|
| 1 | +# App Group Lifecycle Audit Logger Plugin |
| 2 | + |
| 3 | +This is an example plugin that demonstrates how to implement an **App Group Lifecycle Plugin** for Access. The plugin logs all group lifecycle events (creation, deletion, and membership changes) to the application logs, providing a simple audit trail. |
| 4 | + |
| 5 | +## Overview |
| 6 | + |
| 7 | +This plugin serves as a reference implementation demonstrating: |
| 8 | + |
| 9 | +- How to implement all required hooks from `AppGroupLifecyclePluginSpec` |
| 10 | +- How to define configuration properties for apps and groups |
| 11 | +- How to define status properties for monitoring |
| 12 | +- How to validate configuration data |
| 13 | +- How to handle group lifecycle events |
| 14 | + |
| 15 | +The plugin doesn't integrate with any external systems—it simply logs events, making it easy to understand and test. |
| 16 | + |
| 17 | +## Plugin Features |
| 18 | + |
| 19 | +### Configuration |
| 20 | + |
| 21 | +**App-Level Configuration:** |
| 22 | +- `enabled` (boolean): Enable/disable audit logging for the app |
| 23 | +- `log_level` (text): Log level to use (INFO, WARNING, ERROR) |
| 24 | + |
| 25 | +**Group-Level Configuration:** |
| 26 | +- `enabled` (boolean): Enable/disable audit logging for the group |
| 27 | +- `custom_tag` (text): Custom tag to include in log messages |
| 28 | + |
| 29 | +### Status |
| 30 | + |
| 31 | +**App-Level Status:** |
| 32 | +- `total_events_logged` (number): Total events logged for this app |
| 33 | +- `last_sync_at` (date): When the last sync occurred |
| 34 | + |
| 35 | +**Group-Level Status:** |
| 36 | +- `events_logged` (number): Events logged for this group |
| 37 | +- `last_event_at` (date): When the last event occurred |
| 38 | + |
| 39 | +## Installation |
| 40 | + |
| 41 | +To install the plugin, add these lines to the App container Dockerfile: |
| 42 | + |
| 43 | +```dockerfile |
| 44 | +# Install the audit logger plugin |
| 45 | +WORKDIR /app/plugins |
| 46 | +ADD ./examples/plugins/app_group_lifecycle_audit_logger ./app_group_lifecycle_audit_logger |
| 47 | +RUN pip install ./app_group_lifecycle_audit_logger |
| 48 | + |
| 49 | +# Reset working directory |
| 50 | +WORKDIR /app |
| 51 | +``` |
| 52 | + |
| 53 | +Alternatively, for local development, install it with pip: |
| 54 | + |
| 55 | +```bash |
| 56 | +pip install -e examples/plugins/app_group_lifecycle_audit_logger |
| 57 | +``` |
| 58 | + |
| 59 | +## Usage |
| 60 | + |
| 61 | +After installation, the plugin will be automatically discovered and registered. You can configure it through the Access UI, or the API as shown below. |
| 62 | + |
| 63 | +### 1. List Available Plugins |
| 64 | + |
| 65 | +```bash |
| 66 | +curl http://localhost:6060/api/plugins/app-group-lifecycle |
| 67 | +``` |
| 68 | + |
| 69 | +### 2. Configure an App |
| 70 | + |
| 71 | +```bash |
| 72 | +curl -X PUT http://localhost:6060/api/apps/{app_id} \ |
| 73 | + -H "Content-Type: application/json" \ |
| 74 | + -d '{ |
| 75 | + "app_group_lifecycle_plugin": "audit_logger", |
| 76 | + "plugin_data": { |
| 77 | + "audit_logger": { |
| 78 | + "configuration": { |
| 79 | + "enabled": true, |
| 80 | + "log_level": "INFO" |
| 81 | + } |
| 82 | + } |
| 83 | + } |
| 84 | + }' |
| 85 | +``` |
| 86 | + |
| 87 | +### 3. Configure a Group |
| 88 | + |
| 89 | +```bash |
| 90 | +curl -X PUT http://localhost:6060/api/groups/{group_id} \ |
| 91 | + -H "Content-Type: application/json" \ |
| 92 | + -d '{ |
| 93 | + "plugin_data": { |
| 94 | + "audit_logger": { |
| 95 | + "configuration": { |
| 96 | + "enabled": true, |
| 97 | + "custom_tag": "production" |
| 98 | + } |
| 99 | + } |
| 100 | + } |
| 101 | + }' |
| 102 | +``` |
| 103 | + |
| 104 | +## Files |
| 105 | + |
| 106 | +- **[`__init__.py`](./__init__.py)**: Plugin package initialization |
| 107 | +- **[`plugin.py`](./plugin.py)**: Plugin implementation with all hook implementations |
| 108 | +- **[`setup.py`](./setup.py)**: Setup script defining the plugin metadata and entry points |
| 109 | + |
| 110 | +## Extending This Example |
| 111 | + |
| 112 | +You can use this plugin as a template for creating your own app group lifecycle plugins. To create a custom plugin: |
| 113 | + |
| 114 | +1. Copy this directory structure |
| 115 | +2. Replace the logging logic with your integration (e.g., Discord API, GitHub API, Google Groups API) |
| 116 | +3. Update the plugin ID, display name, and description |
| 117 | +4. Add any required dependencies to `setup.py` |
| 118 | +5. Implement the configuration and status properties your integration needs |
| 119 | +6. Update the validation logic for your specific requirements |
| 120 | + |
| 121 | +## Testing |
| 122 | + |
| 123 | +To test the plugin locally: |
| 124 | + |
| 125 | +1. Install the plugin in development mode: `pip install -e examples/plugins/app_group_lifecycle_audit_logger` |
| 126 | +2. Start the Access application |
| 127 | +3. Create/modify/delete groups and observe the logs |
| 128 | + |
| 129 | +You should see log messages like: |
| 130 | + |
| 131 | +``` |
| 132 | +[AUDIT_LOGGER] Group created: App-MyApp-Engineers (plugin enabled) |
| 133 | +[AUDIT_LOGGER] Members added to App-MyApp-Engineers: [email protected], [email protected] |
| 134 | +[AUDIT_LOGGER] Group deleted: App-MyApp-Engineers |
| 135 | +``` |
| 136 | + |
| 137 | +You'll likely need to ensure that your environment has `SQLALCHEMY_ECHO=false`, or the audit logs may be drowned out by echoed SQL queries. |
0 commit comments