address comments

Azure · Feb 16, 2025 · 3e51646 · 3e51646
1 parent f3a68ec
commit 3e51646
Show file tree

Hide file tree

Showing 7 changed files with 36 additions and 29 deletions.
diff --git a/cmd/aro/portal.go b/cmd/aro/portal.go
@@ -47,7 +47,6 @@ func portal(ctx context.Context, log *logrus.Entry, auditLog *logrus.Entry) erro
 		"AZURE_PORTAL_CLIENT_ID",
 		"AZURE_PORTAL_ACCESS_GROUP_IDS",
 		"AZURE_PORTAL_ELEVATED_GROUP_IDS",
-		env.OtelAuditQueueSize,
 	)
 
 	if err != nil {
@@ -174,9 +173,14 @@ func portal(ctx context.Context, log *logrus.Entry, auditLog *logrus.Entry) erro
 
 	log.Printf("listening %s", address)
 
-	size, err := strconv.Atoi(os.Getenv(env.OtelAuditQueueSize))
-	if err != nil {
-		return err
+	var size int
+	if err := env.ValidateVars(env.OtelAuditQueueSize); err != nil {
+		size = 4000
+	} else {
+		size, err = strconv.Atoi(os.Getenv(env.OtelAuditQueueSize))
+		if err != nil {
+			return err
+		}
 	}
 
 	outelAuditClient, err := audit.NewOtelAuditClient(size, _env.IsLocalDevelopmentMode())

diff --git a/cmd/aro/rp.go b/cmd/aro/rp.go
@@ -66,7 +66,6 @@ func rp(ctx context.Context, log, auditLog *logrus.Entry) error {
 			"MDM_NAMESPACE",
 			"MSI_RP_ENDPOINT",
 			env.OIDCStorageAccountName,
-			env.OtelAuditQueueSize,
 		}
 
 		if _, found := os.LookupEnv("PULL_SECRET"); found {

diff --git a/pkg/env/dev.go b/pkg/env/dev.go
@@ -76,6 +76,8 @@ func (d *dev) AROOperatorImage() string {
 	return fmt.Sprintf("%s/aro:%s", d.ACRDomain(), version.GitCommit)
 }
 
+// OtelAuditQueueSize returns the size of the audit queue for the OTel audit.
+// In development environment this size is set to zero as we create noop connection to audit server.
 func (d *dev) OtelAuditQueueSize() (int, error) {
 	return 0, nil
 }

diff --git a/pkg/env/prod.go b/pkg/env/prod.go
@@ -286,7 +286,12 @@ func (p *prod) OIDCKeyBitSize() int {
 	return 4096
 }
 
+// OtelAuditQueueSize returns the size of the otel audit queue.
+// If the OTEL_AUDIT_QUEUE_SIZE environment variable is not set, it returns the default value of 4000.
 func (p *prod) OtelAuditQueueSize() (int, error) {
+	if err := ValidateVars(OtelAuditQueueSize); err != nil {
+		return 4000, nil
+	}
 	return strconv.Atoi(os.Getenv(OtelAuditQueueSize))
 }
 

diff --git a/pkg/frontend/middleware/log.go b/pkg/frontend/middleware/log.go
@@ -173,7 +173,7 @@ func (l LogMiddleware) Log(h http.Handler) http.Handler {
 				return
 			}
 
-			audit.Validate(&otelAuditMsg.Record)
+			audit.EnsureDefaults(&otelAuditMsg.Record)
 			if err := l.OutelAuditClient.Send(r.Context(), otelAuditMsg); err != nil {
 				log.Errorf("Frontend - Error sending audit message: %v", err)
 			}

diff --git a/pkg/portal/middleware/log.go b/pkg/portal/middleware/log.go
@@ -137,7 +137,7 @@ func Log(env env.Core, auditLog, baseLog *logrus.Entry, outelAuditClient audit.C
 					otelAuditMsg.Record.OperationResultDescription = fmt.Sprintf("Status code: %d", statusCode)
 				}
 
-				audit.Validate(&otelAuditMsg.Record)
+				audit.EnsureDefaults(&otelAuditMsg.Record)
 				if err := outelAuditClient.Send(r.Context(), otelAuditMsg); err != nil {
 					log.Errorf("Portal - Error sending audit message: %v", err)
 				}

diff --git a/pkg/util/log/audit/otel_audit.go b/pkg/util/log/audit/otel_audit.go
@@ -35,31 +35,28 @@ func NewOtelAuditClient(auditLogQueueSize int, isDevEnv bool) (Client, error) {
 
 // https://eng.ms/docs/products/geneva/collect/instrument/opentelemetryaudit/golang/linux/installation
 func initializeOtelAuditClient(auditLogQueueSize int) (Client, error) {
-	newConn := func() (conn.Audit, error) {
-		return conn.NewDomainSocket()
-	}
-
-	client, err := audit.New(newConn, audit.WithAuditOptions(base.WithSettings(base.Settings{QueueSize: auditLogQueueSize})))
-	if err != nil {
-		return nil, err
-	}
-
-	return client, nil
+	return audit.New(
+		func() (conn.Audit, error) {
+			return conn.NewDomainSocket()
+		},
+		audit.WithAuditOptions(
+			base.WithSettings(
+				base.Settings{
+					QueueSize: auditLogQueueSize,
+				},
+			),
+		),
+	)
 }
 
 // initializeNoOpOtelAuditClient creates a new no-op audit client.
 // NoOP is a no-op connection to the remote audit server used during E2E testing or development environment.
 func initializeNoOpOtelAuditClient() (Client, error) {
-	newNoOpConn := func() (conn.Audit, error) {
-		return conn.NewNoOP(), nil
-	}
-
-	client, err := audit.New(newNoOpConn)
-	if err != nil {
-		return nil, err
-	}
-
-	return client, nil
+	return audit.New(
+		func() (conn.Audit, error) {
+			return conn.NewNoOP(), nil
+		},
+	)
 }
 
 func GetOperationType(method string) msgs.OperationType {
@@ -107,9 +104,9 @@ func CreateOtelAuditMsg(log *logrus.Entry, r *http.Request) msgs.Msg {
 	return msg
 }
 
-// Validate ensures that all required fields in the Record are set to default values if they are empty or invalid.
+// EnsureDefaults ensures that all required fields in the Record are set to default values if they are empty or invalid.
 // It modifies the Record in place to ensure it meets the expected structure and data requirements.
-func Validate(r *msgs.Record) {
+func EnsureDefaults(r *msgs.Record) {
 	setDefault := func(value *string, defaultValue string) {
 		if *value == "" {
 			*value = defaultValue