-
Notifications
You must be signed in to change notification settings - Fork 586
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Register a custom audit log item builder #12268
Open
andrewstalin
wants to merge
6
commits into
ydb-platform:main
Choose a base branch
from
andrewstalin:audit-register-custom-builder
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+55
−33
Open
Changes from all commits
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
9189b2b
register custom audit log item builder
andrewstalin 00a2c2b
include header
andrewstalin 0f2caad
moved TEvAuditLog to the header file
andrewstalin b5085f8
add G_59548_2022 audit format
andrewstalin 0831cc3
add audit_events.h
andrewstalin 34591be
fix review remarks
andrewstalin File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,8 +9,7 @@ | |
#include <ydb/library/actors/core/hfunc.h> | ||
#include <ydb/library/services/services.pb.h> | ||
|
||
#include <ydb/core/base/events.h> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Necessary here |
||
|
||
#include "audit_log_item_builder.h" | ||
#include "audit_log_service.h" | ||
#include "audit_log.h" | ||
|
||
|
@@ -55,9 +54,9 @@ struct TEvAuditLog { | |
|
||
struct TEvWriteAuditLog : public NActors::TEventLocal<TEvWriteAuditLog, EvWriteAuditLog> { | ||
TInstant Time; | ||
TVector<std::pair<TString, TString>> Parts; | ||
TAuditLogParts Parts; | ||
|
||
TEvWriteAuditLog(TInstant time, TVector<std::pair<TString, TString>>&& parts) | ||
TEvWriteAuditLog(TInstant time, TAuditLogParts&& parts) | ||
: Time(time) | ||
, Parts(std::move(parts)) | ||
{} | ||
|
@@ -78,32 +77,30 @@ void WriteLog(const TString& log, const TVector<THolder<TLogBackend>>& logBacken | |
} | ||
} | ||
|
||
TString GetJsonLog(const TEvAuditLog::TEvWriteAuditLog::TPtr& ev) { | ||
const auto* msg = ev->Get(); | ||
TString GetJsonLog(TInstant time, const TAuditLogParts& parts) { | ||
TStringStream ss; | ||
ss << msg->Time << ": "; | ||
ss << time << ": "; | ||
NJson::TJsonMap m; | ||
for (auto& [k, v] : msg->Parts) { | ||
for (auto& [k, v] : parts) { | ||
m[k] = v; | ||
} | ||
NJson::WriteJson(&ss, &m, false, false); | ||
ss << Endl; | ||
return ss.Str(); | ||
} | ||
|
||
TString GetJsonLogCompatibleLog(const TEvAuditLog::TEvWriteAuditLog::TPtr& ev) { | ||
const auto* msg = ev->Get(); | ||
TString GetJsonLogCompatibleLog(TInstant time, const TAuditLogParts& parts) { | ||
TStringStream ss; | ||
NJsonWriter::TBuf json(NJsonWriter::HEM_DONT_ESCAPE_HTML, &ss); | ||
{ | ||
auto obj = json.BeginObject(); | ||
obj | ||
.WriteKey("@timestamp") | ||
.WriteString(msg->Time.ToString().data()) | ||
.WriteString(time.ToString().data()) | ||
.WriteKey("@log_type") | ||
.WriteString("audit"); | ||
|
||
for (auto& [k, v] : msg->Parts) { | ||
for (auto& [k, v] : parts) { | ||
obj.WriteKey(k).WriteString(v); | ||
} | ||
json.EndObject(); | ||
|
@@ -112,19 +109,33 @@ TString GetJsonLogCompatibleLog(const TEvAuditLog::TEvWriteAuditLog::TPtr& ev) { | |
return ss.Str(); | ||
} | ||
|
||
TString GetTxtLog(const TEvAuditLog::TEvWriteAuditLog::TPtr& ev) { | ||
const auto* msg = ev->Get(); | ||
TString GetTxtLog(TInstant time, const TAuditLogParts& parts) { | ||
TStringStream ss; | ||
ss << msg->Time << ": "; | ||
for (auto it = msg->Parts.begin(); it != msg->Parts.end(); it++) { | ||
if (it != msg->Parts.begin()) | ||
ss << time << ": "; | ||
for (auto it = parts.begin(); it != parts.end(); it++) { | ||
if (it != parts.begin()) | ||
ss << ", "; | ||
ss << it->first << "=" << it->second; | ||
} | ||
ss << Endl; | ||
return ss.Str(); | ||
} | ||
|
||
// Array of functions for converting TEvAuditLog::TEvWriteAuditLog events to a string. | ||
// Indexing in the array occurs by the value of the NKikimrConfig::TAuditConfig::EFormat enumeration. | ||
// The size of AuditLogItemBuilders must be equal to the maximum value of the NKikimrConfig::TAuditConfig::EFormat enumeration. | ||
static std::vector<TAuditLogItemBuilder> AuditLogItemBuilders = { GetJsonLog, GetTxtLog, GetJsonLogCompatibleLog, nullptr }; | ||
|
||
// numbering enumeration starts from one | ||
static constexpr size_t DefaultAuditLogItemBuilder = static_cast<size_t>(NKikimrConfig::TAuditConfig::JSON) - 1; | ||
|
||
void RegisterAuditLogItemBuilder(NKikimrConfig::TAuditConfig::EFormat format, TAuditLogItemBuilder builder) { | ||
size_t index = static_cast<size_t>(format); | ||
if (index < AuditLogItemBuilders.size()) { | ||
AuditLogItemBuilders[index] = builder; | ||
} | ||
} | ||
|
||
class TAuditLogActor final : public TActor<TAuditLogActor> { | ||
private: | ||
const TAuditLogBackends LogBackends; | ||
|
@@ -160,20 +171,12 @@ class TAuditLogActor final : public TActor<TAuditLogActor> { | |
Y_UNUSED(ctx); | ||
|
||
for (auto& logBackends : LogBackends) { | ||
switch (logBackends.first) { | ||
case NKikimrConfig::TAuditConfig::JSON: | ||
WriteLog(GetJsonLog(ev), logBackends.second); | ||
break; | ||
case NKikimrConfig::TAuditConfig::TXT: | ||
WriteLog(GetTxtLog(ev), logBackends.second); | ||
break; | ||
case NKikimrConfig::TAuditConfig::JSON_LOG_COMPATIBLE: | ||
WriteLog(GetJsonLogCompatibleLog(ev), logBackends.second); | ||
break; | ||
default: | ||
WriteLog(GetJsonLog(ev), logBackends.second); | ||
break; | ||
} | ||
const auto builderIndex = static_cast<size_t>(logBackends.first) - 1; | ||
const auto builder = builderIndex < AuditLogItemBuilders.size() | ||
? AuditLogItemBuilders[builderIndex] : AuditLogItemBuilders[DefaultAuditLogItemBuilder]; | ||
const auto msg = ev->Get(); | ||
const auto auditLogItem = builder(msg->Time, msg->Parts); | ||
WriteLog(auditLogItem, logBackends.second); | ||
} | ||
} | ||
|
||
|
@@ -190,7 +193,7 @@ class TAuditLogActor final : public TActor<TAuditLogActor> { | |
|
||
std::atomic<bool> AUDIT_LOG_ENABLED = false; | ||
|
||
void SendAuditLog(const NActors::TActorSystem* sys, TVector<std::pair<TString, TString>>&& parts) | ||
void SendAuditLog(const NActors::TActorSystem* sys, TAuditLogParts&& parts) | ||
{ | ||
auto request = MakeHolder<TEvAuditLog::TEvWriteAuditLog>(Now(), std::move(parts)); | ||
sys->Send(MakeAuditServiceID(), request.Release()); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
#pragma once | ||
|
||
#include <ydb/core/audit/audit_log.h> | ||
#include <ydb/core/protos/config.pb.h> | ||
|
||
|
||
namespace NKikimr::NAudit { | ||
|
||
using TAuditLogItemBuilder = TString(*)(TInstant, const TAuditLogParts&); | ||
|
||
// Registration of a function for converting audit events to a string in a specified format | ||
void RegisterAuditLogItemBuilder(NKikimrConfig::TAuditConfig::EFormat format, TAuditLogItemBuilder builder); | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,7 @@ | ||
LIBRARY() | ||
|
||
SRCS( | ||
audit_log_item_builder.h | ||
audit_log.h | ||
audit_log_service.h | ||
audit_log_impl.cpp | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unnecessary here