Merge pull request #269 from gocardless/PDFR-19964/auth-rule-field

Consoles: include authorisation rule name
gocardless · Nov 22, 2022 · dc945ad · dc945ad
2 parents 039113f + fd9cc7f
commit dc945ad
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 4 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-3.9.0
+3.10.0
diff --git a/apis/workloads/v1alpha1/lifecycle_recorder.go b/apis/workloads/v1alpha1/lifecycle_recorder.go
@@ -106,8 +106,10 @@ func (l *lifecycleEventRecorderImpl) makeConsoleCommonEvent(eventKind events.Eve
 
 func (l *lifecycleEventRecorderImpl) ConsoleRequest(ctx context.Context, csl *Console, authRule *ConsoleAuthorisationRule) error {
 	authCount := 0
+	authRuleName := ""
 	if authRule != nil {
 		authCount = authRule.AuthorisationsRequired
+		authRuleName = authRule.Name
 	}
 
 	event := &events.ConsoleRequestEvent{
@@ -120,6 +122,7 @@ func (l *lifecycleEventRecorderImpl) ConsoleRequest(ctx context.Context, csl *Co
 			ConsoleTemplate:        csl.Spec.ConsoleTemplateRef.Name,
 			Console:                csl.Name,
 			RequiredAuthorisations: authCount,
+			AuthorisationRuleName:  authRuleName,
 			Timestamp:              csl.CreationTimestamp.Time,
 			Labels:                 csl.Labels,
 		},

diff --git a/controllers/workloads/console/controller.go b/controllers/workloads/console/controller.go
@@ -559,7 +559,7 @@ type consoleStatusContext struct {
 }
 
 func (r *ConsoleReconciler) generateStatusAndAuditEvents(ctx context.Context, logger logr.Logger, csl *workloadsv1alpha1.Console, statusCtx consoleStatusContext) (*workloadsv1alpha1.Console, error) {
-	logger = getAuditLogger(logger, csl, statusCtx)
+	logger = getAuditLogger(logger, r.ConsoleIdBuilder.BuildId(csl), csl, statusCtx)
 	newStatus := calculateStatus(csl, statusCtx)
 
 	if csl.Creating() && newStatus.Phase == workloadsv1alpha1.ConsolePendingAuthorisation {
@@ -1189,7 +1189,7 @@ func jobDiff(expectedObj runtime.Object, existingObj runtime.Object) recutil.Out
 }
 
 // getAuditLogger provides a decorated logger for audit purposes
-func getAuditLogger(logger logr.Logger, c *workloadsv1alpha1.Console, statusCtx consoleStatusContext) logr.Logger {
+func getAuditLogger(logger logr.Logger, consoleId string, c *workloadsv1alpha1.Console, statusCtx consoleStatusContext) logr.Logger {
 	loggerCtx := logging.WithNoRecord(logger)
 	// Append any label-based keys before doing anything else.
 	// This ensures that if there's duplicate keys (e.g. a `name` label on the
@@ -1205,7 +1205,8 @@ func getAuditLogger(logger logr.Logger, c *workloadsv1alpha1.Console, statusCtx
 		"kind", Console,
 		"console_name", c.Name,
 		"console_user", c.Spec.User,
-
+		"console_event_id", consoleId,
+		"request_time", c.CreationTimestamp.Time,
 		"console_requires_authorisation", requiresAuth,
 		// Note that a console that does not require authorisation is considered
 		// authorised by default.

diff --git a/controllers/workloads/console/integration/suite_test.go b/controllers/workloads/console/integration/suite_test.go
@@ -113,6 +113,7 @@ var _ = BeforeSuite(func(done Done) {
 		LifecycleRecorder: lifecycleRecorder,
 		Log:               ctrl.Log.WithName("controllers").WithName("console"),
 		Scheme:            mgr.GetScheme(),
+		ConsoleIdBuilder:  workloadsv1alpha1.NewConsoleIdBuilder("test"),
 	}).SetupWithManager(context.TODO(), mgr)
 	Expect(err).ToNot(HaveOccurred())
 

diff --git a/pkg/workloads/console/events/events.go b/pkg/workloads/console/events/events.go
@@ -44,6 +44,7 @@ type ConsoleRequestSpec struct {
 	ConsoleTemplate        string            `json:"console_template"`
 	Console                string            `json:"console"`
 	RequiredAuthorisations int               `json:"required_authorisations"`
+	AuthorisationRuleName  string            `json:"authorisation_rule_name"`
 	Timestamp              time.Time         `json:"timestamp"`
 	Labels                 map[string]string `json:"labels"`
 }