CSS-4838 Audit Log improvements

api/params/params.go

@@ -100,32 +100,32 @@ type AuditEvent struct {
 	MessageId uint64 `json:"message-id" yaml:"message-id"`
 
 	// FacadeName contains the request facade name.
-	FacadeName string `json:"facade-name" yaml:"facade-name"`
+	FacadeName string `json:"facade-name,omitempty" yaml:"facade-name,omitempty"`
 
 	// FacadeMethod contains the specific method to be executed on the facade.
-	FacadeMethod string `json:"facade-method" yaml:"facade-method"`
+	FacadeMethod string `json:"facade-method,omitempty" yaml:"facade-method,omitempty"`
 
 	// FacadeVersion contains the requested version for the facade method.
-	FacadeVersion int `json:"facade-version" yaml:"facade-version"`
+	FacadeVersion int `json:"facade-version,omitempty" yaml:"facade-version,omitempty"`
 
 	// ObjectId contains the object id to act on, only used by certain facades.
-	ObjectId string `json:"object-id" yaml:"object-id"`
+	ObjectId string `json:"object-id,omitempty" yaml:"object-id,omitempty"`
 
 	// UserTag contains the user tag of authenticated user that performed
 	// the action.
-	UserTag string `json:"user-tag" yaml:"user-tag"`
+	UserTag string `json:"user-tag,omitempty" yaml:"user-tag,omitempty"`
 
 	// Model contains the name of the model the event was performed against.
-	Model string `json:"model" yaml:"model"`
+	Model string `json:"model,omitempty" yaml:"model,omitempty"`
 
 	// IsResponse indicates whether the message is a request/response.
 	IsResponse bool `json:"is-response" yaml:"is-response"`
 
 	// Params contains client request parameters.
-	Params map[string]any `json:"params" yaml:"params"`
+	Params map[string]any `json:"params,omitempty" yaml:"params,omitempty"`
 
 	// Errors contains error info received from the controller.
-	Errors map[string]any `json:"error" yaml:"errors"`
+	Errors map[string]any `json:"error,omitempty" yaml:"errors,omitempty"`
 }
 
 // An AuditEvents contains events from the audit log.

cmd/jimmctl/cmd/listauditevents.go

@@ -71,7 +71,7 @@ func (c *listAuditEventsCommand) SetFlags(f *gnuflag.FlagSet) {
 	f.StringVar(&c.args.UserTag, "user-tag", "", "display events performed by authenticated user")
 	f.StringVar(&c.args.Method, "method", "", "display events for a specific method call")
 	f.StringVar(&c.args.Model, "model", "", "display events for a specific model (model name is controller/model)")
-	f.IntVar(&c.args.Limit, "offset", 0, "offset the set of returned audit events")
+	f.IntVar(&c.args.Offset, "offset", 0, "offset the set of returned audit events")
 	f.IntVar(&c.args.Limit, "limit", 0, "limit the maximum number of returned audit events")
 	f.BoolVar(&c.args.SortTime, "reverse", false, "reverse the order of logs, showing the most recent first")
 

cmd/jimmctl/cmd/listauditevents_test.go

@@ -37,24 +37,18 @@ func (s *listAuditEventsSuite) TestListAuditEventsSuperuser(c *gc.C) {
   facade-name: Admin
   facade-method: Login
   facade-version: \d
-  object-id: ""
   user-tag: user-
-  model: ""
   is-response: false
   params:
     params: redacted
-  errors: .*
 - time: .*
   conversation-id: .*
   message-id: 1
   facade-name: Admin
   facade-method: Login
   facade-version: \d
-  object-id: ""
   user-tag: user-
-  model: ""
   is-response: true
-  params: {}
   errors:
     results:
     - error:

cmd/jimmctl/cmd/purge_logs.go

@@ -25,7 +25,9 @@ const purgeLogsDoc = `
 
 // NewPurgeLogsCommand returns a command to purge logs.
 func NewPurgeLogsCommand() cmd.Command {
-	cmd := &purgeLogsCommand{}
+	cmd := &purgeLogsCommand{
+		store: jujuclient.NewFileClientStore(),
+	}
 	return modelcmd.WrapBase(cmd)
 }
 

internal/jimm/audit_log.go

@@ -26,9 +26,9 @@ type DbAuditLogger struct {
 	getUser        func() names.UserTag
 }
 
-// newConversationID generates a unique ID that is used for the
+// NewConversationID generates a unique ID that is used for the
 // lifetime of a websocket connection.
-func newConversationID() string {
+func NewConversationID() string {
 	buf := make([]byte, 8)
 	rand.Read(buf) // Can't fail
 	return hex.EncodeToString(buf)
@@ -38,7 +38,7 @@ func newConversationID() string {
 func NewDbAuditLogger(j *JIMM, getUserFunc func() names.UserTag) DbAuditLogger {
 	logger := DbAuditLogger{
 		jimm:           j,
-		conversationId: newConversationID(),
+		conversationId: NewConversationID(),
 		getUser:        getUserFunc,
 	}
 	return logger
@@ -112,7 +112,7 @@ type recorder struct {
 func NewRecorder(logger DbAuditLogger) recorder {
 	return recorder{
 		start:          time.Now(),
-		conversationId: newConversationID(),
+		conversationId: NewConversationID(),
 		logger:         logger,
 	}
 }
@@ -166,11 +166,11 @@ func (a *auditLogCleanupService) Start(ctx context.Context) {
 // from the service's context. It calculates the poll duration at 9am each day
 // UTC.
 func (a *auditLogCleanupService) poll(ctx context.Context) {
-	retentionDate := time.Now().AddDate(0, 0, -(a.auditLogRetentionPeriodInDays))
 
 	for {
 		select {
 		case <-time.After(calculateNextPollDuration(time.Now().UTC())):
+			retentionDate := time.Now().AddDate(0, 0, -(a.auditLogRetentionPeriodInDays))
 			deleted, err := a.db.DeleteAuditLogsBefore(ctx, retentionDate)
 			if err != nil {
 				zapctx.Error(ctx, "failed to cleanup audit logs", zap.Error(err))

internal/rpc/proxy.go

@@ -17,6 +17,7 @@ import (
 	"github.com/canonical/jimm/internal/auth"
 	"github.com/canonical/jimm/internal/dbmodel"
 	"github.com/canonical/jimm/internal/errors"
+	"github.com/canonical/jimm/internal/jimm"
 )
 
 // TokenGenerator authenticates a user and generates a JWT token.
@@ -459,10 +460,11 @@ func ProxySockets(ctx context.Context, helpers ProxyHelpers) error {
 	// after the first message has been received so that any errors can be properly sent back to the client.
 	clProxy := clientProxy{
 		modelProxy: modelProxy{
-			src:      &client,
-			msgs:     &msgInFlight,
-			tokenGen: helpers.TokenGen,
-			auditLog: helpers.AuditLog,
+			src:            &client,
+			msgs:           &msgInFlight,
+			tokenGen:       helpers.TokenGen,
+			auditLog:       helpers.AuditLog,
+			conversationId: jimm.NewConversationID(),
 		},
 		errChan:              errChan,
 		createControllerConn: helpers.ConnectController,