updated test to assert for traceid presence in decision logs

open-policy-agent · Oct 11, 2023 · 50850b5 · 50850b5
1 parent 1338d33
commit 50850b5
Show file tree

Hide file tree

Showing 3 changed files with 89 additions and 12 deletions.
diff --git a/internal/internal.go b/internal/internal.go
@@ -527,16 +527,6 @@ func (p *envoyExtAuthzGrpcServer) log(ctx context.Context, input interface{}, re
 		info.SpanID = sctx.SpanID().String()
 	}
 
-	p.manager.Logger().WithFields(map[string]interface{}{
-		"query":    p.cfg.parsedQuery.String(),
-		"dry-run":  p.cfg.DryRun,
-		"decision": result.Decision,
-		"err":      err,
-		"txn":      result.TxnID,
-		"metrics":  result.Metrics.All(),
-		"traceid":  info.TraceID,
-	}).Error("Testing traceid population in decision log in opa envoy.")
-
 	if result.NDBuiltinCache != nil {
 		x, err := ast.JSON(result.NDBuiltinCache.AsValue())
 		if err != nil {

diff --git a/test/e2e/distributedtracing/distributedtracing_test.go b/test/e2e/distributedtracing/distributedtracing_test.go
@@ -12,6 +12,7 @@ import (
 
 	ext_authz "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
 	"github.com/open-policy-agent/opa-envoy-plugin/test/e2e"
+	"github.com/open-policy-agent/opa/logging/test"
 	"github.com/open-policy-agent/opa/plugins"
 	"github.com/open-policy-agent/opa/tracing"
 	"github.com/open-policy-agent/opa/util"
@@ -24,6 +25,7 @@ import (
 )
 
 var spanExporter *tracetest.InMemoryExporter
+var consoleLogger *test.Logger
 
 const exampleRequest = `{
 	"attributes": {
@@ -70,6 +72,8 @@ func TestMain(m *testing.M) {
 	tracing.RegisterHTTPTracing(&factory{})
 	spanExporter = tracetest.NewInMemoryExporter()
 	tracerProvider := trace.NewTracerProvider(trace.WithSpanProcessor(trace.NewSimpleSpanProcessor(spanExporter)))
+	consoleLogger = test.New()
+
 	count := 0
 	countMutex := sync.Mutex{}
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
@@ -88,7 +92,7 @@ func TestMain(m *testing.M) {
 		resp.body.count == 1
 	}`
 	module := fmt.Sprintf(moduleFmt, ts.URL)
-	pluginsManager, err := e2e.TestAuthzServerWithWithOpts(module, "envoy/authz/allow", ":9191", plugins.WithTracerProvider(tracerProvider))
+	pluginsManager, err := e2e.TestAuthzServerWithWithOpts(module, "envoy/authz/allow", ":9191", plugins.WithTracerProvider(tracerProvider), plugins.ConsoleLogger(consoleLogger))
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -147,5 +151,52 @@ func TestServerSpan(t *testing.T) {
 		if got, expected := spans[0].Parent.SpanID(), parentSpanID; got != expected {
 			t.Errorf("expected span to be child of %v, got parent %v", expected, got)
 		}
+
+		var entry test.LogEntry
+		var found bool
+
+		for _, entry = range consoleLogger.Entries() {
+			t.Log(entry.Message)
+			if entry.Message == "Decision Log" {
+				found = true
+			}
+		}
+
+		if !found {
+			t.Fatalf("Did not find 'Decision Log' event in captured log entries")
+		}
+		// Check for some important fields
+		expectedFields := map[string]*struct {
+			found bool
+			match func(*testing.T, string)
+		}{
+			"labels":      {},
+			"decision_id": {},
+			"trace_id":    {},
+			"span_id":     {},
+			"result":      {},
+			"timestamp":   {},
+			"type": {match: func(t *testing.T, actual string) {
+				if actual != "openpolicyagent.org/decision_logs" {
+					t.Fatalf("Expected field 'type' to be 'openpolicyagent.org/decision_logs'")
+				}
+			}},
+		}
+
+		// Ensure expected fields exist
+		for fieldName, rawField := range entry.Fields {
+			if fd, ok := expectedFields[fieldName]; ok {
+				if fieldValue, ok := rawField.(string); ok && fd.match != nil {
+					fd.match(t, fieldValue)
+				}
+				fd.found = true
+			}
+		}
+
+		for field, fd := range expectedFields {
+			if !fd.found {
+				t.Errorf("Missing expected field in decision log: %s\n\nEntry: %+v\n\n", field, entry)
+			}
+		}
 	})
 }
diff --git a/test/e2e/testing.go b/test/e2e/testing.go
@@ -8,10 +8,30 @@ import (
 	"github.com/open-policy-agent/opa-envoy-plugin/internal"
 	"github.com/open-policy-agent/opa-envoy-plugin/plugin"
 	"github.com/open-policy-agent/opa/plugins"
+	"github.com/open-policy-agent/opa/plugins/logs"
 	"github.com/open-policy-agent/opa/storage"
 	"github.com/open-policy-agent/opa/storage/inmem"
 )
 
+type testPlugin struct {
+	events []logs.EventV1
+}
+
+func (*testPlugin) Start(context.Context) error {
+	return nil
+}
+
+func (*testPlugin) Stop(context.Context) {
+}
+
+func (*testPlugin) Reconfigure(context.Context, interface{}) {
+}
+
+func (p *testPlugin) Log(_ context.Context, event logs.EventV1) error {
+	p.events = append(p.events, event)
+	return nil
+}
+
 // TestAuthzServerWithWithOpts creates a new AuthzServer
 // that implements the Envoy ext_authz API. Options for
 // plugins.Manager can/should be customized for the test case.
@@ -21,7 +41,7 @@ func TestAuthzServerWithWithOpts(module string, path string, addr string, opts .
 	txn := storage.NewTransactionOrDie(ctx, store, storage.WriteParams)
 	store.UpsertPolicy(ctx, txn, "example.rego", []byte(module))
 	store.Commit(ctx, txn)
-	m, err := plugins.New([]byte{}, "test", store, opts...)
+	m, err := plugins.New([]byte(`{"decision_logs": {"console": "true"}}`), "test", store, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -37,6 +57,22 @@ func TestAuthzServerWithWithOpts(module string, path string, addr string, opts .
 		return nil, err
 	}
 	m.Register(plugin.PluginName, internal.New(m, cfg))
+
+	//services := []string{"s1", "s3"}
+
+	m.Register("test_plugin", &testPlugin{})
+	config, err := logs.ParseConfig([]byte(`{"plugin": "test_plugin"}`), nil, []string{"test_plugin"})
+	//config, err := logs.ParseConfig([]byte(`{"plugin": "test_plugin", "console": "true",
+	//"decision_logs": {"console": "true",   "service": "s1"}}`), services, []string{"test_plugin"})
+
+	if err != nil {
+		return nil, err
+	}
+	config.ConsoleLogs = true
+
+	logPlugin := logs.New(config, m)
+	m.Register(logs.Name, logPlugin)
+
 	if err := m.Start(ctx); err != nil {
 		return nil, err
 	}