xds: support built-in Stdout audit logger type

authz/audit/stdout/stdout_logger.go

@@ -49,13 +49,13 @@ type event struct {
 	Timestamp      string `json:"timestamp"` // Time when the audit event is logged via Log method
 }
 
-// Logger implements the audit.Logger interface by logging to standard output.
-type Logger struct {
+// logger implements the audit.logger interface by logging to standard output.
+type logger struct {
 	goLogger *log.Logger
 }
 
 // Log marshals the audit.Event to json and prints it to standard output.
-func (l *Logger) Log(event *audit.Event) {
+func (l *logger) Log(event *audit.Event) {
 	jsonContainer := map[string]interface{}{
 		"grpc_audit_log": convertEvent(event),
 	}
@@ -85,7 +85,7 @@ func (loggerBuilder) Name() string {
 // Passed in configuration is ignored as the stdout logger does not
 // expect any configuration to be provided.
 func (lb *loggerBuilder) Build(audit.LoggerConfig) audit.Logger {
-	return &Logger{
+	return &logger{
 		goLogger: lb.goLogger,
 	}
 }

internal/xds/rbac/converter.go

@@ -32,12 +32,6 @@ import (
 	"google.golang.org/protobuf/types/known/structpb"
 )
 
-const (
-	udpaTypedStuctType = "type.googleapis.com/udpa.type.v1.TypedStruct"
-	xdsTypedStuctType  = "type.googleapis.com/xds.type.v3.TypedStruct"
-	stdoutType         = "type.googleapis.com/envoy.extensions.rbac.audit_loggers.stream.v3.StdoutAuditLog"
-)
-
 func buildLogger(loggerConfig *v3rbacpb.RBAC_AuditLoggingOptions_AuditLoggerConfig) (audit.Logger, error) {
 	if loggerConfig.GetAuditLogger().GetTypedConfig() == nil {
 		return nil, fmt.Errorf("missing required field: TypedConfig")
@@ -65,25 +59,17 @@ func buildLogger(loggerConfig *v3rbacpb.RBAC_AuditLoggingOptions_AuditLoggerConf
 }
 
 func getCustomConfig(config *anypb.Any) (json.RawMessage, string, error) {
-	switch config.GetTypeUrl() {
-	case udpaTypedStuctType:
-		typedStruct := &v1xdsudpatypepb.TypedStruct{}
-		if err := config.UnmarshalTo(typedStruct); err != nil {
-			return nil, "", fmt.Errorf("failed to unmarshal resource: %v", err)
-		}
-		return convertCustomConfig(typedStruct.TypeUrl, typedStruct.Value)
-	case xdsTypedStuctType:
-		typedStruct := &v3xdsxdstypepb.TypedStruct{}
-		if err := config.UnmarshalTo(typedStruct); err != nil {
-			return nil, "", fmt.Errorf("failed to unmarshal resource: %v", err)
-		}
-		return convertCustomConfig(typedStruct.TypeUrl, typedStruct.Value)
-	case stdoutType:
-		stdoutLoggerConfig := &v3auditloggersstreampb.StdoutAuditLog{}
-		if err := config.UnmarshalTo(stdoutLoggerConfig); err != nil {
-			return nil, "", fmt.Errorf("failed to unmarshal resource: %v", err)
-		}
-		return convertStdoutConfig(stdoutLoggerConfig)
+	any, err := config.UnmarshalNew()
+	if err != nil {
+		return nil, "", err
+	}
+	switch m := any.(type) {
+	case *v1xdsudpatypepb.TypedStruct:
+		return convertCustomConfig(m.TypeUrl, m.Value)
+	case *v3xdsxdstypepb.TypedStruct:
+		return convertCustomConfig(m.TypeUrl, m.Value)
+	case *v3auditloggersstreampb.StdoutAuditLog:
+		return convertStdoutConfig(m)
 	}
 	return nil, "", fmt.Errorf("custom config not implemented for type [%v]", config.GetTypeUrl())
 }

internal/xds/rbac/converter_test.go

@@ -17,6 +17,7 @@
 package rbac
 
 import (
+	"reflect"
 	"strings"
 	"testing"
 
@@ -49,7 +50,7 @@ func (s) TestBuildLoggerErrors(t *testing.T) {
 			loggerConfig: &v3rbacpb.RBAC_AuditLoggingOptions_AuditLoggerConfig{
 				AuditLogger: &v3corepb.TypedExtensionConfig{
 					Name:        "TestAuditLoggerBuffer",
-					TypedConfig: &anypb.Any{},
+					TypedConfig: createUnsupportedPb(t),
 				},
 			},
 			expectedError: "custom config not implemented for type ",
@@ -104,10 +105,9 @@ func (s) TestBuildLoggerErrors(t *testing.T) {
 			logger, err := buildLogger(test.loggerConfig)
 			if err != nil && !strings.HasPrefix(err.Error(), test.expectedError) {
 				t.Fatalf("expected error: %v. got error: %v", test.expectedError, err)
-			} else {
-				if logger != test.expectedLogger {
-					t.Fatalf("expected logger: %v. got logger: %v", test.expectedLogger, logger)
-				}
+			}
+			if logger != test.expectedLogger {
+				t.Fatalf("expected logger: %v. got logger: %v", test.expectedLogger, logger)
 			}
 
 		})
@@ -118,6 +118,7 @@ func (s) TestBuildLoggerKnownTypes(t *testing.T) {
 	tests := []struct {
 		name         string
 		loggerConfig *v3rbacpb.RBAC_AuditLoggingOptions_AuditLoggerConfig
+		expectedType reflect.Type
 	}{
 		{
 			name: "stdout logger",
@@ -128,6 +129,7 @@ func (s) TestBuildLoggerKnownTypes(t *testing.T) {
 				},
 				IsOptional: false,
 			},
+			expectedType: reflect.TypeOf(audit.GetLoggerBuilder(stdout.Name).Build(nil)),
 		},
 		{
 			name: "stdout logger with generic TypedConfig",
@@ -138,23 +140,19 @@ func (s) TestBuildLoggerKnownTypes(t *testing.T) {
 				},
 				IsOptional: false,
 			},
+			expectedType: reflect.TypeOf(audit.GetLoggerBuilder(stdout.Name).Build(nil)),
 		},
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
 			logger, err := buildLogger(test.loggerConfig)
 			if err != nil {
 				t.Fatalf("expected success. got error: %v", err)
-			} else {
-				switch test.name {
-				case "stdout logger":
-					_, ok := logger.(*stdout.Logger)
-					if !ok {
-						t.Fatalf("expected logger to be type stdout.Logger but was not")
-					}
-				}
 			}
-
+			loggerType := reflect.TypeOf(logger)
+			if test.expectedType != loggerType {
+				t.Fatalf("logger not of expected type. want: %v got: %v", test.expectedType, loggerType)
+			}
 		})
 	}
 }
@@ -169,3 +167,18 @@ func createStdoutPb(t *testing.T) *anypb.Any {
 	}
 	return customConfig
 }
+
+// Builds a config with a nonsensical type in the anypb.Any.
+func createUnsupportedPb(t *testing.T) *anypb.Any {
+	t.Helper()
+	// This type doesn't make sense to have here, it could realistically be any
+	// proto that is not accepted in our custom config parsing. This was chosen
+	// because it is already imported.
+	pb := &v3rbacpb.RBAC_AuditLoggingOptions{}
+	customConfig, err := anypb.New(pb)
+	if err != nil {
+		t.Fatalf("createStdoutPb failed during anypb.New: %v", err)
+	}
+	return customConfig
+
+}