SAML IdP audit events. (#22208)

* SAML IdP audit events. SAML IdP audit events have been added. These events have been added to the UI for proper rendering. Additionally, service provider events will be emitted when managing service providers. * Align the naming more with the existing events. * Zac's feedback. * Add in delete all event. * Fix typo. * Update story snapshot. * Linting and test fixes. * Audit auth failures. * Removing the nopermissions test, as it's covered in the regular create test.
gravitational · Mar 1, 2023 · 6973cd6 · 6973cd6
1 parent f8ab3aa
commit 6973cd6
Show file tree

Hide file tree

Showing 13 changed files with 4,634 additions and 1,455 deletions.
diff --git a/api/proto/teleport/legacy/types/events/events.proto b/api/proto/teleport/legacy/types/events/events.proto
@@ -163,6 +163,13 @@ message KubernetesPodMetadata {
   string KubernetesNodeName = 5 [(gogoproto.jsontag) = "kubernetes_node_name,omitempty"];
 }
 
+// SAMLIdPServiceProviderMetadata contains common metadata for SAML IdP service provider
+// events.
+message SAMLIdPServiceProviderMetadata {
+  // ServiceProviderEntityID is the entity ID of the service provider.
+  string ServiceProviderEntityID = 1 [(gogoproto.jsontag) = "service_provider_entity_id,omitempty"];
+}
+
 // SessionStart is a session start event
 message SessionStart {
   // Metadata is a common event metadata
@@ -3227,6 +3234,11 @@ message OneOf {
     events.DeviceEvent DeviceEvent = 112;
     events.LoginRuleCreate LoginRuleCreate = 113;
     events.LoginRuleDelete LoginRuleDelete = 114;
+    events.SAMLIdPAuthAttempt SAMLIdPAuthAttempt = 115;
+    events.SAMLIdPServiceProviderCreate SAMLIdPServiceProviderCreate = 116;
+    events.SAMLIdPServiceProviderUpdate SAMLIdPServiceProviderUpdate = 117;
+    events.SAMLIdPServiceProviderDelete SAMLIdPServiceProviderDelete = 118;
+    events.SAMLIdPServiceProviderDeleteAll SAMLIdPServiceProviderDeleteAll = 119;
   }
 }
 
@@ -4429,3 +4441,123 @@ message LoginRuleDelete {
     (gogoproto.jsontag) = ""
   ];
 }
+
+// SAMLIdPAuthAttempt is emitted when a user has attempted to authorize against the SAML IdP.
+message SAMLIdPAuthAttempt {
+  // Metadata is common event metadata
+  Metadata Metadata = 1 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // User is common user event metadata
+  UserMetadata User = 2 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // SessionMetadata is common event session metadata
+  SessionMetadata Session = 3 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // Status indicates whether the SAML IdP authentication was successful.
+  Status Status = 4 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+}
+
+// SAMLIdPServiceProviderCreate is emitted when a service provider has been added.
+message SAMLIdPServiceProviderCreate {
+  // Metadata is common event metadata
+  Metadata Metadata = 1 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // ResourceMetadata is common resource event metadata
+  ResourceMetadata Resource = 2 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // SAMLIdPServiceProviderMetadata is common SAML IdP service provider event metadata
+  SAMLIdPServiceProviderMetadata ServiceProvider = 3 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+}
+
+// SAMLIdPServiceProviderUpdate is emitted when a service provider has been updated.
+message SAMLIdPServiceProviderUpdate {
+  // Metadata is common event metadata
+  Metadata Metadata = 1 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // ResourceMetadata is a common resource event metadata
+  ResourceMetadata Resource = 2 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // SAMLIdPServiceProviderMetadata is common SAML IdP service provider event metadata
+  SAMLIdPServiceProviderMetadata ServiceProvider = 3 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+}
+
+// SAMLIdPServiceProviderDelete is emitted when a service provider has been deleted.
+message SAMLIdPServiceProviderDelete {
+  // Metadata is common event metadata
+  Metadata Metadata = 1 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // ResourceMetadata is common resource event metadata
+  ResourceMetadata Resource = 2 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // SAMLIdPServiceProviderMetadata is common SAML IdP service provider event metadata
+  SAMLIdPServiceProviderMetadata ServiceProvider = 3 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+}
+
+// SAMLIdPServiceProviderDeleteAll is emitted when all service providers have been deleted.
+message SAMLIdPServiceProviderDeleteAll {
+  // Metadata is common event metadata
+  Metadata Metadata = 1 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // ResourceMetadata is common resource event metadata
+  ResourceMetadata Resource = 2 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+}