From 1950267e49f92234111b403f9053aa4b4518f67c Mon Sep 17 00:00:00 2001 From: ace-n Date: Tue, 16 Nov 2021 18:54:40 -0800 Subject: [PATCH 1/3] chore(functions/v2): address comments on CAL samples --- functions/v2/index.js | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/functions/v2/index.js b/functions/v2/index.js index ddebfc371a..f8713713c2 100644 --- a/functions/v2/index.js +++ b/functions/v2/index.js @@ -84,6 +84,19 @@ exports.helloAuditLog = cloudevent => { console.log('Caller IP:', metadata.callerIp); console.log('User agent:', metadata.callerSuppliedUserAgent); } + + const resource = cloudevent.data && cloudevent.data.resource; + if (resource) { + console.log('Resource type:', resource.type); + } + + const labels = resource && resource.labels; + if (labels) { + console.log('Labels'); + Object.keys(labels).map(label => { + console.log(` ${label}: ${labels[label]}`); + }); + } }; // [END functions_log_cloudevent] From 13b19714d09404945d299ae1a31a30e2a7def437 Mon Sep 17 00:00:00 2001 From: ace-n Date: Mon, 22 Nov 2021 12:37:27 -0800 Subject: [PATCH 2/3] Address comments --- functions/v2/index.js | 9 +++++++-- functions/v2/test/index.test.js | 10 +++++++++- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/functions/v2/index.js b/functions/v2/index.js index f8713713c2..641ad6a593 100644 --- a/functions/v2/index.js +++ b/functions/v2/index.js @@ -64,13 +64,18 @@ exports.helloGCS = cloudevent => { */ exports.helloAuditLog = cloudevent => { // Print out details from the CloudEvent itself - console.log('API method:', cloudevent.methodname); console.log('Event type:', cloudevent.type); + + // Print out the CloudEvent's `subject` property + // See https://github.com/cloudevents/spec/blob/v1.0.1/spec.md#subject console.log('Subject:', cloudevent.subject); - // Print out details from the Cloud Audit Logging entry + // Print out details from the `protoPayload` + // This field encapsulates a Cloud Audit Logging entry + // See https://cloud.google.com/logging/docs/audit#audit_log_entry_structure const payload = cloudevent.data && cloudevent.data.protoPayload; if (payload) { + console.log('API method:', payload.methodName); console.log('Resource name:', payload.resourceName); } diff --git a/functions/v2/test/index.test.js b/functions/v2/test/index.test.js index 312ec4100b..6a1fbfbf0c 100644 --- a/functions/v2/test/index.test.js +++ b/functions/v2/test/index.test.js @@ -145,12 +145,12 @@ describe('functions_log_cloudevent', () => { it('should process a CloudEvent', async () => { const event = { - methodname: 'storage.objects.write', type: 'google.cloud.audit.log.v1.written', subject: 'storage.googleapis.com/projects/_/buckets/my-bucket/objects/test.txt', data: { protoPayload: { + methodName: 'storage.objects.write', requestMetadata: { callerIp: '8.8.8.8', callerSuppliedUserAgent: 'example-user-agent', @@ -160,6 +160,12 @@ describe('functions_log_cloudevent', () => { }, resourceName: 'some-resource', }, + resource: { + type: 'some-type', + labels: { + bar: 'baz', + }, + }, }, }; const response = await invocation(PORT, event); @@ -181,6 +187,8 @@ describe('functions_log_cloudevent', () => { ); assert.match(output, /Caller IP: 8\.8\.8\.8/); assert.match(output, /User agent: example-user-agent/); + assert.match(output, /Resource type: some-type/); + assert.match(output, /bar: baz/); }); }); From 597ad6439a5013b5aa0e96a8ff85268cf1007c47 Mon Sep 17 00:00:00 2001 From: ace-n Date: Mon, 22 Nov 2021 13:41:12 -0800 Subject: [PATCH 3/3] Address Averi's comments --- functions/v2/index.js | 25 +------------------------ functions/v2/test/index.test.js | 23 +++-------------------- 2 files changed, 4 insertions(+), 44 deletions(-) diff --git a/functions/v2/index.js b/functions/v2/index.js index 641ad6a593..ba4ee5c8b9 100644 --- a/functions/v2/index.js +++ b/functions/v2/index.js @@ -77,30 +77,7 @@ exports.helloAuditLog = cloudevent => { if (payload) { console.log('API method:', payload.methodName); console.log('Resource name:', payload.resourceName); - } - - const request = payload.request; - if (request) { - console.log('Request type:', request['@type']); - } - - const metadata = payload && payload.requestMetadata; - if (metadata) { - console.log('Caller IP:', metadata.callerIp); - console.log('User agent:', metadata.callerSuppliedUserAgent); - } - - const resource = cloudevent.data && cloudevent.data.resource; - if (resource) { - console.log('Resource type:', resource.type); - } - - const labels = resource && resource.labels; - if (labels) { - console.log('Labels'); - Object.keys(labels).map(label => { - console.log(` ${label}: ${labels[label]}`); - }); + console.log('Principal:', payload.authenticationInfo.principalEmail); } }; // [END functions_log_cloudevent] diff --git a/functions/v2/test/index.test.js b/functions/v2/test/index.test.js index 6a1fbfbf0c..f97c459871 100644 --- a/functions/v2/test/index.test.js +++ b/functions/v2/test/index.test.js @@ -151,21 +151,11 @@ describe('functions_log_cloudevent', () => { data: { protoPayload: { methodName: 'storage.objects.write', - requestMetadata: { - callerIp: '8.8.8.8', - callerSuppliedUserAgent: 'example-user-agent', - }, - request: { - '@type': 'type.googleapis.com/storage.objects.write', + authenticationInfo: { + principalEmail: 'example@example.com', }, resourceName: 'some-resource', }, - resource: { - type: 'some-type', - labels: { - bar: 'baz', - }, - }, }, }; const response = await invocation(PORT, event); @@ -181,14 +171,7 @@ describe('functions_log_cloudevent', () => { /Subject: storage.googleapis.com\/projects\/_\/buckets\/my-bucket\/objects\/test\.txt/ ); assert.match(output, /Resource name: some-resource/); - assert.match( - output, - /Request type: type\.googleapis\.com\/storage\.objects.write/ - ); - assert.match(output, /Caller IP: 8\.8\.8\.8/); - assert.match(output, /User agent: example-user-agent/); - assert.match(output, /Resource type: some-type/); - assert.match(output, /bar: baz/); + assert.match(output, /Principal: example@example\.com/); }); });