feat(logging): RHICOMPL-1217 introduce audit logging

[vkrizan]

Introduction of a middleware and utility to add entries to an audit log. By default it logs them to STDOUT, but eventually it can be tied into CloudWatch. Log entries are formatted into JSON, split by a new-line.

Originally posted at RedHatInsights/insights-api-common-rails#217

TODO:

• Capture Rails requests
• Add tests
• Find a way to have a shortcut to the logger
• Support within a Sidekiq

Secure Coding Practices Checklist GitHub Link

• https://github.com/RedHatInsights/secure-coding-checklist

Secure Coding Checklist

• Input Validation
• Output Encoding
• Authentication and Password Management
• Session Management
• Access Control
• Cryptographic Practices
• Error Handling and Logging
• Data Protection
• Communication Security
• System Configuration
• Database Security
• File Management
• Memory Management
• General Coding Practices

[codecov]

Codecov Report

Merging #734 (671af0e) into master (9e8e948) will decrease coverage by 1.60%.
The diff coverage is 62.60%.

@@            Coverage Diff             @@
##           master     #734      +/-   ##
==========================================
- Coverage   97.30%   95.70%   -1.61%     
==========================================
  Files         129      132       +3     
  Lines        2379     2494     +115     
==========================================
+ Hits         2315     2387      +72     
- Misses         64      107      +43     

Impacted Files	Coverage Δ
lib/audit_log/audit_log/middleware.rb	34.54% <34.54%> (ø)
lib/audit_log/audit_log.rb	80.76% <80.76%> (ø)
lib/audit_log/audit_log/formatter.rb	94.11% <94.11%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9e8e948...ba1e683. Read the comment docs.

[akofink]

Looking good! I've already reviewed this on RedHatInsights/insights-api-common-rails#217. Thanks, @vkrizan!

[akofink]

Looking great, @vkrizan! Just a couple small comments about naming, paths, etc., but I was able to enable the middleware without much fuss locally. Here's what a log look like:

{"@timestamp":"2021-02-09T23:05:15.780582Z","hostname":"dfa3fe94f424","pid":1,"thread_id":"2b0cf4a3925c","level":"warning","transaction_id":"57ba8762f3b44f8b08a3","message":"GET /api/compliance/v1/systems/435c3df2-4e81-4986-8462-8a9ba930c512 -> 404 Not Found","controller":"V1::SystemsController#show","remote_ip":"127.0.0.1"}

Are you intending to enable the logger in this PR? It'd certainly help to review if it was enabled. I'd love if we could get this going to log/audit.log in Rails.env == 'development' for debugging purposes (instead of mixed into STDOUT and log/development.log with all the rest).

[akofink]

👍

Should we wait until the other PR is ACK'd to see if there are any other recommendations?

[vkrizan]

We can always go back and change it. 😉

[akofink]

This represents the top level object, the middleware itself. If I understand correctly, it's intended to use this like:

config.middleware.use Insights::API::Common::AuditLog::Middleware

If that's the case, we need to ensure all the requires start from here so things like AuditLog.logger are already defined properly.

[vkrizan]

Yes, the usage is correct.

The logger is setup with Insights::API::Common::AuditLog.setup(Logger.new). Require has no effect on it, only the first use of the logger. The default one can be overridden by the mentioned setup.

[akofink]

I suppose this is the require intended to be used within application.rb?

[vkrizan]

Yes.

[vkrizan]

@akofink

Are you intending to enable the logger in this PR?

No. Please treat it as a library.

I'd love if we could get this going to log/audit.log in Rails.env == 'development' for debugging purposes (instead of mixed into STDOUT and log/development.log with all the rest).

Sure, you can use setup:

Insights::API::Common::AuditLog.setup(Logger.new('log/audit.log'))

[akofink]

Thanks, @vkrizan! This is an exciting addition to the application.