chore(functions): move helloAuditLogging to separate directory (GoogleCloudPlatform#2611)

Ace Nassri · web-flow · commit c1370e339aa6 · 2022-04-25T19:59:51.000-04:00
* chore(functions): move helloAuditLogging to separate directory

* html -&gt; yaml

* Remove e2e-test

* Fix lint
diff --git a/.github/workflows/functions-v2-helloauditlog.yaml b/.github/workflows/functions-v2-helloauditlog.yaml
@@ -0,0 +1,66 @@
+name: functions-v2-helloauditlog
+on:
+  push:
+    branches:
+    - main
+    paths:
+    - 'functions/v2/helloAuditLog/**'
+  pull_request:
+    paths:
+    - 'functions/v2/helloAuditLog/**'
+  pull_request_target:
+    types: [labeled]
+  schedule:
+  - cron:  '0 2 * * *'
+jobs:
+  test:
+    if: ${{ github.event.action != 'labeled' || github.event.label.name == 'actions:force-run' }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: 'write'
+      pull-requests: 'write'
+      id-token: 'write'
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        ref: ${{github.event.pull_request.head.ref}}
+        repository: ${{github.event.pull_request.head.repo.full_name}}
+    - uses: google-github-actions/auth@v0.7.0
+      with:
+        workload_identity_provider: 'projects/1046198160504/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider'
+        service_account: 'kokoro-system-test@long-door-651.iam.gserviceaccount.com'
+        create_credentials_file: 'true'
+        access_token_lifetime: 600s
+    - uses: actions/setup-node@v3
+      with:
+        node-version: 14
+    - run: npm install
+      working-directory: functions/v2/helloAuditLog
+    - run: npm test
+      working-directory: functions/v2/helloAuditLog
+      env:
+        MOCHA_REPORTER_SUITENAME: functions_v2_helloauditlog
+        MOCHA_REPORTER_OUTPUT: functions_v2_helloauditlog_sponge_log.xml
+        MOCHA_REPORTER: xunit
+    - if: ${{ github.event.action == 'labeled' && github.event.label.name == 'actions:force-run' }}
+      uses: actions/github-script@v6
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        script: |
+          try {
+            await github.rest.issues.removeLabel({
+              name: 'actions:force-run',
+              owner: 'GoogleCloudPlatform',
+              repo: 'nodejs-docs-samples',
+              issue_number: context.payload.pull_request.number
+            });
+          } catch (e) {
+            if (!e.message.includes('Label does not exist')) {
+              throw e;
+            }
+          }
+    - if: ${{ github.event_name == 'schedule'}}
+      run: |
+        curl https://github.com/googleapis/repo-automation-bots/releases/download/flakybot-1.1.0/flakybot -o flakybot -s -L
+        chmod +x ./flakybot
+        ./flakybot --repo GoogleCloudPlatform/nodejs-docs-samples --commit_hash ${{github.sha}} --build_url https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}
diff --git a/functions/v2/helloAuditLog/index.js b/functions/v2/helloAuditLog/index.js
@@ -0,0 +1,42 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+// [START functions_log_cloudevent]
+const functions = require('@google-cloud/functions-framework');
+
+// Register a CloudEvent callback with the Functions Framework that will
+// be triggered by an Eventarc Cloud Audit Logging trigger.
+//
+// Note: this is NOT designed for second-party (Cloud Audit Logs -> Pub/Sub) triggers!
+functions.cloudEvent('helloAuditLog', cloudEvent => {
+  // Print out details from the CloudEvent itself
+  console.log('Event type:', cloudEvent.type);
+
+  // Print out the CloudEvent's `subject` property
+  // See https://github.com/cloudevents/spec/blob/v1.0.1/spec.md#subject
+  console.log('Subject:', cloudEvent.subject);
+
+  // Print out details from the `protoPayload`
+  // This field encapsulates a Cloud Audit Logging entry
+  // See https://cloud.google.com/logging/docs/audit#audit_log_entry_structure
+  const payload = cloudEvent.data && cloudEvent.data.protoPayload;
+  if (payload) {
+    console.log('API method:', payload.methodName);
+    console.log('Resource name:', payload.resourceName);
+    console.log('Principal:', payload.authenticationInfo.principalEmail);
+  }
+});
+// [END functions_log_cloudevent]
diff --git a/functions/v2/helloAuditLog/package.json b/functions/v2/helloAuditLog/package.json
@@ -0,0 +1,27 @@
+{
+  "name": "nodejs-docs-samples-functions-v2-hello-audit-log",
+  "version": "0.0.1",
+  "private": true,
+  "license": "Apache-2.0",
+  "author": "Google Inc.",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/GoogleCloudPlatform/nodejs-docs-samples.git"
+  },
+  "engines": {
+    "node": ">=12.0.0"
+  },
+  "scripts": {
+    "test": "mocha test/index.test.js"
+  },
+  "dependencies": {
+    "@google-cloud/functions-framework": "^3.0.0"
+  },
+  "devDependencies": {
+    "mocha": "^9.1.3",
+    "p-retry": "^4.6.1",
+    "sinon": "^13.0.0",
+    "supertest": "^6.0.0",
+    "uuid": "^8.3.2"
+  }
+}
diff --git a/functions/v2/helloAuditLog/test/index.test.js b/functions/v2/helloAuditLog/test/index.test.js
@@ -0,0 +1,72 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+const assert = require('assert');
+const sinon = require('sinon');
+const supertest = require('supertest');
+
+const functionsFramework = require('@google-cloud/functions-framework/testing');
+
+beforeEach(() => {
+  // require the module that includes the functions we are testing
+  require('../index');
+
+  // stub the console so we can use it for side effect assertions
+  sinon.stub(console, 'log');
+  sinon.stub(console, 'error');
+});
+
+afterEach(() => {
+  // restore the console stub
+  console.log.restore();
+  console.error.restore();
+});
+
+describe('functions_log_cloudevent', () => {
+  it('should process a CloudEvent', async () => {
+    const event = {
+      type: 'google.cloud.audit.log.v1.written',
+      subject:
+        'storage.googleapis.com/projects/_/buckets/my-bucket/objects/test.txt',
+      data: {
+        protoPayload: {
+          methodName: 'storage.objects.write',
+          authenticationInfo: {
+            principalEmail: 'example@example.com',
+          },
+          resourceName: 'some-resource',
+        },
+      },
+    };
+    const server = functionsFramework.getTestServer('helloAuditLog');
+    await supertest(server)
+      .post('/')
+      .send(event)
+      .set('Content-Type', 'application/json')
+      .expect(204);
+
+    assert(console.log.calledWith('API method:', 'storage.objects.write'));
+    assert(
+      console.log.calledWith('Event type:', 'google.cloud.audit.log.v1.written')
+    );
+    assert(
+      console.log.calledWith(
+        'Subject:',
+        'storage.googleapis.com/projects/_/buckets/my-bucket/objects/test.txt'
+      )
+    );
+    assert(console.log.calledWith('Resource name:', 'some-resource'));
+    assert(console.log.calledWith('Principal:', 'example@example.com'));
+  });
+});
