Fix audit log format

main.go

@@ -189,9 +189,9 @@ func setup() {
 
 	// audit
 	viper.SetDefault(esEndPointEnv, "http://127.0.0.1:9200")
-	viper.SetDefault(esIndexPrefixEnv, "events-core")
-	viper.SetDefault(relayAuditESIndexPrefixEnv, "relay-audits")
-	viper.SetDefault(relayCommandESIndexPrefix, "relay-commands")
+	viper.SetDefault(esIndexPrefixEnv, "ralogs-system")
+	viper.SetDefault(relayAuditESIndexPrefixEnv, "ralogs-relay")
+	viper.SetDefault(relayCommandESIndexPrefix, "ralogs-prompt")
 	viper.SetDefault(auditFileEnv, "audit.log")
 
 	// cd relay

pkg/service/audit_log_query.go

@@ -36,10 +36,10 @@ func (a *AuditLogService) GetAuditLog(req *v1.AuditLogSearchRequest) (res *v1.Au
 
 func validateQueryString(queryString string) error {
 	if strings.Contains(queryString, "*") {
-		return fmt.Errorf("Sorry. '*' is not supported in search query")
+		return fmt.Errorf("'*' is not supported in search query")
 	}
 	if len(queryString) > 0 && len(queryString) < 3 {
-		return fmt.Errorf("Search string has to be atleast 3 characters")
+		return fmt.Errorf("search string has to be atleast 3 characters")
 	}
 	return nil
 }
@@ -48,13 +48,12 @@ func getPrjectIdFromUrlScope(urlScope string) (string, error) {
 	s := strings.Split(urlScope, "/")
 	if len(s) != 2 {
 		_log.Errorw("Unable to retrieve projectID from urlScope", "urlScope", urlScope)
-		return "", fmt.Errorf("Unable to retrieve projectID from urlScope")
+		return "", fmt.Errorf("unable to retrieve projectID from urlScope")
 	}
 	return s[1], nil
 }
 
 func (a *AuditLogService) GetAuditLogByProjects(req *v1.AuditLogSearchRequest) (res *v1.AuditLogSearchResponse, err error) {
-	// No embedding in golang/protoc (https://github.com/golang/protobuf/issues/192)
 	err = validateQueryString(req.GetFilter().QueryString)
 	if err != nil {
 		return nil, err
@@ -65,34 +64,33 @@ func (a *AuditLogService) GetAuditLogByProjects(req *v1.AuditLogSearchRequest) (
 	var buf bytes.Buffer
 	var r map[string]interface{}
 	query := map[string]interface{}{
-		"_source": true,
+		"_source": []string{"json"},
 		"size":    500,
 		"query": map[string]interface{}{
 			"bool": map[string]interface{}{
 				"must": []map[string]interface{}{
-					// Add org and partner filter once we have to support multi-org
 					{
 						"term": map[string]interface{}{
-							"category": "AUDIT",
+							"json.category": "AUDIT",
 						},
 					},
 				},
 			},
 		},
 		"sort": map[string]interface{}{
-			"timestamp": map[string]interface{}{
+			"json.timestamp": map[string]interface{}{
 				"order": "desc",
 			},
 		},
 		"aggs": map[string]interface{}{
 			"group_by_username": map[string]interface{}{
 				"terms": map[string]interface{}{
-					"field": "actor.account.username",
+					"field": "json.actor.account.username",
 				},
 			},
 			"group_by_type": map[string]interface{}{
 				"terms": map[string]interface{}{
-					"field": "type",
+					"field": "json.type",
 				},
 			},
 		},
@@ -103,19 +101,19 @@ func (a *AuditLogService) GetAuditLogByProjects(req *v1.AuditLogSearchRequest) (
 	if req.GetFilter().DashboardData {
 		agg["group_by_project"] = map[string]interface{}{
 			"terms": map[string]interface{}{
-				"field": "project_id",
+				"field": "json.project_id",
 				"size":  1000,
 			},
 			"aggs": map[string]interface{}{
 				"group_by_username": map[string]interface{}{
 					"terms": map[string]interface{}{
-						"field": "actor.account.username",
+						"field": "json.actor.account.username",
 						"size":  1000,
 					},
 				},
 				"group_by_type": map[string]interface{}{
 					"terms": map[string]interface{}{
-						"field": "type",
+						"field": "json.type",
 						"size":  1000,
 					},
 				},
@@ -136,7 +134,7 @@ func (a *AuditLogService) GetAuditLogByProjects(req *v1.AuditLogSearchRequest) (
 	if req.GetFilter().Timefrom != "" {
 		b["filter"] = map[string]interface{}{
 			"range": map[string]interface{}{
-				"timestamp": map[string]interface{}{
+				"json.timestamp": map[string]interface{}{
 					"gte": req.GetFilter().Timefrom,
 					"lt":  "now",
 				},
@@ -147,7 +145,7 @@ func (a *AuditLogService) GetAuditLogByProjects(req *v1.AuditLogSearchRequest) (
 	if req.GetFilter().Type != "" {
 		t := map[string]interface{}{
 			"term": map[string]interface{}{
-				"type": req.GetFilter().Type,
+				"json.type": req.GetFilter().Type,
 			},
 		}
 		m = append(m, t)
@@ -156,7 +154,7 @@ func (a *AuditLogService) GetAuditLogByProjects(req *v1.AuditLogSearchRequest) (
 	if req.GetFilter().User != "" {
 		t := map[string]interface{}{
 			"term": map[string]interface{}{
-				"actor.account.username": req.GetFilter().User,
+				"json.actor.account.username": req.GetFilter().User,
 			},
 		}
 		m = append(m, t)
@@ -165,7 +163,7 @@ func (a *AuditLogService) GetAuditLogByProjects(req *v1.AuditLogSearchRequest) (
 	if req.GetFilter().Client != "" {
 		t := map[string]interface{}{
 			"term": map[string]interface{}{
-				"client.type": req.GetFilter().Client,
+				"json.client.type": req.GetFilter().Client,
 			},
 		}
 		m = append(m, t)
@@ -174,7 +172,7 @@ func (a *AuditLogService) GetAuditLogByProjects(req *v1.AuditLogSearchRequest) (
 	if len(req.GetFilter().ProjectIds) > 0 {
 		t := map[string]interface{}{
 			"terms": map[string]interface{}{
-				"project_id": req.GetFilter().ProjectIds,
+				"json.project_id": req.GetFilter().ProjectIds,
 			},
 		}
 		m = append(m, t)

pkg/service/relay_audit_query.go

@@ -44,53 +44,53 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq
 	res = &v1.RelayAuditSearchResponse{}
 	//Handle defaults value
 	query := map[string]interface{}{
-		"_source": true,
+		"_source": []string{"json"},
 		"size":    500,
 		"query": map[string]interface{}{
 			"bool": map[string]interface{}{
 				"must": []map[string]interface{}{
 					{
 						"term": map[string]interface{}{
-							"o": oid,
+							"json.o": oid,
 						},
 					},
 					{
 						"term": map[string]interface{}{
-							"p": pid,
+							"json.p": pid,
 						},
 					},
 				},
 			},
 		},
 		"sort": map[string]interface{}{
-			"ts": map[string]interface{}{
+			"json.ts": map[string]interface{}{
 				"order": "desc",
 			},
 		},
 		"aggs": map[string]interface{}{
 			"group_by_username": map[string]interface{}{
 				"terms": map[string]interface{}{
-					"field": "un",
+					"field": "json.un",
 				},
 			},
 			"group_by_cluster": map[string]interface{}{
 				"terms": map[string]interface{}{
-					"field": "cn",
+					"field": "json.cn",
 				},
 			},
 			"group_by_namespace": map[string]interface{}{
 				"terms": map[string]interface{}{
-					"field": "ns",
+					"field": "json.ns",
 				},
 			},
 			"group_by_kind": map[string]interface{}{
 				"terms": map[string]interface{}{
-					"field": "k",
+					"field": "json.k",
 				},
 			},
 			"group_by_method": map[string]interface{}{
 				"terms": map[string]interface{}{
-					"field": "m",
+					"field": "json.m",
 				},
 			},
 		},
@@ -101,19 +101,19 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq
 	if req.GetFilter().DashboardData {
 		agg["group_by_cluster"] = map[string]interface{}{
 			"terms": map[string]interface{}{
-				"field": "cn",
+				"field": "json.cn",
 				"size":  1000,
 			},
 			"aggs": map[string]interface{}{
 				"group_by_username": map[string]interface{}{
 					"terms": map[string]interface{}{
-						"field": "un",
+						"field": "json.un",
 						"size":  1000,
 					},
 				},
 				"group_by_namespace": map[string]interface{}{
 					"terms": map[string]interface{}{
-						"field": "ns",
+						"field": "json.ns",
 						"size":  1000,
 					},
 				},
@@ -142,7 +142,7 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq
 	if req.Filter.Timefrom != "" {
 		b["filter"] = map[string]interface{}{
 			"range": map[string]interface{}{
-				"ts": map[string]interface{}{
+				"json.ts": map[string]interface{}{
 					"gte": req.Filter.Timefrom,
 					"lt":  "now",
 				},
@@ -153,7 +153,7 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq
 	if req.Filter.User != "" {
 		t := map[string]interface{}{
 			"term": map[string]interface{}{
-				"un": req.Filter.User,
+				"json.un": req.Filter.User,
 			},
 		}
 		m = append(m, t)
@@ -162,7 +162,7 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq
 	if req.Filter.Cluster != "" {
 		t := map[string]interface{}{
 			"term": map[string]interface{}{
-				"cn": req.Filter.Cluster,
+				"json.cn": req.Filter.Cluster,
 			},
 		}
 		m = append(m, t)
@@ -171,7 +171,7 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq
 	if req.Filter.Namespace != "" {
 		t := map[string]interface{}{
 			"term": map[string]interface{}{
-				"ns": req.Filter.Namespace,
+				"json.ns": req.Filter.Namespace,
 			},
 		}
 		m = append(m, t)
@@ -180,7 +180,7 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq
 	if req.Filter.Kind != "" {
 		t := map[string]interface{}{
 			"term": map[string]interface{}{
-				"k": req.Filter.Kind,
+				"json.k": req.Filter.Kind,
 			},
 		}
 		m = append(m, t)
@@ -189,7 +189,7 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq
 	if req.Filter.Method != "" {
 		t := map[string]interface{}{
 			"term": map[string]interface{}{
-				"m": req.Filter.Method,
+				"json.m": req.Filter.Method,
 			},
 		}
 		m = append(m, t)
@@ -201,7 +201,7 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq
 			req.Filter.ClusterNames != nil && len(req.Filter.ClusterNames) > 0 {
 			t := map[string]interface{}{
 				"terms": map[string]interface{}{
-					"cn": req.Filter.ClusterNames,
+					"json.cn": req.Filter.ClusterNames,
 				},
 			}
 			m = append(m, t)
@@ -209,7 +209,7 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq
 
 			t := map[string]interface{}{
 				"terms": map[string]interface{}{
-					"project_id": req.Filter.ProjectIds,
+					"json.project_id": req.Filter.ProjectIds,
 				},
 			}
 			m = append(m, t)