From 3fc6e0016ef9e919647bbccaba76919b25e49167 Mon Sep 17 00:00:00 2001 From: Gregory Cooke Date: Fri, 21 Apr 2023 15:57:43 -0400 Subject: [PATCH] authz: Move audit package (#6218) (#6219) --- authz/{ => audit}/audit_logger.go | 47 ++++++++++++++++--------------- 1 file changed, 24 insertions(+), 23 deletions(-) rename authz/{ => audit}/audit_logger.go (74%) diff --git a/authz/audit_logger.go b/authz/audit/audit_logger.go similarity index 74% rename from authz/audit_logger.go rename to authz/audit/audit_logger.go index 992d66054fbb..b9b721970387 100644 --- a/authz/audit_logger.go +++ b/authz/audit/audit_logger.go @@ -16,7 +16,8 @@ * */ -package authz +// Package audit contains interfaces for audit logging during authorization. +package audit import ( "encoding/json" @@ -27,38 +28,38 @@ import ( // to facilitate thread-safe reading/writing operations. type loggerBuilderRegistry struct { mu sync.Mutex - builders map[string]AuditLoggerBuilder + builders map[string]LoggerBuilder } var ( registry = loggerBuilderRegistry{ - builders: make(map[string]AuditLoggerBuilder), + builders: make(map[string]LoggerBuilder), } ) -// RegisterAuditLoggerBuilder registers the builder in a global map +// RegisterLoggerBuilder registers the builder in a global map // using b.Name() as the key. // // This should only be called during initialization time (i.e. in an init() // function). If multiple builders are registered with the same name, // the one registered last will take effect. -func RegisterAuditLoggerBuilder(b AuditLoggerBuilder) { +func RegisterLoggerBuilder(b LoggerBuilder) { registry.mu.Lock() defer registry.mu.Unlock() registry.builders[b.Name()] = b } -// GetAuditLoggerBuilder returns a builder with the given name. +// GetLoggerBuilder returns a builder with the given name. // It returns nil if the builder is not found in the registry. -func GetAuditLoggerBuilder(name string) AuditLoggerBuilder { +func GetLoggerBuilder(name string) LoggerBuilder { registry.mu.Lock() defer registry.mu.Unlock() return registry.builders[name] } -// AuditEvent contains information passed to the audit logger as part of an +// Event contains information passed to the audit logger as part of an // audit logging event. -type AuditEvent struct { +type Event struct { // FullMethodName is the full method name of the audited RPC, in the format // of "/pkg.Service/Method". For example, "/helloworld.Greeter/SayHello". FullMethodName string @@ -74,14 +75,14 @@ type AuditEvent struct { Authorized bool } -// AuditLoggerConfig represents an opaque data structure holding an audit +// LoggerConfig represents an opaque data structure holding an audit // logger configuration. Concrete types representing configuration of specific // audit loggers must embed this interface to implement it. -type AuditLoggerConfig interface { - auditLoggerConfig() +type LoggerConfig interface { + loggerConfig() } -// AuditLogger is the interface to be implemented by audit loggers. +// Logger is the interface to be implemented by audit loggers. // // An audit logger is a logger instance that can be configured via the // authorization policy API or xDS HTTP RBAC filters. When the authorization @@ -91,35 +92,35 @@ type AuditLoggerConfig interface { // TODO(lwge): Change the link to the merged gRFC once it's ready. // Please refer to https://github.com/grpc/proposal/pull/346 for more details // about audit logging. -type AuditLogger interface { +type Logger interface { // Log performs audit logging for the provided audit event. // // This method is invoked in the RPC path and therefore implementations // must not block. - Log(*AuditEvent) + Log(*Event) } -// AuditLoggerBuilder is the interface to be implemented by audit logger +// LoggerBuilder is the interface to be implemented by audit logger // builders that are used at runtime to configure and instantiate audit loggers. // // Users who want to implement their own audit logging logic should -// implement this interface, along with the AuditLogger interface, and register -// it by calling RegisterAuditLoggerBuilder() at init time. +// implement this interface, along with the Logger interface, and register +// it by calling RegisterLoggerBuilder() at init time. // // TODO(lwge): Change the link to the merged gRFC once it's ready. // Please refer to https://github.com/grpc/proposal/pull/346 for more details // about audit logging. -type AuditLoggerBuilder interface { - // ParseAuditLoggerConfig parses the given JSON bytes into a structured +type LoggerBuilder interface { + // ParseLoggerConfig parses the given JSON bytes into a structured // logger config this builder can use to build an audit logger. - ParseAuditLoggerConfig(config json.RawMessage) (AuditLoggerConfig, error) + ParseLoggerConfig(config json.RawMessage) (LoggerConfig, error) // Build builds an audit logger with the given logger config. // This will only be called with valid configs returned from - // ParseAuditLoggerConfig() and any runtime issues such as failing to + // ParseLoggerConfig() and any runtime issues such as failing to // create a file should be handled by the logger implementation instead of // failing the logger instantiation. So implementers need to make sure it // can return a logger without error at this stage. - Build(AuditLoggerConfig) AuditLogger + Build(LoggerConfig) Logger // Name returns the name of logger built by this builder. // This is used to register and pick the builder. Name() string