ROLES]: Icons.Warning,
+  [eventCodes.USER_LOGIN_INVALID_ACCESS_LIST]: Icons.Warning,
   [eventCodes.SECURITY_REPORT_AUDIT_QUERY_RUN]: Icons.Info,
   [eventCodes.SECURITY_REPORT_RUN]: Icons.Info,
   [eventCodes.EXTERNAL_AUDIT_STORAGE_ENABLE]: Icons.Database,

diff --git a/web/packages/teleport/src/services/audit/makeEvent.ts b/web/packages/teleport/src/services/audit/makeEvent.ts
@@ -1661,11 +1661,11 @@ export const formatters: Formatters = {
     format: ({ access_list_name, updated_by }) =>
       `User [${updated_by}] failed to remove all members from access list [${access_list_name}]`,
   },
-  [eventCodes.USER_LOGIN_ACCESS_LIST_SKIPPED_MISSING_ROLES]: {
-    type: 'user_login.access_list.skipped.missing_roles',
+  [eventCodes.USER_LOGIN_INVALID_ACCESS_LIST]: {
+    type: 'user_login.invalid_access_list',
     desc: 'Access list skipped.',
     format: ({ access_list_name, user, missing_roles }) =>
-      `Access list [${access_list_name}] was skipped for member [${user}] because it references non-existent role${missing_roles.length > 1 ? 's' : ''} [${missing_roles}]`,
+      `Access list [${access_list_name}] is invalid and was skipped for member [${user}] because it references non-existent role${missing_roles.length > 1 ? 's' : ''} [${missing_roles}]`,
   },
   [eventCodes.SECURITY_REPORT_AUDIT_QUERY_RUN]: {
     type: 'secreports.audit.query.run"',

diff --git a/web/packages/teleport/src/services/audit/types.ts b/web/packages/teleport/src/services/audit/types.ts
@@ -276,7 +276,7 @@ export const eventCodes = {
   ACCESS_LIST_MEMBER_DELETE_FAILURE: 'TAL007E',
   ACCESS_LIST_MEMBER_DELETE_ALL_FOR_ACCESS_LIST: 'TAL008I',
   ACCESS_LIST_MEMBER_DELETE_ALL_FOR_ACCESS_LIST_FAILURE: 'TAL008E',
-  USER_LOGIN_ACCESS_LIST_SKIPPED_MISSING_ROLES: 'TAL009W',
+  USER_LOGIN_INVALID_ACCESS_LIST: 'TAL009W',
   SECURITY_REPORT_AUDIT_QUERY_RUN: 'SRE001I',
   SECURITY_REPORT_RUN: 'SRE002I',
   EXTERNAL_AUDIT_STORAGE_ENABLE: 'TEA001I',
@@ -1571,8 +1571,8 @@ export type RawEvents = {
       updated_by: string;
     }
   >;
-  [eventCodes.USER_LOGIN_ACCESS_LIST_SKIPPED_MISSING_ROLES]: RawEvent<
-    typeof eventCodes.USER_LOGIN_ACCESS_LIST_SKIPPED_MISSING_ROLES,
+  [eventCodes.USER_LOGIN_INVALID_ACCESS_LIST]: RawEvent<
+    typeof eventCodes.USER_LOGIN_INVALID_ACCESS_LIST,
     {
       access_list_name: string;
       user: string;