chore(nats): Send audit logs events to specific subjects (#2300)

javirln · web-flow · commit 186984c3896f · 2025-08-01T11:03:35.000+02:00
Signed-off-by: Javier Rodriguez &lt;javier@chainloop.dev&gt;
diff --git a/app/controlplane/pkg/auditor/events/organization.go b/app/controlplane/pkg/auditor/events/organization.go
@@ -57,7 +57,7 @@ func (p *OrgBase) TargetID() *uuid.UUID {
 
 func (p *OrgBase) ActionInfo() (json.RawMessage, error) {
 	if p.OrgName == "" || p.OrgID == nil {
-		return nil, errors.New("user id and org name are required")
+		return nil, errors.New("org name and org id are required")
 	}
 
 	return json.Marshal(&p)
@@ -79,6 +79,10 @@ func (p *OrgCreated) Description() string {
 // user joined the organization
 type OrgUserJoined struct {
 	*OrgBase
+	// UserID of the user that joined the organization
+	UserID uuid.UUID `json:"user_id,omitempty"`
+	// UserEmail of the user that joined the organization
+	UserEmail string `json:"user_email,omitempty"`
 }
 
 func (p *OrgUserJoined) ActionType() string {
@@ -89,6 +93,14 @@ func (p *OrgUserJoined) Description() string {
 	return fmt.Sprintf("{{ .ActorEmail }} has joined the organization %s", p.OrgName)
 }
 
+func (p *OrgUserJoined) ActionInfo() (json.RawMessage, error) {
+	if p.OrgName == "" || p.OrgID == nil || p.UserID == uuid.Nil || p.UserEmail == "" {
+		return nil, errors.New("org name, org id, user id and user email are required")
+	}
+
+	return json.Marshal(&p)
+}
+
 // user left the organization
 type OrgUserLeft struct {
 	*OrgBase
diff --git a/app/controlplane/pkg/auditor/nats.go b/app/controlplane/pkg/auditor/nats.go
@@ -19,6 +19,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"strings"
 	"time"
 
 	"github.com/go-kratos/kratos/v2/log"
@@ -27,8 +28,12 @@ import (
 )
 
 const (
-	streamName  = "chainloop-audit"
+	streamName = "chainloop-audit"
+	// subjectName is the base subject for the stream to listen to.
 	subjectName = "audit.>"
+	// baseSubjectName is the base subject for audit logs for the publisher to publish to.
+	// The pattern for the specific subjects is "audit.<target_type>.<action_type>"
+	baseSubjectName = "audit"
 )
 
 type AuditLogPublisher struct {
@@ -74,5 +79,7 @@ func (n *AuditLogPublisher) Publish(data *EventPayload) error {
 		return fmt.Errorf("failed to marshal event payload: %w", err)
 	}
 
-	return n.conn.Publish(subjectName, jsonPayload)
+	// Send the event to the specific subject based on the event type "audit.<target_type>.<action_type>"
+	specificSubject := fmt.Sprintf("%s.%s.%s", baseSubjectName, strings.ToLower(string(data.Data.TargetType)), strings.ToLower(data.Data.ActionType))
+	return n.conn.Publish(specificSubject, jsonPayload)
 }
diff --git a/app/controlplane/pkg/biz/orginvitation.go b/app/controlplane/pkg/biz/orginvitation.go
@@ -290,6 +290,8 @@ func (uc *OrgInvitationUseCase) AcceptPendingInvitations(ctx context.Context, re
 					OrgID:   &orgUUID,
 					OrgName: invitation.Org.Name,
 				},
+				UserID:    userUUID,
+				UserEmail: user.Email,
 			}, &orgUUID)
 		}
 

Original file line number	Diff line number	Diff line change
`@@ -290,6 +290,8 @@ func (uc *OrgInvitationUseCase) AcceptPendingInvitations(ctx context.Context, re`
`290`	`290`	`OrgID: &orgUUID,`
`291`	`291`	`OrgName: invitation.Org.Name,`
`292`	`292`	`},`
	`293`	`+ UserID: userUUID,`
	`294`	`+ UserEmail: user.Email,`
`293`	`295`	`}, &orgUUID)`
`294`	`296`	`}`
`295`	`297`