From 3eb0505b4964677ce80c48c4e7614c1f14d65abd Mon Sep 17 00:00:00 2001
From: Nicholas Jones <me@nicholasjon.es>
Date: Sat, 13 Jul 2024 11:04:30 +0100
Subject: [PATCH] Configurable cluster name

---
 internal/auditlog/tail.go | 6 +++---
 internal/config/config.go | 1 +
 internal/watch/watcher.go | 3 ++-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/internal/auditlog/tail.go b/internal/auditlog/tail.go
index ab2c538..892196c 100644
--- a/internal/auditlog/tail.go
+++ b/internal/auditlog/tail.go
@@ -13,7 +13,7 @@ import (
 	"google.golang.org/genproto/googleapis/cloud/audit"
 )
 
-func Tail(ctx context.Context, projectID string, cb func(*audit.AuditLog) error) error {
+func Tail(ctx context.Context, projectID, clusterName string, cb func(*audit.AuditLog) error) error {
 	client, err := logging.NewClient(ctx)
 	if err != nil {
 		return fmt.Errorf("failed to create client: %w", err)
@@ -34,7 +34,7 @@ func Tail(ctx context.Context, projectID string, cb func(*audit.AuditLog) error)
 			[]string{
 				`resource.type="k8s_cluster"`,
 				fmt.Sprintf(`log_name="projects/%s/logs/cloudaudit.googleapis.com%%2Factivity"`, projectID),
-				`resource.labels.cluster_name="platform"`,
+				fmt.Sprintf(`resource.labels.cluster_name="%s"`, clusterName),
 				`protoPayload."@type"="type.googleapis.com/google.cloud.audit.AuditLog"`,
 				`protoPayload.methodName=~"io\.fluxcd\.toolkit\..*\.patch"`,
 				`-protoPayload.authenticationInfo.principalEmail=~"system:.*"`,
@@ -43,7 +43,7 @@ func Tail(ctx context.Context, projectID string, cb func(*audit.AuditLog) error)
 		),
 	}
 	if err = stream.Send(req); err != nil {
-		return fmt.Errorf("stream.Send error: %w", err)
+		return fmt.Errorf("stream send failed: %w", err)
 	}
 
 	return read(ctx, stream, cb)
diff --git a/internal/config/config.go b/internal/config/config.go
index b57c5ef..f6a4688 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -9,6 +9,7 @@ import (
 
 type Config struct {
 	GoogleCloudProjectID string `yaml:"googleCloudProjectId"`
+	GKEClusterName       string `yaml:"gkeClusterName"`
 	BadgerPath           string `yaml:"badgerPath"`
 	KubernetesConfigPath string `yaml:"kubernetesConfigPath,omitempty"`
 	Notification         struct {
diff --git a/internal/watch/watcher.go b/internal/watch/watcher.go
index cdb2045..d207740 100644
--- a/internal/watch/watcher.go
+++ b/internal/watch/watcher.go
@@ -16,6 +16,7 @@ import (
 
 type Watcher struct {
 	googleCloudProjectID string
+	gkeClusterName       string
 	k8sClient            k8sClient
 	store                store
 	notifier             notifier
@@ -49,7 +50,7 @@ type notifier interface {
 }
 
 func (w *Watcher) Watch(ctx context.Context) error {
-	return auditlog.Tail(ctx, w.googleCloudProjectID, func(logEntry *audit.AuditLog) error {
+	return auditlog.Tail(ctx, w.googleCloudProjectID, w.gkeClusterName, func(logEntry *audit.AuditLog) error {
 		if code := logEntry.GetStatus().GetCode(); code != 0 {
 			slog.Warn("operation appeared to fail", slog.Int("code", int(code)))
 			return nil