conversion from proto to json for laudit loggers

Author: erm-g

xds/internal/httpfilter/rbac/audit/audit_logger.go

@@ -0,0 +1,48 @@
+package audit
+
+import (
+	"encoding/json"
+	"fmt"
+
+	v3rbacpb "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3"
+)
+
+//TODO we should have somewhere logic related to
+//1. checking if logger type is known
+//2. if yes, check if it's config is valid (LoggerBuilder.ParseLoggerConfig)
+//IMHO it belongs to json parsing layer but not here
+
+func ConvertXdsAuditLoggerConfig(loggerCfg *v3rbacpb.RBAC_AuditLoggingOptions_AuditLoggerConfig) (json.RawMessage, error) {
+	if loggerCfg == nil {
+		return nil, fmt.Errorf("rbac audit logging: nil AuditLoggerConfig message provided")
+	}
+	if loggerCfg.AuditLogger == nil {
+		return nil, fmt.Errorf("rbac audit logging: AuditLogger type is mandatory")
+	}
+	jsonBytes, err := json.Marshal(loggerCfg)
+	if err != nil {
+		return nil, fmt.Errorf("rbac audit logging: failed to marshal AuditLoggerConfig to json: %v", err)
+	}
+	return jsonBytes, nil
+}
+
+func ExtractXdsAuditLoggersConfig(optionsCfg *v3rbacpb.RBAC_AuditLoggingOptions) ([]json.RawMessage, error) {
+	if optionsCfg == nil {
+		fmt.Println("rbac audit logging: nil AuditLoggingOptions message provided, audit is disabled")
+		return nil, nil
+	}
+	if optionsCfg.LoggerConfigs == nil || len(optionsCfg.LoggerConfigs) == 0 {
+		fmt.Println("rbac audit logging: no AuditLoggerConfigs found, audit is disabled")
+		return nil, nil
+	}
+	validConfigs := make([]json.RawMessage, 0)
+	for _, v := range optionsCfg.LoggerConfigs {
+		jsonBytes, err := ConvertXdsAuditLoggerConfig(v)
+		if err != nil {
+			continue
+		}
+		validConfigs = append(validConfigs, jsonBytes)
+	}
+
+	return validConfigs, nil
+}

xds/internal/httpfilter/rbac/audit/audit_logger_test.go

@@ -0,0 +1,59 @@
+package audit
+
+import (
+	"strings"
+	"testing"
+
+	v3corepb "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
+	v3rbacpb "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3"
+	"github.com/google/go-cmp/cmp"
+	"google.golang.org/protobuf/testing/protocmp"
+	"google.golang.org/protobuf/types/known/anypb"
+	"google.golang.org/protobuf/types/known/structpb"
+)
+
+func TestExtractXdsAuditLoggersConfig(t *testing.T) {
+	tests := map[string]struct {
+		auditLoggingOptions *v3rbacpb.RBAC_AuditLoggingOptions
+		wantErr             string
+		wantJsonCfg         string
+	}{
+		"valid std_out cfg": {
+			auditLoggingOptions: &v3rbacpb.RBAC_AuditLoggingOptions{
+				AuditCondition: v3rbacpb.RBAC_AuditLoggingOptions_NONE,
+				LoggerConfigs: []*v3rbacpb.RBAC_AuditLoggingOptions_AuditLoggerConfig{
+					{AuditLogger: &v3corepb.TypedExtensionConfig{
+						Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{})},
+						IsOptional: true,
+					},
+				},
+			},
+			wantJsonCfg: "{\"audit_logger\":{\"name\":\"stdout_logger\",\"typed_config\":{\"type_url\":\"type.googleapis.com/google.protobuf.Struct\"}},\"is_optional\":true}",
+		},
+	}
+
+	for name, test := range tests {
+		t.Run(name, func(t *testing.T) {
+			gotJsonCfg, gotErr := ExtractXdsAuditLoggersConfig(test.auditLoggingOptions)
+			if gotErr != nil && !strings.HasPrefix(gotErr.Error(), test.wantErr) {
+				t.Fatalf("unexpected error\nwant:%v\ngot:%v", test.wantErr, gotErr)
+			}
+			if diff := cmp.Diff(string(gotJsonCfg[0]), test.wantJsonCfg, protocmp.Transform()); diff != "" {
+				t.Fatalf("unexpected jsonconfig\ndiff (-want +got):\n%s", diff)
+			}
+		})
+	}
+}
+
+func anyPbHelper(t *testing.T, in map[string]interface{}) *anypb.Any {
+	t.Helper()
+	pb, err := structpb.NewStruct(in)
+	if err != nil {
+		t.Fatal(err)
+	}
+	ret, err := anypb.New(pb)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return ret
+}