coder
diff --git a/‎coderd/audit/backends/postgres.go
+53 b/‎coderd/audit/backends/postgres.go
+53
diff --git a/‎coderd/audit/backends/postgres_test.go
+65 b/‎coderd/audit/backends/postgres_test.go
+65
diff --git a/‎coderd/audit/backends/slog.go
+34 b/‎coderd/audit/backends/slog.go
+34
diff --git a/‎coderd/audit/backends/slog_test.go
+46 b/‎coderd/audit/backends/slog_test.go
+46
diff --git a/‎coderd/audit/exporter.go
+55 b/‎coderd/audit/exporter.go
+55
diff --git a/‎coderd/audit/exporter_test.go
+131 b/‎coderd/audit/exporter_test.go
+131
@@ -0,0 +1,53 @@
+package backends
+
+import (
+	"context"
+
+	"golang.org/x/xerrors"
+
+	"github.com/coder/coder/coderd/audit"
+	"github.com/coder/coder/coderd/database"
+)
+
+type postgresBackend struct {
+	// internal indicates if the exporter is exporting to the Postgres database
+	// that the rest of Coderd uses. Since this is a generic Postgres exporter,
+	// we make different decisions to store the audit log based on if it's
+	// pointing to the Coderd database.
+	internal bool
+	db       database.Store
+}
+
+func NewPostgres(db database.Store, internal bool) audit.Backend {
+	return &postgresBackend{db: db, internal: internal}
+}
+
+func (b *postgresBackend) Decision() audit.FilterDecision {
+	if b.internal {
+		return audit.FilterDecisionStore
+	}
+
+	return audit.FilterDecisionExport
+}
+
+func (b *postgresBackend) Export(ctx context.Context, alog database.AuditLog) error {
+	_, err := b.db.InsertAuditLog(ctx, database.InsertAuditLogParams{
+		ID:             alog.ID,
+		Time:           alog.Time,
+		UserID:         alog.UserID,
+		OrganizationID: alog.OrganizationID,
+		Ip:             alog.Ip,
+		UserAgent:      alog.UserAgent,
+		ResourceType:   alog.ResourceType,
+		ResourceID:     alog.ResourceID,
+		ResourceTarget: alog.ResourceTarget,
+		Action:         alog.Action,
+		Diff:           alog.Diff,
+		StatusCode:     alog.StatusCode,
+	})
+	if err != nil {
+		return xerrors.Errorf("insert audit log: %w", err)
+	}
+
+	return nil
+}
@@ -0,0 +1,65 @@
+package backends_test
+
+import (
+	"context"
+	"net"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/stretchr/testify/require"
+	"github.com/tabbed/pqtype"
+
+	"github.com/coder/coder/coderd/audit/backends"
+	"github.com/coder/coder/coderd/database"
+	"github.com/coder/coder/coderd/database/databasefake"
+)
+
+func TestPostgresBackend(t *testing.T) {
+	t.Parallel()
+	t.Run("OK", func(t *testing.T) {
+		t.Parallel()
+
+		var (
+			ctx, cancel = context.WithCancel(context.Background())
+			db          = databasefake.New()
+			pgb         = backends.NewPostgres(db, true)
+			alog        = randomAuditLog()
+		)
+		defer cancel()
+
+		err := pgb.Export(ctx, alog)
+		require.NoError(t, err)
+
+		got, err := db.GetAuditLogsBefore(ctx, database.GetAuditLogsBeforeParams{
+			ID:        uuid.Nil,
+			StartTime: time.Now().Add(time.Second),
+			RowLimit:  1,
+		})
+		require.NoError(t, err)
+		require.Len(t, got, 1)
+		require.Equal(t, alog, got[0])
+	})
+}
+
+func randomAuditLog() database.AuditLog {
+	_, inet, _ := net.ParseCIDR("127.0.0.1/32")
+	return database.AuditLog{
+		ID:             uuid.New(),
+		Time:           time.Now(),
+		UserID:         uuid.New(),
+		OrganizationID: uuid.New(),
+		Ip: pqtype.Inet{
+			IPNet: *inet,
+			Valid: true,
+		},
+		UserAgent:      "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36",
+		ResourceType:   database.ResourceTypeOrganization,
+		ResourceID:     uuid.New(),
+		ResourceTarget: "colin's organization",
+		Action:         database.AuditActionDelete,
+		Diff:           []byte{},
+		StatusCode:     http.StatusNoContent,
+	}
+}
@@ -0,0 +1,34 @@
+package backends
+
+import (
+	"context"
+
+	"github.com/fatih/structs"
+
+	"cdr.dev/slog"
+	"github.com/coder/coder/coderd/audit"
+	"github.com/coder/coder/coderd/database"
+)
+
+type slogBackend struct {
+	log slog.Logger
+}
+
+func NewSlog(logger slog.Logger) audit.Backend {
+	return slogBackend{log: logger}
+}
+
+func (slogBackend) Decision() audit.FilterDecision {
+	return audit.FilterDecisionExport
+}
+
+func (b slogBackend) Export(ctx context.Context, alog database.AuditLog) error {
+	m := structs.Map(alog)
+	fields := make([]slog.Field, 0, len(m))
+	for k, v := range m {
+		fields = append(fields, slog.F(k, v))
+	}
+
+	b.log.Info(ctx, "audit_log", fields...)
+	return nil
+}
@@ -0,0 +1,46 @@
+package backends_test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/fatih/structs"
+	"github.com/stretchr/testify/require"
+
+	"cdr.dev/slog"
+	"github.com/coder/coder/coderd/audit/backends"
+)
+
+func TestSlogBackend(t *testing.T) {
+	t.Parallel()
+	t.Run("OK", func(t *testing.T) {
+		t.Parallel()
+
+		var (
+			ctx, cancel = context.WithCancel(context.Background())
+
+			sink    = &fakeSink{}
+			logger  = slog.Make(sink)
+			backend = backends.NewSlog(logger)
+
+			alog = randomAuditLog()
+		)
+		defer cancel()
+
+		err := backend.Export(ctx, alog)
+		require.NoError(t, err)
+		require.Len(t, sink.entries, 1)
+		require.Equal(t, sink.entries[0].Message, "audit_log")
+		require.Len(t, sink.entries[0].Fields, len(structs.Fields(alog)))
+	})
+}
+
+type fakeSink struct {
+	entries []slog.SinkEntry
+}
+
+func (s *fakeSink) LogEntry(_ context.Context, e slog.SinkEntry) {
+	s.entries = append(s.entries, e)
+}
+
+func (*fakeSink) Sync() {}
@@ -0,0 +1,55 @@
+package audit
+
+import (
+	"context"
+
+	"golang.org/x/xerrors"
+
+	"github.com/coder/coder/coderd/database"
+)
+
+// Backends can store or send audit logs to arbitrary locations.
+type Backend interface {
+	// Decision determines the FilterDecisions that the backend tolerates.
+	Decision() FilterDecision
+	// Export sends an audit log to the backend.
+	Export(ctx context.Context, alog database.AuditLog) error
+}
+
+// Exporter exports audit logs to an arbitrary list of backends.
+type Exporter struct {
+	filter   Filter
+	backends []Backend
+}
+
+// NewExporter creates an exporter from the given filter and backends.
+func NewExporter(filter Filter, backends ...Backend) *Exporter {
+	return &Exporter{
+		filter:   filter,
+		backends: backends,
+	}
+}
+
+// Export exports and audit log. Before exporting to a backend, it uses the
+// filter to determine if the backend tolerates the audit log. If not, it is
+// dropped.
+func (e *Exporter) Export(ctx context.Context, alog database.AuditLog) error {
+	decision, err := e.filter.Check(ctx, alog)
+	if err != nil {
+		return xerrors.Errorf("filter check: %w", err)
+	}
+
+	for _, backend := range e.backends {
+		if decision&backend.Decision() != backend.Decision() {
+			continue
+		}
+
+		err = backend.Export(ctx, alog)
+		if err != nil {
+			// naively return the first error. should probably make this smarter
+			// by returning multiple errors.
+			return xerrors.Errorf("export audit log to backend: %w", err)
+		}
+	}
+	return nil
+}
@@ -0,0 +1,131 @@
+package audit_test
+
+import (
+	"context"
+	"net"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/stretchr/testify/require"
+	"github.com/tabbed/pqtype"
+
+	"github.com/coder/coder/coderd/audit"
+	"github.com/coder/coder/coderd/database"
+)
+
+func TestExporter(t *testing.T) {
+	t.Parallel()
+
+	var tests = []struct {
+		name            string
+		filterDecision  audit.FilterDecision
+		backendDecision audit.FilterDecision
+		shouldExport    bool
+	}{
+		{
+			name:            "ShouldDrop",
+			filterDecision:  audit.FilterDecisionDrop,
+			backendDecision: audit.FilterDecisionStore,
+			shouldExport:    false,
+		},
+		{
+			name:            "ShouldStore",
+			filterDecision:  audit.FilterDecisionStore,
+			backendDecision: audit.FilterDecisionStore,
+			shouldExport:    true,
+		},
+		{
+			name:            "ShouldNotStore",
+			filterDecision:  audit.FilterDecisionExport,
+			backendDecision: audit.FilterDecisionStore,
+			shouldExport:    false,
+		},
+		{
+			name:            "ShouldExport",
+			filterDecision:  audit.FilterDecisionExport,
+			backendDecision: audit.FilterDecisionExport,
+			shouldExport:    true,
+		},
+		{
+			name:            "ShouldNotExport",
+			filterDecision:  audit.FilterDecisionStore,
+			backendDecision: audit.FilterDecisionExport,
+			shouldExport:    false,
+		},
+		{
+			name:            "ShouldStoreOrExport",
+			filterDecision:  audit.FilterDecisionStore | audit.FilterDecisionExport,
+			backendDecision: audit.FilterDecisionExport,
+			shouldExport:    true,
+		},
+		// When more filters are written they should have their own tests.
+		{
+			name: "DefaultFilter",
+			filterDecision: func() audit.FilterDecision {
+				decision, _ := audit.DefaultFilter.Check(context.Background(), randomAuditLog())
+				return decision
+			}(),
+			backendDecision: audit.FilterDecisionExport,
+			shouldExport:    true,
+		},
+	}
+
+	for _, test := range tests {
+		test := test
+		t.Run(test.name, func(t *testing.T) {
+			t.Parallel()
+
+			var (
+				backend  = &testBackend{decision: test.backendDecision}
+				exporter = audit.NewExporter(
+					audit.FilterFunc(func(_ context.Context, _ database.AuditLog) (audit.FilterDecision, error) {
+						return test.filterDecision, nil
+					}),
+					backend,
+				)
+			)
+
+			err := exporter.Export(context.Background(), randomAuditLog())
+			require.NoError(t, err)
+			require.Equal(t, len(backend.alogs) > 0, test.shouldExport)
+		})
+	}
+}
+
+func randomAuditLog() database.AuditLog {
+	_, inet, _ := net.ParseCIDR("127.0.0.1/32")
+	return database.AuditLog{
+		ID:             uuid.New(),
+		Time:           time.Now(),
+		UserID:         uuid.New(),
+		OrganizationID: uuid.New(),
+		Ip: pqtype.Inet{
+			IPNet: *inet,
+			Valid: true,
+		},
+		UserAgent:      "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36",
+		ResourceType:   database.ResourceTypeOrganization,
+		ResourceID:     uuid.New(),
+		ResourceTarget: "colin's organization",
+		Action:         database.AuditActionDelete,
+		Diff:           []byte{},
+		StatusCode:     http.StatusNoContent,
+	}
+}
+
+type testBackend struct {
+	decision audit.FilterDecision
+
+	alogs []database.AuditLog
+}
+
+func (t *testBackend) Decision() audit.FilterDecision {
+	return t.decision
+}
+
+func (t *testBackend) Export(_ context.Context, alog database.AuditLog) error {
+	t.alogs = append(t.alogs, alog)
+	return nil
+}