feat(audit log): add audit log event stream (#1172)

* feat(audit log): add audit log event stream Signed-off-by: Paul Schultz <pschultz@pobox.com> * fix dependency issue Signed-off-by: Paul Schultz <pschultz@pobox.com> --------- Signed-off-by: Paul Schultz <pschultz@pobox.com>
janus-idp · Apr 15, 2024 · 5517df0 · 5517df0
1 parent efdd76d
commit 5517df0
Show file tree

Hide file tree

Showing 5 changed files with 108 additions and 41 deletions.
diff --git a/packages/backend/package.json b/packages/backend/package.json
@@ -49,7 +49,7 @@
     "@internal/plugin-scalprum-backend": "*",
     "@janus-idp/backstage-plugin-rbac-backend": "2.6.1",
     "@janus-idp/backstage-plugin-rbac-node": "1.0.3",
-    "@manypkg/get-packages": "2.2.0",
+    "@manypkg/get-packages": "1.1.3",
     "app": "*",
     "@internal/plugin-auth-backend-module-oidc-provider": "*",
     "better-sqlite3": "9.3.0",

diff --git a/packages/backend/src/index.ts b/packages/backend/src/index.ts
@@ -1,22 +1,22 @@
 import { rootHttpRouterServiceFactory } from '@backstage/backend-app-api';
+import { statusCheckHandler } from '@backstage/backend-common';
 import { createBackend } from '@backstage/backend-defaults';
-import { PackageRoles } from '@backstage/cli-node';
 import {
   dynamicPluginsFeatureDiscoveryServiceFactory,
-  dynamicPluginsServiceFactory,
-  dynamicPluginsSchemasServiceFactory,
   dynamicPluginsFrontendSchemas,
-  dynamicPluginsRootLoggerServiceFactory,
+  dynamicPluginsSchemasServiceFactory,
+  dynamicPluginsServiceFactory,
 } from '@backstage/backend-dynamic-feature-service';
-import {
-  rbacDynamicPluginsProvider,
-  pluginIDProviderService,
-} from './modules/rbacDynamicPluginsModule';
-import { metricsHandler } from './metrics';
-import { statusCheckHandler } from '@backstage/backend-common';
+import { PackageRoles } from '@backstage/cli-node';
 import { RequestHandler } from 'express';
 import * as path from 'path';
 import { CommonJSModuleLoader } from './loader';
+import { customLogger } from './logger';
+import { metricsHandler } from './metrics';
+import {
+  pluginIDProviderService,
+  rbacDynamicPluginsProvider,
+} from './modules/rbacDynamicPluginsModule';
 
 const backend = createBackend();
 
@@ -64,7 +64,7 @@ backend.add(
   }),
 );
 backend.add(dynamicPluginsFrontendSchemas());
-backend.add(dynamicPluginsRootLoggerServiceFactory());
+backend.add(customLogger());
 
 backend.add(import('@backstage/plugin-app-backend/alpha'));
 backend.add(

diff --git a/packages/backend/src/logger/customLogger.ts b/packages/backend/src/logger/customLogger.ts
@@ -0,0 +1,93 @@
+import {
+  createConfigSecretEnumerator,
+  WinstonLogger,
+} from '@backstage/backend-app-api';
+import { DynamicPluginsSchemasService } from '@backstage/backend-dynamic-feature-service';
+import {
+  coreServices,
+  createServiceFactory,
+  createServiceRef,
+} from '@backstage/backend-plugin-api';
+import { loadConfigSchema } from '@backstage/config-loader';
+import { getPackages } from '@manypkg/get-packages';
+import * as winston from 'winston';
+
+const defaultFormat = winston.format.combine(
+  winston.format.timestamp({
+    format: 'YYYY-MM-DD HH:mm:ss',
+  }),
+  winston.format.errors({ stack: true }),
+  winston.format.splat(),
+);
+
+const auditLogFormat = winston.format((info, opts) => {
+  const { isAuditLog, ...newInfo } = info;
+
+  if (isAuditLog) {
+    return opts.isAuditLog ? newInfo : false;
+  }
+
+  return !opts.isAuditLog ? newInfo : false;
+});
+
+const transports = {
+  log: [
+    new winston.transports.Console({
+      format: winston.format.combine(
+        auditLogFormat({ isAuditLog: false }),
+        winston.format.colorize(),
+        defaultFormat,
+        winston.format.simple(),
+      ),
+    }),
+  ],
+  auditLog: [
+    new winston.transports.Console({
+      format: winston.format.combine(
+        auditLogFormat({ isAuditLog: true }),
+        winston.format.colorize(),
+        defaultFormat,
+        winston.format.simple(),
+      ),
+    }),
+  ],
+};
+
+const dynamicPluginsSchemasServiceRef =
+  createServiceRef<DynamicPluginsSchemasService>({
+    id: 'core.dynamicplugins.schemas',
+    scope: 'root',
+  });
+
+export const customLogger = createServiceFactory({
+  service: coreServices.rootLogger,
+  deps: {
+    config: coreServices.rootConfig,
+    schemas: dynamicPluginsSchemasServiceRef,
+  },
+  async factory({ config, schemas }) {
+    const logger = WinstonLogger.create({
+      meta: {
+        service: 'backstage',
+      },
+      level: process.env.LOG_LEVEL ?? 'info',
+      format: winston.format.combine(defaultFormat, winston.format.json()),
+      transports: [...transports.log, ...transports.auditLog],
+    });
+
+    const configSchema = await loadConfigSchema({
+      dependencies: (await getPackages(process.cwd())).packages.map(
+        p => p.packageJson.name,
+      ),
+    });
+
+    const secretEnumerator = await createConfigSecretEnumerator({
+      logger,
+      schema: (await schemas.addDynamicPluginsSchemas(configSchema)).schema,
+    });
+    logger.addRedactions(secretEnumerator(config));
+    config.subscribe?.(() => logger.addRedactions(secretEnumerator(config)));
+
+    return logger;
+  },
+});
diff --git a/packages/backend/src/logger/index.ts b/packages/backend/src/logger/index.ts
@@ -0,0 +1 @@
+export * from './customLogger';
diff --git a/yarn.lock b/yarn.lock
@@ -7107,24 +7107,7 @@
     find-up "^4.1.0"
     fs-extra "^8.1.0"
 
-"@manypkg/find-root@^2.2.0":
-  version "2.2.1"
-  resolved "https://registry.yarnpkg.com/@manypkg/find-root/-/find-root-2.2.1.tgz#a7cffffdb06407967daa31f89952ebef108b27cf"
-  integrity sha512-34NlypD5mmTY65cFAK7QPgY5Tzt0qXR4ZRXdg97xAlkiLuwXUPBEXy5Hsqzd+7S2acsLxUz6Cs50rlDZQr4xUA==
-  dependencies:
-    "@manypkg/tools" "^1.1.0"
-    find-up "^4.1.0"
-    fs-extra "^8.1.0"
-
-"@manypkg/get-packages@2.2.0":
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/@manypkg/get-packages/-/get-packages-2.2.0.tgz#268c918880f60146351e348380ab590460c1dcc4"
-  integrity sha512-B5p5BXMwhGZKi/syEEAP1eVg5DZ/9LP+MZr0HqfrHLgu9fq0w4ZwH8yVen4JmjrxI2dWS31dcoswYzuphLaRxg==
-  dependencies:
-    "@manypkg/find-root" "^2.2.0"
-    "@manypkg/tools" "^1.1.0"
-
-"@manypkg/get-packages@^1.1.3":
+"@manypkg/get-packages@1.1.3", "@manypkg/get-packages@^1.1.3":
   version "1.1.3"
   resolved "https://registry.yarnpkg.com/@manypkg/get-packages/-/get-packages-1.1.3.tgz#e184db9bba792fa4693de4658cfb1463ac2c9c47"
   integrity sha512-fo+QhuU3qE/2TQMQmbVMqaQ6EWbMhi4ABWP+O4AM1NqPBuy0OrApV5LO6BrrgnhtAHS2NH6RrVk9OL181tTi8A==
@@ -7136,16 +7119,6 @@
     globby "^11.0.0"
     read-yaml-file "^1.1.0"
 
-"@manypkg/tools@^1.1.0":
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/@manypkg/tools/-/tools-1.1.0.tgz#730b4c0df78be7f0ce232a417f3c26023884a55c"
-  integrity sha512-SkAyKAByB9l93Slyg8AUHGuM2kjvWioUTCckT/03J09jYnfEzMO/wSXmEhnKGYs6qx9De8TH4yJCl0Y9lRgnyQ==
-  dependencies:
-    fs-extra "^8.1.0"
-    globby "^11.0.0"
-    jju "^1.4.0"
-    read-yaml-file "^1.1.0"
-
 "@material-table/core@^3.1.0":
   version "3.2.5"
   resolved "https://registry.yarnpkg.com/@material-table/core/-/core-3.2.5.tgz#37b3c665bed3ded6c147ad74adb330bf49efb213"
@@ -19479,7 +19452,7 @@ jiti@^1.18.2:
   resolved "https://registry.yarnpkg.com/jiti/-/jiti-1.21.0.tgz#7c97f8fe045724e136a397f7340475244156105d"
   integrity sha512-gFqAIbuKyyso/3G2qhiO2OM6shY6EPP/R0+mkDbyspxKazh8BXDC5FiFsUjlczgdNz/vfra0da2y+aHrusLG/Q==
 
-jju@^1.4.0, jju@~1.4.0:
+jju@~1.4.0:
   version "1.4.0"
   resolved "https://registry.yarnpkg.com/jju/-/jju-1.4.0.tgz#a3abe2718af241a2b2904f84a625970f389ae32a"
   integrity sha512-8wb9Yw966OSxApiCt0K3yNJL8pnNeIv+OEq2YMidz4FKP6nonSRoOXc80iXY4JaN2FC11B9qsNmDsm+ZOfMROA==