Merge pull request #11 from nais/remove-component

Remove component name from audit logs

Author: christeredvartsen

internal/auditlogger/logger.go

@@ -8,7 +8,6 @@ import (
 	"github.com/nais/api/internal/auditlogger/audittype"
 	"github.com/nais/api/internal/auth/authz"
 	"github.com/nais/api/internal/database"
-	"github.com/nais/api/internal/logger"
 	"github.com/nais/api/internal/slug"
 	"github.com/sirupsen/logrus"
 	"k8s.io/utils/ptr"
@@ -19,9 +18,8 @@ type AuditLogger interface {
 }
 
 type auditLogger struct {
-	componentName logger.ComponentName
-	db            database.Database
-	log           logrus.FieldLogger
+	db  database.Database
+	log logrus.FieldLogger
 }
 
 type auditLoggerForTesting struct {
@@ -46,11 +44,10 @@ type Entry struct {
 	Message string
 }
 
-func New(db database.Database, componentName logger.ComponentName, log logrus.FieldLogger) AuditLogger {
+func New(db database.Database, log logrus.FieldLogger) AuditLogger {
 	return &auditLogger{
-		componentName: componentName,
-		db:            db,
-		log:           log.WithField("component", componentName),
+		db:  db,
+		log: log,
 	}
 }
 
@@ -96,7 +93,6 @@ func (l *auditLogger) Logf(ctx context.Context, targets []Target, fields Fields,
 		err := l.db.CreateAuditLogEntry(
 			ctx,
 			fields.CorrelationID,
-			l.componentName,
 			actor,
 			target.Type,
 			target.Identifier,
@@ -135,6 +131,10 @@ func (l *auditLogger) Logf(ctx context.Context, targets []Target, fields Fields,
 	}
 }
 
+func SystemTarget(systemName string) Target {
+	return Target{Type: audittype.AuditLogsTargetTypeSystem, Identifier: systemName}
+}
+
 func UserTarget(email string) Target {
 	return Target{Type: audittype.AuditLogsTargetTypeUser, Identifier: email}
 }
@@ -144,9 +144,5 @@ func TeamTarget(slug slug.Slug) Target {
 }
 
 func ReconcilerTarget(name string) Target {
-	return Target{Type: audittype.AuditLogsTargetTypeReconciler, Identifier: string(name)}
-}
-
-func ComponentTarget(name logger.ComponentName) Target {
-	return Target{Type: audittype.AuditLogsTargetTypeSystem, Identifier: string(name)}
+	return Target{Type: audittype.AuditLogsTargetTypeReconciler, Identifier: name}
 }

internal/auditlogger/logger_test.go

@@ -11,7 +11,6 @@ import (
 	"github.com/nais/api/internal/auditlogger/audittype"
 	"github.com/nais/api/internal/auth/authz"
 	"github.com/nais/api/internal/database"
-	"github.com/nais/api/internal/logger"
 	"github.com/nais/api/internal/slug"
 	"github.com/sirupsen/logrus"
 	"github.com/sirupsen/logrus/hooks/test"
@@ -35,19 +34,18 @@ func Test_Logf(t *testing.T) {
 	ctx := context.Background()
 	db := database.NewMockDatabase(t)
 	msg := "some message"
-	componentName := logger.ComponentNameGraphqlApi
 
 	t.Run("missing audit action", func(t *testing.T) {
 		testLogger, hook := test.NewNullLogger()
 
 		auditlogger.
-			New(db, componentName, testLogger).
+			New(db, testLogger).
 			Logf(ctx, []auditlogger.Target{}, auditlogger.Fields{}, msg)
 
 		want := []*logrus.Entry{
 			{
 				Message: "unable to create auditlog entry: missing or invalid audit action",
-				Data:    logrus.Fields{"component": componentName},
+				Data:    logrus.Fields{},
 				Level:   logrus.ErrorLevel,
 			},
 		}
@@ -63,7 +61,7 @@ func Test_Logf(t *testing.T) {
 			Action: audittype.AuditActionAzureGroupAddMember,
 		}
 		auditlogger.
-			New(db, componentName, log).
+			New(db, log).
 			Logf(ctx, []auditlogger.Target{}, fields, msg)
 	})
 
@@ -73,7 +71,7 @@ func Test_Logf(t *testing.T) {
 		userEmail := "[email protected]"
 		teamSlug := slug.Slug("team-slug")
 		reconcilerName := "github:teams"
-		componentName := logger.ComponentName("github:teams")
+		systemName := "some:system"
 		actorIdentity := "actor"
 		action := audittype.AuditActionAzureGroupAddMember
 
@@ -82,7 +80,7 @@ func Test_Logf(t *testing.T) {
 			auditlogger.UserTarget(userEmail),
 			auditlogger.TeamTarget(teamSlug),
 			auditlogger.ReconcilerTarget(reconcilerName),
-			auditlogger.ComponentTarget(componentName),
+			auditlogger.SystemTarget(systemName),
 		}
 
 		authenticatedUser := authz.NewMockAuthenticatedUser(t)
@@ -97,19 +95,18 @@ func Test_Logf(t *testing.T) {
 		}
 
 		db := database.NewMockDatabase(t)
-		db.EXPECT().CreateAuditLogEntry(ctx, correlationID, componentName, &actorIdentity, audittype.AuditLogsTargetTypeUser, userEmail, action, msg).Return(nil).Once()
-		db.EXPECT().CreateAuditLogEntry(ctx, correlationID, componentName, &actorIdentity, audittype.AuditLogsTargetTypeTeam, teamSlug.String(), action, msg).Return(nil).Once()
-		db.EXPECT().CreateAuditLogEntry(ctx, correlationID, componentName, &actorIdentity, audittype.AuditLogsTargetTypeReconciler, reconcilerName, action, msg).Return(nil).Once()
-		db.EXPECT().CreateAuditLogEntry(ctx, correlationID, componentName, &actorIdentity, audittype.AuditLogsTargetTypeSystem, string(componentName), action, msg).Return(nil).Once()
+		db.EXPECT().CreateAuditLogEntry(ctx, correlationID, &actorIdentity, audittype.AuditLogsTargetTypeUser, userEmail, action, msg).Return(nil).Once()
+		db.EXPECT().CreateAuditLogEntry(ctx, correlationID, &actorIdentity, audittype.AuditLogsTargetTypeTeam, teamSlug.String(), action, msg).Return(nil).Once()
+		db.EXPECT().CreateAuditLogEntry(ctx, correlationID, &actorIdentity, audittype.AuditLogsTargetTypeReconciler, reconcilerName, action, msg).Return(nil).Once()
+		db.EXPECT().CreateAuditLogEntry(ctx, correlationID, &actorIdentity, audittype.AuditLogsTargetTypeSystem, systemName, action, msg).Return(nil).Once()
 
 		auditlogger.
-			New(db, componentName, testLogger).
+			New(db, testLogger).
 			Logf(ctx, targets, fields, msg)
 
 		want := []*logrus.Entry{
 			{
 				Data: logrus.Fields{
-					"component":      componentName,
 					"action":         action,
 					"actor":          actorIdentity,
 					"correlation_id": correlationID.String(),
@@ -121,7 +118,6 @@ func Test_Logf(t *testing.T) {
 			},
 			{
 				Data: logrus.Fields{
-					"component":      componentName,
 					"action":         action,
 					"actor":          actorIdentity,
 					"correlation_id": correlationID.String(),
@@ -133,7 +129,6 @@ func Test_Logf(t *testing.T) {
 			},
 			{
 				Data: logrus.Fields{
-					"component":      componentName,
 					"action":         action,
 					"actor":          actorIdentity,
 					"correlation_id": correlationID.String(),
@@ -145,7 +140,7 @@ func Test_Logf(t *testing.T) {
 			},
 			{
 				Data: logrus.Fields{
-					"component":      componentName,
+					"system":         systemName,
 					"action":         action,
 					"actor":          actorIdentity,
 					"correlation_id": correlationID.String(),

internal/auth/authn/handler.go

@@ -11,7 +11,6 @@ import (
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/google/uuid"
 	"github.com/nais/api/internal/database"
-	"github.com/nais/api/internal/logger"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/oauth2"
 )
@@ -47,7 +46,7 @@ func New(oauth2Config OAuth2, db database.Database, log logrus.FieldLogger) Hand
 	return &handler{
 		db:           db,
 		oauth2Config: oauth2Config,
-		log:          log.WithField("component", logger.ComponentNameAuthn),
+		log:          log,
 	}
 }
 

internal/cmd/api/api.go

@@ -140,7 +140,7 @@ func run(ctx context.Context, cfg *Config, log logrus.FieldLogger) error {
 		return fmt.Errorf("unable to create k8s client: %w", err)
 	}
 
-	auditLogger := auditlogger.New(db, logger.ComponentNameGraphqlApi, log)
+	auditLogger := auditlogger.New(db, log)
 	userSync := make(chan uuid.UUID, 1)
 
 	pubsubClient, err := pubsub.NewClient(ctx, cfg.GoogleManagementProjectID)

internal/database/audit_log.go

@@ -6,12 +6,11 @@ import (
 	"github.com/google/uuid"
 	"github.com/nais/api/internal/auditlogger/audittype"
 	"github.com/nais/api/internal/database/gensql"
-	"github.com/nais/api/internal/logger"
 	"github.com/nais/api/internal/slug"
 )
 
 type AuditLogsRepo interface {
-	CreateAuditLogEntry(ctx context.Context, correlationID uuid.UUID, componentName logger.ComponentName, actor *string, targetType audittype.AuditLogsTargetType, targetIdentifier string, action audittype.AuditAction, message string) error
+	CreateAuditLogEntry(ctx context.Context, correlationID uuid.UUID, actor *string, targetType audittype.AuditLogsTargetType, targetIdentifier string, action audittype.AuditAction, message string) error
 	GetAuditLogsForCorrelationID(ctx context.Context, correlationID uuid.UUID, p Page) ([]*AuditLog, int, error)
 	GetAuditLogsForReconciler(ctx context.Context, reconcilerName string, p Page) ([]*AuditLog, int, error)
 	GetAuditLogsForTeam(ctx context.Context, teamSlug slug.Slug, p Page) ([]*AuditLog, int, error)
@@ -69,11 +68,10 @@ func (d *database) GetAuditLogsForReconciler(ctx context.Context, reconcilerName
 	return entries, int(total), nil
 }
 
-func (d *database) CreateAuditLogEntry(ctx context.Context, correlationID uuid.UUID, componentName logger.ComponentName, actor *string, targetType audittype.AuditLogsTargetType, targetIdentifier string, action audittype.AuditAction, message string) error {
+func (d *database) CreateAuditLogEntry(ctx context.Context, correlationID uuid.UUID, actor *string, targetType audittype.AuditLogsTargetType, targetIdentifier string, action audittype.AuditAction, message string) error {
 	return d.querier.CreateAuditLog(ctx, gensql.CreateAuditLogParams{
 		CorrelationID:    correlationID,
 		Actor:            actor,
-		ComponentName:    string(componentName),
 		TargetType:       string(targetType),
 		TargetIdentifier: targetIdentifier,
 		Action:           string(action),

internal/database/gensql/audit_logs.sql.go

@@ -0,0 +1,7 @@
+-- +goose Up
+
+ALTER TABLE audit_logs DROP COLUMN component_name;
+
+-- +goose Down
+
+ALTER TABLE audit_logs ADD COLUMN component_name text NOT NULL DEFAULT 'unknown';

internal/database/gensql/models.go

@@ -1,6 +1,6 @@
 -- name: CreateAuditLog :exec
-INSERT INTO audit_logs (correlation_id, actor, component_name, target_type, target_identifier, action, message)
-VALUES (@correlation_id, @actor, @component_name, @target_type, @target_identifier, @action, @message);
+INSERT INTO audit_logs (correlation_id, actor, target_type, target_identifier, action, message)
+VALUES (@correlation_id, @actor, @target_type, @target_identifier, @action, @message);
 
 -- name: GetAuditLogsForTeam :many
 SELECT * FROM audit_logs

internal/database/migrations/0003_remove_component_from_audit_log.sql

@@ -13,7 +13,6 @@ func toGraphAuditLogs(logs []*database.AuditLog) []*model.AuditLog {
 			ID:               scalar.AuditLogIdent(log.ID),
 			Action:           log.Action,
 			Actor:            log.Actor,
-			ComponentName:    log.ComponentName,
 			TargetType:       log.TargetType,
 			CorrelationID:    log.CorrelationID.String(),
 			TargetIdentifier: log.TargetIdentifier,