Initial request audit log.

author: dcherednik <dcherednik@ydb.tech> 2022-09-13 12:50:21 +0300
committer: dcherednik <dcherednik@ydb.tech> 2022-09-13 12:50:21 +0300
commit: d55bf2da5905e760fbe41063fd52b687e81f61c7 (patch)
tree: c86cbbf8ccd99c9a0e0b5b15053db7b5d86d9da2
parent: cee4a99ba93f21e3d30b5f1d58c84ab6ca41981b (diff)
download: ydb-d55bf2da5905e760fbe41063fd52b687e81f61c7.tar.gz
4 files changed, 42 insertions, 0 deletions
diff --git a/ydb/core/grpc_services/CMakeLists.txt b/ydb/core/grpc_services/CMakeLists.txt
index 101924bb385..3f6915a98af 100644
--- a/ydb/core/grpc_services/CMakeLists.txt
+++ b/ydb/core/grpc_services/CMakeLists.txt
@@ -53,6 +53,7 @@ target_link_libraries(ydb-core-grpc_services PUBLIC
   cpp-client-resources
 )
 target_sources(ydb-core-grpc_services PRIVATE
+  ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/audit_log.cpp
   ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/grpc_endpoint_publish_actor.cpp
   ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/grpc_helper.cpp
   ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/grpc_mon.cpp
diff --git a/ydb/core/grpc_services/audit_log.cpp b/ydb/core/grpc_services/audit_log.cpp
new file mode 100644
index 00000000000..8d353d0517f
--- /dev/null
+++ b/ydb/core/grpc_services/audit_log.cpp
@@ -0,0 +1,21 @@
+#include "defs.h"
+#include "audit_log.h"
+
+#include "base/base.h"
+
+namespace NKikimr {
+namespace NGRpcService {
+
+void AuditLog(const IRequestProxyCtx* reqCtx, const TString& database,
+              const TString& subject, const TActorContext& ctx)
+{
+    LOG_NOTICE_S(ctx, NKikimrServices::GRPC_SERVER, "AUDIT: "
+        << "request name: " << reqCtx->GetRequestName()
+        << ", database: " << database
+        << ", peer: " << reqCtx->GetPeerName()
+        << ", subject: " << subject);
+}
+
+}
+}
+
diff --git a/ydb/core/grpc_services/audit_log.h b/ydb/core/grpc_services/audit_log.h
new file mode 100644
index 00000000000..47742db4ee7
--- /dev/null
+++ b/ydb/core/grpc_services/audit_log.h
@@ -0,0 +1,12 @@
+#pragma once
+
+namespace NKikimr {
+namespace NGRpcService {
+
+class IRequestProxyCtx;
+
+void AuditLog(const IRequestProxyCtx* reqCtx, const TString& database,
+              const TString& subject, const TActorContext& ctx);
+
+}
+}
diff --git a/ydb/core/grpc_services/grpc_request_check_actor.h b/ydb/core/grpc_services/grpc_request_check_actor.h
index e073ea2677c..89dd8dc6139 100644
--- a/ydb/core/grpc_services/grpc_request_check_actor.h
+++ b/ydb/core/grpc_services/grpc_request_check_actor.h
@@ -1,5 +1,6 @@
 #pragma once
 #include "defs.h"
+#include "audit_log.h"
 #include "service_ratelimiter_events.h"
 #include "local_rate_limiter.h"
 #include "operation_helpers.h"
@@ -110,6 +111,8 @@ public:
             }
         }
 
+        AuditLog(GrpcRequestBaseCtx_, CheckedDatabaseName_, GetSubject(), ctx);
+
         // Simple rps limitation
         static NRpcService::TRlConfig rpsRlConfig(
             "serverless_rt_coordination_node_path",
@@ -207,6 +210,11 @@ public:
     }
 
 private:
+    TString GetSubject() const {
+        const auto sid = TBase::GetUserSID();
+        return sid ? sid : "no subject";
+    }
+
     static NYql::TIssues GetRlIssues(const Ydb::RateLimiter::AcquireResourceResponse& resp) {
         NYql::TIssues opIssues;
         NYql::IssuesFromMessage(resp.operation().issues(), opIssues);
author	dcherednik <dcherednik@ydb.tech>	2022-09-13 12:50:21 +0300
committer	dcherednik <dcherednik@ydb.tech>	2022-09-13 12:50:21 +0300
commit	d55bf2da5905e760fbe41063fd52b687e81f61c7 (patch)
tree	c86cbbf8ccd99c9a0e0b5b15053db7b5d86d9da2
parent	cee4a99ba93f21e3d30b5f1d58c84ab6ca41981b (diff)
download	ydb-d55bf2da5905e760fbe41063fd52b687e81f61c7.tar.gz