Add audit.Log API to the system
Created by: vrto
Description
This introduces a new audit.Log() API to the system that will be used for appending entries to the audit log (WIP).
For more details, see the following:
The new Log call delegates to log.Logger's INFO call internally, and it enriches the standard INFO log statement with a few extra fields:
{
"SeverityText": "INFO",
"Timestamp": 1662548864785662000,
"InstrumentationScope": "NewClient",
"Caller": "audit/audit.go:28",
"Function": "github.com/sourcegraph/sourcegraph/internal/audit.Log",
"Body": "get gitserver object",
"Resource": {
"service.name": "frontend",
"service.version": "0.0.0+dev",
"service.instance.id": "Michals-MacBook-Pro.local"
},
"Attributes": {
"audit": {
"entity": "gitserver",
"actor": {
"actorUID": "1",
"ip": "127.0.0.1",
"X-Forwarded-For": "127.0.0.1, 127.0.0.1"
}
},
"additional": "stuff"
}
}We can filter the audit log statements by the presence of the audit attribute in the Attributes map.
Sample usage:
record := audit.Record{
Entity: "gitserver",
Action: "get gitserver object",
Fields: []sglog.Field{sglog.String("additional", "stuff")},
}
audit.Log(c.logger, ctx, record)
Design
- audit log builds on top of our existing logging so that we don't need to think twice about using yet another library along our standard logging, and instrumentation libraries
- an audit log entry should read like: "an actor takes an action on entity"; see the Godoc snippet for how they're computed
Other options considered
Adding Audit method to the log.Logger interface, see the PR https://github.com/sourcegraph/log/pull/36
We'll likely close the PR above in favor of this one.
Next steps
- transform gitserver access logs to audit calls
- transform graphql request logs to audit calls
- tee security events inserts to audit calls
Test plan
- automated unit tests
- manual testing @localhost
- will be more widely adopted later