chore: [ML-1370]: Added resource type and resource identifier filter in list_user_audits tool and added e2e (#158)

* chore: [ML-1370]: resolved comments

Signed-off-by: Saranya-jena <[email protected]>

* chore: [ML-1370]: Added resource type and resource identifier filter in list_user_audits toolm added e2e

Signed-off-by: Saranya-jena <[email protected]>

Author: Saranya-jena

client/dto/audit.go

@@ -66,6 +66,7 @@ type ListAuditEventsFilter struct {
 	FilterType string               `json:"filterType,omitempty"`
 	StartTime  int64                `json:"startTime,omitempty"`
 	EndTime    int64                `json:"endTime,omitempty"`
+	Resources  []AuditResource      `json:"resources,omitempty"`
 }
 
 type AuditOutput[T any] struct {

pkg/harness/tools/audit.go

@@ -6,9 +6,11 @@ import (
 	"fmt"
 	"log/slog"
 	"math"
+	"strings"
 	"time"
 
 	"github.com/harness/harness-mcp/client"
+	"github.com/harness/harness-mcp/client/dto"
 	"github.com/harness/harness-mcp/cmd/harness-mcp-server/config"
 	"github.com/mark3labs/mcp-go/mcp"
 	"github.com/mark3labs/mcp-go/server"
@@ -78,6 +80,37 @@ func ListUserAuditTrailTool(config *config.Config, auditClient *client.AuditServ
 					"ROLE_ASSIGNMENT_CREATED", "ROLE_ASSIGNMENT_UPDATED", "ROLE_ASSIGNMENT_DELETED", "MOVE", "ENABLED", "DISABLED", "DISMISS_ANOMALY", "RERUN", "BYPASS", "STABLE_VERSION_CHANGED",
 					"SYNC_START", "START_IMPERSONATION", "END_IMPERSONATION", "MOVE_TO_GIT", "FREEZE_BYPASS", "EXPIRED", "FORCE_PUSH"),
 			),
+
+			mcp.WithString("resource_type",
+				mcp.Description("Optional resource type to filter by."),
+				mcp.Enum("ORGANIZATION", "PROJECT", "USER_GROUP", "SECRET", "CERTIFICATE", "STREAMING_DESTINATION", "RESOURCE_GROUP",
+					"USER", "ROLE", "PIPELINE", "TRIGGER", "TEMPLATE", "INPUT_SET", "DELEGATE_CONFIGURATION", "DELEGATE_GROUPS",
+					"SERVICE", "ENVIRONMENT", "ENVIRONMENT_GROUP", "DELEGATE", "SERVICE_ACCOUNT", "CONNECTOR", "API_KEY",
+					"TOKEN", "DELEGATE_TOKEN", "DASHBOARD", "DASHBOARD_FOLDER", "GOVERNANCE_POLICY", "GOVERNANCE_POLICY_SET",
+					"VARIABLE", "CHAOS_HUB", "MONITORED_SERVICE", "CHAOS_INFRASTRUCTURE", "CHAOS_EXPERIMENT", "CHAOS_GAMEDAY",
+					"CHAOS_PROBE", "STO_TARGET", "STO_EXEMPTION", "SERVICE_LEVEL_OBJECTIVE", "PERSPECTIVE", "PERSPECTIVE_BUDGET",
+					"PERSPECTIVE_REPORT", "COST_CATEGORY", "COMMITMENT_ORCHESTRATOR_SETUP", "COMMITMENT_ACTIONS",
+					"CLUSTER_ORCHESTRATOR_SETUP", "CLUSTER_ACTIONS", "SMTP", "PERSPECTIVE_FOLDER", "AUTOSTOPPING_RULE",
+					"AUTOSTOPPING_LB", "AUTOSTOPPING_STARTSTOP", "SETTING", "NG_LOGIN_SETTINGS", "DEPLOYMENT_FREEZE",
+					"CLOUD_ASSET_GOVERNANCE_RULE", "CLOUD_ASSET_GOVERNANCE_RULE_SET", "CLOUD_ASSET_GOVERNANCE_RULE_ENFORCEMENT",
+					"TARGET_GROUP", "FEATURE_FLAG", "FEATURE_FLAG_STALE_CONFIG", "NG_ACCOUNT_DETAILS", "BUDGET_GROUP",
+					"IP_ALLOWLIST_CONFIG", "NETWORK_MAP", "CET_AGENT_TOKEN", "CET_CRITICAL_EVENT", "CHAOS_SECURITY_GOVERNANCE",
+					"END_USER_LICENSE_AGREEMENT", "WORKSPACE", "IAC_MODULE", "SEI_CONFIGURATION_SETTINGS", "SEI_COLLECTIONS",
+					"SEI_INSIGHTS", "SEI_PANORAMA", "CET_SAVED_FILTER", "GITOPS_AGENT", "GITOPS_REPOSITORY", "GITOPS_CLUSTER",
+					"GITOPS_CREDENTIAL_TEMPLATE", "GITOPS_REPOSITORY_CERTIFICATE", "GITOPS_GNUPG_KEY", "GITOPS_PROJECT_MAPPING",
+					"GITOPS_APPLICATION", "GITOPS_APPLICATION_SET", "CODE_REPOSITORY", "CODE_REPOSITORY_SETTINGS", "CODE_BRANCH_RULE",
+					"CODE_PUSH_RULE", "CODE_TAG_RULE", "CODE_BRANCH", "CODE_TAG", "CODE_WEBHOOK", "MODULE_LICENSE",
+					"IDP_BACKSTAGE_CATALOG_ENTITY", "IDP_BACKSTAGE_SCAFFOLDER_TASK", "IDP_APP_CONFIGS", "IDP_CONFIG_ENV_VARIABLES",
+					"IDP_PROXY_HOST", "IDP_SCORECARDS", "IDP_CHECKS", "IDP_ALLOW_LIST", "IDP_OAUTH_CONFIG", "IDP_CATALOG_CONNECTOR",
+					"IDP_GIT_INTEGRATIONS", "IDP_PERMISSIONS", "IDP_CATALOG", "IDP_WORKFLOW", "SERVICE_DISCOVERY_AGENT",
+					"APPLICATION_MAP", "IDP_LAYOUT", "IDP_PLUGINS", "NOTIFICATION_CHANNEL", "NOTIFICATION_RULE",
+					"IDP_CATALOG_CUSTOM_PROPERTIES", "CLOUD_ASSET_GOVERNANCE_RULE_EVALUATION", "ARTIFACT_REGISTRY_UPSTREAM_PROXY",
+					"ARTIFACT_REGISTRY", "BANNER", "GITX_WEBHOOK", "FILE", "CHAOS_IMAGE_REGISTRY", "DB_SCHEMA", "DB_INSTANCE",
+					"CCM_ANOMALY", "CCM_ANOMALY_ALERT", "CLOUD_ASSET_GOVERNANCE_NOTIFICATION", "CDE_GITSPACE", "DEFAULT_NOTIFICATION_TEMPLATE_SET"),
+			),
+			mcp.WithString("resource_identifier",
+				mcp.Description("Optional resource identifier to filter by. Must be used with resource_type."),
+			),
 			WithScope(config, false),
 			WithPagination(),
 		),
@@ -94,6 +127,16 @@ func ListUserAuditTrailTool(config *config.Config, auditClient *client.AuditServ
 				return mcp.NewToolResultError(err.Error()), nil
 			}
 
+			resourceType, err := OptionalParam[string](request, "resource_type")
+			if err != nil {
+				return mcp.NewToolResultError(err.Error()), nil
+			}
+
+			resourceIdentifier, err := OptionalParam[string](request, "resource_identifier")
+			if err != nil {
+				return mcp.NewToolResultError(err.Error()), nil
+			}
+
 			scope, err := FetchScope(config, request, false)
 			if err != nil {
 				return mcp.NewToolResultError(err.Error()), nil
@@ -115,15 +158,32 @@ func ListUserAuditTrailTool(config *config.Config, auditClient *client.AuditServ
 			endTimeMilliseconds := convertDateToMilliseconds(endTime)
 			slog.Info("Converted time range", "start_time_ms", startTimeMilliseconds, "end_time_ms", endTimeMilliseconds)
 
+			// Create filter options
+			opts := &dto.ListAuditEventsFilter{}
+
+			// Set default filter type
+			opts.FilterType = "Audit"
+
+			// Add resource filter if provided
+			if strings.TrimSpace(resourceType) != "" {
+				opts.Resources = []dto.AuditResource{{
+					Type:       resourceType,
+					Identifier: resourceIdentifier,
+				}}
+				slog.Info("Adding resource filter", "resource_type", resourceType, "resource_identifier", resourceIdentifier)
+			}
+
 			slog.Info("Calling ListUserAuditTrail API",
 				"user_id_list", userIDList,
 				"actions", actionsList,
+				"resource_type", resourceType,
+				"resource_identifier", resourceIdentifier,
 				"page", page,
 				"size", size,
 				"start_time_ms", startTimeMilliseconds,
 				"end_time_ms", endTimeMilliseconds)
 
-			data, err := auditClient.ListUserAuditTrail(ctx, scope, userIDList, actionsList, page, size, startTimeMilliseconds, endTimeMilliseconds, nil)
+			data, err := auditClient.ListUserAuditTrail(ctx, scope, userIDList, actionsList, page, size, startTimeMilliseconds, endTimeMilliseconds, opts)
 			if err != nil {
 				return nil, fmt.Errorf("failed to list the audit logs: %w", err)
 			}

test/e2e/audit_test.go

@@ -0,0 +1,168 @@
+//go:build e2e
+
+package e2e
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/harness/harness-mcp/client/dto"
+	"github.com/mark3labs/mcp-go/mcp"
+	"github.com/stretchr/testify/require"
+)
+
+// TestListAuditTools verifies that the list_user_audits tool is available
+func TestListAuditTools(t *testing.T) {
+	t.Parallel()
+
+	mcpClient := setupMCPClient(t)
+	ctx := context.Background()
+
+	// List available tools
+	request := mcp.ListToolsRequest{}
+	response, err := mcpClient.ListTools(ctx, request)
+	require.NoError(t, err, "expected to list tools successfully")
+
+	// Check that audit tools are available
+	var foundAuditTools = make(map[string]string)
+	auditToolPatterns := []string{
+		"list_user_audits",
+	}
+
+	// Print all available tools
+	fmt.Println("Available tools in TestListAuditTools:")
+	for _, tool := range response.Tools {
+		fmt.Printf("- %s\n", tool.Name)
+
+		// Check if this tool matches any of our patterns
+		for _, pattern := range auditToolPatterns {
+			if strings.Contains(strings.ToLower(tool.Name), pattern) {
+				foundAuditTools[pattern] = tool.Name
+				break
+			}
+		}
+	}
+
+	// Print what we found
+	fmt.Println("Found audit tools:")
+	for pattern, actualName := range foundAuditTools {
+		fmt.Printf("- %s -> %s\n", pattern, actualName)
+	}
+
+	// Check if we found the list_user_audits tool
+	require.Contains(t, foundAuditTools, "list_user_audits", "expected to find list_user_audits tool")
+}
+
+// TestListUserAuditsWithResourceFilter verifies that the list_user_audits tool works correctly with resource filtering
+func TestListUserAuditsWithResourceFilter(t *testing.T) {
+	t.Parallel()
+
+	mcpClient := setupMCPClient(t)
+	ctx := context.Background()
+	accountID := getE2EAccountID(t)
+
+	// Get current time and one week ago for time range
+	now := time.Now().UTC()
+	oneWeekAgo := now.AddDate(0, 0, -7)
+
+	// Format times in ISO 8601 format
+	startTime := oneWeekAgo.Format(time.RFC3339)
+	endTime := now.Format(time.RFC3339)
+
+	// Call the list_user_audits tool with resource filter
+	request := mcp.CallToolRequest{}
+	request.Params.Name = "list_user_audits"
+	request.Params.Arguments = map[string]any{
+		"accountIdentifier": accountID,
+		"orgIdentifier":     getE2EOrgID(),
+		"projectIdentifier": getE2EProjectID(),
+		"page":              0,
+		"size":              10,
+		"start_time":        startTime,
+		"end_time":          endTime,
+		"resource_type":     "PIPELINE",
+	}
+
+	response, err := mcpClient.CallTool(ctx, request)
+	require.NoError(t, err, "expected to call 'list_user_audits' tool successfully")
+	if response.IsError {
+		t.Logf("Error response: %v", response.Content)
+	}
+	require.False(t, response.IsError, "expected result not to be an error")
+
+	// Verify response content
+	require.NotEmpty(t, response.Content, "expected content to not be empty")
+
+	// Parse the response to extract audit events
+	textContent, ok := response.Content[0].(mcp.TextContent)
+	require.True(t, ok, "expected content to be of type TextContent")
+
+	var auditResponse dto.AuditOutput[dto.AuditListItem]
+	err = json.Unmarshal([]byte(textContent.Text), &auditResponse)
+	require.NoError(t, err, "expected to unmarshal response successfully")
+
+	// Verify the response structure
+	require.Equal(t, "SUCCESS", auditResponse.Status, "expected status to be SUCCESS")
+	t.Logf("Found %d audit events", len(auditResponse.Data.Content))
+
+	// Verify that all returned audit events are for the specified resource
+	for _, audit := range auditResponse.Data.Content {
+		require.Equal(t, "PIPELINE", audit.Resource.Type, "expected resource type to be PIPELINE")
+	}
+}
+
+// TestListUserAuditsWithoutResourceFilter verifies that the list_user_audits tool works correctly without resource filtering
+func TestListUserAuditsWithoutResourceFilter(t *testing.T) {
+	t.Parallel()
+
+	mcpClient := setupMCPClient(t)
+	ctx := context.Background()
+	accountID := getE2EAccountID(t)
+
+	// Get current time and one week ago for time range
+	now := time.Now().UTC()
+	threeWeeksAgo := now.AddDate(0, 0, -21)
+
+	// Format times in ISO 8601 format
+	startTime := threeWeeksAgo.Format(time.RFC3339)
+	endTime := now.Format(time.RFC3339)
+
+	// Call the list_user_audits tool without resource filter
+	request := mcp.CallToolRequest{}
+	request.Params.Name = "list_user_audits"
+	request.Params.Arguments = map[string]any{
+		"accountIdentifier": accountID,
+		"orgIdentifier":     getE2EOrgID(),
+		"projectIdentifier": getE2EProjectID(),
+		"page":              0,
+		"size":              10,
+		"start_time":        startTime,
+		"end_time":          endTime,
+	}
+
+	response, err := mcpClient.CallTool(ctx, request)
+	require.NoError(t, err, "expected to call 'list_user_audits' tool successfully")
+	if response.IsError {
+		t.Logf("Error response: %v", response.Content)
+	}
+	require.False(t, response.IsError, "expected result not to be an error")
+
+	// Verify response content
+	require.NotEmpty(t, response.Content, "expected content to not be empty")
+
+	// Parse the response to extract audit events
+	textContent, ok := response.Content[0].(mcp.TextContent)
+	require.True(t, ok, "expected content to be of type TextContent")
+
+	var auditResponse dto.AuditOutput[dto.AuditListItem]
+	err = json.Unmarshal([]byte(textContent.Text), &auditResponse)
+	require.NoError(t, err, "expected to unmarshal response successfully")
+
+	// Verify the response structure
+	require.Equal(t, "SUCCESS", auditResponse.Status, "expected status to be SUCCESS")
+	t.Logf("Found %d audit events", len(auditResponse.Data.Content))
+}