graphql audit lib
GraphQL auditing is not out of the box feature. Our lib does all the works to instrument auditing.
<dependency>
<groupId>pl.allegro.tech.graphql</groupId>
<artifactId>extended-audit-instrumentation</artifactId>
<version>1.0.0</version>
</dependency>
dependecies {
implementation "pl.allegro.tech:extended-audit-instrumentation:1.0.0"
}
Use AuditLogInstrumentationBuilder
to create Bean in your app.
@Configuration
class AuditLogInstrumentationConfig {
@Bean
AuditLogInstrumentation auditLogInstrumentation(
InMemoryAuditLogSender inMemoryAuditLogSender,
UserProvider userProvider
){
return new AuditLogInstrumentationBuilder()
.withActionLogSender(inMemoryAuditLogSender)
.withUserProvider(userProvider)
.create()
}
}
GraphQL audit creator can take extra option like
You can provide your own implementation of AuditLogSender
to sent logs somewhere (i.e. database, event queue, or a file).
Implement AuditLogSender
/**
* Enable sending audit log;
*
* @param auditLogSender {@link AuditLogSender}
* @return {@link AuditLogInstrumentationBuilder}
*/
public AuditLogInstrumentationBuilder withActionLogSender(AuditLogSender auditLogSender) {
this.auditLogSender = auditLogSender;
return this;
}
Implement interface UserProvider
/**
* Set user context provider.
*
* @param userProvider {@link UserProvider}
* @return {@link AuditLogInstrumentationBuilder}
*/
public AuditLogInstrumentationBuilder withUserProvider(UserProvider userProvider) {
this.userProvider = userProvider;
return this;
}
Anonymization can be enabled to not send data that you can easily pick up. This function ensures compliance with the log audit with the GDPR. Thanks to it you can, for example, anonymize personal data in an audit log.
Implement interface AnonymizedFieldsSetupProvider
/**
* Enable log anonymizer.
*
* @param auditLogAnonymizer {@link AuditLogAnonymizer}
* @return {@link AuditLogInstrumentationBuilder}
*/
public AuditLogInstrumentationBuilder withAuditLogAnonymizer(
AuditLogAnonymizer auditLogAnonymizer) {
this.auditLogAnonymizer = auditLogAnonymizer;
return this;
}
An extra field like an input query field can be logged. It can be useful in situations where we want the audit log to include fields even if the client does not ask for them. For example, the client fetches the user's email, and we want that user's ID to be included in each audit log containing user entity regardless of the client fetches the user ID.
Implement interface AdditionalFieldsSetupProvider
/**
* Enable log additional field.
*
* @param auditLogAdditionalFieldFetcher {@link AuditLogAdditionalFieldFetcher}
* @return {@link AuditLogInstrumentationBuilder}
*/
public AuditLogInstrumentationBuilder withAuditLogAdditionalFieldFetcher(
AuditLogAdditionalFieldFetcher auditLogAdditionalFieldFetcher) {
this.auditLogAdditionalFieldFetcher = auditLogAdditionalFieldFetcher;
return this;
}
graphql-audit is published under Apache License 2.0.