format audit events on create, not on print

Author: qrort

internal/audit/audit_event.go

@@ -14,20 +14,21 @@ import (
 
 var EventsDestination string
 
-type Event struct { //flat event struct for everything
-	ID             string
-	IdempotencyKey string
-	Action         Action
-	Component      string
-	MethodName     string
-	ContainerID    string
-	Subject        string
-	SanitizedToken string
-	Resource       Resource
-	GRPCRequest    proto.Message
-	Status         string
-	Reason         string
-	Timestamp      time.Time
+type GenericAuditFields struct {
+	ID             string   `json:"request_id"`
+	IdempotencyKey string   `json:"idempotency_key"`
+	Service        string   `json:"service"`
+	SpecVersion    string   `json:"specversion"`
+	Action         Action   `json:"action"`
+	Resource       Resource `json:"resource"`
+	Component      string   `json:"component"`
+	FolderID       string   `json:"folder_id"`
+	Subject        string   `json:"subject"`
+	SanitizedToken string   `json:"sanitized_token"`
+	Status         string   `json:"status"`
+	Reason         string   `json:"reason,omitempty"`
+	Timestamp      string   `json:"@timestamp"`
+	IsBackground   bool     `json:"is_background"`
 }
 
 type EventEnvelope struct {
@@ -36,8 +37,8 @@ type EventEnvelope struct {
 }
 
 type EventJson struct {
-	Destination string
-	Event       *EventEnvelope
+	Destination string         `json:"destination,omitempty"`
+	Event       *EventEnvelope `json:"event"`
 }
 
 func marshalProtoMessage(msg proto.Message) json.RawMessage {
@@ -54,59 +55,15 @@ func marshalProtoMessage(msg proto.Message) json.RawMessage {
 	return b
 }
 
-func (e *Event) MarshalJSON() ([]byte, error) {
-	return json.Marshal(
-		&struct {
-			ID             string          `json:"request_id"`
-			IdempotencyKey string          `json:"idempotency_key"`
-			Service        string          `json:"service"`
-			SpecVersion    string          `json:"specversion"`
-			Action         string          `json:"action"`
-			Resource       Resource        `json:"resource"`
-			Component      string          `json:"component"`
-			MethodName     string          `json:"operation,omitempty"`
-			ContainerID    string          `json:"folder_id"`
-			Subject        string          `json:"subject"`
-			SanitizedToken string          `json:"sanitized_token"`
-			GRPCRequest    json.RawMessage `json:"grpc_request,omitempty"`
-			Status         string          `json:"status"`
-			Reason         string          `json:"reason,omitempty"`
-			Timestamp      string          `json:"@timestamp"`
-			IsBackground   bool            `json:"is_background"`
-		}{
-			ID:             e.ID,
-			IdempotencyKey: e.IdempotencyKey,
-			Service:        "ydbcp",
-			SpecVersion:    "1.0",
-			Action:         string(e.Action),
-			Resource:       e.Resource,
-			Component:      e.Component,
-			MethodName:     e.MethodName,
-			ContainerID:    e.ContainerID,
-			Subject:        formatSubject(e.Subject),
-			SanitizedToken: e.SanitizedToken,
-			GRPCRequest:    marshalProtoMessage(e.GRPCRequest),
-			Status:         e.Status,
-			Reason:         e.Reason,
-			Timestamp:      e.Timestamp.Format(time.RFC3339Nano),
-		},
-	)
-}
+type GRPCCallEvent struct {
+	GenericAuditFields
 
-func (ej *EventJson) MarshalJSON() ([]byte, error) {
-	return json.Marshal(
-		&struct {
-			Destination string         `json:"destination,omitempty"`
-			Event       *EventEnvelope `json:"event"`
-		}{
-			Destination: ej.Destination,
-			Event:       ej.Event,
-		},
-	)
+	MethodName  string          `json:"operation"`
+	GRPCRequest json.RawMessage `json:"grpc_request"`
 }
 
-func makeEnvelope(event *Event) (*EventEnvelope, error) {
-	data, err := event.MarshalJSON()
+func makeEnvelope(event any) (*EventEnvelope, error) {
+	data, err := json.Marshal(event)
 	if err != nil {
 		return nil, err
 	}
@@ -147,22 +104,27 @@ func GRPCCallAuditEvent(
 	containerID string,
 	inProgress bool,
 	err error,
-) *Event {
+) *GRPCCallEvent {
 	s, r := getStatus(inProgress, err)
-	return &Event{
-		ID:             uuid.New().String(),
-		IdempotencyKey: grpcinfo.GetRequestID(ctx),
-		Component:      "grpc_api",
-		MethodName:     methodName,
-		GRPCRequest:    req,
-		ContainerID:    containerID,
-		Subject:        subject,
-		SanitizedToken: token,
-		Action:         ActionFromMethodName(ctx, methodName),
-		Resource:       ResourceFromMethodName(ctx, methodName),
-		Status:         s,
-		Reason:         r,
-		Timestamp:      time.Now(),
+	return &GRPCCallEvent{
+		GenericAuditFields: GenericAuditFields{
+			ID:             uuid.New().String(),
+			IdempotencyKey: grpcinfo.GetRequestID(ctx),
+			Service:        "ydbcp",
+			SpecVersion:    "1.0",
+			Action:         ActionFromMethodName(ctx, methodName),
+			Resource:       ResourceFromMethodName(ctx, methodName),
+			Component:      "grpc_api",
+			FolderID:       containerID,
+			Subject:        formatSubject(subject),
+			SanitizedToken: token,
+			Status:         s,
+			Reason:         r,
+			Timestamp:      time.Now().Format(time.RFC3339Nano),
+			IsBackground:   false,
+		},
+		MethodName:  methodName,
+		GRPCRequest: marshalProtoMessage(req),
 	}
 }
 
@@ -186,7 +148,7 @@ func ReportGRPCCallEnd(
 	ReportAuditEvent(ctx, event)
 }
 
-func ReportAuditEvent(ctx context.Context, event *Event) {
+func ReportAuditEvent(ctx context.Context, event *GRPCCallEvent) {
 	env, err := makeEnvelope(event)
 	if err != nil {
 		xlog.Error(ctx, "error reporting audit event", zap.Error(err))

internal/audit/audit_event_test.go

@@ -43,40 +43,46 @@ func TestGRPCCallAuditEvent(t *testing.T) {
 	)
 
 	assert.Equal(t, "grpc_api", event.Component)
-	assert.Equal(t, "subj", event.Subject)
-	assert.Equal(t, "cid1", event.ContainerID)
+	assert.Equal(t, "subj@as", event.Subject)
+	assert.Equal(t, "cid1", event.FolderID)
 	assert.Equal(t, pb.BackupScheduleService_GetBackupSchedule_FullMethodName, event.MethodName)
 	assert.Equal(t, "ERROR", event.Status)
-	assert.Equal(t, msg, event.GRPCRequest)
+	assert.Equal(t, marshalProtoMessage(msg), event.GRPCRequest)
 }
 
 func TestEventMarshalJSON(t *testing.T) {
-	event := &Event{
-		Resource:       "resource",
-		Action:         ActionGet,
-		Component:      "grpc_api",
-		MethodName:     "Method",
-		Subject:        "sub",
-		SanitizedToken: "tok",
-		GRPCRequest: &pb.ListBackupsRequest{
-			ContainerId: "id1",
+	event := &GRPCCallEvent{
+		GenericAuditFields: GenericAuditFields{
+			Resource:       "resource",
+			Action:         ActionGet,
+			Component:      "grpc_api",
+			Subject:        "sub@as",
+			FolderID:       "id1",
+			SanitizedToken: "tok",
+			Status:         "SUCCESS",
+			Timestamp:      time.Now().Format(time.RFC3339Nano),
 		},
-		Status:    "SUCCESS",
-		Timestamp: time.Now(),
+		GRPCRequest: marshalProtoMessage(
+			&pb.ListBackupsRequest{
+				ContainerId: "id1",
+			},
+		),
+		MethodName: "Method",
 	}
 
 	data, err := json.Marshal(event)
 	assert.NoError(t, err)
 	assert.Contains(t, string(data), `"resource":"resource"`)
 	assert.Contains(t, string(data), `"component":"grpc_api"`)
 	assert.Contains(t, string(data), `"subject":"sub@as`)
-	assert.Contains(t, string(data), `"container_id":"id1"`)
+	assert.Contains(t, string(data), `"folder_id":"id1"`)
+	assert.Contains(t, string(data), `"operation":"Method"`)
 	assert.Contains(t, string(data), `"status":`)
 	assert.Contains(t, string(data), `"@timestamp":`)
 }
 
 func TestEventJsonMarshal(t *testing.T) {
-	event, err := makeEnvelope(&Event{Component: "test"})
+	event, err := makeEnvelope(&GRPCCallEvent{GenericAuditFields: GenericAuditFields{Component: "test"}})
 	require.NoError(t, err)
 	ej := &EventJson{
 		Destination: "stdout",
@@ -94,9 +100,11 @@ func TestEventJsonMarshal(t *testing.T) {
 
 func TestReportAuditEvent(t *testing.T) {
 	ctx := context.Background()
-	event := &Event{
+	event := &GRPCCallEvent{
 		MethodName: "reportTest",
-		Status:     "SUCCESS",
+		GenericAuditFields: GenericAuditFields{
+			Status: "SUCCESS",
+		},
 	}
 
 	oldStream := os.Stdout