feat: ACNA-3271 - publish audit logs (#863)

Author: shazron

jest.config.js

@@ -27,7 +27,8 @@ module.exports = {
     global: {
       branches: 100,
       lines: 100,
-      statements: 100
+      statements: 100,
+      functions: 100
     }
   }
 }

package.json

@@ -6,13 +6,13 @@
   "bugs": "https://github.com/adobe/aio-cli-plugin-app/issues",
   "dependencies": {
     "@adobe/aio-cli-lib-app-config": "^4.0.3",
-    "@adobe/aio-cli-lib-console": "^5",
+    "@adobe/aio-cli-lib-console": "^5.0.3",
     "@adobe/aio-lib-core-config": "^5",
     "@adobe/aio-lib-core-logging": "^3",
     "@adobe/aio-lib-core-networking": "^5",
     "@adobe/aio-lib-env": "^3",
     "@adobe/aio-lib-ims": "^7",
-    "@adobe/aio-lib-runtime": "^7.1.0",
+    "@adobe/aio-lib-runtime": "^7.1.2",
     "@adobe/aio-lib-templates": "^3",
     "@adobe/aio-lib-web": "^7",
     "@adobe/generator-aio-app": "^9",

src/commands/app/config/get/log-forwarding.js

@@ -11,10 +11,16 @@ governing permissions and limitations under the License.
 
 const BaseCommand = require('../../../../BaseCommand')
 const LogForwarding = require('../../../../lib/log-forwarding')
+const { setRuntimeApiHostAndAuthHandler } = require('../../../../lib/auth-helper')
 
 class LogForwardingCommand extends BaseCommand {
   async run () {
-    const lf = await LogForwarding.init((await this.getFullConfig()).aio)
+    let aioConfig = (await this.getFullConfig()).aio
+    // TODO: remove this check once the deploy service is enabled by default
+    if (process.env.IS_DEPLOY_SERVICE_ENABLED === 'true') {
+      aioConfig = setRuntimeApiHostAndAuthHandler(aioConfig)
+    }
+    const lf = await LogForwarding.init(aioConfig)
 
     const localConfig = lf.getLocalConfig()
     const serverConfig = await lf.getServerConfig()

src/commands/app/config/get/log-forwarding/errors.js

@@ -12,6 +12,7 @@ governing permissions and limitations under the License.
 const BaseCommand = require('../../../../../BaseCommand')
 const rtLib = require('@adobe/aio-lib-runtime')
 const ora = require('ora')
+const { setRuntimeApiHostAndAuthHandler } = require('../../../../../lib/auth-helper')
 
 class ErrorsCommand extends BaseCommand {
   async run () {
@@ -30,7 +31,13 @@ class ErrorsCommand extends BaseCommand {
   }
 
   async getLogForwarding () {
-    const runtimeConfig = (await this.getFullConfig()).aio.runtime
+    let aioConfig = (await this.getFullConfig()).aio
+    // TODO: remove this check once the deploy service is enabled by default
+    if (process.env.IS_DEPLOY_SERVICE_ENABLED === 'true') {
+      aioConfig = setRuntimeApiHostAndAuthHandler(aioConfig)
+    }
+
+    const runtimeConfig = aioConfig.runtime
     rtLib.utils.checkOpenWhiskCredentials({ ow: runtimeConfig })
     const rt = await rtLib.init({
       ...runtimeConfig,

src/commands/app/deploy.js

@@ -18,10 +18,10 @@ const BaseCommand = require('../../BaseCommand')
 const BuildCommand = require('./build')
 const webLib = require('@adobe/aio-lib-web')
 const { Flags } = require('@oclif/core')
-const { runInProcess, buildExtensionPointPayloadWoMetadata, buildExcShellViewExtensionMetadata, getCliInfo } = require('../../lib/app-helper')
+const { runInProcess, buildExtensionPointPayloadWoMetadata, buildExcShellViewExtensionMetadata, getCliInfo, getFilesCountWithExtension } = require('../../lib/app-helper')
 const rtLib = require('@adobe/aio-lib-runtime')
 const LogForwarding = require('../../lib/log-forwarding')
-const { sendAuditLogs, getAuditLogEvent, getFilesCountWithExtension } = require('../../lib/audit-logger')
+const { sendAppAssetsDeployedAuditLog, sendAppDeployAuditLog } = require('../../lib/audit-logger')
 const { setRuntimeApiHostAndAuthHandler } = require('../../lib/auth-helper')
 const logActions = require('../../lib/log-actions')
 
@@ -53,15 +53,43 @@ class Deploy extends BuildCommand {
     const spinner = ora()
 
     try {
-      const aioConfig = (await this.getFullConfig()).aio
+      const { aio: aioConfig, packagejson: packageJson } = await this.getFullConfig()
       const cliDetails = await getCliInfo(flags.publish)
+      const appInfo = {
+        name: packageJson.name,
+        version: packageJson.version,
+        project: aioConfig?.project,
+        runtimeNamespace: aioConfig?.runtime?.namespace
+      }
+
+      if (cliDetails?.accessToken) {
+        try {
+          // send audit log at start (don't wait for deployment to finish)
+          await sendAppDeployAuditLog({
+            accessToken: cliDetails?.accessToken,
+            cliCommandFlags: flags,
+            appInfo,
+            env: cliDetails.env
+          })
+        } catch (error) {
+          if (flags.verbose) {
+            this.warn('Error: Audit Log Service Error: Failed to send audit log event for deployment.')
+            this.warn(error.message)
+          }
+        }
+      }
 
       // 1. update log forwarding configuration
       // note: it is possible that .aio file does not exist, which means there is no local lg config
       if (aioConfig?.project?.workspace && flags['log-forwarding-update'] && flags.actions) {
         spinner.start('Updating log forwarding configuration')
         try {
-          const lf = await LogForwarding.init(aioConfig)
+          let lfConfig = aioConfig
+          if (process.env.IS_DEPLOY_SERVICE_ENABLED === 'true') {
+            lfConfig = setRuntimeApiHostAndAuthHandler(aioConfig)
+          }
+
+          const lf = await LogForwarding.init(lfConfig)
           if (lf.isLocalConfigChanged()) {
             const lfConfig = lf.getLocalConfigWithSecrets()
             if (lfConfig.isDefined()) {
@@ -101,22 +129,24 @@ class Deploy extends BuildCommand {
       // - break into smaller pieces deploy, allowing to first deploy all actions then all web assets
       for (let i = 0; i < keys.length; ++i) {
         const k = keys[i]
-        const v = setRuntimeApiHostAndAuthHandler(values[i])
+        const v = process.env.IS_DEPLOY_SERVICE_ENABLED === 'true' ? setRuntimeApiHostAndAuthHandler(values[i]) : values[i]
 
         await this.deploySingleConfig(k, v, flags, spinner)
-        if (v.app.hasFrontend && flags['web-assets']) {
+        if (cliDetails?.accessToken && v.app.hasFrontend && flags['web-assets']) {
           const opItems = getFilesCountWithExtension(v.web.distProd)
-          const assetDeployedLogEvent = getAuditLogEvent(flags, aioConfig.project, 'AB_APP_ASSETS_DEPLOYED')
-          if (assetDeployedLogEvent && cliDetails?.accessToken) {
-            assetDeployedLogEvent.data.opItems = opItems
-            try {
-              // only send logs in case of web-assets deployment
-              await sendAuditLogs(cliDetails.accessToken, assetDeployedLogEvent, cliDetails.env)
-            } catch (error) {
-              if (flags.verbose) {
-                this.warn('Error: Audit Log Service Error: Failed to send audit log event for deployment.')
-                this.warn(error.message)
-              }
+          try {
+            // only send logs in case of web-assets deployment
+            await sendAppAssetsDeployedAuditLog({
+              accessToken: cliDetails?.accessToken,
+              cliCommandFlags: flags,
+              opItems,
+              appInfo,
+              env: cliDetails.env
+            })
+          } catch (error) {
+            if (flags.verbose) {
+              this.warn('Error: Audit Log Service Error: Failed to send audit log event for deployment.')
+              this.warn(error.message)
             }
           }
         }

src/commands/app/undeploy.js

@@ -19,7 +19,7 @@ const BaseCommand = require('../../BaseCommand')
 const webLib = require('@adobe/aio-lib-web')
 const { runInProcess, buildExtensionPointPayloadWoMetadata, getCliInfo } = require('../../lib/app-helper')
 const rtLib = require('@adobe/aio-lib-runtime')
-const { sendAuditLogs, getAuditLogEvent } = require('../../lib/audit-logger')
+const { sendAppAssetsUndeployedAuditLog, sendAppUndeployAuditLog } = require('../../lib/audit-logger')
 const { setRuntimeApiHostAndAuthHandler } = require('../../lib/auth-helper')
 
 class Undeploy extends BaseCommand {
@@ -51,20 +51,47 @@ class Undeploy extends BaseCommand {
 
     const spinner = ora()
     try {
-      const aioConfig = (await this.getFullConfig()).aio
+      const { aio: aioConfig, packagejson: packageJson } = await this.getFullConfig()
       const cliDetails = await getCliInfo(flags.unpublish)
+      const appInfo = {
+        name: packageJson.name,
+        version: packageJson.version,
+        project: aioConfig?.project,
+        runtimeNamespace: aioConfig?.runtime?.namespace
+      }
+
+      if (cliDetails?.accessToken) {
+        try {
+          // send audit log at start (don't wait for deployment to finish)
+          await sendAppUndeployAuditLog({
+            accessToken: cliDetails?.accessToken,
+            cliCommandFlags: flags,
+            appInfo,
+            env: cliDetails.env
+          })
+        } catch (error) {
+          if (flags.verbose) {
+            this.warn('Error: Audit Log Service Error: Failed to send audit log event for deployment.')
+            this.warn(error.message)
+          }
+        }
+      }
 
       for (let i = 0; i < keys.length; ++i) {
         const k = keys[i]
         // TODO: remove this check once the deploy service is enabled by default
         const v = process.env.IS_DEPLOY_SERVICE_ENABLED === 'true' ? setRuntimeApiHostAndAuthHandler(values[i]) : values[i]
 
         await this.undeployOneExt(k, v, flags, spinner)
-        const assetUndeployLogEvent = getAuditLogEvent(flags, aioConfig.project, 'AB_APP_ASSETS_UNDEPLOYED')
-        // send logs for case of web-assets undeployment
-        if (assetUndeployLogEvent && cliDetails?.accessToken) {
+        if (cliDetails?.accessToken) {
+          // send logs for case of web-assets undeployment
           try {
-            await sendAuditLogs(cliDetails.accessToken, assetUndeployLogEvent, cliDetails.env)
+            await sendAppAssetsUndeployedAuditLog({
+              accessToken: cliDetails?.accessToken,
+              cliCommandFlags: flags,
+              appInfo,
+              env: cliDetails.env
+            })
           } catch (error) {
             this.warn('Warning: Audit Log Service Error: Failed to send audit log event for un-deployment.')
           }

src/lib/app-helper.js

@@ -11,7 +11,7 @@ governing permissions and limitations under the License.
 
 const execa = require('execa')
 const fs = require('fs-extra')
-const path = require('path')
+const path = require('node:path')
 const which = require('which')
 const aioLogger = require('@adobe/aio-lib-core-logging')('@adobe/aio-cli-plugin-app:lib-app-helper', { provider: 'debug' })
 const { getToken, context } = require('@adobe/aio-lib-ims')
@@ -473,6 +473,67 @@ function getObjectValue (obj, key) {
   return keys.filter(o => o.trim()).reduce((o, i) => o && getObjectProp(o, i), obj)
 }
 
+/**
+ * Counts files by extension in a directory
+ *
+ * @param {string} directory Path to assets directory
+ * @returns {Array<string>} Array of formatted log messages
+ */
+function getFilesCountWithExtension (directory) {
+  const log = []
+
+  if (!fs.existsSync(directory)) {
+    throw new Error(`Error: Directory ${directory} does not exist.`)
+  }
+
+  const files = fs.readdirSync(directory, { recursive: true })
+  if (files.length === 0) {
+    throw new Error(`Error: No files found in directory ${directory}.`)
+  }
+
+  const fileTypeCounts = {}
+  files.forEach(file => {
+    const ext = path.extname(file).toLowerCase() || 'no extension'
+    if (fileTypeCounts[ext]) {
+      fileTypeCounts[ext]++
+    } else {
+      fileTypeCounts[ext] = 1
+    }
+  })
+
+  Object.keys(fileTypeCounts).forEach(ext => {
+    const count = fileTypeCounts[ext]
+    let description
+    switch (ext) {
+      case '.js':
+        description = 'Javascript file(s)'
+        break
+      case '.css':
+        description = 'CSS file(s)'
+        break
+      case '.html':
+        description = 'HTML page(s)'
+        break
+      case '.png':
+      case '.jpg':
+      case '.jpeg':
+      case '.gif':
+      case '.svg':
+      case '.webp':
+        description = `${ext} image(s)`
+        break
+      case 'no extension':
+        description = 'file(s) without extension'
+        break
+      default:
+        description = `${ext} file(s)`
+    }
+    log.push(`${count} ${description}\n`)
+  })
+
+  return log
+}
+
 module.exports = {
   getObjectValue,
   getObjectProp,
@@ -496,5 +557,6 @@ module.exports = {
   buildExtensionPointPayloadWoMetadata,
   buildExcShellViewExtensionMetadata,
   atLeastOne,
-  deleteUserConfig
+  deleteUserConfig,
+  getFilesCountWithExtension
 }