From 3f383a639828f4bebadc2e3fc841dfe61530bc53 Mon Sep 17 00:00:00 2001
From: Gimmy <gheorghe.popescu@aserto.com>
Date: Mon, 28 Oct 2024 13:35:52 +0200
Subject: [PATCH 1/3] add decision logger config

---
 charts/aserto/Chart.lock                      |  2 +-
 charts/authorizer/Chart.lock                  |  2 +-
 charts/authorizer/Chart.yaml                  |  2 +-
 charts/authorizer/templates/_helpers.tpl      | 10 +++++++++
 charts/authorizer/templates/config.yaml       |  5 +++++
 charts/authorizer/templates/deployment.yaml   | 10 +++++++++
 .../authorizer/templates/pvc-decisions.yaml   | 22 +++++++++++++++++++
 charts/authorizer/values.yaml                 |  9 ++++++++
 8 files changed, 59 insertions(+), 3 deletions(-)
 create mode 100644 charts/authorizer/templates/pvc-decisions.yaml

diff --git a/charts/aserto/Chart.lock b/charts/aserto/Chart.lock
index 59d958c..77eb522 100644
--- a/charts/aserto/Chart.lock
+++ b/charts/aserto/Chart.lock
@@ -15,4 +15,4 @@ dependencies:
   repository: oci://ghcr.io/aserto-dev/helm
   version: 0.1.4
 digest: sha256:62f06ef22f89eab79e44787a57c9377faf11d5fb14cf799f0ff63c1dcf127798
-generated: "2024-10-24T12:12:29.438424-04:00"
+generated: "2024-10-30T15:49:21.069483+02:00"
diff --git a/charts/authorizer/Chart.lock b/charts/authorizer/Chart.lock
index c09db80..804e695 100644
--- a/charts/authorizer/Chart.lock
+++ b/charts/authorizer/Chart.lock
@@ -3,4 +3,4 @@ dependencies:
   repository: oci://ghcr.io/aserto-dev/helm
   version: 0.1.4
 digest: sha256:018291c7638b93c7e47707393a5f72872ecb4ff06670fa660637392fdc28c873
-generated: "2024-10-24T12:07:51.34431-04:00"
+generated: "2024-10-30T15:49:03.917898+02:00"
diff --git a/charts/authorizer/Chart.yaml b/charts/authorizer/Chart.yaml
index 71ae1d0..64e82ae 100644
--- a/charts/authorizer/Chart.yaml
+++ b/charts/authorizer/Chart.yaml
@@ -21,7 +21,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.6
+version: 0.1.7
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/charts/authorizer/templates/_helpers.tpl b/charts/authorizer/templates/_helpers.tpl
index 3347582..4b867f1 100644
--- a/charts/authorizer/templates/_helpers.tpl
+++ b/charts/authorizer/templates/_helpers.tpl
@@ -96,3 +96,13 @@ tls:
 allowed_headers:
 {{- $cfg.allowed_headers | default (list "Aserto-Tenant-Id" "Authorization" "Content-Type" "Depth") | toYaml | nindent 2 }}
 {{- end }}
+
+{{- define "authorizer.decisionLogger" -}}
+{{- with .Values.decisionLogs -}}
+type: file
+config:
+  log_file_path: /decisions/decisions.log
+  max_file_size_mb: {{ .file.maxFileSizeMB | default "50" }}
+  max_file_count: {{ .file.maxFileCount | default "2" }}
+{{- end }}
+{{- end }}
diff --git a/charts/authorizer/templates/config.yaml b/charts/authorizer/templates/config.yaml
index ee9d111..bf6e172 100644
--- a/charts/authorizer/templates/config.yaml
+++ b/charts/authorizer/templates/config.yaml
@@ -55,6 +55,11 @@ stringData:
         - key: ${AUTHORIZER_ROOT_KEY}
           account: root-key-authorizer@aserto.com
 
+  {{- if (.Values.decisionLogs).enabled }}
+    decision_logger:
+      {{- include "authorizer.decisionLogger" . | nindent 6 }}
+  {{- end }}
+
     opa:
       instance_id: "-"
       graceful_shutdown_period_seconds: 2
diff --git a/charts/authorizer/templates/deployment.yaml b/charts/authorizer/templates/deployment.yaml
index b2024ab..03285d2 100644
--- a/charts/authorizer/templates/deployment.yaml
+++ b/charts/authorizer/templates/deployment.yaml
@@ -40,6 +40,13 @@ spec:
           emptyDir: {}
           {{- end }}
           {{- end }}
+        - name: decisions
+        {{- if (.Values.decisionLogs).enabled | and ((.Values.decisionLogs).persistence).enabled }}
+          persistentVolumeClaim:
+            claimName: {{ include "topaz.fullname" . }}-pvc-decisions
+        {{- else }}
+          emptyDir: {}
+        {{- end }}
         - name: https-certs
           {{- with (include "aserto-lib.httpsConfig" . | fromYaml) }}
           {{- if .certSecret }}
@@ -94,6 +101,9 @@ spec:
               readOnly: true
             - name: grpc-certs
               mountPath: /grpc-certs
+            - name: decisions
+              mountPath: /decisions
+              readOnly: false
             {{- if (include "aserto-lib.grpcConfig" . | fromYaml).certSecret  }}
               readOnly: true
             {{- end }}
diff --git a/charts/authorizer/templates/pvc-decisions.yaml b/charts/authorizer/templates/pvc-decisions.yaml
new file mode 100644
index 0000000..6891a9a
--- /dev/null
+++ b/charts/authorizer/templates/pvc-decisions.yaml
@@ -0,0 +1,22 @@
+{{- with (.Values.decisionLogs).persistence -}}
+{{- if .enabled | and ($.Values.decisionLogs).enabled }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "authorizer.fullname" $ }}-pvc-decisions
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .storage | default "100Mi" }}
+  {{- if .storageClassName }}
+  storageClassName: {{ .storageClassName }}
+  {{- end }}
+  {{- if .selector }}
+  selector:
+    {{- .selector | toYaml | nindent 4 }}
+  {{- end }}
+{{- end }}
+{{- end }}
+
diff --git a/charts/authorizer/values.yaml b/charts/authorizer/values.yaml
index 36edf75..96d5a7f 100644
--- a/charts/authorizer/values.yaml
+++ b/charts/authorizer/values.yaml
@@ -17,6 +17,15 @@ apiKey:
   secretName: authorizer-keys
   secretKey: api-key
 
+decisionLogs:
+  enabled: true
+  # The 'file' and 'remote' options are mutually exclusive. If both are specified, 'remote' is used.
+  file:
+    # Write decision logs to a local file.
+    # The logs are written to the spool directory (/decisions) and rotated when they reach the maximum size.
+    maxFileSizeMB: 50
+    maxFileCount: 2
+
 # jwtAcceptableTimeSkewSeconds: 5
 
 

From 34c222bc1eae75dc3eff8fcb8e3730323edc8dfc Mon Sep 17 00:00:00 2001
From: Gimmy <gheorghe.popescu@aserto.com>
Date: Wed, 30 Oct 2024 16:06:45 +0200
Subject: [PATCH 2/3] revert aserto chart

---
 charts/aserto/Chart.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/aserto/Chart.lock b/charts/aserto/Chart.lock
index 77eb522..59d958c 100644
--- a/charts/aserto/Chart.lock
+++ b/charts/aserto/Chart.lock
@@ -15,4 +15,4 @@ dependencies:
   repository: oci://ghcr.io/aserto-dev/helm
   version: 0.1.4
 digest: sha256:62f06ef22f89eab79e44787a57c9377faf11d5fb14cf799f0ff63c1dcf127798
-generated: "2024-10-30T15:49:21.069483+02:00"
+generated: "2024-10-24T12:12:29.438424-04:00"

From efa9db59b881688c185adabda7a90b5d9c8bf41d Mon Sep 17 00:00:00 2001
From: Gimmy <gheorghe.popescu@aserto.com>
Date: Wed, 30 Oct 2024 16:13:07 +0200
Subject: [PATCH 3/3] fix pvc name

---
 charts/authorizer/templates/deployment.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/authorizer/templates/deployment.yaml b/charts/authorizer/templates/deployment.yaml
index 03285d2..3883845 100644
--- a/charts/authorizer/templates/deployment.yaml
+++ b/charts/authorizer/templates/deployment.yaml
@@ -43,7 +43,7 @@ spec:
         - name: decisions
         {{- if (.Values.decisionLogs).enabled | and ((.Values.decisionLogs).persistence).enabled }}
           persistentVolumeClaim:
-            claimName: {{ include "topaz.fullname" . }}-pvc-decisions
+            claimName: {{ include "authorizer.fullname" . }}-pvc-decisions
         {{- else }}
           emptyDir: {}
         {{- end }}