feat: save audit timestamp (#437)

* feat: save timestamp in recorded audits

* fix: audit timestamp generation

* fix: use nanoseconds

* fix tets

Author: fredmaggiowski

internal/audit/agent_log_test.go

@@ -44,7 +44,8 @@ func TestLogAgent(t *testing.T) {
 			ID:     "some user",
 			Groups: []string{"g1", "g2"},
 		},
-		Request: RequestInfo{Body: []byte("some body")},
+		Request:   RequestInfo{Body: []byte("some body")},
+		Timestamp: 123123123,
 	})
 
 	entries := hook.AllEntries()
@@ -78,6 +79,7 @@ func TestLogAgent(t *testing.T) {
 			"groups": []string{"g1", "g2"},
 			"id":     "some user",
 		},
+		"timestamp": int64(123123123),
 	}, trailData)
 }
 
@@ -105,7 +107,8 @@ func TestLogAgentWithGlobalLabels(t *testing.T) {
 			ID:     "some user",
 			Groups: []string{"g1", "g2"},
 		},
-		Request: RequestInfo{Body: []byte("some body")},
+		Request:   RequestInfo{Body: []byte("some body")},
+		Timestamp: 543543543,
 	})
 
 	entries := hook.AllEntries()
@@ -141,5 +144,6 @@ func TestLogAgentWithGlobalLabels(t *testing.T) {
 			"groups": []string{"g1", "g2"},
 			"id":     "some user",
 		},
+		"timestamp": int64(543543543),
 	}, trailData)
 }

internal/audit/audit.go

@@ -45,6 +45,7 @@ type Audit struct {
 	Subject       SubjectInfo
 	Request       RequestInfo
 	Labels        Labels
+	Timestamp     int64
 }
 
 type AuthzInfo struct {
@@ -85,6 +86,7 @@ type auditToPrint struct {
 	Subject       SubjectInfo      `audit:"subject"`
 	Request       RequestInfo      `audit:"request"`
 	Labels        Labels           `audit:"labels"`
+	Timestamp     int64            `audit:"timestamp"`
 }
 
 func (a *Audit) toPrint(data map[string]any) auditToPrint {
@@ -95,9 +97,10 @@ func (a *Audit) toPrint(data map[string]any) auditToPrint {
 			Allowed:    a.Authorization.Allowed,
 			PolicyName: a.Authorization.PolicyName,
 		},
-		Subject: a.Subject,
-		Request: a.Request,
-		Labels:  a.Labels,
+		Subject:   a.Subject,
+		Request:   a.Request,
+		Labels:    a.Labels,
+		Timestamp: a.Timestamp,
 	}
 	if data != nil {
 		print.applyDataFromPolicy(data)

sdk/evaluator.go

@@ -18,6 +18,7 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
+	"time"
 
 	"github.com/rond-authz/rond/core"
 	"github.com/rond-authz/rond/internal/audit"
@@ -124,6 +125,7 @@ func (e evaluator) EvaluateRequestPolicy(ctx context.Context, rondInput core.Inp
 				Path:      rondInput.Request.Path,
 				UserAgent: rondInput.Request.Headers.Get(userAgentHeaderKey),
 			},
+			Timestamp: time.Now().UnixNano(),
 		}); err != nil {
 			logger.WithField("error", map[string]any{
 				"aggregationId": options.Audit.AggregationID,
@@ -160,6 +162,7 @@ func (e evaluator) EvaluateRequestPolicy(ctx context.Context, rondInput core.Inp
 			Path:      rondInput.Request.Path,
 			UserAgent: rondInput.Request.Headers.Get(userAgentHeaderKey),
 		},
+		Timestamp: time.Now().UnixNano(),
 	}); err != nil {
 		logger.WithField("error", map[string]any{
 			"aggregationId": options.Audit.AggregationID,
@@ -213,6 +216,7 @@ func (e evaluator) EvaluateResponsePolicy(ctx context.Context, rondInput core.In
 				Path:      rondInput.Request.Path,
 				UserAgent: rondInput.Request.Headers.Get(userAgentHeaderKey),
 			},
+			Timestamp: time.Now().UnixNano(),
 		}); err != nil {
 			logger.WithField("error", map[string]any{
 				"aggregationId": options.Audit.AggregationID,
@@ -237,6 +241,7 @@ func (e evaluator) EvaluateResponsePolicy(ctx context.Context, rondInput core.In
 			Path:      rondInput.Request.Path,
 			UserAgent: rondInput.Request.Headers.Get(userAgentHeaderKey),
 		},
+		Timestamp: time.Now().UnixNano(),
 	}); err != nil {
 		logger.WithField("error", map[string]any{
 			"aggregationId": options.Audit.AggregationID,

sdk/evaluator_test.go

@@ -477,6 +477,10 @@ func TestEvaluateRequestPolicy(t *testing.T) {
 							authz["roleId"] = testCase.expectedAuditRoleID
 						}
 
+						record := trailRecords[0].Fields["trail"]
+						require.NotNil(t, record.(map[string]any)["timestamp"])
+						delete(record.(map[string]any), "timestamp")
+
 						require.Equal(t, map[string]any{
 							"authorization": authz,
 							"labels":        testCase.expectedAuditLabels,
@@ -487,7 +491,7 @@ func TestEvaluateRequestPolicy(t *testing.T) {
 							"subject": map[string]any{
 								"id": "my-user",
 							},
-						}, trailRecords[0].Fields["trail"])
+						}, record)
 					}
 				})
 			})
@@ -605,6 +609,9 @@ func TestEvaluateRequestPolicy(t *testing.T) {
 							"My-Header-Key": headerValue,
 						}
 
+						require.NotNil(t, trailRecord["timestamp"])
+						delete(trailRecord, "timestamp")
+
 						require.Equal(t, map[string]any{
 							"authorization": authz,
 							"labels":        labels,
@@ -705,6 +712,9 @@ func TestEvaluateRequestPolicy(t *testing.T) {
 							"My-Header-Key": headerValue,
 						}
 
+						require.NotNil(t, trailRecord["timestamp"])
+						delete(trailRecord, "timestamp")
+
 						require.Equal(t, map[string]any{
 							"authorization": authz,
 							"labels":        labels,
@@ -971,6 +981,8 @@ func TestEvaluateResponsePolicy(t *testing.T) {
 						foundRecord := trailRecords[0].Fields["trail"].(map[string]any)
 						require.NotEmpty(t, foundRecord["id"])
 						delete(foundRecord, "id")
+						require.NotEmpty(t, foundRecord["timestamp"])
+						delete(foundRecord, "timestamp")
 
 						var labels map[string]any
 						require.Equal(t, map[string]any{