add config for audit logging, remove Audit() from Logger interface

Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
2026-01-05 13:07:14 +00:00 · 2024-11-11 15:21:14 -08:00
parent 76f6b725b8
commit ced8686d11
26 changed files with 405 additions and 165 deletions
--- a/internal/federationdomain/endpointsmanager/manager.go
+++ b/internal/federationdomain/endpointsmanager/manager.go
@@ -62,7 +62,7 @@ func NewManager(
 	secretsClient corev1client.SecretInterface,
 	oidcClientsClient v1alpha1.OIDCClientInterface,
 	auditLogger plog.AuditLogger,
-	auditCfg supervisor.AuditSpec,
+	auditInternalPathsCfg supervisor.AuditInternalPaths,
 ) *Manager {
 	m := &Manager{
 		providerHandlers:    make(map[string]http.Handler),
@@ -74,7 +74,7 @@ func NewManager(
 		auditLogger:         auditLogger,
 	}
 	// nextHandler is the next handler in the chain, called when this manager didn't know how to handle a request
-	m.buildHandlerChain(nextHandler, auditCfg)
+	m.buildHandlerChain(nextHandler, auditInternalPathsCfg)
 	return m
 }

@@ -193,11 +193,11 @@ func (m *Manager) SetFederationDomains(federationDomains ...*federationdomainpro
 	}
 }

-func (m *Manager) buildHandlerChain(nextHandler http.Handler, auditCfg supervisor.AuditSpec) {
+func (m *Manager) buildHandlerChain(nextHandler http.Handler, auditInternalPathsCfg supervisor.AuditInternalPaths) {
 	// Build the basic handler for FederationDomain endpoints.
 	handler := m.buildManagerHandler(nextHandler)
 	// Log all requests, including audit ID.
-	handler = requestlogger.WithHTTPRequestAuditLogging(handler, m.auditLogger, auditCfg)
+	handler = requestlogger.WithHTTPRequestAuditLogging(handler, m.auditLogger, auditInternalPathsCfg)
 	// Add random audit ID to request context and response headers.
 	handler = requestlogger.WithAuditID(handler)
 	m.handlerChain = handler
--- a/internal/federationdomain/endpointsmanager/manager_test.go
+++ b/internal/federationdomain/endpointsmanager/manager_test.go
@@ -360,6 +360,8 @@ func TestManager(t *testing.T) {
 			cache.SetStateEncoderHashKey(issuer2, []byte("some-state-encoder-hash-key-2"))
 			cache.SetStateEncoderBlockKey(issuer2, []byte("16-bytes-STATE02"))

+			auditLogger, _ := plog.TestAuditLogger(t)
+
 			subject = NewManager(
 				nextHandler,
 				dynamicJWKSProvider,
@@ -367,8 +369,8 @@ func TestManager(t *testing.T) {
 				&cache,
 				secretsClient,
 				oidcClientsClient,
-				plog.New(),
-				supervisor.AuditSpec{},
+				auditLogger,
+				supervisor.Enabled,
 			)
 		})