command
Version:
v0.0.0-...-05145c8
Opens a new window with list of versions in this module.
Published: Sep 23, 2022
License: Apache-2.0
Opens a new window with license information.
Imports: 17
Opens a new window with list of imports.
Imported by: 0
Opens a new window with list of known importers.
README
¶
Audit Logging Shell (Go)
The shell app located in test/shell
is a basic HTTP server that emits an
application audit log using the Lumberjack Go client.
The goal of this shell app is to provide a wrapper that uses our client for
automated and manual testing.
Prerequisites:
- Docker
- Google Cloud SDK
- Terraform
(Note: Don't use the google3 version)
- jq
- Make sure you have the following permissions in the
tycho.joonix.net
org:
- Folder Editor
- Project Creator
Manual Steps
-
Authenticate to GCP:
gcloud auth login --update-adc
-
Find one of the existing test environments and change directory to that.
E.g. $ROOT/terraform/envs/dev
.
First, sanity check if you can run Terraform without any problem.
terraform plan
This should return without any error.
# The audit logging server URL.
export SERVER_URL=${$(terraform output -raw audit_log_server_url)#"https://"}:443
# The application project.
export APP_PROJECT=$(terraform output -json app_projects | jq -r '.[0]')
# The audit logging server project.
export SERVER_PROJECT=$(terraform output -raw server_project)
-
Execute the following steps from the Lumberjack Go client directory, where
go.mod
is located. Build and push the Shell app into a container:
docker buildx build \
--file "test/shell/Dockerfile" \
--tag "us-docker.pkg.dev/${APP_PROJECT}/images/logging-shell:${LDAP}" \
--push \
.
-
Deploy the Shell app to Cloud Run
gcloud run deploy ${LDAP}-logging-shell \
--image=us-docker.pkg.dev/${APP_PROJECT}/images/logging-shell:${LDAP} \
--memory=512Mi \
--region=us-west1 \
--project=${APP_PROJECT} \
--set-env-vars="AUDIT_CLIENT_FILTER_REGEX_PRINCIPAL_INCLUDE=.iam.gserviceaccount.com$,AUDIT_CLIENT_BACKEND_REMOTE_ADDRESS=${SERVER_URL}"
-
Create a log with a trace ID by triggering the deployed service:
export SHELL_APP_URL=$(gcloud run services describe ${LDAP}-logging-shell --platform managed --region us-west1 --format 'value(status.url)')
curl -H "Authorization: Bearer $(gcloud auth print-identity-token)" ${SHELL_APP_URL}/?trace_id=${ID_STRING}
-
View the audit log in BigQuery in project ${SERVER_PROJECT}
.
Notes:
LDAP
is your ldap used to avoid conflicts with other teammates.
ID_STRING
can be any string to be used as trace id.
Documentation
¶
Package main contains a minimal Cloud Run HTTP server that emits an
application audit log using the audit client.
Source Files
¶
Click to show internal directories.
Click to hide internal directories.