Add JSON Audit Logging feature

jeremyevans · jeremyevans · commit bf6a0dad3a6c · 2018-08-15T16:19:54.000-07:00
diff --git a/README.rdoc b/README.rdoc
@@ -213,6 +213,37 @@ table :: The name of the table
 defaults :: A hash of default values to enforce, where keys are column names
             and values are the default values to enforce
 
+=== JSON Audit Logging - pgt_json_audit_log_setup and pg_json_audit_log
+
+These methods setup an auditing function where updates and deletes log
+the previous values to a central auditing table in JSON format.
+
+==== pgt_json_audit_log_setup
+
+This creates an audit table and a trigger function that will log
+previous values to the audit table. This returns the name of the
+trigger function created, which should be passed to
++pgt_json_audit_log+.
+
+Arguments:
+table :: The name of the table storing the audit logs.
+
+Options:
+function_opts :: Options to pass to +create_function+ when creating
+                 the trigger function.
+
+==== pgt_json_audit_log
+
+This adds a trigger to the table that will log previous values to the
+audting table for updates and deletes.
+
+Arguments:
+table :: The name of the table to audit
+function :: The name of the trigger function to call to log changes
+
+Note that it is probably a bad idea to use the same table argument
+to both +pgt_json_audit_log_setup+ and +pgt_json_audit_log+.
+
 == License
 
 This library is released under the MIT License.  See the MIT-LICENSE
diff --git a/lib/sequel/extensions/pg_triggers.rb b/lib/sequel/extensions/pg_triggers.rb
@@ -82,6 +82,33 @@ def pgt_immutable(table, *columns)
         pgt_trigger(table, trigger_name, function_name, :update, "BEGIN #{ifs} RETURN NEW; END;")
       end
 
+      def pgt_json_audit_log_setup(table, opts={})
+        function_name = opts[:function_name] || "pgt_jal_#{table}"
+        create_table(table) do
+          DateTime :at, :default=>Sequel::CURRENT_TIMESTAMP, :null=>false
+          String :user
+          String :schema
+          String :table
+          String :action
+          jsonb :prior
+        end
+        create_function(function_name, (<<-SQL), {:language=>:plpgsql, :returns=>:trigger, :replace=>true}.merge(opts[:function_opts]||{}))
+        BEGIN
+          INSERT INTO #{quote_identifier(table)} (at, "user", "schema", "table", action, prior) VALUES
+          (CURRENT_TIMESTAMP, CURRENT_USER, TG_TABLE_SCHEMA, TG_TABLE_NAME, TG_OP, to_jsonb(OLD));
+          IF (TG_OP = 'DELETE') THEN
+            RETURN OLD;
+          END IF;
+          RETURN NEW;
+        END;
+        SQL
+        function_name
+      end
+
+      def pgt_json_audit_log(table, function, opts={})
+        create_trigger(table, (opts[:trigger_name] || "pgt_jal_#{table}"), function, :events=>[:update, :delete], :each_row=>true, :after=>true)
+      end
+
       def pgt_sum_cache(main_table, main_table_id_column, sum_column, summed_table, summed_table_id_column, summed_column, opts={})
         trigger_name = opts[:trigger_name] || "pgt_sc_#{main_table}__#{main_table_id_column}__#{sum_column}__#{summed_table_id_column}"
         function_name = opts[:function_name] || "pgt_sc_#{main_table}__#{main_table_id_column}__#{sum_column}__#{summed_table}__#{summed_table_id_column}__#{summed_column}"
diff --git a/spec/sequel_postgresql_triggers_spec.rb b/spec/sequel_postgresql_triggers_spec.rb
@@ -607,3 +607,38 @@
   end
 end
 
+
+describe "PostgreSQL JSON Audit Logging" do
+  before do
+    DB.extension :pg_json
+    DB.create_table(:accounts){integer :id; integer :a}
+    DB.pgt_json_audit_log_setup(:table_audit_logs, :function_name=>:spgt_audit_log)
+    DB.pgt_json_audit_log(:accounts, :spgt_audit_log)
+    @ds = DB[:accounts]
+    @ds.insert(:id=>1)
+    @logs = DB[:table_audit_logs].reverse(:at)
+  end
+
+  after do
+    DB.drop_table(:accounts, :table_audit_logs)
+    DB.drop_function(:spgt_audit_log)
+  end
+
+  it "should previous values in JSON format for inserts and updates" do
+    @logs.first.must_be_nil
+
+    @ds.update(:id=>2, :a=>3)
+    @ds.all.must_equal [{:id=>2, :a=>3}]
+    h = @logs.first
+    h.delete(:at).to_i.must_be_within_delta(10, DB.get(Sequel::CURRENT_TIMESTAMP).to_i)
+    h.delete(:user).must_be_kind_of(String)
+    h.must_equal(:schema=>"public", :table=>"accounts", :action=>"UPDATE", :prior=>{"a"=>nil, "id"=>1})
+
+    @ds.delete
+    @ds.all.must_equal []
+    h = @logs.first
+    h.delete(:at).to_i.must_be_within_delta(10, DB.get(Sequel::CURRENT_TIMESTAMP).to_i)
+    h.delete(:user).must_be_kind_of(String)
+    h.must_equal(:schema=>"public", :table=>"accounts", :action=>"DELETE", :prior=>{"a"=>3, "id"=>2})
+  end
+end if DB.server_version >= 90400
