diff --git a/internal/internal.go b/internal/internal.go index 1b5b46a6d..ef75fb163 100644 --- a/internal/internal.go +++ b/internal/internal.go @@ -527,16 +527,6 @@ func (p *envoyExtAuthzGrpcServer) log(ctx context.Context, input interface{}, re info.SpanID = sctx.SpanID().String() } - p.manager.Logger().WithFields(map[string]interface{}{ - "query": p.cfg.parsedQuery.String(), - "dry-run": p.cfg.DryRun, - "decision": result.Decision, - "err": err, - "txn": result.TxnID, - "metrics": result.Metrics.All(), - "traceid": info.TraceID, - }).Error("Testing traceid population in decision log in opa envoy.") - if result.NDBuiltinCache != nil { x, err := ast.JSON(result.NDBuiltinCache.AsValue()) if err != nil { diff --git a/test/e2e/distributedtracing/distributedtracing_test.go b/test/e2e/distributedtracing/distributedtracing_test.go index 4e7fa0288..903c57c82 100644 --- a/test/e2e/distributedtracing/distributedtracing_test.go +++ b/test/e2e/distributedtracing/distributedtracing_test.go @@ -12,6 +12,7 @@ import ( ext_authz "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3" "github.com/open-policy-agent/opa-envoy-plugin/test/e2e" + "github.com/open-policy-agent/opa/logging/test" "github.com/open-policy-agent/opa/plugins" "github.com/open-policy-agent/opa/tracing" "github.com/open-policy-agent/opa/util" @@ -24,6 +25,7 @@ import ( ) var spanExporter *tracetest.InMemoryExporter +var consoleLogger *test.Logger const exampleRequest = `{ "attributes": { @@ -70,6 +72,8 @@ func TestMain(m *testing.M) { tracing.RegisterHTTPTracing(&factory{}) spanExporter = tracetest.NewInMemoryExporter() tracerProvider := trace.NewTracerProvider(trace.WithSpanProcessor(trace.NewSimpleSpanProcessor(spanExporter))) + consoleLogger = test.New() + count := 0 countMutex := sync.Mutex{} ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { @@ -88,7 +92,7 @@ func TestMain(m *testing.M) { resp.body.count == 1 }` module := fmt.Sprintf(moduleFmt, ts.URL) - pluginsManager, err := e2e.TestAuthzServerWithWithOpts(module, "envoy/authz/allow", ":9191", plugins.WithTracerProvider(tracerProvider)) + pluginsManager, err := e2e.TestAuthzServerWithWithOpts(module, "envoy/authz/allow", ":9191", plugins.WithTracerProvider(tracerProvider), plugins.ConsoleLogger(consoleLogger)) if err != nil { log.Fatal(err) } @@ -147,5 +151,52 @@ func TestServerSpan(t *testing.T) { if got, expected := spans[0].Parent.SpanID(), parentSpanID; got != expected { t.Errorf("expected span to be child of %v, got parent %v", expected, got) } + + var entry test.LogEntry + var found bool + + for _, entry = range consoleLogger.Entries() { + t.Log(entry.Message) + if entry.Message == "Decision Log" { + found = true + } + } + + if !found { + t.Fatalf("Did not find 'Decision Log' event in captured log entries") + } + // Check for some important fields + expectedFields := map[string]*struct { + found bool + match func(*testing.T, string) + }{ + "labels": {}, + "decision_id": {}, + "trace_id": {}, + "span_id": {}, + "result": {}, + "timestamp": {}, + "type": {match: func(t *testing.T, actual string) { + if actual != "openpolicyagent.org/decision_logs" { + t.Fatalf("Expected field 'type' to be 'openpolicyagent.org/decision_logs'") + } + }}, + } + + // Ensure expected fields exist + for fieldName, rawField := range entry.Fields { + if fd, ok := expectedFields[fieldName]; ok { + if fieldValue, ok := rawField.(string); ok && fd.match != nil { + fd.match(t, fieldValue) + } + fd.found = true + } + } + + for field, fd := range expectedFields { + if !fd.found { + t.Errorf("Missing expected field in decision log: %s\n\nEntry: %+v\n\n", field, entry) + } + } }) } diff --git a/test/e2e/testing.go b/test/e2e/testing.go index 166a84e6c..44d627eb4 100644 --- a/test/e2e/testing.go +++ b/test/e2e/testing.go @@ -8,10 +8,30 @@ import ( "github.com/open-policy-agent/opa-envoy-plugin/internal" "github.com/open-policy-agent/opa-envoy-plugin/plugin" "github.com/open-policy-agent/opa/plugins" + "github.com/open-policy-agent/opa/plugins/logs" "github.com/open-policy-agent/opa/storage" "github.com/open-policy-agent/opa/storage/inmem" ) +type testPlugin struct { + events []logs.EventV1 +} + +func (*testPlugin) Start(context.Context) error { + return nil +} + +func (*testPlugin) Stop(context.Context) { +} + +func (*testPlugin) Reconfigure(context.Context, interface{}) { +} + +func (p *testPlugin) Log(_ context.Context, event logs.EventV1) error { + p.events = append(p.events, event) + return nil +} + // TestAuthzServerWithWithOpts creates a new AuthzServer // that implements the Envoy ext_authz API. Options for // plugins.Manager can/should be customized for the test case. @@ -21,7 +41,7 @@ func TestAuthzServerWithWithOpts(module string, path string, addr string, opts . txn := storage.NewTransactionOrDie(ctx, store, storage.WriteParams) store.UpsertPolicy(ctx, txn, "example.rego", []byte(module)) store.Commit(ctx, txn) - m, err := plugins.New([]byte{}, "test", store, opts...) + m, err := plugins.New([]byte(`{"decision_logs": {"console": "true"}}`), "test", store, opts...) if err != nil { return nil, err } @@ -37,6 +57,22 @@ func TestAuthzServerWithWithOpts(module string, path string, addr string, opts . return nil, err } m.Register(plugin.PluginName, internal.New(m, cfg)) + + //services := []string{"s1", "s3"} + + m.Register("test_plugin", &testPlugin{}) + config, err := logs.ParseConfig([]byte(`{"plugin": "test_plugin"}`), nil, []string{"test_plugin"}) + //config, err := logs.ParseConfig([]byte(`{"plugin": "test_plugin", "console": "true", + //"decision_logs": {"console": "true", "service": "s1"}}`), services, []string{"test_plugin"}) + + if err != nil { + return nil, err + } + config.ConsoleLogs = true + + logPlugin := logs.New(config, m) + m.Register(logs.Name, logPlugin) + if err := m.Start(ctx); err != nil { return nil, err }