Skip to content

feat: audit trail in stdout logs #411

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 40 commits into from
Dec 5, 2024
Merged

feat: audit trail in stdout logs #411

merged 40 commits into from
Dec 5, 2024

Conversation

fredmaggiowski
Copy link
Member

@fredmaggiowski fredmaggiowski commented Dec 3, 2024
edited
Loading

This PR introduced an experimental audit feature within sdk and core packages.

The service can be configured to use it via environment variables.

The audit process will produce a stdout log with a standardized field-set about the request.

The field-set can be extended via policy evaluation by using a new builtin function

➜  rond git:(feat/audit-trail-in-stdout-logs) ✗ go test ./ -run=TestIntegrationWithAuditTrail -v | grep trail
{"level":30,"msg":"audit trail","time":1733235498148,"trail":{"aggregationId":"","authorization":{"allowed":true,"policyName":"allow_policy_with_audit_data"},"labels":{"a":42},"requestBody":null,"subject":{"groups":[],"id":""}}}
{"level":30,"msg":"audit trail","time":1733235498148,"trail":{"aggregationId":"","authorization":{"allowed":true,"policyName":"projection_policy_with_audit_data"},"labels":{"b":42},"requestBody":null,"subject":{"groups":[],"id":""}}}

@fredmaggiowski fredmaggiowski added the enhancement New feature or request label Dec 3, 2024
fredmaggiowski
fredmaggiowski commented Dec 3, 2024
View reviewed changes
fredmaggiowski
fredmaggiowski commented Dec 3, 2024
View reviewed changes
@coveralls
Copy link

coveralls commented Dec 3, 2024
edited
Loading

Pull Request Test Coverage Report for Build 12185069693

Details

  • 255 of 273 (93.41%) changed or added relevant lines in 17 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.7%) to 85.911%
Changes Missing Coverage Covered Lines Changed/Added Lines %
internal/utils/to_map.go 39 40 97.5%
core/opaevaluator.go 16 18 88.89%
sdk/sdk.go 6 10 60.0%
internal/audit/rego_builtin.go 0 11 0.0%
Totals Coverage Status
Change from base Build 12157575883: 0.7%
Covered Lines: 2622
Relevant Lines: 3052
💛 - Coveralls

davidebianchi
davidebianchi reviewed Dec 3, 2024
View reviewed changes
fredmaggiowski
fredmaggiowski commented Dec 3, 2024
View reviewed changes
fredmaggiowski
fredmaggiowski commented Dec 3, 2024
View reviewed changes
davidebianchi
davidebianchi reviewed Dec 4, 2024
View reviewed changes
davidebianchi
davidebianchi reviewed Dec 4, 2024
View reviewed changes
danielemarostica
danielemarostica reviewed Dec 4, 2024
View reviewed changes
danielemarostica
danielemarostica approved these changes Dec 4, 2024
View reviewed changes
Copy link

@danielemarostica danielemarostica left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

davidebianchi
davidebianchi reviewed Dec 5, 2024
View reviewed changes
davidebianchi
davidebianchi approved these changes Dec 5, 2024
View reviewed changes
Copy link
Member

@davidebianchi davidebianchi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fredmaggiowski fredmaggiowski merged commit 2c33633 into main Dec 5, 2024
10 checks passed
@fredmaggiowski fredmaggiowski deleted the feat/audit-trail-in-stdout-logs branch December 5, 2024 17:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidebianchi davidebianchi davidebianchi approved these changes

@danielemarostica danielemarostica danielemarostica approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@fredmaggiowski @coveralls @davidebianchi @danielemarostica