Define cloud billing event types and codes (#6037)

* Exported auth.clientImpersonator and auth.clientUsername for use in e

api/types/events/events.proto

@@ -1225,6 +1225,36 @@ message MFADeviceDelete {
         [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ];
 }
 
+// BillingInformationUpdate is emitted when a user updates the billing information.
+message BillingInformationUpdate {
+    // Metadata is a common event metadata.
+    Metadata Metadata = 1
+        [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ];
+    // User is a common user event metadata.
+    UserMetadata User = 2
+        [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ];
+}
+
+// BillingCardCreate is emitted when a user creates or updates a credit card.
+message BillingCardCreate {
+    // Metadata is a common event metadata.
+    Metadata Metadata = 1
+        [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ];
+    // User is a common user event metadata.
+    UserMetadata User = 2
+        [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ];
+}
+
+// BillingCardDelete is emitted when a user deletes a credit card.
+message BillingCardDelete {
+    // Metadata is a common event metadata.
+    Metadata Metadata = 1
+        [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ];
+    // User is a common user event metadata.
+    UserMetadata User = 2
+        [ (gogoproto.nullable) = false, (gogoproto.embed) = true, (gogoproto.jsontag) = "" ];
+}
+
 // OneOf is a union of one of audit events submitted to the auth service
 message OneOf {
     // Event is one of the audit events
@@ -1274,6 +1304,9 @@ message OneOf {
         events.SessionUpload SessionUpload = 43;
         events.MFADeviceAdd MFADeviceAdd = 44;
         events.MFADeviceDelete MFADeviceDelete = 45;
+        events.BillingInformationUpdate BillingInformationUpdate = 46;
+        events.BillingCardCreate BillingCardCreate = 47;
+        events.BillingCardDelete BillingCardDelete = 48;
     }
 }
 

lib/auth/auth.go

@@ -1124,7 +1124,7 @@ func (a *Server) GenerateToken(ctx context.Context, req GenerateTokenRequest) (s
 		return "", trace.Wrap(err)
 	}
 
-	user := clientUsername(ctx)
+	user := ClientUsername(ctx)
 	for _, role := range req.Roles {
 		if role == teleport.RoleTrustedCluster {
 			if err := a.emitter.EmitAuditEvent(ctx, &events.TrustedClusterTokenCreate{
@@ -1134,7 +1134,7 @@ func (a *Server) GenerateToken(ctx context.Context, req GenerateTokenRequest) (s
 				},
 				UserMetadata: events.UserMetadata{
 					User:         user,
-					Impersonator: clientImpersonator(ctx),
+					Impersonator: ClientImpersonator(ctx),
 				},
 			}); err != nil {
 				log.WithError(err).Warn("Failed to emit trusted cluster token create event.")
@@ -1697,8 +1697,8 @@ func (a *Server) DeleteRole(ctx context.Context, name string) error {
 			Code: events.RoleDeletedCode,
 		},
 		UserMetadata: events.UserMetadata{
-			User:         clientUsername(ctx),
-			Impersonator: clientImpersonator(ctx),
+			User:         ClientUsername(ctx),
+			Impersonator: ClientImpersonator(ctx),
 		},
 		ResourceMetadata: events.ResourceMetadata{
 			Name: name,
@@ -1723,7 +1723,7 @@ func (a *Server) upsertRole(ctx context.Context, role services.Role) error {
 			Code: events.RoleCreatedCode,
 		},
 		UserMetadata: events.UserMetadata{
-			User: clientUsername(ctx),
+			User: ClientUsername(ctx),
 		},
 		ResourceMetadata: events.ResourceMetadata{
 			Name: role.GetName(),
@@ -1774,7 +1774,7 @@ func (a *Server) CreateAccessRequest(ctx context.Context, req services.AccessReq
 		},
 		UserMetadata: events.UserMetadata{
 			User:         req.GetUser(),
-			Impersonator: clientImpersonator(ctx),
+			Impersonator: ClientImpersonator(ctx),
 		},
 		ResourceMetadata: events.ResourceMetadata{
 			Expires: req.GetAccessExpiry(),
@@ -1800,7 +1800,7 @@ func (a *Server) SetAccessRequestState(ctx context.Context, params services.Acce
 			Code: events.AccessRequestUpdateCode,
 		},
 		ResourceMetadata: events.ResourceMetadata{
-			UpdatedBy: clientUsername(ctx),
+			UpdatedBy: ClientUsername(ctx),
 		},
 		RequestID:    params.RequestID,
 		RequestState: params.State.String(),

lib/auth/github.go

@@ -73,8 +73,8 @@ func (a *Server) upsertGithubConnector(ctx context.Context, connector services.G
 			Code: events.GithubConnectorCreatedCode,
 		},
 		UserMetadata: events.UserMetadata{
-			User:         clientUsername(ctx),
-			Impersonator: clientImpersonator(ctx),
+			User:         ClientUsername(ctx),
+			Impersonator: ClientImpersonator(ctx),
 		},
 		ResourceMetadata: events.ResourceMetadata{
 			Name: connector.GetName(),
@@ -98,8 +98,8 @@ func (a *Server) deleteGithubConnector(ctx context.Context, connectorName string
 			Code: events.GithubConnectorDeletedCode,
 		},
 		UserMetadata: events.UserMetadata{
-			User:         clientUsername(ctx),
-			Impersonator: clientImpersonator(ctx),
+			User:         ClientUsername(ctx),
+			Impersonator: ClientImpersonator(ctx),
 		},
 		ResourceMetadata: events.ResourceMetadata{
 			Name: connectorName,

lib/auth/oidc.go

@@ -155,8 +155,8 @@ func (a *Server) UpsertOIDCConnector(ctx context.Context, connector services.OID
 			Code: events.OIDCConnectorCreatedCode,
 		},
 		UserMetadata: events.UserMetadata{
-			User:         clientUsername(ctx),
-			Impersonator: clientImpersonator(ctx),
+			User:         ClientUsername(ctx),
+			Impersonator: ClientImpersonator(ctx),
 		},
 		ResourceMetadata: events.ResourceMetadata{
 			Name: connector.GetName(),
@@ -179,8 +179,8 @@ func (a *Server) DeleteOIDCConnector(ctx context.Context, connectorName string)
 			Code: events.OIDCConnectorDeletedCode,
 		},
 		UserMetadata: events.UserMetadata{
-			User:         clientUsername(ctx),
-			Impersonator: clientImpersonator(ctx),
+			User:         ClientUsername(ctx),
+			Impersonator: ClientImpersonator(ctx),
 		},
 		ResourceMetadata: events.ResourceMetadata{
 			Name: connectorName,

lib/auth/permissions.go

@@ -622,10 +622,10 @@ const (
 // WithDelegator alias for backwards compatibility
 var WithDelegator = client.WithDelegator
 
-// clientUsername returns the username of a remote HTTP client making the call.
+// ClientUsername returns the username of a remote HTTP client making the call.
 // If ctx didn't pass through auth middleware or did not come from an HTTP
 // request, teleport.UserSystem is returned.
-func clientUsername(ctx context.Context) string {
+func ClientUsername(ctx context.Context) string {
 	userI := ctx.Value(ContextUser)
 	userWithIdentity, ok := userI.(IdentityGetter)
 	if !ok {
@@ -638,9 +638,9 @@ func clientUsername(ctx context.Context) string {
 	return identity.Username
 }
 
-// clientImpersonator returns the impersonator username of a remote client
+// ClientImpersonator returns the impersonator username of a remote client
 // making the call. If not present, returns an empty string
-func clientImpersonator(ctx context.Context) string {
+func ClientImpersonator(ctx context.Context) string {
 	userI := ctx.Value(ContextUser)
 	userWithIdentity, ok := userI.(IdentityGetter)
 	if !ok {

lib/auth/resetpasswordtoken.go

@@ -138,8 +138,8 @@ func (s *Server) CreateResetPasswordToken(ctx context.Context, req CreateResetPa
 			Code: events.ResetPasswordTokenCreateCode,
 		},
 		UserMetadata: events.UserMetadata{
-			User:         clientUsername(ctx),
-			Impersonator: clientImpersonator(ctx),
+			User:         ClientUsername(ctx),
+			Impersonator: ClientImpersonator(ctx),
 		},
 		ResourceMetadata: events.ResourceMetadata{
 			Name:    req.Name,

lib/auth/saml.go

@@ -46,8 +46,8 @@ func (a *Server) UpsertSAMLConnector(ctx context.Context, connector services.SAM
 			Code: events.SAMLConnectorCreatedCode,
 		},
 		UserMetadata: events.UserMetadata{
-			User:         clientUsername(ctx),
-			Impersonator: clientImpersonator(ctx),
+			User:         ClientUsername(ctx),
+			Impersonator: ClientImpersonator(ctx),
 		},
 		ResourceMetadata: events.ResourceMetadata{
 			Name: connector.GetName(),
@@ -70,8 +70,8 @@ func (a *Server) DeleteSAMLConnector(ctx context.Context, connectorName string)
 			Code: events.SAMLConnectorDeletedCode,
 		},
 		UserMetadata: events.UserMetadata{
-			User:         clientUsername(ctx),
-			Impersonator: clientImpersonator(ctx),
+			User:         ClientUsername(ctx),
+			Impersonator: ClientImpersonator(ctx),
 		},
 		ResourceMetadata: events.ResourceMetadata{
 			Name: connectorName,

lib/auth/trustedcluster.go

@@ -147,8 +147,8 @@ func (a *Server) UpsertTrustedCluster(ctx context.Context, trustedCluster servic
 			Code: events.TrustedClusterCreateCode,
 		},
 		UserMetadata: events.UserMetadata{
-			User:         clientUsername(ctx),
-			Impersonator: clientImpersonator(ctx),
+			User:         ClientUsername(ctx),
+			Impersonator: ClientImpersonator(ctx),
 		},
 		ResourceMetadata: events.ResourceMetadata{
 			Name: trustedCluster.GetName(),
@@ -221,8 +221,8 @@ func (a *Server) DeleteTrustedCluster(ctx context.Context, name string) error {
 			Code: events.TrustedClusterDeleteCode,
 		},
 		UserMetadata: events.UserMetadata{
-			User:         clientUsername(ctx),
-			Impersonator: clientImpersonator(ctx),
+			User:         ClientUsername(ctx),
+			Impersonator: ClientImpersonator(ctx),
 		},
 		ResourceMetadata: events.ResourceMetadata{
 			Name: name,

lib/auth/user.go

@@ -37,7 +37,7 @@ import (
 func (s *Server) CreateUser(ctx context.Context, user services.User) error {
 	if user.GetCreatedBy().IsEmpty() {
 		user.SetCreatedBy(services.CreatedBy{
-			User: services.UserRef{Name: clientUsername(ctx)},
+			User: services.UserRef{Name: ClientUsername(ctx)},
 			Time: s.GetClock().Now().UTC(),
 		})
 	}
@@ -63,7 +63,7 @@ func (s *Server) CreateUser(ctx context.Context, user services.User) error {
 		},
 		UserMetadata: events.UserMetadata{
 			User:         user.GetCreatedBy().User.Name,
-			Impersonator: clientImpersonator(ctx),
+			Impersonator: ClientImpersonator(ctx),
 		},
 		ResourceMetadata: events.ResourceMetadata{
 			Name:    user.GetName(),
@@ -97,8 +97,8 @@ func (s *Server) UpdateUser(ctx context.Context, user services.User) error {
 			Code: events.UserUpdateCode,
 		},
 		UserMetadata: events.UserMetadata{
-			User:         clientUsername(ctx),
-			Impersonator: clientImpersonator(ctx),
+			User:         ClientUsername(ctx),
+			Impersonator: ClientImpersonator(ctx),
 		},
 		ResourceMetadata: events.ResourceMetadata{
 			Name:    user.GetName(),
@@ -175,8 +175,8 @@ func (s *Server) DeleteUser(ctx context.Context, user string) error {
 			Code: events.UserDeleteCode,
 		},
 		UserMetadata: events.UserMetadata{
-			User:         clientUsername(ctx),
-			Impersonator: clientImpersonator(ctx),
+			User:         ClientUsername(ctx),
+			Impersonator: ClientImpersonator(ctx),
 		},
 		ResourceMetadata: events.ResourceMetadata{
 			Name: user,

lib/events/api.go

@@ -194,6 +194,15 @@ const (
 	// AccessRequestID is the ID of an access request.
 	AccessRequestID = "id"
 
+	// BillingCardCreateEvent is emitted when a user creates a new credit card.
+	BillingCardCreateEvent = "billing.create_card"
+	// BillingCardDeleteEvent is emitted when a user deletes a credit card.
+	BillingCardDeleteEvent = "billing.delete_card"
+	// BillingCardUpdateEvent is emitted when a user updates an existing credit card.
+	BillingCardUpdateEvent = "billing.update_card"
+	// BillingInformationUpdateEvent is emitted when a user updates their billing information.
+	BillingInformationUpdateEvent = "billing.update_info"
+
 	// UpdatedBy indicates the user who modified some resource:
 	//  - updating a request state
 	//  - updating a user record

lib/events/codes.go

@@ -295,6 +295,15 @@ const (
 	// MFADeviceDeleteEventCode is an event code for users deleting MFA devices.
 	MFADeviceDeleteEventCode = "T1007I"
 
+	// BillingCardCreateCode is an event code for when a user creates a new credit card.
+	BillingCardCreateCode = "TBL00I"
+	// BillingCardDeleteCode is an event code for when a user deletes a credit card.
+	BillingCardDeleteCode = "TBL01I"
+	// BillingCardUpdateCode is an event code for when a user updates an existing credit card.
+	BillingCardUpdateCode = "TBL02I"
+	// BillingInformationUpdateCode is an event code for when a user updates their billing info.
+	BillingInformationUpdateCode = "TBL03I"
+
 	// SessionRejectedCode is an event code for when a user's attempt to create an
 	// session/connection has been rejected.
 	SessionRejectedCode = "T1006W"

lib/events/types.go

@@ -100,6 +100,9 @@ type (
 	AppSessionStart                 = events.AppSessionStart
 	AppSessionChunk                 = events.AppSessionChunk
 	AppSessionRequest               = events.AppSessionRequest
+	BillingInformationUpdate        = events.BillingInformationUpdate
+	BillingCardCreate               = events.BillingCardCreate
+	BillingCardDelete               = events.BillingCardDelete
 	OneOf                           = events.OneOf
 	OneOf_UserLogin                 = events.OneOf_UserLogin                 //nolint
 	OneOf_UserCreate                = events.OneOf_UserCreate                //nolint