github.com/gemaraproj/gemara@v1.3.0

auditlog.cue raw

 1// SPDX-License-Identifier: Apache-2.0
 2
 3// Schema lifecycle: experimental | stable | deprecated
 4@status("experimental")
 5package gemara
 6
 7@go(gemara)
 8
 9// AuditLog records results from an audit performed against a target resource
10#AuditLog: {
11	#Log
12	metadata: type: "AuditLog"
13
14	// owner defines the RACI roles responsible for managing the audit
15	owner?: #RACI @go(Owner)
16
17	// summary provides the high-level conclusion
18	summary: string
19
20	// criteria defines the acceptable state for the audited resource
21	criteria: [#ArtifactMapping, ...#ArtifactMapping]
22
23	// results records audit results against the criteria
24	results: [#AuditResult, ...#AuditResult] @go(Results,type=[]*AuditResult)
25
26	if results != _|_ {
27		_uniqueResultIds: {for i, r in results {(r.id): i}}
28	}
29}
30
31// ResultType classifies the nature of an audit result
32#ResultType: "Gap" | "Finding" | "Observation" | "Strength" @go(-)
33
34// AuditResult records a single result with supporting evidence and recommendations.
35#AuditResult: {
36	// id uniquely identifies this result
37	id: string
38
39	// title describes this result at a glance
40	title: string
41
42	// type classifies the nature of this result
43	type: #ResultType
44
45	// description explains the result in detail
46	description: string
47
48	// criteria-reference maps this result to specific criteria entries
49	"criteria-reference": #MultiEntryMapping @go(CriteriaReference)
50
51	// evidence records the data sources that support this result
52	evidence?: [#Evidence, ...#Evidence] @go(Evidence)
53
54	// recommendations records corrective actions for this result
55	recommendations?: [#Recommendation, ...#Recommendation] @go(Recommendations)
56}
57
58// Recommendation provides a corrective action for an audit result
59#Recommendation: {
60	// id uniquely identifies this recommendation
61	id?: string
62
63	// text describes the recommended corrective action
64	text: string
65
66	// required indicates whether this recommendation is a mandatory corrective action
67	required: *false | bool
68}
69
70// Evidence records what was cited to support an opinion for a specific activity:
71// raw data for the evaluation layer, evaluation and enforcement artifacts for the audit layer.
72#Evidence: {
73	// id uniquely identifies this evidence
74	id: string
75
76	// type categorizes the kind of evidence
77	type: #EvidenceType
78
79	// collected-at is the timestamp when the evidence was gathered
80	"collected-at": #Datetime @go(CollectedAt)
81
82	// payload is the raw evidence data collected
83	payload?: _ @go(Payload,type=any)
84
85	// description explains what this evidence represents
86	description?: string
87}
88
89// EvidenceType categorizes the kind of evidence. It remains an open enum:
90// recommended values include artifact types already known to Gemara (e.g.
91// EvaluationLog, EnforcementLog) plus categories for common evidence forms.
92#EvidenceType: #ArtifactType | string @go(-)