Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jans-cedarling): Log Startup message #9546

Merged
merged 1 commit into from
Sep 23, 2024
Merged

feat(jans-cedarling): Log Startup message #9546

merged 1 commit into from
Sep 23, 2024

Conversation

olehbozhok
Copy link
Contributor

Prepare

Description

Target issue

link

closes #9495

Implementation Details

After a lot of discussion added implementation of 3 types of logger.

  • off
  • stdout
  • memory

Next stage is to add unit test and python bindings

Test and Document the changes

  • Static code analysis has been run locally and issues have been fixed
  • Relevant unit and integration tests have been added/updated
  • Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

  • I confirm that there is no impact on the docs due to the code changes in this PR.

@mo-auto mo-auto added area-documentation Documentation needs to change as part of issue or PR kind-feature Issue or PR is a new feature request labels Sep 19, 2024
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Sep 19, 2024
edited
Loading

DryRun Security Summary

The pull request focuses on improving the documentation, configuration, and logging functionality of the Cedarling application, a performant local authorization service that runs the Rust Cedar Engine.

Expand for full summary

Summary:

The changes in this pull request focus on improving the documentation, configuration, and logging functionality of the Cedarling application, which is a performant local authorization service that runs the Rust Cedar Engine. The key changes include:

  1. Updating the README.md file to provide more information about the Cedarling bindings, examples, and testing/documentation instructions.
  2. Introducing a new BootstrapConfig struct to manage the application's configuration, including settings for authorization and logging.
  3. Implementing a flexible logging system with different log types (off, memory, stdout, lock) and corresponding configurations.
  4. Adding unit tests to ensure the correctness and reliability of the logging implementation.

From an application security perspective, the changes do not introduce any obvious security vulnerabilities. The use of Rust, a memory-safe language, and the inclusion of unit tests and code coverage reporting are positive signs for the security and reliability of the project. Additionally, the support for different log types, including a "lock" type that sends logs to a server, could be useful for security monitoring and incident response purposes.

However, it is important to ensure that the logging system does not inadvertently expose sensitive information, that the configuration management is secure, and that any user input is properly validated to prevent potential security issues.

Files Changed:

  • jans-cedarling/README.md: Updated to provide more information about the Cedarling bindings, examples, and testing/documentation instructions.
  • jans-cedarling/cedarling/Cargo.toml: Added new dependencies for the Cedarling project, including serde, serde_json, thiserror, sparkv, and uuid7.
  • jans-cedarling/Cargo.toml: Added a new "sparkv" dependency to the workspace and expanded the "members" section.
  • jans-cedarling/cedarling/examples/log_init.rs: Implemented the functionality to initialize the logging system with different log types (off, stdout, lock, memory).
  • jans-cedarling/cedarling/src/authz/mod.rs: Introduced a new Authz struct to handle the authorization logic in the Cedarling application.
  • jans-cedarling/cedarling/src/log/interface.rs: Defined the LogWriter and LogStorage traits to provide a consistent interface for logging and retrieving log entries.
  • jans-cedarling/cedarling/src/lib.rs: Implemented the core Cedarling struct and its initialization, as well as the LogStorage trait implementation.
  • jans-cedarling/cedarling/src/log/README.md: Provided a detailed overview of the different log types supported by Cedarling and their corresponding configurations.
  • jans-cedarling/cedarling/src/log/nop_logger.rs: Implemented a "no-operation" logger that does nothing when its log() method is called.
  • jans-cedarling/cedarling/src/log/log_strategy.rs: Implemented the LogStrategy struct, which provides a common API for different types of loggers.
  • jans-cedarling/cedarling/src/log/memory_logger.rs: Implemented the MemoryLogger that stores log entries in-memory using the SparKV library.
  • jans-cedarling/cedarling/src/log/mod.rs: Introduced the logging system with different log types and the LogStrategy implementation.
  • jans-cedarling/cedarling/src/log/stdout_logger.rs: Implemented the StdOutLogger that logs entries to the standard output in JSON format.
  • jans-cedarling/cedarling/src/models/authz_config.rs: Introduced the AuthzConfig struct to configure the authorization component of the Cedarling application.
  • jans-cedarling/cedarling/src/models/mod.rs: Refactored the models into a config module, grouping related configurations.
  • jans-cedarling/cedarling/src/models/log_config.rs: Defined the LogConfig struct and related types to configure the logging behavior.
  • jans-cedarling/cedarling/src/models/log_entry.rs: Defined the LogEntry

Code Analysis

We ran 9 analyzers against 28 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Sep 19, 2024

Quality Gate Passed Quality Gate passed for 'jans-cli'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Sep 19, 2024

Quality Gate Passed Quality Gate passed for 'jans-config-api-parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@duttarnab
Copy link
Contributor

  1. It will be helpful for the developer if you can add README in /cedarling/cedarling/src/log describing features of the log interface (may be you can also include design) and a simple example to use it with different LogType . (every important module should have a README)
  2. The unit test is missing for log interface. We need to add a test folder at /cedarling/cedarling/src /log/ and write the unit test covering all LogType .
  3. Coding looks impressive, but I could not see anything to manage log level of output logs (Info, Debug, Warn, Error etc. )

nynymike
nynymike previously approved these changes Sep 20, 2024
View reviewed changes
Copy link
Contributor

@nynymike nynymike left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm ok to approve this as a starting point. My main comment is I don't understand why the Logging interface seems to be defined in the Authz engine.

jans-lock/cedarling/cedarling/src/authz/mod.rs Outdated
Comment on lines 48 to 60
/// return logs and remove them from the storage
pub fn pop_logs(&self) -> Vec<LogEntry> {
self.log_service.pop_logs()
}

/// get specific log entry
pub fn get_log_by_id(&self, id: &str) -> Option<LogEntry> {
self.log_service.get_log_by_id(id)
}

/// returns a list of all log ids
pub fn get_log_ids(&self) -> Vec<String> {
self.log_service.get_log_ids()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand why this is in the Authz engine.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Created Cedarling instance
and removed from Authz

duttarnab
duttarnab requested changes Sep 21, 2024
View reviewed changes
jans-lock/cedarling/cedarling/src/log/log_strategy.rs Outdated
@@ -67,3 +67,203 @@ impl LogStorage for LogStrategy {
}
}
}

Copy link
Contributor

@duttarnab duttarnab Sep 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to add the test cases in a separate file (or files) at jans-lock/cedarling/cedarling/src/log/test directory> It is easy to search the test cases of a module when placed together rather than in application code.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, unit tests for LogStrategy moved to log/test module
I am not sure if we need to move others unit tests. Because It will be a mess. And actually, LogStrategy unit tests duplicate some parts of other unit tests.

duttarnab
duttarnab requested changes Sep 21, 2024
View reviewed changes
jans-lock/cedarling/README.md Outdated
cargo run -p cedarling --example log_init -- lock
```

## Code coverage
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you also include the commands to build, run and test Cedarling.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added information how to run unit tests.
And we have nothing to build because we have library and have no bindings to python for now.

How to run examples, it was explained.

duttarnab
duttarnab reviewed Sep 21, 2024
View reviewed changes
jans-lock/cedarling/cedarling/src/log/stdout_logger.rs Outdated
let logger = StdOutLogger::new_with(buffer);

// Log the entry
logger.log(log_entry);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I could not see the log entry on the console.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, because I have used the TestWriter. To mock writer to stdout. And after writing log we get logged content via test_writer.into_inner_buf()

nynymike
nynymike previously approved these changes Sep 21, 2024
View reviewed changes
Copy link
Contributor

@nynymike nynymike left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great start.

duttarnab
duttarnab previously approved these changes Sep 23, 2024
View reviewed changes
@olehbozhok
chore(jans-cedarling): move cedarling from jans-lock to `jans-ced…
55b33a2 
…arling` top level

Squash all previous changes:

chore(jans-cedarling): refactor, improve organization of config entity imports
docs(jans-cedarling): add to README how to generate documentation
chore(jans-cedarling): rename unexported field in the writer
feat(jans-cedarling): add Authz to the Cedarling instance
feat(jans-cedarling): add Cedarling instance
docs(jans-cedarling): fix docstring
test(jans-cedarling): fix log/test, import LogWriter
docs(jans-cedarling): added to README information how to run unit tests
test(jans-cedarling): move unit test for LogStrategy to log/test module
docs(jans-cedarling): added to README information how to get code-coverage
test(jans-cedarling): add unit test for LogStrategy
test(jans-cedarling): add unit test for MemoryLogger
chore(jans-cedarling): make fields in AuthorizationLogInfo struct public
test(jans-cedarling): add unit test for StdOutLogger
docs(jans-cedarling): added README to log module
chore(jans-cedarling): add note about using uuids in different situation
docs(jans-cedarling): improved README, added not about `log_init.rs`  file. And information about each log type.
chore(jans-cedarling): fix clippy warnings about doc identation
chore(jans-cedarling): fix clippy warnings
docs(jans-cedarling): improved documentation in the log crate.
docs(jans-cedarling): add links to the bootstrap properties in the documentation
docs(jans-cedarling): improved documentation in the log crate. Made it public to see message from autogenerated documentation page
chore(jans-cedarling): remove unused imports
chore(jans-cedarling): add macros allow(dead_code) to the Authz struct
chore(jans-cedarling): refactor make StdOutLogger more simple
chore(jans-cedarling): refactor to use imported names for shorter match cases
feat(jans-cedarling): add example of run cedarling Authz and updated Readme
chore(jans-cedarling): refactor implementation  MemoryLogger method log
chore(jans-cedarling): rename method get_logs to get_log_ids according to last changes in the `Final Cedarling Log Design`
chore(jans-cedarling): change name on init Authz
chore(jans-cedarling): add derive Clone, Copy to the LogType and MemoryLogConfig
chore(jans-cedarling): added doc message to MemoryLogConfig
chore(jans-cedarling): add documentation notes for LogStrategy
chore(jans-cedarling): add copyright note
chore(jans-cedarling): add simple Authz with initialization logger service
chore(jans-cedarling): add init_logger function
chore(jans-cedarling): fix missed documentation
chore(jans-cedarling): initialize logger using configuration settings
chore(jans-cedarling): add configs for logger
chore(jans-cedarling): add LogStrategy to unify multiple implementations under a common API
chore(jans-cedarling): add MemoryLogger
chore(jans-cedarling): add MemoryLogger and implement  LogWriter trait
chore(jans-cedarling): make LogEntry properties public
chore(jans-cedarling): added to sparkv error text error message
chore(jans-cedarling): added сopyright note to sparkv
chore(jans-cedarling): added StdOutLogger
chore(jans-cedarling): added NopLogger, that do nothing.
chore(jans-cedarling): added log interfaces
chore(jans-cedarling): added log LogEntry struct and related to it.
feat(jans-cedarling): added fork of the SparKV as is

Signed-off-by: Oleh Bohzok <[email protected]>
@olehbozhok olehbozhok dismissed stale reviews from duttarnab and nynymike via 55b33a2 September 23, 2024 11:05
@olehbozhok olehbozhok requested review from nynymike and duttarnab and removed request for nynymike September 23, 2024 11:06
@olehbozhok olehbozhok self-assigned this Sep 23, 2024
@moabu moabu merged commit ed80ee6 into main Sep 23, 2024
11 checks passed
@moabu moabu deleted the jans-cedaling-issue-9495 branch September 23, 2024 11:43
@moabu moabu changed the title feat (cedarling): Log Startup message feat(jans-cedarling): Log Startup message Sep 23, 2024
@mo-auto mo-auto added the comp-jans-cedarling Touching folder /jans-cedarling label Sep 23, 2024
imShakil pushed a commit that referenced this pull request Oct 3, 2024
@olehbozhok @imShakil
feat (cedarling): Log Startup message (#9546)
c57f022 
chore(jans-cedarling): move `cedarling` from `jans-lock` to `jans-cedarling` top level

Squash all previous changes:

chore(jans-cedarling): refactor, improve organization of config entity imports
docs(jans-cedarling): add to README how to generate documentation
chore(jans-cedarling): rename unexported field in the writer
feat(jans-cedarling): add Authz to the Cedarling instance
feat(jans-cedarling): add Cedarling instance
docs(jans-cedarling): fix docstring
test(jans-cedarling): fix log/test, import LogWriter
docs(jans-cedarling): added to README information how to run unit tests
test(jans-cedarling): move unit test for LogStrategy to log/test module
docs(jans-cedarling): added to README information how to get code-coverage
test(jans-cedarling): add unit test for LogStrategy
test(jans-cedarling): add unit test for MemoryLogger
chore(jans-cedarling): make fields in AuthorizationLogInfo struct public
test(jans-cedarling): add unit test for StdOutLogger
docs(jans-cedarling): added README to log module
chore(jans-cedarling): add note about using uuids in different situation
docs(jans-cedarling): improved README, added not about `log_init.rs`  file. And information about each log type.
chore(jans-cedarling): fix clippy warnings about doc identation
chore(jans-cedarling): fix clippy warnings
docs(jans-cedarling): improved documentation in the log crate.
docs(jans-cedarling): add links to the bootstrap properties in the documentation
docs(jans-cedarling): improved documentation in the log crate. Made it public to see message from autogenerated documentation page
chore(jans-cedarling): remove unused imports
chore(jans-cedarling): add macros allow(dead_code) to the Authz struct
chore(jans-cedarling): refactor make StdOutLogger more simple
chore(jans-cedarling): refactor to use imported names for shorter match cases
feat(jans-cedarling): add example of run cedarling Authz and updated Readme
chore(jans-cedarling): refactor implementation  MemoryLogger method log
chore(jans-cedarling): rename method get_logs to get_log_ids according to last changes in the `Final Cedarling Log Design`
chore(jans-cedarling): change name on init Authz
chore(jans-cedarling): add derive Clone, Copy to the LogType and MemoryLogConfig
chore(jans-cedarling): added doc message to MemoryLogConfig
chore(jans-cedarling): add documentation notes for LogStrategy
chore(jans-cedarling): add copyright note
chore(jans-cedarling): add simple Authz with initialization logger service
chore(jans-cedarling): add init_logger function
chore(jans-cedarling): fix missed documentation
chore(jans-cedarling): initialize logger using configuration settings
chore(jans-cedarling): add configs for logger
chore(jans-cedarling): add LogStrategy to unify multiple implementations under a common API
chore(jans-cedarling): add MemoryLogger
chore(jans-cedarling): add MemoryLogger and implement  LogWriter trait
chore(jans-cedarling): make LogEntry properties public
chore(jans-cedarling): added to sparkv error text error message
chore(jans-cedarling): added сopyright note to sparkv
chore(jans-cedarling): added StdOutLogger
chore(jans-cedarling): added NopLogger, that do nothing.
chore(jans-cedarling): added log interfaces
chore(jans-cedarling): added log LogEntry struct and related to it.
feat(jans-cedarling): added fork of the SparKV as is

Signed-off-by: Oleh Bohzok <[email protected]>
yuriyz pushed a commit that referenced this pull request Nov 7, 2024
@olehbozhok
feat (cedarling): Log Startup message (#9546)
9bbd1fa 
chore(jans-cedarling): move `cedarling` from `jans-lock` to `jans-cedarling` top level

Squash all previous changes:

chore(jans-cedarling): refactor, improve organization of config entity imports
docs(jans-cedarling): add to README how to generate documentation
chore(jans-cedarling): rename unexported field in the writer
feat(jans-cedarling): add Authz to the Cedarling instance
feat(jans-cedarling): add Cedarling instance
docs(jans-cedarling): fix docstring
test(jans-cedarling): fix log/test, import LogWriter
docs(jans-cedarling): added to README information how to run unit tests
test(jans-cedarling): move unit test for LogStrategy to log/test module
docs(jans-cedarling): added to README information how to get code-coverage
test(jans-cedarling): add unit test for LogStrategy
test(jans-cedarling): add unit test for MemoryLogger
chore(jans-cedarling): make fields in AuthorizationLogInfo struct public
test(jans-cedarling): add unit test for StdOutLogger
docs(jans-cedarling): added README to log module
chore(jans-cedarling): add note about using uuids in different situation
docs(jans-cedarling): improved README, added not about `log_init.rs`  file. And information about each log type.
chore(jans-cedarling): fix clippy warnings about doc identation
chore(jans-cedarling): fix clippy warnings
docs(jans-cedarling): improved documentation in the log crate.
docs(jans-cedarling): add links to the bootstrap properties in the documentation
docs(jans-cedarling): improved documentation in the log crate. Made it public to see message from autogenerated documentation page
chore(jans-cedarling): remove unused imports
chore(jans-cedarling): add macros allow(dead_code) to the Authz struct
chore(jans-cedarling): refactor make StdOutLogger more simple
chore(jans-cedarling): refactor to use imported names for shorter match cases
feat(jans-cedarling): add example of run cedarling Authz and updated Readme
chore(jans-cedarling): refactor implementation  MemoryLogger method log
chore(jans-cedarling): rename method get_logs to get_log_ids according to last changes in the `Final Cedarling Log Design`
chore(jans-cedarling): change name on init Authz
chore(jans-cedarling): add derive Clone, Copy to the LogType and MemoryLogConfig
chore(jans-cedarling): added doc message to MemoryLogConfig
chore(jans-cedarling): add documentation notes for LogStrategy
chore(jans-cedarling): add copyright note
chore(jans-cedarling): add simple Authz with initialization logger service
chore(jans-cedarling): add init_logger function
chore(jans-cedarling): fix missed documentation
chore(jans-cedarling): initialize logger using configuration settings
chore(jans-cedarling): add configs for logger
chore(jans-cedarling): add LogStrategy to unify multiple implementations under a common API
chore(jans-cedarling): add MemoryLogger
chore(jans-cedarling): add MemoryLogger and implement  LogWriter trait
chore(jans-cedarling): make LogEntry properties public
chore(jans-cedarling): added to sparkv error text error message
chore(jans-cedarling): added сopyright note to sparkv
chore(jans-cedarling): added StdOutLogger
chore(jans-cedarling): added NopLogger, that do nothing.
chore(jans-cedarling): added log interfaces
chore(jans-cedarling): added log LogEntry struct and related to it.
feat(jans-cedarling): added fork of the SparKV as is

Signed-off-by: Oleh Bohzok <[email protected]>
Former-commit-id: ed80ee6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moabu moabu moabu approved these changes

@duttarnab duttarnab duttarnab approved these changes

@yurem yurem Awaiting requested review from yurem

@nynymike nynymike Awaiting requested review from nynymike

Assignees

@olehbozhok olehbozhok

Labels
area-documentation Documentation needs to change as part of issue or PR comp-jans-cedarling Touching folder /jans-cedarling kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat (cedarling): Log Startup message
5 participants
@olehbozhok @duttarnab @nynymike @moabu @mo-auto