shell

command

v0.0.0-...-05145c8 Latest Latest Go to latest Published: Sep 23, 2022 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/abcxyz/lumberjack

Links

Open Source Insights

README ¶

Audit Logging Shell (Go)

The shell app located in test/shell is a basic HTTP server that emits an application audit log using the Lumberjack Go client.

The goal of this shell app is to provide a wrapper that uses our client for automated and manual testing.

Prerequisites:

Docker
Google Cloud SDK
Terraform (Note: Don't use the google3 version)
jq
Make sure you have the following permissions in the tycho.joonix.net org:
- Folder Editor
- Project Creator

Manual Steps

Authenticate to GCP:
```
gcloud auth login --update-adc
```

Find one of the existing test environments and change directory to that. E.g. $ROOT/terraform/envs/dev.

First, sanity check if you can run Terraform without any problem.

terraform plan

This should return without any error.

# The audit logging server URL.
export SERVER_URL=${$(terraform output -raw audit_log_server_url)#"https://"}:443
# The application project.
export APP_PROJECT=$(terraform output -json app_projects | jq -r '.[0]')
# The audit logging server project.
export SERVER_PROJECT=$(terraform output -raw server_project)

Execute the following steps from the Lumberjack Go client directory, where go.mod is located. Build and push the Shell app into a container:

docker buildx build \
  --file "test/shell/Dockerfile" \
  --tag "us-docker.pkg.dev/${APP_PROJECT}/images/logging-shell:${LDAP}" \
  --push \
  .

Deploy the Shell app to Cloud Run

gcloud run deploy ${LDAP}-logging-shell \
--image=us-docker.pkg.dev/${APP_PROJECT}/images/logging-shell:${LDAP} \
--memory=512Mi \
--region=us-west1 \
--project=${APP_PROJECT} \
--set-env-vars="AUDIT_CLIENT_FILTER_REGEX_PRINCIPAL_INCLUDE=.iam.gserviceaccount.com$,AUDIT_CLIENT_BACKEND_REMOTE_ADDRESS=${SERVER_URL}"

Create a log with a trace ID by triggering the deployed service:

export SHELL_APP_URL=$(gcloud run services describe ${LDAP}-logging-shell --platform managed --region us-west1 --format 'value(status.url)')
curl -H "Authorization: Bearer $(gcloud auth print-identity-token)" ${SHELL_APP_URL}/?trace_id=${ID_STRING}

View the audit log in BigQuery in project ${SERVER_PROJECT}.

Notes:

LDAP is your ldap used to avoid conflicts with other teammates.
ID_STRING can be any string to be used as trace id.

Documentation ¶

Overview ¶

Package main contains a minimal Cloud Run HTTP server that emits an application audit log using the audit client.

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL