feat: add stdout repository activity

goto · Apr 20, 2024 · fcdfe38 · fcdfe38
1 parent 2e11f66
commit fcdfe38
Show file tree

Hide file tree

Showing 11 changed files with 67 additions and 27 deletions.
diff --git a/cmd/serve.go b/cmd/serve.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"io"
 	"net/http"
 	"os"
 	"os/signal"
@@ -13,6 +14,7 @@ import (
 	_ "github.com/authzed/authzed-go/proto/authzed/api/v0"
 	_ "github.com/jackc/pgx/v4/stdlib"
 	newrelic "github.com/newrelic/go-agent"
+	"go.uber.org/zap"
 
 	"github.com/goto/shield/config"
 	"github.com/goto/shield/core/action"
@@ -92,8 +94,19 @@ func StartServer(logger *log.Zap, cfg *config.Shield) error {
 
 	schemaMigrationConfig := schema.NewSchemaMigrationConfig(cfg.App.DefaultSystemEmail)
 
-	//
-	activityRepository := postgres.NewActivityRepository(dbClient)
+	var activityRepository activity.Repository
+	switch cfg.Log.Activity.Sink {
+	case activity.SinkTypeDB:
+		activityRepository = postgres.NewActivityRepository(dbClient)
+	case activity.SinkTypeStdout:
+		stdoutLogger, err := zap.NewStdLogAt(logger.GetInternalZapLogger().Desugar(), logger.GetInternalZapLogger().Level())
+		if err != nil {
+			return err
+		}
+		activityRepository = activity.NewStdoutRepository(stdoutLogger.Writer())
+	default:
+		activityRepository = activity.NewStdoutRepository(io.Discard)
+	}
 	activityService := activity.NewService(activityRepository)
 
 	userRepository := postgres.NewUserRepository(dbClient)
@@ -128,7 +141,7 @@ func StartServer(logger *log.Zap, cfg *config.Shield) error {
 		return err
 	}
 
-	deps, err := BuildAPIDependencies(ctx, logger, resourceBlobRepository, dbClient, spiceDBClient)
+	deps, err := BuildAPIDependencies(ctx, logger, activityRepository, resourceBlobRepository, dbClient, spiceDBClient)
 	if err != nil {
 		return err
 	}
@@ -166,11 +179,11 @@ func StartServer(logger *log.Zap, cfg *config.Shield) error {
 func BuildAPIDependencies(
 	ctx context.Context,
 	logger log.Logger,
+	activityRepository activity.Repository,
 	resourceBlobRepository *blob.ResourcesRepository,
 	dbc *db.Client,
 	sdb *spicedb.SpiceDB,
 ) (api.Deps, error) {
-	activityRepository := postgres.NewActivityRepository(dbc)
 	activityService := activity.NewService(activityRepository)
 
 	userRepository := postgres.NewUserRepository(dbc)

diff --git a/cmd/server.go b/cmd/server.go
@@ -107,7 +107,7 @@ func serverStartCommand() *cobra.Command {
 			if err != nil {
 				panic(err)
 			}
-			logger := shieldlogger.InitLogger(appConfig.Log)
+			logger := shieldlogger.InitLogger(appConfig.Log.Level, appConfig.Log.Format)
 
 			return StartServer(logger, appConfig)
 		},

diff --git a/config/config.go b/config/config.go
@@ -10,14 +10,28 @@ import (
 	"github.com/goto/shield/internal/server"
 	"github.com/goto/shield/internal/store/spicedb"
 	"github.com/goto/shield/pkg/db"
-	"github.com/goto/shield/pkg/logger"
 )
 
+type Log struct {
+	// log level - debug, info, warning, error, fatal
+	Level string `yaml:"level" mapstructure:"level" default:"info"`
+
+	// format strategy - plain, json
+	Format string `yaml:"format" mapstructure:"format" default:"json"`
+
+	Activity ActivityLogConfig `yaml:"activity" mapstructure:"activity"`
+}
+
+type ActivityLogConfig struct {
+	// activity sink strategy - db, stdout, none
+	Sink string `yaml:"sink" mapstructure:"sink" default:"none"`
+}
+
 type Shield struct {
 	// configuration version
 	Version  int                  `yaml:"version"`
 	Proxy    proxy.ServicesConfig `yaml:"proxy"`
-	Log      logger.Config        `yaml:"log"`
+	Log      Log                  `yaml:"log"`
 	NewRelic NewRelic             `yaml:"new_relic"`
 	App      server.Config        `yaml:"app"`
 	DB       db.Config            `yaml:"db"`

diff --git a/core/activity/activity.go b/core/activity/activity.go
@@ -6,6 +6,12 @@ import (
 	"github.com/goto/salt/audit"
 )
 
+const (
+	SinkTypeDB     = "db"
+	SinkTypeStdout = "stdout"
+	SinkTypeNone   = "none"
+)
+
 type Repository interface {
 	Insert(ctx context.Context, log *audit.Log) error
 }
diff --git a/core/activity/stdout_repository.go b/core/activity/stdout_repository.go
@@ -0,0 +1,23 @@
+package activity
+
+import (
+	"context"
+	"encoding/json"
+	"io"
+
+	"github.com/goto/salt/audit"
+)
+
+type StdoutRepository struct {
+	writer io.Writer
+}
+
+func NewStdoutRepository(writer io.Writer) *StdoutRepository {
+	return &StdoutRepository{
+		writer: writer,
+	}
+}
+
+func (r StdoutRepository) Insert(ctx context.Context, log *audit.Log) error {
+	return json.NewEncoder(r.writer).Encode(log)
+}
diff --git a/go.mod b/go.mod
@@ -6,7 +6,6 @@ require (
 	contrib.go.opencensus.io/exporter/prometheus v0.4.2
 	github.com/MakeNowJust/heredoc v1.0.0
 	github.com/abbot/go-http-auth v0.4.0
-	github.com/antonmedv/expr v1.15.3
 	github.com/authzed/authzed-go v0.7.1-0.20221109204547-1aa903788b3b
 	github.com/authzed/grpcutil v0.0.0-20230109193425-40ce0530e048
 	github.com/authzed/spicedb v1.15.0

diff --git a/go.sum b/go.sum
@@ -526,8 +526,6 @@ github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 h1:yL7+Jz0jTC6yykIK/Wh74gnTJnrGr5AyrNMXuA0gves=
 github.com/antlr/antlr4/runtime/Go/antlr v1.4.10/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
-github.com/antonmedv/expr v1.15.3 h1:q3hOJZNvLvhqE8OHBs1cFRdbXFNKuA+bHmRaI+AmRmI=
-github.com/antonmedv/expr v1.15.3/go.mod h1:0E/6TxnOlRNp81GMzX9QfDPAmHo2Phg00y4JUv1ihsE=
 github.com/apache/arrow/go/arrow v0.0.0-20210818145353-234c94e4ce64/go.mod h1:2qMFB56yOP3KzkB3PbYZ4AlUFg3a88F67TIx5lB/WwY=
 github.com/apache/arrow/go/arrow v0.0.0-20211013220434-5962184e7a30/go.mod h1:Q7yQnSMnLvcXlZ8RV+jwz/6y1rQTqbX6C82SndT52Zs=
 github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=

diff --git a/internal/proxy/hook/authz/authz_test.go b/internal/proxy/hook/authz/authz_test.go
@@ -108,10 +108,7 @@ func TestServeHook(t *testing.T) {
 		mockRelationTransformer = new(mocks.RelationTransformer)
 	)
 
-	logger := shieldlogger.InitLogger(shieldlogger.Config{
-		Level:  "info",
-		Format: "json",
-	})
+	logger := shieldlogger.InitLogger("info", "json")
 
 	rootHook := hook.New()
 	a := New(logger, rootHook, rootHook, mockResourceService, mockRelationService, mockRelationTransformer, "X-Shield-Email")

diff --git a/pkg/logger/config.go b/pkg/logger/config.go
diff --git a/pkg/logger/logger.go b/pkg/logger/logger.go
@@ -8,9 +8,9 @@ import (
 	"go.uber.org/zap/zapcore"
 )
 
-func InitLogger(cfg Config) *log.Zap {
+func InitLogger(level, format string) *log.Zap {
 	zapCfg := zap.NewProductionConfig()
-	zapCfg.Level = zap.NewAtomicLevelAt(atomicLevel(cfg.Level))
+	zapCfg.Level = zap.NewAtomicLevelAt(atomicLevel(level))
 	zapCfg.EncoderConfig.EncodeTime = zapcore.ISO8601TimeEncoder
 	zapCfg.DisableCaller = true
 	zapCfg.DisableStacktrace = true

diff --git a/test/e2e_test/testbench/testbench.go b/test/e2e_test/testbench/testbench.go
@@ -19,7 +19,6 @@ import (
 	"github.com/goto/shield/internal/store/postgres/migrations"
 	"github.com/goto/shield/internal/store/spicedb"
 	"github.com/goto/shield/pkg/db"
-	"github.com/goto/shield/pkg/logger"
 	shieldv1beta1 "github.com/goto/shield/proto/v1beta1"
 	"github.com/ory/dockertest"
 	"github.com/ory/dockertest/docker"
@@ -191,7 +190,7 @@ func SetupTests(t *testing.T) (shieldv1beta1.ShieldServiceClient, *config.Shield
 	}
 
 	appConfig := &config.Shield{
-		Log: logger.Config{
+		Log: config.Log{
 			Level: "fatal",
 		},
 		App: server.Config{