Skip to content

Fix audit events logged as INFO+2 instead of AUDIT#5256

Open
kimjune01 wants to merge 2 commits into
stacklok:mainfrom
kimjune01:fix/audit-level-name
Open

Fix audit events logged as INFO+2 instead of AUDIT#5256
kimjune01 wants to merge 2 commits into
stacklok:mainfrom
kimjune01:fix/audit-level-name

Conversation

@kimjune01
Copy link
Copy Markdown

@kimjune01 kimjune01 commented May 12, 2026

Summary

  • Add ReplaceAttr to the audit logger's JSON handler so the custom audit level renders as "AUDIT" instead of "INFO+2"
  • Fixes compatibility with log aggregation systems (Loki, Elasticsearch) that expect standard level names for filtering

Test plan

  • Added two tests: one verifying audit events render as "AUDIT", another verifying standard levels (INFO, WARN) are preserved
  • go test ./pkg/audit/... -count=1: 28 tests passed

kimjune01 added 2 commits May 11, 2026 21:39
@kimjune01
Fix audit events logging at non-standard level INFO+2
cef5de6 
Audit events were logging as "INFO+2" which breaks level detection
in log aggregation systems (Loki, Elasticsearch, Splunk). This
caused audit events to appear as unknown level and prevented
level-based filtering in log pipelines.

Changed NewAuditLogger to add a ReplaceAttr function that renders
the custom audit level (slog.Level(2)) as "AUDIT" string in JSON
output, while preserving the numeric level for internal filtering.

Preserves the original design intent of placing audit between INFO
and WARN, while making events filterable via level="AUDIT" in LogQL
and other query languages.

Fixes stacklok#4296

Signed-off-by: June Kim <kim.june.01@gmail.com>
Signed-off-by: June Kim <kimjune01@gmail.com>
@kimjune01
Remove TRIAGE_GRAPH.md from tracked files
f658757 
Internal pipeline metadata should not be committed to the upstream repo.
@github-actions github-actions Bot added the size/XS Extra small PR: < 100 lines changed label May 12, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented May 12, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.05%. Comparing base (3240eeb) to head (f658757).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #5256      +/-   ##
==========================================
+ Coverage   67.99%   68.05%   +0.05%     
==========================================
  Files         616      616              
  Lines       63005    63008       +3     
==========================================
+ Hits        42840    42878      +38     
+ Misses      16963    16928      -35     
  Partials     3202     3202

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jhrozek jhrozek Awaiting requested review from jhrozek jhrozek is a code owner

@JAORMX JAORMX Awaiting requested review from JAORMX JAORMX is a code owner

@ChrisJBurns ChrisJBurns Awaiting requested review from ChrisJBurns ChrisJBurns is a code owner

@yrobla yrobla Awaiting requested review from yrobla yrobla is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

size/XS Extra small PR: < 100 lines changed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kimjune01