24-3: auditlog: add logins (#8104)

Add audit logging for login operation.

merge #8027 (81ca5b1), #7546 (f972e3a) from main.

KIKIMR-21774

Author: ijon

ydb/core/audit/audit_log.cpp

@@ -1,19 +1,12 @@
 #pragma once
 
-#include <ydb/core/base/events.h>
+#include <utility>
+#include <atomic>
 
-#include <ydb/library/actors/core/actor.h>
-#include <ydb/library/actors/core/events.h>
-#include <library/cpp/logger/backend.h>
-#include <ydb/core/protos/config.pb.h>
-#include <ydb/library/services/services.pb.h>
-
-#include <library/cpp/logger/record.h>
-#include <ydb/library/actors/core/hfunc.h>
-#include <ydb/library/actors/core/log.h>
+#include <util/generic/string.h>
+#include <util/generic/vector.h>
 
-#include <util/generic/strbuf.h>
-#include <util/datetime/base.h>
+#include <ydb/library/actors/core/actor.h>
 
 #define AUDIT_LOG_S(sys, expr)                                                                                                  \
     do {                                                                                                                        \
@@ -24,7 +17,7 @@
         }                                                                                                                       \
     } while (0) /**/
 
-#define AUDIT_LOG(expr) AUDIT_LOG_S((TlsActivationContext->ExecutorThread.ActorSystem), expr)
+#define AUDIT_LOG(expr) AUDIT_LOG_S((::NActors::TlsActivationContext->ExecutorThread.ActorSystem), expr)
 
 #define AUDIT_PART_NO_COND(key, value) AUDIT_PART_COND(key, value, true)
 #define AUDIT_PART_COND(key, value, condition)                                                                                    \
@@ -37,90 +30,14 @@
 #define GET_AUDIT_PART_MACRO(_1, _2, _3, NAME,...) NAME
 #define AUDIT_PART(...) GET_AUDIT_PART_MACRO(__VA_ARGS__, AUDIT_PART_COND, AUDIT_PART_NO_COND)(__VA_ARGS__)
 
+namespace NActors {
+    class TActorSystem;
+}
+
 namespace NKikimr::NAudit {
 
 extern std::atomic<bool> AUDIT_LOG_ENABLED;
 
-struct TEvAuditLog
-{
-    //
-    // Events declaration
-    //
-
-    enum EEvents
-    {
-        EvBegin = EventSpaceBegin(TKikimrEvents::ES_YDB_AUDIT_LOG),
-
-        // Request actors
-        EvWriteAuditLog = EvBegin + 0,
-
-        EvEnd
-    };
-
-    static_assert(EvEnd <= EventSpaceEnd(TKikimrEvents::ES_YDB_AUDIT_LOG),
-                  "expected EvEnd <= EventSpaceEnd(TKikimrEvents::ES_YDB_AUDIT_LOG)");
-
-    struct TEvWriteAuditLog
-        : public NActors::TEventLocal<TEvWriteAuditLog, EvWriteAuditLog>
-    {
-        TInstant Time;
-        TVector<std::pair<TString, TString>> Parts;
-
-        TEvWriteAuditLog(TInstant time, TVector<std::pair<TString, TString>>&& parts)
-            : Time(time)
-            , Parts(std::move(parts))
-        {}
-    };
-};
-
-class TAuditLogActor final
-    : public TActor<TAuditLogActor>
-{
-private:
-    const TMap<NKikimrConfig::TAuditConfig::EFormat, TVector<THolder<TLogBackend>>> LogBackends;
-public:
-    TAuditLogActor(TMap<NKikimrConfig::TAuditConfig::EFormat, TVector<THolder<TLogBackend>>> logBackends)
-        : TActor(&TThis::StateWork)
-        , LogBackends(std::move(logBackends))
-    {
-    }
-
-    static constexpr NKikimrServices::TActivity::EType ActorActivityType() {
-        return NKikimrServices::TActivity::AUDIT_WRITER_ACTOR;
-    }
-
-private:
-    STFUNC(StateWork);
-
-    void HandlePoisonPill(
-        const TEvents::TEvPoisonPill::TPtr& ev,
-        const TActorContext& ctx);
-
-    void HandleWriteAuditLog(
-        const TEvAuditLog::TEvWriteAuditLog::TPtr& ev,
-        const TActorContext& ctx);
-
-    static void WriteLog(
-        const TString& log,
-        const TVector<THolder<TLogBackend>>& logBackends);
-
-    static TString GetJsonLog(
-        const TEvAuditLog::TEvWriteAuditLog::TPtr& ev);
-
-    static TString GetTxtLog(
-        const TEvAuditLog::TEvWriteAuditLog::TPtr& ev);
-
-    void HandleUnexpectedEvent(STFUNC_SIG);
-};
-
-////////////////////////////////////////////////////////////////////////////////
-
 void SendAuditLog(const NActors::TActorSystem* sys, TVector<std::pair<TString, TString>>&& parts);
 
-inline NActors::TActorId MakeAuditServiceID() {
-    return NActors::TActorId(0, TStringBuf("YDB_AUDIT"));
-}
-
-THolder<NActors::IActor> CreateAuditWriter(TMap<NKikimrConfig::TAuditConfig::EFormat, TVector<THolder<TLogBackend>>> logBackends);
-
 }   // namespace NKikimr::NAudit

ydb/core/audit/audit_log.h

@@ -1,49 +1,84 @@
-#include "audit_log.h"
-#include "audit_log_impl.h"
-
 #include <library/cpp/json/json_value.h>
 #include <library/cpp/json/json_writer.h>
+#include <library/cpp/logger/record.h>
+#include <library/cpp/logger/backend.h>
+
+#include <ydb/library/actors/core/log.h>
+#include <ydb/library/actors/core/actor.h>
+#include <ydb/library/actors/core/events.h>
+#include <ydb/library/actors/core/hfunc.h>
+#include <ydb/library/services/services.pb.h>
+
+#include <ydb/core/base/events.h>
+
+#include "audit_log_service.h"
+#include "audit_log.h"
+
+#if defined LOG_T || \
+    defined LOG_D || \
+    defined LOG_I || \
+    defined LOG_N || \
+    defined LOG_W || \
+    defined LOG_E
+# error log macro redefinition
+#endif
+
+#define LOG_T(stream) LOG_TRACE_S((TlsActivationContext->AsActorContext()), NKikimrServices::AUDIT_LOG_WRITER, stream)
+#define LOG_D(stream) LOG_DEBUG_S((TlsActivationContext->AsActorContext()), NKikimrServices::AUDIT_LOG_WRITER, stream)
+#define LOG_I(stream) LOG_INFO_S((TlsActivationContext->AsActorContext()), NKikimrServices::AUDIT_LOG_WRITER, stream)
+#define LOG_N(stream) LOG_NOTICE_S((TlsActivationContext->AsActorContext()), NKikimrServices::AUDIT_LOG_WRITER, stream)
+#define LOG_W(stream) LOG_WARN_S((TlsActivationContext->AsActorContext()), NKikimrServices::AUDIT_LOG_WRITER, stream)
+#define LOG_E(stream) LOG_ERROR_S((TlsActivationContext->AsActorContext()), NKikimrServices::AUDIT_LOG_WRITER, stream)
 
 namespace NKikimr::NAudit {
 
-using namespace NActors;
+// TAuditLogActor
+//
 
-void TAuditLogActor::HandlePoisonPill(
-    const TEvents::TEvPoisonPill::TPtr& ev,
-    const TActorContext& ctx)
-{
-    Y_UNUSED(ev);
-    AUDIT_LOG_ENABLED.store(false);
-    Die(ctx);
-}
+struct TEvAuditLog {
+    //
+    // Events declaration
+    //
 
-STFUNC(TAuditLogActor::StateWork)
-{
-    switch (ev->GetTypeRewrite()) {
-        HFunc(TEvents::TEvPoisonPill, HandlePoisonPill);
-        HFunc(TEvAuditLog::TEvWriteAuditLog, HandleWriteAuditLog);
-    default:
-        HandleUnexpectedEvent(ev);
-        break;
-    }
-}
+    enum EEvents {
+        EvBegin = EventSpaceBegin(TKikimrEvents::ES_YDB_AUDIT_LOG),
+
+        // Request actors
+        EvWriteAuditLog = EvBegin + 0,
+
+        EvEnd
+    };
+
+    static_assert(EvEnd <= EventSpaceEnd(TKikimrEvents::ES_YDB_AUDIT_LOG),
+        "expected EvEnd <= EventSpaceEnd(TKikimrEvents::ES_YDB_AUDIT_LOG)"
+    );
+
+    struct TEvWriteAuditLog : public NActors::TEventLocal<TEvWriteAuditLog, EvWriteAuditLog> {
+        TInstant Time;
+        TVector<std::pair<TString, TString>> Parts;
+
+        TEvWriteAuditLog(TInstant time, TVector<std::pair<TString, TString>>&& parts)
+            : Time(time)
+            , Parts(std::move(parts))
+        {}
+    };
+};
 
-void TAuditLogActor::WriteLog(const TString& log, const TVector<THolder<TLogBackend>>& logBackends) {
+void WriteLog(const TString& log, const TVector<THolder<TLogBackend>>& logBackends) {
     for (auto& logBackend : logBackends) {
         try {
-            logBackend->WriteData(
-                TLogRecord(
-                    ELogPriority::TLOG_INFO,
-                    log.data(),
-                    log.length()));
+            logBackend->WriteData(TLogRecord(
+                ELogPriority::TLOG_INFO,
+                log.data(),
+                log.length()
+            ));
         } catch (const yexception& e) {
-            LOG_W("WriteLog:"
-                << " unable to write audit log (error: " << e.what() << ")");
+            LOG_W("WriteLog: unable to write audit log (error: " << e.what() << ")");
         }
     }
 }
 
-TString TAuditLogActor::GetJsonLog(const TEvAuditLog::TEvWriteAuditLog::TPtr& ev) {
+TString GetJsonLog(const TEvAuditLog::TEvWriteAuditLog::TPtr& ev) {
     const auto* msg = ev->Get();
     TStringStream ss;
     ss << msg->Time << ": ";
@@ -56,7 +91,7 @@ TString TAuditLogActor::GetJsonLog(const TEvAuditLog::TEvWriteAuditLog::TPtr& ev
     return ss.Str();
 }
 
-TString TAuditLogActor::GetTxtLog(const TEvAuditLog::TEvWriteAuditLog::TPtr& ev) {
+TString GetTxtLog(const TEvAuditLog::TEvWriteAuditLog::TPtr& ev) {
     const auto* msg = ev->Get();
     TStringStream ss;
     ss << msg->Time << ": ";
@@ -69,29 +104,81 @@ TString TAuditLogActor::GetTxtLog(const TEvAuditLog::TEvWriteAuditLog::TPtr& ev)
     return ss.Str();
 }
 
-void TAuditLogActor::HandleWriteAuditLog(const TEvAuditLog::TEvWriteAuditLog::TPtr& ev, const TActorContext& ctx) {
-    Y_UNUSED(ctx);
-
-    for (auto& logBackends : LogBackends) {
-        switch (logBackends.first) {
-            case NKikimrConfig::TAuditConfig::JSON:
-                WriteLog(GetJsonLog(ev), logBackends.second);
-                break;
-            case NKikimrConfig::TAuditConfig::TXT:
-                WriteLog(GetTxtLog(ev), logBackends.second);
-                break;
-            default:
-                WriteLog(GetJsonLog(ev), logBackends.second);
-                break;
+class TAuditLogActor final : public TActor<TAuditLogActor> {
+private:
+    const TAuditLogBackends LogBackends;
+
+public:
+    TAuditLogActor(TAuditLogBackends&& logBackends)
+        : TActor(&TThis::StateWork)
+        , LogBackends(std::move(logBackends))
+    {}
+
+    static constexpr NKikimrServices::TActivity::EType ActorActivityType() {
+        return NKikimrServices::TActivity::AUDIT_WRITER_ACTOR;
+    }
+
+private:
+    STFUNC(StateWork) {
+        switch (ev->GetTypeRewrite()) {
+            HFunc(TEvents::TEvPoisonPill, HandlePoisonPill);
+            HFunc(TEvAuditLog::TEvWriteAuditLog, HandleWriteAuditLog);
+        default:
+            HandleUnexpectedEvent(ev);
+            break;
         }
     }
+
+    void HandlePoisonPill(const TEvents::TEvPoisonPill::TPtr& ev, const TActorContext& ctx) {
+        Y_UNUSED(ev);
+        AUDIT_LOG_ENABLED.store(false);
+        Die(ctx);
+    }
+
+    void HandleWriteAuditLog(const TEvAuditLog::TEvWriteAuditLog::TPtr& ev, const TActorContext& ctx) {
+        Y_UNUSED(ctx);
+
+        for (auto& logBackends : LogBackends) {
+            switch (logBackends.first) {
+                case NKikimrConfig::TAuditConfig::JSON:
+                    WriteLog(GetJsonLog(ev), logBackends.second);
+                    break;
+                case NKikimrConfig::TAuditConfig::TXT:
+                    WriteLog(GetTxtLog(ev), logBackends.second);
+                    break;
+                default:
+                    WriteLog(GetJsonLog(ev), logBackends.second);
+                    break;
+            }
+        }
+    }
+
+    void HandleUnexpectedEvent(STFUNC_SIG) {
+        LOG_W("TAuditLogActor:"
+            << " unhandled event type: " << ev->GetTypeRewrite()
+            << " event: " << ev->GetTypeName()
+        );
+    }
+};
+
+// Client interface implementation
+//
+
+std::atomic<bool> AUDIT_LOG_ENABLED = false;
+
+void SendAuditLog(const NActors::TActorSystem* sys, TVector<std::pair<TString, TString>>&& parts)
+{
+    auto request = MakeHolder<TEvAuditLog::TEvWriteAuditLog>(Now(), std::move(parts));
+    sys->Send(MakeAuditServiceID(), request.Release());
 }
 
-void TAuditLogActor::HandleUnexpectedEvent(STFUNC_SIG)
+// Service interface implementation
+//
+
+THolder<NActors::IActor> CreateAuditWriter(TAuditLogBackends&& logBackends)
 {
-    LOG_W("TAuditLogActor:"
-          << " unhandled event type: " << ev->GetTypeRewrite()
-          << " event: " << ev->GetTypeName());
+    AUDIT_LOG_ENABLED.store(true);
+    return MakeHolder<TAuditLogActor>(std::move(logBackends));
 }
 
 }    // namespace NKikimr::NAudit