fix(audit): improve delete audit events for rollout and rule (#4346)

erka · web-flow · commit 049799e09456 · 2025-06-12T08:02:35.000Z
diff --git a/internal/server/audit/types.go b/internal/server/audit/types.go
@@ -216,3 +216,7 @@ func NewRollout(r *flipt.Rollout) *Rollout {
 
 	return rollout
 }
+
+type contextKey string
+
+const DeletedRecordCtxKey contextKey = "x-deleted-record"
diff --git a/internal/server/middleware/grpc/middleware.go b/internal/server/middleware/grpc/middleware.go
@@ -6,6 +6,7 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"slices"
 	"time"
 
 	"github.com/blang/semver/v4"
@@ -264,6 +265,17 @@ func AuditEventUnaryInterceptor(logger *zap.Logger, eventPairChecker audit.Event
 			}
 		}()
 
+		// When delete occurs there is no object returned. Audit log for rollout and rule
+		// includes a limited set of fields, so we need to store the deleted record in the context
+		// to improve audit log information. See https://github.com/orgs/flipt-io/discussions/4311
+		if slices.ContainsFunc(requests, func(r flipt.Request) bool {
+			return r.Action == flipt.ActionDelete && slices.Contains([]flipt.Subject{
+				flipt.SubjectRollout, flipt.SubjectRule,
+			}, r.Subject)
+		}) {
+			ctx = context.WithValue(ctx, audit.DeletedRecordCtxKey, map[any]any{})
+		}
+
 		resp, err := handler(ctx, req)
 		for _, request := range requests {
 			if err != nil {
@@ -279,7 +291,18 @@ func AuditEventUnaryInterceptor(logger *zap.Logger, eventPairChecker audit.Event
 			// Delete and Order request(s) have to be handled separately because they do not
 			// return the concrete type but rather an *empty.Empty response.
 			if request.Action == flipt.ActionDelete {
-				events = append(events, audit.NewEvent(request, actor, r))
+				payload := any(r)
+				// Try to load deleted record from context and add extra info if possible.
+				data, ok := ctx.Value(audit.DeletedRecordCtxKey).(map[any]any)
+				if ok && data[req] != nil {
+					switch r := data[req].(type) {
+					case *flipt.Rollout:
+						payload = audit.NewRollout(r)
+					case *flipt.Rule:
+						payload = audit.NewRule(r)
+					}
+				}
+				events = append(events, audit.NewEvent(request, actor, payload))
 				continue
 			}
 
diff --git a/internal/server/middleware/grpc/middleware_test.go b/internal/server/middleware/grpc/middleware_test.go
@@ -1167,6 +1167,7 @@ func TestAuditUnaryInterceptor_DeleteRollout(t *testing.T) {
 	)
 
 	store.On("DeleteRollout", mock.Anything, req).Return(nil)
+	store.On("GetRollout", mock.Anything, mock.Anything, req.Id).Return(&flipt.Rollout{}, nil)
 
 	unaryInterceptor := AuditEventUnaryInterceptor(logger, &checkerDummy{})
 
@@ -1329,6 +1330,7 @@ func TestAuditUnaryInterceptor_DeleteRule(t *testing.T) {
 	)
 
 	store.On("DeleteRule", mock.Anything, req).Return(nil)
+	store.On("GetRule", mock.Anything, mock.Anything, req.Id).Return(&flipt.Rule{}, nil)
 
 	unaryInterceptor := AuditEventUnaryInterceptor(logger, &checkerDummy{})
 
diff --git a/internal/server/rollout.go b/internal/server/rollout.go
@@ -3,6 +3,7 @@ package server
 import (
 	"context"
 
+	"go.flipt.io/flipt/internal/server/audit"
 	"go.flipt.io/flipt/internal/storage"
 	flipt "go.flipt.io/flipt/rpc/flipt"
 	"go.uber.org/zap"
@@ -59,6 +60,17 @@ func (s *Server) UpdateRollout(ctx context.Context, r *flipt.UpdateRolloutReques
 
 func (s *Server) DeleteRollout(ctx context.Context, r *flipt.DeleteRolloutRequest) (*empty.Empty, error) {
 	s.logger.Debug("delete rollout rule", zap.Stringer("request", r))
+	// prefetch and store the rollout in the audit context if possible
+	data, ok := ctx.Value(audit.DeletedRecordCtxKey).(map[any]any)
+	if ok && data != nil {
+		rollout, err := s.store.GetRollout(ctx,
+			storage.NewNamespace(r.NamespaceKey), r.Id,
+		)
+		if err == nil {
+			data[r] = rollout
+		}
+	}
+	// delete the rollout
 	err := s.store.DeleteRollout(ctx, r)
 	s.logger.Debug("delete rollout rule", zap.Error(err))
 	return &empty.Empty{}, err
diff --git a/internal/server/rule.go b/internal/server/rule.go
@@ -3,6 +3,7 @@ package server
 import (
 	"context"
 
+	"go.flipt.io/flipt/internal/server/audit"
 	"go.flipt.io/flipt/internal/storage"
 	flipt "go.flipt.io/flipt/rpc/flipt"
 	"go.uber.org/zap"
@@ -64,6 +65,17 @@ func (s *Server) UpdateRule(ctx context.Context, r *flipt.UpdateRuleRequest) (*f
 // DeleteRule deletes a rule
 func (s *Server) DeleteRule(ctx context.Context, r *flipt.DeleteRuleRequest) (*empty.Empty, error) {
 	s.logger.Debug("delete rule", zap.Stringer("request", r))
+	// prefetch and store the rule in the audit context if possible
+	data, ok := ctx.Value(audit.DeletedRecordCtxKey).(map[any]any)
+	if ok && data != nil {
+		rule, err := s.store.GetRule(ctx,
+			storage.NewNamespace(r.NamespaceKey), r.Id,
+		)
+		if err == nil {
+			data[r] = rule
+		}
+	}
+	// delete the rule
 	if err := s.store.DeleteRule(ctx, r); err != nil {
 		return nil, err
 	}

Original file line number	Diff line number	Diff line change
`@@ -216,3 +216,7 @@ func NewRollout(r flipt.Rollout) Rollout {`
`216`	`216`
`217`	`217`	`return rollout`
`218`	`218`	`}`
	`219`	`+`
	`220`	`+type contextKey string`
	`221`	`+`
	`222`	`+const DeletedRecordCtxKey contextKey = "x-deleted-record"`
Original file line number	Diff line number	Diff line change
`@@ -1167,6 +1167,7 @@ func TestAuditUnaryInterceptor_DeleteRollout(t *testing.T) {`
`1167`	`1167`	`)`
`1168`	`1168`
`1169`	`1169`	`store.On("DeleteRollout", mock.Anything, req).Return(nil)`
	`1170`	`+ store.On("GetRollout", mock.Anything, mock.Anything, req.Id).Return(&flipt.Rollout{}, nil)`
`1170`	`1171`
`1171`	`1172`	`unaryInterceptor := AuditEventUnaryInterceptor(logger, &checkerDummy{})`
`1172`	`1173`
`@@ -1329,6 +1330,7 @@ func TestAuditUnaryInterceptor_DeleteRule(t *testing.T) {`
`1329`	`1330`	`)`
`1330`	`1331`
`1331`	`1332`	`store.On("DeleteRule", mock.Anything, req).Return(nil)`
	`1333`	`+ store.On("GetRule", mock.Anything, mock.Anything, req.Id).Return(&flipt.Rule{}, nil)`
`1332`	`1334`
`1333`	`1335`	`unaryInterceptor := AuditEventUnaryInterceptor(logger, &checkerDummy{})`
`1334`	`1336`