feat: implement GET /auth_logs/ and /auth_logs/{id}

[ramirezj]

Description

Implement GET /auth_logs and /auth_logs/{id} endpoints

Related Tickets & Documents

Close #27 , #28

Steps to Verify

Untested, insufficient data

[coderabbitai]

Walkthrough

The recent changes introduce comprehensive enhancements to the documentation and implementation of authentication logs within the Kolide framework. This includes new SQL queries and BATS tests for retrieving and validating log data, alongside modifications to existing API documentation. These improvements aim to provide clearer insights into user authentication activities and streamline data management for enhanced security and compliance tracking.

Changes

Files	Change Summary
docs/coverage.md, docs/tables/kolide_auth_log.md	Updated status indicators for /auth_logs API and introduced detailed documentation for kolide_auth_log.
kolide/client/auth_log.go	Added structures and methods for handling authentication logs, including pagination and detailed log entries.
kolide/plugin.go	Introduced new table mapping for kolide_auth_log, enhancing the plugin's data management capabilities.
kolide/table_kolide_auth_log.go	Defined a plugin table for authentication events, including listing and retrieving logs with filtering options.
test/end-to-end/_query/kolide_auth_log.sql, test/end-to-end/_query/kolide_auth_log_by_id.sql	Added SQL queries for retrieving general and specific authentication logs.
test/end-to-end/_results/kolide_auth_log.bash	Introduced a Bash script for defining test results, with placeholders for future development.
test/end-to-end/kolide_auth_log.bats, test/end-to-end/kolide_auth_log_by_id.bats	New BATS test files validating query execution and result assertions for authentication logs.

Sequence Diagram(s)

sequenceDiagram
    participant Client as API Client
    participant Server as Kolide Server
    participant Database as Auth Log DB

    Client->>Server: Request authentication logs
    Server->>Database: Fetch logs
    Database-->>Server: Return log data
    Server-->>Client: Deliver logs

Loading

Assessment against linked issues

Objective	Addressed	Explanation
Retrieve authentication logs (#27)	✅
Improve logging and auditing features (#27)	✅
Provide clear documentation for logs (#27)	✅

Poem

🐰 In the meadow, I hop with glee,
New logs for all, so clear to see!
With queries and tests, oh what a delight,
Kolide's logs shine ever so bright!
A burrow of data, safe and sound,
For every login, our joy knows no bound! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[coderabbitai]

Actionable comments posted: 1

Outside diff range, codebase verification and nitpick comments (1)

docs/coverage.md (1)

30-31: Clarify the status of the /auth_logs endpoints.

The status indicators for the /auth_logs and /auth_logs/{id} endpoints have been changed to :question:. This suggests uncertainty about their functionality or availability. It would be helpful to provide more specific information or context to avoid confusion for users.

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 6c8d8f1 and 6fc96ed.

Files selected for processing (10)

• docs/coverage.md (1 hunks)
• docs/tables/kolide_auth_log.md (1 hunks)
• kolide/client/auth_log.go (1 hunks)
• kolide/plugin.go (1 hunks)
• kolide/table_kolide_auth_log.go (1 hunks)
• test/end-to-end/_query/kolide_auth_log.sql (1 hunks)
• test/end-to-end/_query/kolide_auth_log_by_id.sql (1 hunks)
• test/end-to-end/_results/kolide_auth_log.bash (1 hunks)
• test/end-to-end/kolide_auth_log.bats (1 hunks)
• test/end-to-end/kolide_auth_log_by_id.bats (1 hunks)

Files skipped from review due to trivial changes (3)

• test/end-to-end/_query/kolide_auth_log.sql
• test/end-to-end/_query/kolide_auth_log_by_id.sql
• test/end-to-end/_results/kolide_auth_log.bash

Additional context used

LanguageTool

docs/tables/kolide_auth_log.md

[grammar] ~3-~3: The verb ‘sign into’ is not standard English, except in the context of the law (“The bill was signed into law”). Write “sign in to”. For websites and computers, other options are “log in to” or “log on to”.
Context: ...attempts occurring when a user tries to sign into an App protected by Kolide Device Trust...

(SIGN_INTO)

Additional comments not posted (28)

test/end-to-end/kolide_auth_log_by_id.bats (6)

3-6: LGTM!

The setup_file function correctly loads global settings and defines file-specific globals.

---

8-11: LGTM!

The setup function correctly loads extensions and helpers.

---

14-17: LGTM!

The test case can_execute_query_via_steampipe correctly checks if the query can be executed and if the results file exists.

---

19-22: LGTM!

The test case has_no_more_than_one_result correctly checks if the query results contain no more than one result.

---

24-24: LGTM!

The comment correctly indicates that the remaining functionality is covered in another BATS file.

---

26-30: LGTM!

The teardown_file function correctly removes the query results file if it exists.

docs/tables/kolide_auth_log.md (3)

9-17: LGTM!

The SQL example for retrieving basic information from the kolide_auth_log table is correct.

---

21-31: LGTM!

The SQL example for listing authentication attempts from the past day is correct.

---

35-46: LGTM!

The SQL example for listing failed authentication attempts by a specific user is correct.

test/end-to-end/kolide_auth_log.bats (9)

3-12: LGTM!

The setup_file function correctly loads global settings, defines file-specific globals, and loads expected results if available.

---

14-17: LGTM!

The setup function correctly loads extensions and helpers.

---

20-23: LGTM!

The test case can_execute_query_via_steampipe correctly checks if the query can be executed and if the results file exists.

---

25-29: LGTM!

The test case has_expected_number_of_results correctly checks if the query results contain the expected number of results.

---

32-35: LGTM!

The test case has_expected_timestamp correctly checks if the query results contain the expected timestamp.

---

38-41: LGTM!

The test case has_expected_person_name correctly checks if the query results contain the expected person name.

---

44-47: LGTM!

The test case has_expected_initial_status correctly checks if the query results contain the expected initial status.

---

50-53: LGTM!

The test case has_expected_result correctly checks if the query results contain the expected result.

---

55-59: LGTM!

The teardown_file function correctly removes the query results file if it exists.

kolide/plugin.go (1)

30-30: LGTM! Verify the existence of tableKolideAuthLog(ctx) function.

The addition of the kolide_auth_log entry is correctly formatted.

Ensure that the tableKolideAuthLog(ctx) function is implemented correctly in the codebase.

Verification successful

---

Verified: The tableKolideAuthLog(ctx) function is correctly implemented.

• The function tableKolideAuthLog(ctx) is defined in kolide/table_kolide_auth_log.go and returns a *plugin.Table with a well-defined structure.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the existence of `tableKolideAuthLog(ctx)` function.

# Test: Search for the function implementation. Expect: The function should be implemented.
rg --type go 'func tableKolideAuthLog'

Length of output: 131

---

Script:

#!/bin/bash
# Description: Retrieve the implementation details of the `tableKolideAuthLog` function.

# Search and display the implementation of the `tableKolideAuthLog` function.
rg --type go -A 20 'func tableKolideAuthLog' kolide/table_kolide_auth_log.go

Length of output: 2651

kolide/client/auth_log.go (5)

1-5: LGTM!

The package declaration and imports are correct and necessary for the functionality.

---

7-28: LGTM!

The AuthLogListResponse and AuthLog structs are well-defined and include necessary fields for authentication logs.

---

30-44: LGTM!

The PersonInformation, DetailedIssueInformation, and EventInformation structs are well-defined and include necessary fields for their respective purposes.

---

46-48: LGTM!

The GetAuthLogs function is correctly implemented and uses the fetchCollection method.

---

50-52: LGTM!

The GetAuthLogById function is correctly implemented and uses the fetchResource method.

kolide/table_kolide_auth_log.go (4)

1-10: LGTM!

The package declaration and imports are correct and necessary for the functionality.

---

14-57: LGTM!

The tableKolideAuthLog function is well-structured and includes necessary columns and configurations.

---

61-67: LGTM!

The listAuthLogs function is correctly implemented and uses the listAnything method.

---

71-77: LGTM!

The getAuthLog function is correctly implemented and uses the getAnything method.

[coderabbitai]

Fix the grammatical issue in the description.

The verb ‘sign into’ is not standard English. Use “sign in to” instead.

- Lists the authentication attempts occurring when a user tries to sign into an App protected by Kolide Device Trust.
+ Lists the authentication attempts occurring when a user tries to sign in to an App protected by Kolide Device Trust.

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Table: kolide_auth_log
	Lists the authentication attempts occurring when a user tries to sign into an App protected by Kolide Device Trust.
	# Table: kolide_auth_log
	Lists the authentication attempts occurring when a user tries to sign in to an App protected by Kolide Device Trust.

Tools

LanguageTool

[grammar] ~3-~3: The verb ‘sign into’ is not standard English, except in the context of the law (“The bill was signed into law”). Write “sign in to”. For websites and computers, other options are “log in to” or “log on to”.
Context: ...attempts occurring when a user tries to sign into an App protected by Kolide Device Trust...

(SIGN_INTO)