Central audit logging

[dcseifert]

Kelon should have the possibility to enable central audit logging of each decision and its context. A possible audit log entry might look like this:

[
    {
        "labels": {
            "app": "my-example-app",
            "version": "v0.13.5"
        },
        "decision_id": "4ca636c1-55e4-417a-b1d8-4aceb67960d1",
        "datastore": {
            "alias": "postgres",
            "host": "localhost",
            "database": "int"
        },
        "package": "articles",
        "input": {
            "method": "GET",
            "path": "/salary/bob",
            "accessor": {
                "configuredFieldA": "value",
                "configuredFieldB": "value"
            },
            "body": {
                "aRequestBodyField": ""
            }
        },
        "decision": "ALLOW|DENY|ERROR",
        "error": "",
        "requested_by": "[::1]:59943",
        "timestamp": "2018-01-01T00:00:00.000000Z"
    }
]

Audit logging endpoints might be a local file or a HTTP-Endpoint like i.e. FluentBit.

Configuration hints

Audit logging itself should be configurable on kelon itself as an flag/envar which represents an enum:

• NONE (default)
• FILE
• HTTP

If one of (FILE/HTTP) is selected, following configs inside the kelon.yml might be possible:

configs:
  audit:
    file:
      path: <path to audit file directory>
      rotation:
        max-age: <max age of a log file (i.e.) 24h>
    http:
      host: <target host>
      port: <target port>
  labels:
    app: Kelon
    region: europe-west3
    environment: development
...