Add PowerPlatformAdminActivity support (#64)

* Implement PowerPlatformAdminActivityType and unit tests for it

* Fix JSON key value for PowerPAA files

* Add PowerPlatformAdminActivityType support to NLFPlugin.syslogMessage

- Includes unit test for this

* Add ValidKey to PowerPlatformAdminActivityType

* Use Fakes for PowerPlatformAdminActivityTypeTest.testIdealCase

Author: MoonBow-1

src/main/java/com/teragrep/nlf_01/NLFPlugin.java

@@ -124,6 +124,9 @@ else if (jsonObject.getString("Type").equals("LogicAppWorkflowRuntime")) {
             else if (jsonObject.getString("Type").equals("PowerAutomateActivity")) {
                 eventTypes.add(new PowerAutomateActivityType(parsedEvent, realHostname));
             }
+            else if (jsonObject.getString("Type").equals("PowerPlatformAdminActivity")) {
+                eventTypes.add(new PowerPlatformAdminActivityType(parsedEvent, realHostname));
+            }
             else if (jsonObject.getString("Type").endsWith("fluent_audit_log_events_CL")) {
                 eventTypes.add(new CCType(parsedEvent, realHostname));
             }

src/main/java/com/teragrep/nlf_01/types/PowerPlatformAdminActivityType.java

@@ -0,0 +1,199 @@
+/*
+ * Teragrep Neon log format plugin for AKV_01
+ * Copyright (C) 2025 Suomen Kanuuna Oy
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ *
+ * Additional permission under GNU Affero General Public License version 3
+ * section 7
+ *
+ * If you modify this Program, or any covered work, by linking or combining it
+ * with other code, such other code is not for that reason alone subject to any
+ * of the requirements of the GNU Affero GPL version 3 as long as this Program
+ * is the same Program as licensed from Suomen Kanuuna Oy without any additional
+ * modifications.
+ *
+ * Supplemented terms under GNU Affero General Public License version 3
+ * section 7
+ *
+ * Origin of the software must be attributed to Suomen Kanuuna Oy. Any modified
+ * versions must be marked as "Modified version of" The Program.
+ *
+ * Names of the licensors and authors may not be used for publicity purposes.
+ *
+ * No rights are granted for use of trade names, trademarks, or service marks
+ * which are in The Program if any.
+ *
+ * Licensee must indemnify licensors and authors for any liability that these
+ * contractual assumptions impose on licensors and authors.
+ *
+ * To the extent this program is licensed as part of the Commercial versions of
+ * Teragrep, the applicable Commercial License may apply to this file if you as
+ * a licensee so wish it.
+ */
+package com.teragrep.nlf_01.types;
+
+import com.teragrep.akv_01.event.ParsedEvent;
+import com.teragrep.akv_01.plugin.PluginException;
+import com.teragrep.nlf_01.PropertiesJson;
+import com.teragrep.nlf_01.util.ASCIIString;
+import com.teragrep.nlf_01.util.MD5Hash;
+import com.teragrep.nlf_01.util.ResourceId;
+import com.teragrep.nlf_01.util.ValidKey;
+import com.teragrep.nlf_01.util.ValidRFC5424AppName;
+import com.teragrep.nlf_01.util.ValidRFC5424Hostname;
+import com.teragrep.nlf_01.util.ValidRFC5424Timestamp;
+import com.teragrep.nlf_01.util.ValidStringKey;
+import com.teragrep.rlo_14.Facility;
+import com.teragrep.rlo_14.SDElement;
+import com.teragrep.rlo_14.Severity;
+import jakarta.json.JsonObject;
+import java.time.Instant;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.UUID;
+
+public final class PowerPlatformAdminActivityType implements EventType {
+
+    private final ParsedEvent parsedEvent;
+    private final String realHostname;
+
+    public PowerPlatformAdminActivityType(final ParsedEvent parsedEvent, final String realHostname) {
+        this.parsedEvent = parsedEvent;
+        this.realHostname = realHostname;
+    }
+
+    @Override
+    public Severity severity() {
+        return Severity.NOTICE;
+    }
+
+    @Override
+    public Facility facility() {
+        return Facility.AUDIT;
+    }
+
+    @Override
+    public String hostname() throws PluginException {
+        final JsonObject record = parsedEvent.asJsonStructure().asJsonObject();
+
+        final ValidKey<String> validKey = new ValidStringKey(record, "_Internal_WorkspaceResourceId");
+        final String resourceId = validKey.value();
+
+        return new ValidRFC5424Hostname(
+                "md5-".concat(new MD5Hash(resourceId).md5().concat("-").concat(new ASCIIString(new ResourceId(resourceId).resourceName()).withNonAsciiCharsRemoved()))
+        ).hostnameWithInvalidCharsRemoved();
+
+    }
+
+    @Override
+    public String appName() throws PluginException {
+        final JsonObject record = parsedEvent.asJsonStructure().asJsonObject();
+
+        final ValidKey<String> validKey = new ValidStringKey(record, "EnvironmentId");
+
+        // Prepend 'PowerPAA_' before the actual environment name. PAA standing for PlatformAdminActivity
+        return new ValidRFC5424AppName(new ASCIIString("PowerPAA_" + validKey.value()).withNonAsciiCharsRemoved())
+                .appName();
+    }
+
+    @Override
+    public long timestamp() throws PluginException {
+        final JsonObject record = parsedEvent.asJsonStructure().asJsonObject();
+
+        final ValidKey<String> validKey = new ValidStringKey(record, "TimeGenerated");
+
+        return new ValidRFC5424Timestamp(validKey.value()).validTimestamp();
+    }
+
+    @Override
+    public Set<SDElement> sdElements() throws PluginException {
+        final Set<SDElement> elems = new HashSet<>();
+        final String time;
+        if (!parsedEvent.enqueuedTimeUtc().isStub()) {
+            time = parsedEvent.enqueuedTimeUtc().zonedDateTime().toString();
+        }
+        else {
+            time = "";
+        }
+
+        final String fullyQualifiedNamespace;
+        final String eventHubName;
+        final String partitionId;
+        final String consumerGroup;
+        if (!parsedEvent.partitionCtx().isStub()) {
+            fullyQualifiedNamespace = String
+                    .valueOf(parsedEvent.partitionCtx().asMap().getOrDefault("FullyQualifiedNamespace", ""));
+            eventHubName = String.valueOf(parsedEvent.partitionCtx().asMap().getOrDefault("EventHubName", ""));
+            partitionId = String.valueOf(parsedEvent.partitionCtx().asMap().getOrDefault("PartitionId", ""));
+            consumerGroup = String.valueOf(parsedEvent.partitionCtx().asMap().getOrDefault("ConsumerGroup", ""));
+        }
+        else {
+            fullyQualifiedNamespace = "";
+            eventHubName = "";
+            partitionId = "";
+            consumerGroup = "";
+        }
+
+        elems
+                .add(new SDElement("aer_02_partition@48577").addSDParam("fully_qualified_namespace", fullyQualifiedNamespace).addSDParam("eventhub_name", eventHubName).addSDParam("partition_id", partitionId).addSDParam("consumer_group", consumerGroup));
+
+        elems
+                .add(new SDElement("event_id@48577").addSDParam("uuid", UUID.randomUUID().toString()).addSDParam("hostname", realHostname).addSDParam("unixtime", Instant.now().toString()).addSDParam("id_source", "aer_02"));
+
+        final String partitionKey;
+        if (!parsedEvent.systemProperties().isStub()) {
+            partitionKey = String.valueOf(parsedEvent.systemProperties().asMap().getOrDefault("PartitionKey", ""));
+        }
+        else {
+            partitionKey = "";
+        }
+
+        final String offset;
+        if (!parsedEvent.offset().isStub()) {
+            offset = parsedEvent.offset().value();
+        }
+        else {
+            offset = "";
+        }
+
+        elems
+                .add(new SDElement("aer_02_event@48577").addSDParam("offset", offset).addSDParam("enqueued_time", time).addSDParam("partition_key", partitionKey).addSDParam("properties", new PropertiesJson(parsedEvent.properties()).toJsonObject().toString()));
+
+        elems
+                .add(new SDElement("aer_02@48577").addSDParam("timestamp_source", time.isEmpty() ? "generated" : "timeEnqueued"));
+
+        elems.add(new SDElement("nlf_01@48577").addSDParam("eventType", this.getClass().getSimpleName()));
+
+        return elems;
+    }
+
+    @Override
+    public String msgId() throws PluginException {
+        final String sequenceNumber;
+        if (!parsedEvent.systemProperties().isStub()) {
+            sequenceNumber = String.valueOf(parsedEvent.systemProperties().asMap().getOrDefault("SequenceNumber", ""));
+        }
+        else {
+            sequenceNumber = "";
+        }
+        return sequenceNumber;
+    }
+
+    @Override
+    public String msg() throws PluginException {
+        return parsedEvent.asString();
+    }
+}

src/test/java/com/teragrep/nlf_01/NLFPluginTest.java

@@ -810,6 +810,62 @@ void logicAppWorkflowRuntimeTest() {
         Assertions.assertTrue(sdElementMap.get("aer_02_event@48577").containsKey("properties"));
     }
 
+    @Test
+    void testPowerPlatformAdminActivityType() {
+        final String json = Assertions
+                .assertDoesNotThrow(
+                        () -> Files.readString(Paths.get("src/test/resources/powerplatformadminactivity.json"))
+                );
+        final ParsedEvent parsedEvent = new ParsedEventFactory(
+                new UnparsedEventImpl(json, new EventPartitionContextImpl(new HashMap<>()), new EventPropertiesImpl(new HashMap<>()), new EventSystemPropertiesImpl(new HashMap<>()), new EnqueuedTimeImpl("2020-01-01T00:00:00"), new EventOffsetImpl("0"))
+        ).parsedEvent();
+
+        final NLFPlugin plugin = new NLFPlugin(new FakeSourceable());
+        final List<SyslogMessage> syslogMessages = Assertions
+                .assertDoesNotThrow(() -> plugin.syslogMessage(parsedEvent));
+        Assertions.assertEquals(1, syslogMessages.size());
+
+        final SyslogMessage syslogMessage = syslogMessages.get(0);
+        Assertions
+                .assertEquals(
+                        "{\n" + "  \"ActorName\": \"[email protected]\",\n"
+                                + "  \"ActorUserId\": \"bb41a487-309b-4d21-9ab8-2a8b948b2d18\",\n"
+                                + "  \"ActorUserType\": \"Admin\",\n" + "  \"EnvironmentId\": \"Environment-01\",\n"
+                                + "  \"EventOriginalType\": \"OriginalType\",\n"
+                                + "  \"EventOriginalUid\": \"bb41a487-309b-4d21-9ab8-2a8b948b2d18\",\n"
+                                + "  \"EventResult\": \"Succeeded\",\n"
+                                + "  \"OrganizationId\": \"bb41a487-309b-4d21-9ab8-2a8b948b2d18\",\n"
+                                + "  \"Properties\": \"{}\",\n" + "  \"PropertyCollection\": \"{}\",\n"
+                                + "  \"RecordType\": \"exchangeAdmin\",\n"
+                                + "  \"RequiresCustomerKeyEncryption\": true,\n" + "  \"SourceSystem\": \"Azure\",\n"
+                                + "  \"Type\": \"PowerPlatformAdminActivity\",\n"
+                                + "  \"TenantId\": \"bb41a487-309b-4d21-9ab8-2a8b948b2d18\",\n"
+                                + "  \"TimeGenerated\": \"2025-10-06T00:00:00.0000000Z\",\n"
+                                + "  \"Workload\": \"Service1\",\n"
+                                + "  \"_ItemId\": \"bb41a487-309b-4d21-9ab8-2a8b948b2d18\",\n"
+                                + "  \"_ResourceId\": \"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}\",\n"
+                                + "  \"_SubscriptionId\": \"bb41a487-309b-4d21-9ab8-2a8b948b2d18\",\n"
+                                + "  \"_TimeReceived\": \"2025-10-06T00:00:00.0000000Z\",\n"
+                                + "  \"_Internal_WorkspaceResourceId\": \"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}\"\n"
+                                + "}",
+                        syslogMessage.getMsg()
+                );
+        Assertions.assertEquals("md5-0ded52ef915af563e25778bf26b0f129-resourceName", syslogMessage.getHostname());
+        Assertions.assertEquals("PowerPAA_Environment-01", syslogMessage.getAppName());
+        Assertions.assertEquals("2025-10-06T00:00:00Z", syslogMessage.getTimestamp());
+
+        final Map<String, Map<String, String>> sdElementMap = syslogMessage
+                .getSDElements()
+                .stream()
+                .collect(Collectors.toMap((SDElement::getSdID), (sdElem) -> sdElem.getSdParams().stream().collect(Collectors.toMap(SDParam::getParamName, SDParam::getParamValue))));
+
+        Assertions.assertEquals(1, sdElementMap.get("nlf_01@48577").size());
+        Assertions
+                .assertEquals(PowerPlatformAdminActivityType.class.getSimpleName(), sdElementMap.get("nlf_01@48577").get("eventType"));
+
+        Assertions.assertTrue(sdElementMap.get("aer_02_event@48577").containsKey("properties"));
+    }
+
     @Test
     void unexpectedType() {
         final String json = Assertions