feat: audit logging (#155)

* chore: audit logging poc

* chore: move audit to pkg

* chore(resource): add audit logs in resource service

* chore: include app version in app details audit log

* chore(audit): use context to pass audit actor information

* chore(policy): add audit logs in policy service

* chore(provider): add audit logs in provider service

* chore(apepal): add audit logs in appeal service

* chore(approval): add audit logs in approval service

* chore: make audit log trace id header key configurable

* chore: remove unused helpers

* chore: change AuditKeys from variable to const

* chore: enhance logging

* chore: fix typo on WithTraceIDExtractor function

* chore: fix warning

* fix: use audit log trace id header key from config

* chore: use domain.SystemActorName constant for system's audit events

* refactor: pass db instance directly

* refactor: rename ServiceOptions to ServiceDeps

* refactor(audit): inject audit actor from grpc interceptor

* refactor: use grpc panic handler from grpc_recovery

* refactor: use const for approval action type

* chore: add todo reminder for empty trace ID

* chore: use new context for FetchResources go routine

* chore: add todo for job handler timeout context

* chore: add metadata field, and move trace_id into metadata

* chore: replace pkg/audit with github.com/odpf/salt/audit

* chore: use uuid to replace empty trace id

* chore: update salt/audit and use custom actor and metadata extractor

* chore: move logrus auth user logging to auth middleware

* refactor: move repository interface from store to each core packages

Author: rahmatrhd

.goreleaser.yaml

@@ -16,9 +16,9 @@ builds:
     flags:
       - -a
     ldflags:
-      - -X github.com/odpf/guardian/cli.Version={{.Tag}}
-      - -X github.com/odpf/guardian/cli.BuildCommit={{.FullCommit}}
-      - -X github.com/odpf/guardian/cli.BuildDate={{.Date}}
+      - -X github.com/odpf/guardian/core.Version={{.Tag}}
+      - -X github.com/odpf/guardian/core.BuildCommit={{.FullCommit}}
+      - -X github.com/odpf/guardian/core.BuildDate={{.Date}}
     goos: [darwin, linux, windows]
     goarch: [amd64, 386, arm, arm64]
     env:

Makefile

@@ -10,7 +10,7 @@ all: build
 
 build: ## Build the guardian binary
 	@echo " > building guardian version ${APP_VERSION}"
-	go build -ldflags "-X ${NAME}/cmd.Version=${APP_VERSION} -X ${NAME}/cmd.BuildCommit=${LAST_COMMIT}" -o guardian .
+	go build -ldflags "-X ${NAME}/core.Version=${APP_VERSION} -X ${NAME}/core.BuildCommit=${LAST_COMMIT}" -o guardian .
 	@echo " - build complete"
 
 buildr: install ## Build with goreleaser
@@ -20,14 +20,17 @@ test: ## Run the tests
 	go test ./... -race -coverprofile=coverage.out
 
 coverage: ## Print code coverage
-	go test -race -coverprofile coverage.txt -covermode=atomic ./... & go tool cover -html=coverage.out
+	go test -race -coverprofile coverage.out -covermode=atomic ./... && go tool cover -html=coverage.out
 
 vet: ## Run the go vet tool
 	go vet ./...
 
 lint: ## Lint with golangci-lint
 	golangci-lint run
 
+generate: ## Generate mocks
+	go generate ./...
+
 proto: ## Generate the protobuf files
 	@echo " > generating protobuf from odpf/proton"
 	@echo " > [info] make sure correct version of dependencies are installed using 'make install'"

api/handler/v1beta1/grpc.go

@@ -1,6 +1,7 @@
 package cli
 
 import (
+	"context"
 	"fmt"
 
 	"github.com/MakeNowJust/heredoc"
@@ -84,7 +85,7 @@ func runJobCmd() *cobra.Command {
 				notifier,
 			)
 
-			jobs := map[string]func() error{
+			jobs := map[string]func(context.Context) error{
 				"fetch_resources":              handler.FetchResources,
 				"appeal_expiration_reminder":   handler.AppealExpirationReminder,
 				"appeal_expiration_revocation": handler.RevokeExpiredAppeals,
@@ -95,7 +96,7 @@ func runJobCmd() *cobra.Command {
 			if job == nil {
 				return fmt.Errorf("invalid job name: %s", jobName)
 			}
-			if err := job(); err != nil {
+			if err := job(context.Background()); err != nil {
 				return fmt.Errorf(`failed to run job "%s": %w`, jobName, err)
 			}
 

cli/job.go

@@ -3,20 +3,12 @@ package cli
 import (
 	"fmt"
 
+	"github.com/odpf/guardian/core"
 	"github.com/odpf/salt/term"
 	"github.com/odpf/salt/version"
 	"github.com/spf13/cobra"
 )
 
-var (
-	// Version is the version of the binary
-	Version string
-	// BuildCommit is the commit hash of the binary
-	BuildCommit string
-	// BuildDate is the date of the build
-	BuildDate string
-)
-
 // VersionCmd prints the version of the binary
 func VersionCmd() *cobra.Command {
 	return &cobra.Command{
@@ -26,13 +18,13 @@ func VersionCmd() *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			cs := term.NewColorScheme()
 
-			if Version == "" {
+			if core.Version == "" {
 				fmt.Println(cs.Yellow("guardian version (built from source)"))
 				return nil
 			}
 
-			fmt.Printf("guardian version %s (%s)\n\n", Version, BuildDate)
-			fmt.Println(cs.Yellow(version.UpdateNotice(Version, "odpf/guardian")))
+			fmt.Printf("guardian version %s (%s)\n\n", core.Version, core.BuildDate)
+			fmt.Println(cs.Yellow(version.UpdateNotice(core.Version, "odpf/guardian")))
 			return nil
 		},
 	}