From 6fd141e227fbac303ad7e275e5ba526b1ed7fc9d Mon Sep 17 00:00:00 2001 From: Christian Schaible Date: Tue, 1 Oct 2024 13:33:49 +0200 Subject: [PATCH] Fix logging of cloud events --- audit/api/log.go | 10 ++++---- audit/api/log_test.go | 38 +++++++++++++++++++++++++++++++ audit/api/model.go | 53 +++++++++++++++++++++++++++++++++++++++---- 3 files changed, 91 insertions(+), 10 deletions(-) create mode 100644 audit/api/log_test.go diff --git a/audit/api/log.go b/audit/api/log.go index 4b98b4e..58c787a 100644 --- a/audit/api/log.go +++ b/audit/api/log.go @@ -17,20 +17,20 @@ func LogEvent(event *CloudEvent) error { return errors.New("Unsupported data type " + event.DataType) } - var routableAuditEvent *auditV1.RoutableAuditEvent - err := proto.Unmarshal(event.Data, routableAuditEvent) + var routableAuditEvent auditV1.RoutableAuditEvent + err := proto.Unmarshal(event.Data, &routableAuditEvent) if err != nil { return err } - var auditEvent *auditV1.AuditLogEntry - err = proto.Unmarshal(routableAuditEvent.GetUnencryptedData().Data, auditEvent) + var auditEvent auditV1.AuditLogEntry + err = proto.Unmarshal(routableAuditEvent.GetUnencryptedData().Data, &auditEvent) if err != nil { return err } // Convert to json - auditEventJson, err := protojson.Marshal(auditEvent) + auditEventJson, err := protojson.Marshal(&auditEvent) if err != nil { return err } diff --git a/audit/api/log_test.go b/audit/api/log_test.go new file mode 100644 index 0000000..f75a649 --- /dev/null +++ b/audit/api/log_test.go @@ -0,0 +1,38 @@ +package api + +import ( + "context" + "dev.azure.com/schwarzit/schwarzit.stackit-core-platform/audit-go.git/audit/utils" + "github.com/google/uuid" + "github.com/stretchr/testify/assert" + "go.opentelemetry.io/otel" + "testing" +) + +func Test_LogEvent(t *testing.T) { + + api, _ := NewMockAuditApi() + sequenceNumberGenerator := utils.NewDefaultSequenceNumberGenerator() + tracer := otel.Tracer("test-tracer") + eventBuilder := NewAuditEventBuilder(api, sequenceNumberGenerator, tracer, "demo-service", uuid.NewString(), "eu01") + cloudEvent, _, _, err := eventBuilder. + WithRequiredObjectId(uuid.NewString()). + WithRequiredOperation("stackit.demo-service.v1.project.update"). + WithRequiredRequestClientIp("0.0.0.0"). + WithRequiredObjectType(SingularTypeProject). + WithRequiredApiRequest(ApiRequest{ + Body: nil, + Header: map[string][]string{"user-agent": {"custom"}, "authorization": {"Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOGJlZjc1LWRmY2QtNGE3My1hMzkxLTU0YTdhZjU3YTdkNiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3RhY2tpdC1wb3J0YWwtbG9naW4tZGV2LWNsaWVudC1pZCJdLCJjbGllbnRfaWQiOiJzdGFja2l0LXBvcnRhbC1sb2dpbi1kZXYtY2xpZW50LWlkIiwiZW1haWwiOiJDaHJpc3RpYW4uU2NoYWlibGVAbm92YXRlYy1nbWJoLmRlIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImV4cCI6MTcyMjU5MDM2NywiaWF0IjoxNzIyNTg2NzY3LCJpc3MiOiJodHRwczovL2FjY291bnRzLmRldi5zdGFja2l0LmNsb3VkIiwianRpIjoiZDczYTY3YWMtZDFlYy00YjU1LTk5ZDQtZTk1MzI3NWYwMjJhIiwibmJmIjoxNzIyNTg2NzY3LCJzY29wZSI6Im9wZW5pZCBlbWFpbCIsInN1YiI6ImNkOTRmMDFhLWRmMmUtNDQ1Ni05MDJlLTQ4ZjVlNTdmMGI2MyJ9.ajhjYbC5l5g7un9NSheoAwBT83YcZM91rH4DJxPTDsB78HzIVrmaKTPrK3AI_E1THlD2Z3_ot9nFr_eX7XcwWp_ZBlataKmakdXlAmeb4xSMGNYefIfzV_3w9ZZAZ66yoeTrtn8dUx5ezquenCYpctB1NcccmK4U09V0kNcq9dFcfF3Sg9YilF3orUCR0ql1d9RnOs3EiFZuUpdBEkyoVsAdSh2P-PRbNViR_FgCcAJem97TsN5CQc9RlvKYe4sYKgqQoqa2GDVi9Niiw3fe1V8SCnROYcpkOzBBWdvuzFMBUjln3uOogYVOz93xkmImV6jidgyQ70fLt-eDUmZZfg"}}, + Host: "localhost", + Method: "GET", + Scheme: "https", + Proto: "HTTP/1.1", + URL: RequestUrl{ + Path: "/", + RawQuery: nil, + }, + }). + Build(context.Background(), eventBuilder.NextSequenceNumber()) + assert.NoError(t, err) + assert.NoError(t, LogEvent(cloudEvent)) +} diff --git a/audit/api/model.go b/audit/api/model.go index 4d53ebc..aa92019 100644 --- a/audit/api/model.go +++ b/audit/api/model.go @@ -31,17 +31,60 @@ var ErrTokenIsNotBearerToken = errors.New("token is not a bearer token") var objectTypeIdPattern, _ = regexp.Compile(".*/(projects|folders|organizations)/([0-9a-fA-F-]{36})(?:/.*)?") type ApiRequest struct { - Body *[]byte + + // Body + // + // Required: false + Body *[]byte + + // The (HTTP) request headers / gRPC metadata. + // + // Internal IP-Addresses have to be removed (e.g. in x-forwarded-xxx headers). + // + // Required: true Header map[string][]string - Host string + + // The HTTP request `Host` header value. + // + // Required: true + Host string + + // Method + // + // Required: true Method string + + // The URL scheme, such as `http`, `https` or `gRPC`. + // + // Required: true Scheme string - Proto string - URL RequestUrl + + // The network protocol used with the request, such as "http/1.1", + // "spdy/3", "h2", "h2c", "webrtc", "tcp", "udp", "quic". See + // https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids + // for details. + // + // Required: true + Proto string + + // The url + // + // Required: true + URL RequestUrl } type RequestUrl struct { - Path string + + // The gRPC / HTTP URL path. + // + // Required: true + Path string + + // The HTTP URL query in the format of "name1=value1&name2=value2", as it + // appears in the first line of the HTTP request. + // The input should be escaped to not contain any special characters. + // + // Required: false RawQuery *string }