Open mmassenzio opened 2 years ago
Will need to figure out whether Spring Security already supports this natively, and/or there are already available open source components who facilitate it. At some point, this should also have an integration with AWS CloudWatch and S3 Cold Storage.
There should be a
boolean
configuration option (something likelogging.audits.enabled
). When enabled, each request should be logged with sufficient detail so that requests, users, and outcomes can be logged and stored for future audits.At a minimum, we should log (in JSON format) the request body sent to OPA, the policy endpoint being queried, and the outcome (result) from the OPA server.
The JWT API token should be "unwrapped" to report (at a minimum) the user making the request, their
roles
and the token expiration date.