Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authz: Move audit package #6218

Merged
merged 3 commits into from Apr 21, 2023
Merged

authz: Move audit package #6218

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
fd97b2c
Move audit logger to it's own package
gtcooke94 Apr 20, 2023
ca8f66c
remove audit prefixes since its the package name now
gtcooke94 Apr 21, 2023
bf571d6
Add package comment
gtcooke94 Apr 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
46 changes: 23 additions & 23 deletions authz/audit_logger.go → authz/audit/audit_logger.go
View file
Open in desktop
Expand Up @@ -16,7 +16,7 @@
*
*/

package authz
package audit

import (
"encoding/json"
Expand All @@ -27,38 +27,38 @@ import (
// to facilitate thread-safe reading/writing operations.
type loggerBuilderRegistry struct {
mu sync.Mutex
builders map[string]AuditLoggerBuilder
builders map[string]LoggerBuilder
}

var (
registry = loggerBuilderRegistry{
builders: make(map[string]AuditLoggerBuilder),
builders: make(map[string]LoggerBuilder),
}
)

// RegisterAuditLoggerBuilder registers the builder in a global map
// RegisterLoggerBuilder registers the builder in a global map
// using b.Name() as the key.
//
// This should only be called during initialization time (i.e. in an init()
// function). If multiple builders are registered with the same name,
// the one registered last will take effect.
func RegisterAuditLoggerBuilder(b AuditLoggerBuilder) {
func RegisterLoggerBuilder(b LoggerBuilder) {
registry.mu.Lock()
defer registry.mu.Unlock()
registry.builders[b.Name()] = b
}

// GetAuditLoggerBuilder returns a builder with the given name.
// GetLoggerBuilder returns a builder with the given name.
// It returns nil if the builder is not found in the registry.
func GetAuditLoggerBuilder(name string) AuditLoggerBuilder {
func GetLoggerBuilder(name string) LoggerBuilder {
registry.mu.Lock()
defer registry.mu.Unlock()
return registry.builders[name]
}

// AuditEvent contains information passed to the audit logger as part of an
// Event contains information passed to the audit logger as part of an
// audit logging event.
type AuditEvent struct {
type Event struct {
// FullMethodName is the full method name of the audited RPC, in the format
// of "/pkg.Service/Method". For example, "/helloworld.Greeter/SayHello".
FullMethodName string
Expand All @@ -74,14 +74,14 @@ type AuditEvent struct {
Authorized bool
}

// AuditLoggerConfig represents an opaque data structure holding an audit
// LoggerConfig represents an opaque data structure holding an audit
// logger configuration. Concrete types representing configuration of specific
// audit loggers must embed this interface to implement it.
type AuditLoggerConfig interface {
auditLoggerConfig()
type LoggerConfig interface {
loggerConfig()
}

// AuditLogger is the interface to be implemented by audit loggers.
// Logger is the interface to be implemented by audit loggers.
//
// An audit logger is a logger instance that can be configured via the
// authorization policy API or xDS HTTP RBAC filters. When the authorization
Expand All @@ -91,35 +91,35 @@ type AuditLoggerConfig interface {
// TODO(lwge): Change the link to the merged gRFC once it's ready.
// Please refer to https://github.com/grpc/proposal/pull/346 for more details
// about audit logging.
type AuditLogger interface {
type Logger interface {
// Log performs audit logging for the provided audit event.
//
// This method is invoked in the RPC path and therefore implementations
// must not block.
Log(*AuditEvent)
Log(*Event)
}

// AuditLoggerBuilder is the interface to be implemented by audit logger
// LoggerBuilder is the interface to be implemented by audit logger
// builders that are used at runtime to configure and instantiate audit loggers.
//
// Users who want to implement their own audit logging logic should
// implement this interface, along with the AuditLogger interface, and register
// it by calling RegisterAuditLoggerBuilder() at init time.
// implement this interface, along with the Logger interface, and register
// it by calling RegisterLoggerBuilder() at init time.
//
// TODO(lwge): Change the link to the merged gRFC once it's ready.
// Please refer to https://github.com/grpc/proposal/pull/346 for more details
// about audit logging.
type AuditLoggerBuilder interface {
// ParseAuditLoggerConfig parses the given JSON bytes into a structured
type LoggerBuilder interface {
// ParseLoggerConfig parses the given JSON bytes into a structured
// logger config this builder can use to build an audit logger.
ParseAuditLoggerConfig(config json.RawMessage) (AuditLoggerConfig, error)
ParseLoggerConfig(config json.RawMessage) (LoggerConfig, error)
// Build builds an audit logger with the given logger config.
// This will only be called with valid configs returned from
// ParseAuditLoggerConfig() and any runtime issues such as failing to
// ParseLoggerConfig() and any runtime issues such as failing to
// create a file should be handled by the logger implementation instead of
// failing the logger instantiation. So implementers need to make sure it
// can return a logger without error at this stage.
Build(AuditLoggerConfig) AuditLogger
Build(LoggerConfig) Logger
// Name returns the name of logger built by this builder.
// This is used to register and pick the builder.
Name() string
Expand Down