Thanks Luwei, opened feature request https://github.com/grpc/grpc/issues/38708
On Tuesday, February 4, 2025 at 12:25:44 PM UTC-8 Luwei Ge wrote: > Hi Rameshreddy, > > Looks like you want to log things that are not currently available in the > audit context we have defined. Would you mind opening an issue on GitHub > for such a feature request? > > Best, > Luwei > > On Friday, January 31, 2025 at 2:56:00 PM UTC-8 Rameshreddy Mudhireddy > wrote: > >> please ignore the GPR_ASSERT issue, that was my bad in setting >> up RegisterAuditLoggerFactory, that works. >> >> On Friday, January 31, 2025 at 8:27:52 AM UTC-8 Rameshreddy Mudhireddy >> wrote: >> >>> Thank you Mark for the information. This is very useful but >>> unfortunately it doesn't give all the details that are needed for my use >>> case. I am looking for specifically details like client ip where the rpc is >>> originated from, user who issued the rpc, client certificate to read >>> commonName, etc. >>> >>> on mtls(other cases work), audit logging api is hitting a GPR_ASSERT, >>> any idea what could be missing ? >>> [audit_logging.cc:57] ASSERTION FAILED: >>> registry->logger_factories_map_.emplace(name, std::move(factory)).second >>> >>> Once again thank you for all your input, I really appreciate it. >>> On Monday, January 27, 2025 at 12:02:44 PM UTC-8 Mark D. Roth wrote: >>> >>>> There is an experimental audit logging API you can use for this. See gRFC >>>> A59 <https://github.com/grpc/proposal/blob/master/A59-audit-logging.md> >>>> for details. The actual exposed C++ API for you to use is here >>>> <https://github.com/grpc/grpc/blob/master/include/grpcpp/security/audit_logging.h> >>>> . >>>> >>>> On Wednesday, January 15, 2025 at 3:07:26 PM UTC-8 Rameshreddy >>>> Mudhireddy wrote: >>>> >>>>> Hi Dev team, >>>>> >>>>> Is there a way to log policy based authorization failures using >>>>> grpc-c++ libs. >>>>> Typical flow includes >>>>> >>>>> std::shared_ptr<grpc::experimental::AuthorizationPolicyProviderInterface> >>>>> provider = >>>>> grpc::experimental::FileWatcherAuthorizationPolicyProvider::Create(policyFile, >>>>> >>>>> 10, &status) >>>>> builder.experimental().SetAuthorizationPolicyProvider(provider); >>>>> >>>>> This will load the policy file and authorize the incoming rpc >>>>> requests. Are there any hooks available to interact with the policy >>>>> engine >>>>> to log the denied rpcs requests? >>>>> >>>>> Appreciate your feedback, Thank you. >>>>> >>>> -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/grpc-io/322a1a35-01ee-4707-be11-5e42d2f1c2e7n%40googlegroups.com.
