Support permissions on extract audit script

conf-utils.rb

@@ -16,7 +16,7 @@ def extract_entity_interval(entity)
     return extract_interval ? "#{extract_interval}m" : ""
   end
   entity_interval_match = ENV['LOG_EXPORT_CONTAINER_EXTRACT_AUDIT'].to_s.match /#{entity}\/(\d+)/
-  interval = entity_interval_match ? entity_interval_match[1] : 480
+  interval = entity_interval_match ? entity_interval_match[1] : EXTRACT_ENTITY_LONG_INTERVAL
   "#{interval}m"
 end
 

create-conf.rb

@@ -7,10 +7,9 @@ def create_file
   File.open("#{ETC_DIR}/fluent.conf", "w") do |f|
     f.write(input_conf)
     f.write(monitoring_conf)
-    f.write(input_extract_audit_entities_conf("activities"))
-    f.write(input_extract_audit_entities_conf("resources"))
-    f.write(input_extract_audit_entities_conf("users"))
-    f.write(input_extract_audit_entities_conf("roles"))
+    AUDIT_ENTITY_TYPES.keys.each { |entity_name|
+      f.write(input_extract_audit_entities_conf(entity_name))
+    }
     f.write(default_classify_conf)
     f.write(custom_classify_conf)
     f.write(File.read("#{ETC_DIR}/process.conf"))

fluentd/scripts/dump_sdm_entities.rb

@@ -8,9 +8,12 @@
 AUDIT_ENTITY_TYPES = {
   "activities" => "activity",
   "resources" => "resource",
+  "permissions" => "permission",
   "users" => "user",
   "roles" => "role",
 }
+EXTRACT_ENTITY_LONG_INTERVAL = 480
+EXTRACT_ENTITY_SHORT_INTERVAL = 15
 
 def get_audit_rows(entity_name)
   if entity_name == "activities"
@@ -40,7 +43,7 @@ def extract_activities_interval
     return nil
   else
     interval_match = extract_entities&.match /activities\/+(\d+)/
-    interval = interval_match ? interval_match[1].to_i : 15
+    interval = interval_match ? interval_match[1].to_i : EXTRACT_ENTITY_SHORT_INTERVAL
   end
   interval
 end
@@ -88,7 +91,7 @@ def process_activity_stream(stdout)
 def parse_rows(rows, entity_name)
   parsed_rows = []
   rows.each do |row|
-    parsed_rows << parse_entity(row, AUDIT_ENTITY_TYPES[entity_name])
+    parsed_rows << parse_entity(row, entity_name)
   end
   parsed_rows
 end

test/test_fluent_conf.rb

@@ -137,21 +137,24 @@ def test_audit_when_activity_settings_overwrite_audit_settings
   end
 
   def test_audit_when_there_are_multiple_entities_to_get_the_logs
-    ENV['LOG_EXPORT_CONTAINER_EXTRACT_AUDIT'] = 'activities/10 resources/20 users/30 roles/40'
+    ENV['LOG_EXPORT_CONTAINER_EXTRACT_AUDIT'] = 'activities/10 resources/20 users/30 roles/40 permissions/50'
 
     actual_activities_conf = input_extract_audit_entities_conf("activities")
     actual_resources_conf = input_extract_audit_entities_conf("resources")
     actual_users_conf = input_extract_audit_entities_conf("users")
     actual_roles_conf = input_extract_audit_entities_conf("roles")
+    actual_permissions_conf = input_extract_audit_entities_conf("permissions")
     expected_activities_conf = entity_conf('activity', '10m', 'activities')
     expected_resources_conf = entity_conf("resource", "20m", "resources")
     expected_users_conf = entity_conf("user", "30m", "users")
     expected_roles_conf = entity_conf("role", "40m", "roles")
+    expected_permissions_conf = entity_conf("permission", "50m", "permissions")
 
     assert_equal(expected_activities_conf, actual_activities_conf)
     assert_equal(expected_resources_conf, actual_resources_conf)
     assert_equal(expected_users_conf, actual_users_conf)
     assert_equal(expected_roles_conf, actual_roles_conf)
+    assert_equal(expected_permissions_conf, actual_permissions_conf)
 
     fluent_conf = generate_fluent_conf('syslog-json', 'stdout')
     assert_includes(fluent_conf, input_conf)
@@ -162,21 +165,24 @@ def test_audit_when_there_are_multiple_entities_to_get_the_logs
   end
 
   def test_audit_when_all_intervals_are_empty
-    ENV['LOG_EXPORT_CONTAINER_EXTRACT_AUDIT'] = 'activities/ resources/ users/ roles/'
+    ENV['LOG_EXPORT_CONTAINER_EXTRACT_AUDIT'] = 'activities/ resources/ users/ roles/ permissions/'
 
     expected_activities_conf = entity_conf('activity', '15m', 'activities')
     expected_resources_conf = entity_conf("resource", "480m", "resources")
     expected_users_conf = entity_conf("user", "480m", "users")
     expected_roles_conf = entity_conf("role", "480m", "roles")
+    expected_permissions_conf = entity_conf("permission", "480m", "permissions")
     actual_activities_conf = input_extract_audit_entities_conf("activities")
     actual_resources_conf = input_extract_audit_entities_conf("resources")
     actual_users_conf = input_extract_audit_entities_conf("users")
     actual_roles_conf = input_extract_audit_entities_conf("roles")
+    actual_permissions_conf = input_extract_audit_entities_conf("permissions")
 
     assert_equal(expected_activities_conf, actual_activities_conf)
     assert_equal(expected_resources_conf, actual_resources_conf)
     assert_equal(expected_users_conf, actual_users_conf)
     assert_equal(expected_roles_conf, actual_roles_conf)
+    assert_equal(expected_permissions_conf, actual_permissions_conf)
 
     fluent_conf = generate_fluent_conf('syslog-json', 'stdout')
     assert_includes(fluent_conf, input_conf)