Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Audit Logging] Stdout logger implementation #33026

Merged
merged 19 commits into from May 16, 2023
Merged

[Audit Logging] Stdout logger implementation #33026

merged 19 commits into from May 16, 2023

Conversation

rockspore
Copy link
Contributor

The logger uses absl::FPrintF to write to stdout. After reading a number of sources online, I got the impression that std::fwrite which is used by absl::FPrintF is atomic so there is no locking required here.

@rockspore rockspore added the release notes: no Indicates if PR should not be in release notes label May 5, 2023
gtcooke94
gtcooke94 reviewed May 5, 2023
View reviewed changes
Copy link
Contributor

@gtcooke94 gtcooke94 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, a few comments

src/core/lib/security/authorization/stdout_logger.cc Outdated
constexpr absl::string_view kName = "stdout_logger";
const char kLogFormat[] =
"{\"grpc_audit_log\":{\"timestamp\":%d,\"rpc_method\":\"%s\",\"principal\":"
"\"%s\",\"policy_name\":\"%s\",\"matched_rule\":\"%s\",\"authorized\":%s}}";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this have implicit newlines, and if so do we want a multi-line log?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch! I meant to add a newline to flush the buffer but forgot. Added.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I actually meant the other way around, do we want any newlines here at all, or one big single line that is the audit log?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As you also saw in the Go PR, we want one log entry to be one-liner.

test/core/security/grpc_audit_logging_test.cc Show resolved Hide resolved
test/core/security/grpc_audit_logging_test.cc
EXPECT_TRUE(AuditLoggerRegistry::FactoryExists(kName));
EXPECT_FALSE(AuditLoggerRegistry::FactoryExists("unknown_logger"));
}

//
// StdoutLoggerTest
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be worth having StdOutLoggerTest in it's own file?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The stdout logger is added to the same library target in the BUILD file. I think it's easier to have things in the same test target.

test/core/security/grpc_audit_logging_test.cc Outdated Show resolved Hide resolved
test/core/security/grpc_audit_logging_test.cc Outdated Show resolved Hide resolved
test/core/security/grpc_audit_logging_test.cc Outdated Show resolved Hide resolved
@gtcooke94 gtcooke94 removed the request for review from markdroth May 5, 2023 20:31
@rockspore rockspore requested a review from gtcooke94 May 5, 2023 21:25
gtcooke94
gtcooke94 reviewed May 8, 2023
View reviewed changes
Copy link
Contributor

@gtcooke94 gtcooke94 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This LGTM other than the question about multi-line vs. single-line logs

@gtcooke94 gtcooke94 requested a review from markdroth May 8, 2023 14:29
@rockspore rockspore mentioned this pull request May 12, 2023
Merged
markdroth
markdroth reviewed May 12, 2023
View reviewed changes
Copy link
Member

@markdroth markdroth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good overall! Comments are relatively minor.

Please let me know if you have any questions. Thanks!

src/core/lib/security/authorization/stdout_logger.cc Show resolved Hide resolved
src/core/lib/security/authorization/stdout_logger.cc Outdated Show resolved Hide resolved
test/core/security/grpc_audit_logging_test.cc Outdated Show resolved Hide resolved
test/core/security/grpc_audit_logging_test.cc Outdated Show resolved Hide resolved
src/core/lib/security/authorization/stdout_logger.cc Outdated Show resolved Hide resolved
test/core/security/grpc_audit_logging_test.cc Outdated Show resolved Hide resolved
test/core/security/grpc_audit_logging_test.cc Show resolved Hide resolved
rockspore
rockspore commented May 12, 2023
View reviewed changes
Copy link
Contributor Author

@rockspore rockspore left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the review. I addressed the comments as I can for now. Will ask for another look once the timestamp format is finalized.

src/core/lib/security/authorization/stdout_logger.cc Show resolved Hide resolved
src/core/lib/security/authorization/stdout_logger.cc Outdated Show resolved Hide resolved
src/core/lib/security/authorization/stdout_logger.cc Outdated Show resolved Hide resolved
test/core/security/grpc_audit_logging_test.cc Outdated Show resolved Hide resolved
test/core/security/grpc_audit_logging_test.cc Outdated Show resolved Hide resolved
test/core/security/grpc_audit_logging_test.cc Outdated Show resolved Hide resolved
test/core/security/grpc_audit_logging_test.cc Show resolved Hide resolved
@rockspore rockspore requested a review from markdroth May 15, 2023 16:37
markdroth
markdroth approved these changes May 15, 2023
View reviewed changes
Copy link
Member

@markdroth markdroth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Just a couple of minor nits remaining. Feel free to merge after addressing.

test/core/security/grpc_audit_logging_test.cc Outdated Show resolved Hide resolved
test/core/security/grpc_audit_logging_test.cc Outdated Show resolved Hide resolved
markdroth
markdroth approved these changes May 16, 2023
View reviewed changes
Copy link
Member

@markdroth markdroth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@rockspore
Copy link
Contributor Author

In one recent build, the invocation of Log happened so soon that time_before_log was actually equal to time_at_log even with nanosecond:

test/core/security/grpc_audit_logging_test.cc:146
Expected: (time_at_log) > (time_before_log), actual: 2023-05-16T00:45:04.663233+00:00 vs 2023-05-16T00:45:04.663233+00:00

I changed it back to EXPECT_GE and EXPECT_LE to avoid flakiness in the future.

@rockspore rockspore merged commit 6df358c into grpc:master May 16, 2023
63 of 65 checks passed
@rockspore rockspore deleted the stdout-logger branch May 16, 2023 17:02
@copybara-service copybara-service bot added the imported Specifies if the PR has been imported to the internal repository label May 16, 2023
eugeneo pushed a commit to eugeneo/grpc that referenced this pull request May 17, 2023
@rockspore @eugeneo
[Audit Logging] Stdout logger implementation (grpc#33026)
14b75f5 
The logger uses `absl::FPrintF` to write to stdout. After reading a
number of sources online, I got the impression that `std::fwrite` which
is used by `absl::FPrintF` is atomic so there is no locking required
here.

---------

Co-authored-by: rockspore <rockspore@users.noreply.github.com>
wanlin31 pushed a commit that referenced this pull request May 18, 2023
@rockspore @wanlin31
[Audit Logging] Stdout logger implementation (#33026)
c555f3c 
The logger uses `absl::FPrintF` to write to stdout. After reading a
number of sources online, I got the impression that `std::fwrite` which
is used by `absl::FPrintF` is atomic so there is no locking required
here.

---------

Co-authored-by: rockspore <rockspore@users.noreply.github.com>
@yijiem yijiem added release notes: yes Indicates if PR needs to be in release notes and removed release notes: no Indicates if PR should not be in release notes labels May 31, 2023
@erm-g erm-g removed the release notes: yes Indicates if PR needs to be in release notes label Jun 12, 2023
@yijiem yijiem added the release notes: no Indicates if PR should not be in release notes label Jun 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gtcooke94 gtcooke94 gtcooke94 left review comments

@markdroth markdroth markdroth approved these changes

Assignees
No one assigned
Labels
bloat/low imported Specifies if the PR has been imported to the internal repository lang/core per-call-memory/neutral per-channel-memory/neutral release notes: no Indicates if PR should not be in release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@rockspore @gtcooke94 @markdroth @yijiem @erm-g