[Command] Run Tests Against Last Audit Logs

[gemanor]

The command should read all the audit (decision) logs from Permit API and run them against a running PDP to print the diff log between the check functions

Implementation Details

• The command is permit test run audit
• Command should accept the following arguments as filter arguments for the audit logs:
  • --time-frame a number of hours to fetch the audit logs (between 6 to 72) - default to 24
  • --source-pdp is an ID of the PDP to filter the audit logs from. In case not provided, will take from all the PDPs
  • --users comma-separated list of users to filter the logs
  • --resources comma-separated list of users to filter the logs
  • --tenant a tenant to filter the logs
  • --action an action to filter the logs
  • --decision a decision
• The --pdp-url argument is the URL that the check function will run against. Default is http://localhost:7766
• The command flow is:
  • Fetch the filtered logs from https://api.permit.io/v2/redoc#tag/Audit-Logs/operation/list_audit_logs
  • Get the detailed audit log of each decision
  • Build an array of check functions from each decision request
  • Run the check functions against the new PDP
  • Print the same and different results to the user
• In case no arguments are presented, the command should run with default values and show the diff
• In case there's a PDP error (not running or not available) the command should fail in the first check and not try to run all the checks

Edge Cases (for PR screencast)

• Happy flow with no arguments and PDP up and running
• No argument and pdp-url isn't reachable
• Happy flow with some filter arguments (better all arguments)
• Failed flow with bad argument values
• Failed flow with non-existing source-pdp

💡 Before participating in the issue or offering a bounty, please make sure you carefully read the contribution guidelines. PRs that do not adhere to the guidelines will be closed with no further notice.

[daveads]

On it