Hi Rameshreddy, Looks like you want to log things that are not currently available in the audit context we have defined. Would you mind opening an issue on GitHub for such a feature request?
Best, Luwei On Friday, January 31, 2025 at 2:56:00 PM UTC-8 Rameshreddy Mudhireddy wrote: > please ignore the GPR_ASSERT issue, that was my bad in setting > up RegisterAuditLoggerFactory, that works. > > On Friday, January 31, 2025 at 8:27:52 AM UTC-8 Rameshreddy Mudhireddy > wrote: > >> Thank you Mark for the information. This is very useful but unfortunately >> it doesn't give all the details that are needed for my use case. I am >> looking for specifically details like client ip where the rpc is originated >> from, user who issued the rpc, client certificate to read commonName, etc. >> >> on mtls(other cases work), audit logging api is hitting a GPR_ASSERT, any >> idea what could be missing ? >> [audit_logging.cc:57] ASSERTION FAILED: >> registry->logger_factories_map_.emplace(name, std::move(factory)).second >> >> Once again thank you for all your input, I really appreciate it. >> On Monday, January 27, 2025 at 12:02:44 PM UTC-8 Mark D. Roth wrote: >> >>> There is an experimental audit logging API you can use for this. See gRFC >>> A59 <https://github.com/grpc/proposal/blob/master/A59-audit-logging.md> >>> for details. The actual exposed C++ API for you to use is here >>> <https://github.com/grpc/grpc/blob/master/include/grpcpp/security/audit_logging.h> >>> . >>> >>> On Wednesday, January 15, 2025 at 3:07:26 PM UTC-8 Rameshreddy >>> Mudhireddy wrote: >>> >>>> Hi Dev team, >>>> >>>> Is there a way to log policy based authorization failures using >>>> grpc-c++ libs. >>>> Typical flow includes >>>> >>>> std::shared_ptr<grpc::experimental::AuthorizationPolicyProviderInterface> >>>> provider = >>>> grpc::experimental::FileWatcherAuthorizationPolicyProvider::Create(policyFile, >>>> >>>> 10, &status) >>>> builder.experimental().SetAuthorizationPolicyProvider(provider); >>>> >>>> This will load the policy file and authorize the incoming rpc requests. >>>> Are there any hooks available to interact with the policy engine to log >>>> the >>>> denied rpcs requests? >>>> >>>> Appreciate your feedback, Thank you. >>>> >>> -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/grpc-io/38852775-07c4-46d1-bc58-78f378bc8e9dn%40googlegroups.com.
