Skip to content

Commit

Permalink
authz: Move audit package (#6218) (#6219)
Browse files Browse the repository at this point in the history
  • Loading branch information
gtcooke94 authored Apr 21, 2023
1 parent 875c97a commit 3fc6e00
Showing 1 changed file with 24 additions and 23 deletions.
47 changes: 24 additions & 23 deletions authz/audit_logger.go → authz/audit/audit_logger.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@
*
*/

package authz
// Package audit contains interfaces for audit logging during authorization.
package audit

import (
"encoding/json"
Expand All @@ -27,38 +28,38 @@ import (
// to facilitate thread-safe reading/writing operations.
type loggerBuilderRegistry struct {
mu sync.Mutex
builders map[string]AuditLoggerBuilder
builders map[string]LoggerBuilder
}

var (
registry = loggerBuilderRegistry{
builders: make(map[string]AuditLoggerBuilder),
builders: make(map[string]LoggerBuilder),
}
)

// RegisterAuditLoggerBuilder registers the builder in a global map
// RegisterLoggerBuilder registers the builder in a global map
// using b.Name() as the key.
//
// This should only be called during initialization time (i.e. in an init()
// function). If multiple builders are registered with the same name,
// the one registered last will take effect.
func RegisterAuditLoggerBuilder(b AuditLoggerBuilder) {
func RegisterLoggerBuilder(b LoggerBuilder) {
registry.mu.Lock()
defer registry.mu.Unlock()
registry.builders[b.Name()] = b
}

// GetAuditLoggerBuilder returns a builder with the given name.
// GetLoggerBuilder returns a builder with the given name.
// It returns nil if the builder is not found in the registry.
func GetAuditLoggerBuilder(name string) AuditLoggerBuilder {
func GetLoggerBuilder(name string) LoggerBuilder {
registry.mu.Lock()
defer registry.mu.Unlock()
return registry.builders[name]
}

// AuditEvent contains information passed to the audit logger as part of an
// Event contains information passed to the audit logger as part of an
// audit logging event.
type AuditEvent struct {
type Event struct {
// FullMethodName is the full method name of the audited RPC, in the format
// of "/pkg.Service/Method". For example, "/helloworld.Greeter/SayHello".
FullMethodName string
Expand All @@ -74,14 +75,14 @@ type AuditEvent struct {
Authorized bool
}

// AuditLoggerConfig represents an opaque data structure holding an audit
// LoggerConfig represents an opaque data structure holding an audit
// logger configuration. Concrete types representing configuration of specific
// audit loggers must embed this interface to implement it.
type AuditLoggerConfig interface {
auditLoggerConfig()
type LoggerConfig interface {
loggerConfig()
}

// AuditLogger is the interface to be implemented by audit loggers.
// Logger is the interface to be implemented by audit loggers.
//
// An audit logger is a logger instance that can be configured via the
// authorization policy API or xDS HTTP RBAC filters. When the authorization
Expand All @@ -91,35 +92,35 @@ type AuditLoggerConfig interface {
// TODO(lwge): Change the link to the merged gRFC once it's ready.
// Please refer to https://github.com/grpc/proposal/pull/346 for more details
// about audit logging.
type AuditLogger interface {
type Logger interface {
// Log performs audit logging for the provided audit event.
//
// This method is invoked in the RPC path and therefore implementations
// must not block.
Log(*AuditEvent)
Log(*Event)
}

// AuditLoggerBuilder is the interface to be implemented by audit logger
// LoggerBuilder is the interface to be implemented by audit logger
// builders that are used at runtime to configure and instantiate audit loggers.
//
// Users who want to implement their own audit logging logic should
// implement this interface, along with the AuditLogger interface, and register
// it by calling RegisterAuditLoggerBuilder() at init time.
// implement this interface, along with the Logger interface, and register
// it by calling RegisterLoggerBuilder() at init time.
//
// TODO(lwge): Change the link to the merged gRFC once it's ready.
// Please refer to https://github.com/grpc/proposal/pull/346 for more details
// about audit logging.
type AuditLoggerBuilder interface {
// ParseAuditLoggerConfig parses the given JSON bytes into a structured
type LoggerBuilder interface {
// ParseLoggerConfig parses the given JSON bytes into a structured
// logger config this builder can use to build an audit logger.
ParseAuditLoggerConfig(config json.RawMessage) (AuditLoggerConfig, error)
ParseLoggerConfig(config json.RawMessage) (LoggerConfig, error)
// Build builds an audit logger with the given logger config.
// This will only be called with valid configs returned from
// ParseAuditLoggerConfig() and any runtime issues such as failing to
// ParseLoggerConfig() and any runtime issues such as failing to
// create a file should be handled by the logger implementation instead of
// failing the logger instantiation. So implementers need to make sure it
// can return a logger without error at this stage.
Build(AuditLoggerConfig) AuditLogger
Build(LoggerConfig) Logger
// Name returns the name of logger built by this builder.
// This is used to register and pick the builder.
Name() string
Expand Down

0 comments on commit 3fc6e00

Please sign in to comment.