diff --git a/raystack/frontier/v1beta1/admin.proto b/raystack/frontier/v1beta1/admin.proto index 04d94500..6a479bf9 100644 --- a/raystack/frontier/v1beta1/admin.proto +++ b/raystack/frontier/v1beta1/admin.proto @@ -788,6 +788,9 @@ service AdminService { // Revoke a specific session for a specific user (admin only). rpc RevokeUserSession(RevokeUserSessionRequest) returns (RevokeUserSessionResponse) {} + // Audit Records (Admin Only) + rpc ListAuditRecords(ListAuditRecordsRequest) returns (ListAuditRecordsResponse) {} + } message ListAllUsersRequest { @@ -1720,3 +1723,15 @@ message RevokeUserSessionRequest { } message RevokeUserSessionResponse {} + +// Admin Audit Record messages + +message ListAuditRecordsRequest { + RQLRequest query = 1; +} + +message ListAuditRecordsResponse { + repeated AuditRecord audit_records = 1; + RQLQueryPaginationResponse pagination = 2; + RQLQueryGroupResponse group = 3; +} diff --git a/raystack/frontier/v1beta1/frontier.proto b/raystack/frontier/v1beta1/frontier.proto index 3a049e80..cdec3b8e 100644 --- a/raystack/frontier/v1beta1/frontier.proto +++ b/raystack/frontier/v1beta1/frontier.proto @@ -1308,15 +1308,18 @@ service FrontierService { // Audit logs rpc ListOrganizationAuditLogs(ListOrganizationAuditLogsRequest) returns (ListOrganizationAuditLogsResponse) { + option deprecated = true; option (google.api.http) = {get: "/v1beta1/organizations/{org_id}/auditlogs"}; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { tags: "AuditLog"; summary: "List audit logs"; - description: "Returns a list of audit logs of an organization in Frontier."; + description: "Returns a list of audit logs of an organization in Frontier. DEPRECATED: Use admin ListAuditRecords API instead."; + deprecated: true; }; } rpc CreateOrganizationAuditLogs(CreateOrganizationAuditLogsRequest) returns (CreateOrganizationAuditLogsResponse) { + option deprecated = true; option (google.api.http) = { post: "/v1beta1/organizations/{org_id}/auditlogs", body: "*" @@ -1324,16 +1327,19 @@ service FrontierService { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { tags: "AuditLog"; summary: "Create audit log"; - description: "Create new audit logs in a batch."; + description: "Create new audit logs in a batch. DEPRECATED: Use ListAuditRecords API instead with filters."; + deprecated: true; }; } rpc GetOrganizationAuditLog(GetOrganizationAuditLogRequest) returns (GetOrganizationAuditLogResponse) { + option deprecated = true; option (google.api.http) = {get: "/v1beta1/organizations/{org_id}/auditlogs/{id}"}; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { tags: "AuditLog"; summary: "Get audit log"; - description: "Get an audit log by ID."; + description: "Get an audit log by ID. DEPRECATED: Use admin GetAuditRecord API instead."; + deprecated: true; }; } @@ -1915,6 +1921,9 @@ service FrontierService { description: "Create prospect for given email and activity. Available for public access."; }; } + + // Audit Records + rpc CreateAuditRecord(CreateAuditRecordRequest) returns (CreateAuditRecordResponse) {} } // Billing @@ -4165,3 +4174,38 @@ message RevokeSessionResponse {} message PingUserSessionRequest {} message PingUserSessionResponse {} + +message CreateAuditRecordRequest { + AuditRecordActor actor = 1 [(google.api.field_behavior) = REQUIRED]; + + string event = 2 [ + (google.api.field_behavior) = REQUIRED, + (validate.rules).string = {min_len: 3} + ]; + + // Base resource on which this change happened + AuditRecordResource resource = 3 [(google.api.field_behavior) = REQUIRED]; + + // Related resource info (optional) + AuditRecordTarget target = 4; + + // When the event occurred + google.protobuf.Timestamp occurred_at = 5 [(google.api.field_behavior) = REQUIRED]; + + string org_id = 6 [(validate.rules).string.uuid = true]; + + // Request ID for tracing + string req_id = 7; + + // Flexible metadata field for any additional data including reason, changes, etc. + google.protobuf.Struct metadata = 8; + + // Idempotency key to prevent duplicate audit records. Can be used for storing external id. + string idempotency_key = 9 [ + (google.api.field_behavior) = REQUIRED, + (validate.rules).string.uuid = true]; +} + +message CreateAuditRecordResponse { + AuditRecord audit_record = 1; +} diff --git a/raystack/frontier/v1beta1/models.proto b/raystack/frontier/v1beta1/models.proto index 779dd212..7c725667 100644 --- a/raystack/frontier/v1beta1/models.proto +++ b/raystack/frontier/v1beta1/models.proto @@ -1044,3 +1044,41 @@ message Session { google.protobuf.Timestamp created_at = 4; google.protobuf.Timestamp updated_at = 5; } + +// Audit Record models + +message AuditRecordActor { + string id = 1 [(google.api.field_behavior) = REQUIRED, (validate.rules).string.uuid = true]; + string type = 2; // not mandatory if id is zeroUUID + string name = 3; + google.protobuf.Struct metadata = 4; +} + +message AuditRecordResource { + string id = 1 [(google.api.field_behavior) = REQUIRED]; + string type = 2 [(google.api.field_behavior) = REQUIRED]; + string name = 3; + google.protobuf.Struct metadata = 4; +} + +message AuditRecordTarget { + string id = 1; + string type = 2; + string name = 3; + google.protobuf.Struct metadata = 4; +} + +message AuditRecord { + string id = 1; + + AuditRecordActor actor = 2; + string event = 3; + AuditRecordResource resource = 4; + AuditRecordTarget target = 5; + google.protobuf.Timestamp occurred_at = 6; + string org_id = 7; + string req_id = 8; + google.protobuf.Struct metadata = 9; + + google.protobuf.Timestamp created_at = 10; +}