implement audit logging configuration (#217)

* introduce strucutres for configuring audit logging

* make gen

* review: defaults

Author: generall

api/v1/qdrantcluster_types.go

@@ -464,6 +464,9 @@ type QdrantConfiguration struct {
 	// Inference configuration. This is used in Qdrant Managed Cloud only. If not set Inference is not available to this cluster.
 	// +optional
 	Inference *InferenceConfig `json:"inference,omitempty"`
+	// Audit specifies the audit logging configuration for Qdrant.
+	// +optional
+	Audit *AuditConfig `json:"audit,omitempty"`
 }
 
 type InferenceConfig struct {
@@ -473,6 +476,43 @@ type InferenceConfig struct {
 	Enabled bool `json:"enabled"`
 }
 
+// AuditRotation specifies the rotation interval for audit log files.
+// +kubebuilder:validation:Enum=daily;hourly
+type AuditRotation string
+
+const (
+	AuditRotationDaily  AuditRotation = "daily"
+	AuditRotationHourly AuditRotation = "hourly"
+)
+
+// AuditConfig specifies the audit logging configuration for Qdrant.
+type AuditConfig struct {
+	// Enabled specifies whether to enable audit logging.
+	// +kubebuilder:default=false
+	// +optional
+	Enabled bool `json:"enabled"`
+	// Dir specifies the directory to write audit log files into.
+	// Default is `./storage/audit`
+	// +optional
+	Dir *string `json:"dir,omitempty"`
+	// Rotation specifies the rotation interval: "daily" (default) or "hourly".
+	// +kubebuilder:default=daily
+	// +optional
+	Rotation *AuditRotation `json:"rotation,omitempty"`
+	// MaxLogFiles specifies the maximum number of rotated audit log files to keep.
+	// Older files are deleted when a new log file is created. Default: 7.
+	// +kubebuilder:default=7
+	// +kubebuilder:validation:Minimum=1
+	// +optional
+	MaxLogFiles *int64 `json:"max_log_files,omitempty"`
+	// TrustForwardedHeaders specifies whether to use X-Forwarded-For header to
+	// determine the client address recorded in audit log entries. Only enable
+	// this when running behind a trusted reverse proxy or load balancer.
+	// Default is false.
+	// +optional
+	TrustForwardedHeaders bool `json:"trust_forwarded_headers"`
+}
+
 type StorageConfig struct {
 	// Performance configuration
 	// +optional

api/v1/zz_generated.deepcopy.go

@@ -67,6 +67,43 @@ spec:
                 description: Config specifies the Qdrant configuration setttings for
                   the clusters.
                 properties:
+                  audit:
+                    description: Audit specifies the audit logging configuration for
+                      Qdrant.
+                    properties:
+                      dir:
+                        description: |-
+                          Dir specifies the directory to write audit log files into.
+                          Default is `./storage/audit`
+                        type: string
+                      enabled:
+                        default: false
+                        description: Enabled specifies whether to enable audit logging.
+                        type: boolean
+                      max_log_files:
+                        default: 7
+                        description: |-
+                          MaxLogFiles specifies the maximum number of rotated audit log files to keep.
+                          Older files are deleted when a new log file is created. Default: 7.
+                        format: int64
+                        minimum: 1
+                        type: integer
+                      rotation:
+                        default: daily
+                        description: 'Rotation specifies the rotation interval: "daily"
+                          (default) or "hourly".'
+                        enum:
+                        - daily
+                        - hourly
+                        type: string
+                      trust_forwarded_headers:
+                        description: |-
+                          TrustForwardedHeaders specifies whether to use X-Forwarded-For header to
+                          determine the client address recorded in audit log entries. Only enable
+                          this when running behind a trusted reverse proxy or load balancer.
+                          Default is false.
+                        type: boolean
+                    type: object
                   collection:
                     description: Collection specifies the default collection configuration
                       for Qdrant.

charts/qdrant-kubernetes-api/templates/region-crds/qdrant.io_qdrantclusters.yaml

@@ -66,6 +66,43 @@ spec:
                 description: Config specifies the Qdrant configuration setttings for
                   the clusters.
                 properties:
+                  audit:
+                    description: Audit specifies the audit logging configuration for
+                      Qdrant.
+                    properties:
+                      dir:
+                        description: |-
+                          Dir specifies the directory to write audit log files into.
+                          Default is `./storage/audit`
+                        type: string
+                      enabled:
+                        default: false
+                        description: Enabled specifies whether to enable audit logging.
+                        type: boolean
+                      max_log_files:
+                        default: 7
+                        description: |-
+                          MaxLogFiles specifies the maximum number of rotated audit log files to keep.
+                          Older files are deleted when a new log file is created. Default: 7.
+                        format: int64
+                        minimum: 1
+                        type: integer
+                      rotation:
+                        default: daily
+                        description: 'Rotation specifies the rotation interval: "daily"
+                          (default) or "hourly".'
+                        enum:
+                        - daily
+                        - hourly
+                        type: string
+                      trust_forwarded_headers:
+                        description: |-
+                          TrustForwardedHeaders specifies whether to use X-Forwarded-For header to
+                          determine the client address recorded in audit log entries. Only enable
+                          this when running behind a trusted reverse proxy or load balancer.
+                          Default is false.
+                        type: boolean
+                    type: object
                   collection:
                     description: Collection specifies the default collection configuration
                       for Qdrant.

crds/qdrant.io_qdrantclusters.yaml

@@ -76,6 +76,44 @@ Package v1 contains API Schema definitions for the qdrant.io v1 API group
 
 
 
+#### AuditConfig
+
+
+
+AuditConfig specifies the audit logging configuration for Qdrant.
+
+
+
+_Appears in:_
+- [QdrantConfiguration](#qdrantconfiguration)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `enabled` _boolean_ | Enabled specifies whether to enable audit logging. | false | Optional: \{\} <br /> |
+| `dir` _string_ | Dir specifies the directory to write audit log files into.<br />Default is `./storage/audit` |  | Optional: \{\} <br /> |
+| `rotation` _[AuditRotation](#auditrotation)_ | Rotation specifies the rotation interval: "daily" (default) or "hourly". | daily | Enum: [daily hourly] <br />Optional: \{\} <br /> |
+| `max_log_files` _integer_ | MaxLogFiles specifies the maximum number of rotated audit log files to keep.<br />Older files are deleted when a new log file is created. Default: 7. | 7 | Minimum: 1 <br />Optional: \{\} <br /> |
+| `trust_forwarded_headers` _boolean_ | TrustForwardedHeaders specifies whether to use X-Forwarded-For header to<br />determine the client address recorded in audit log entries. Only enable<br />this when running behind a trusted reverse proxy or load balancer.<br />Default is false. |  | Optional: \{\} <br /> |
+
+
+#### AuditRotation
+
+_Underlying type:_ _string_
+
+AuditRotation specifies the rotation interval for audit log files.
+
+_Validation:_
+- Enum: [daily hourly]
+
+_Appears in:_
+- [AuditConfig](#auditconfig)
+
+| Field | Description |
+| --- | --- |
+| `daily` |  |
+| `hourly` |  |
+
+
 
 
 #### ClusterManagerReponse
@@ -948,6 +986,7 @@ _Appears in:_
 | `tls` _[QdrantConfigurationTLS](#qdrantconfigurationtls)_ | TLS specifies the TLS configuration for Qdrant. |  | Optional: \{\} <br /> |
 | `storage` _[StorageConfig](#storageconfig)_ | Storage specifies the storage configuration for Qdrant. |  | Optional: \{\} <br /> |
 | `inference` _[InferenceConfig](#inferenceconfig)_ | Inference configuration. This is used in Qdrant Managed Cloud only. If not set Inference is not available to this cluster. |  | Optional: \{\} <br /> |
+| `audit` _[AuditConfig](#auditconfig)_ | Audit specifies the audit logging configuration for Qdrant. |  | Optional: \{\} <br /> |
 
 
 #### QdrantConfigurationCollection