Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CBG-3975: Configuration wiring for audit logging and /db/_config APIs #6918

Merged
merged 3 commits into from
Jul 8, 2024
Merged

CBG-3975: Configuration wiring for audit logging and /db/_config APIs #6918

merged 3 commits into from
Jul 8, 2024

Conversation

bbrks
Copy link
Member

@bbrks bbrks commented Jun 25, 2024
edited
Loading

CBG-3975

Configuration wiring for audit logging.

  • Allows per-database enabled and events via /db/_config API.
  • GET /db/_config/audit shows correct 'enabled' state for each available event. Read-only until CBG-3981

Dependencies

Integration Tests

@bbrks bbrks requested a review from torcolvin June 25, 2024 19:31
torcolvin
torcolvin reviewed Jun 26, 2024
View reviewed changes
base/logger_audit.go
func (l *AuditLogger) getAuditLoggerConfig() *AuditLoggerConfig {
c := AuditLoggerConfig{}
if l != nil {
// Copy config struct to avoid mutating running config
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this help a lot given that all the member of AuditLoggerConfig are pointers and this is a shallow copy?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't seem nessesary since there's no runtime configuration beyond the embedded FileLoggerConfig (yet), but I think I'd rather just keep this here in case we do add runtime-configurable options to auditLogger. Follows the same pattern as console and file loggers.

@torcolvin torcolvin assigned bbrks and unassigned torcolvin Jun 26, 2024
Base automatically changed from CBG-3926 to feature/CBG-3822-audit-logging June 26, 2024 10:41
@bbrks bbrks marked this pull request as ready for review June 26, 2024 14:21
@bbrks bbrks assigned torcolvin and unassigned bbrks Jun 27, 2024
@bbrks bbrks force-pushed the CBG-3975 branch 2 times, most recently from eceb115 to 59589c2 Compare July 2, 2024 13:20
@bbrks bbrks force-pushed the feature/CBG-3822-audit-logging branch from 8fbc22c to 47b7d4a Compare July 2, 2024 13:38
torcolvin
torcolvin reviewed Jul 3, 2024
View reviewed changes
rest/config_database.go
Comment on lines +103 to +106
dblc.Audit = &DbAuditLoggingConfig{
Enabled: base.BoolPtr(false),
EnabledEvents: base.DefaultAuditEventIDs,
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would have expected these to inherit the value from the bootstrap and override if appropriate?

Is this change specific to capella, since audit logging should be enabled globally, but potentially turned off per database?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's anticipated that users will enable audit logging (globally), and then opt-into databases one at a time where required. Enabling globally then disabling subsets of databases creates unnessesary audit work/noise for the sake of one extra API call. It's expected that users will want to customise their enabled audit events anyway.

@torcolvin torcolvin assigned bbrks and unassigned torcolvin Jul 3, 2024
@bbrks bbrks assigned torcolvin and unassigned bbrks Jul 5, 2024
@torcolvin torcolvin assigned bbrks and unassigned torcolvin Jul 8, 2024
@bbrks bbrks merged commit 8c39b48 into feature/CBG-3822-audit-logging Jul 8, 2024
21 checks passed
@bbrks bbrks deleted the CBG-3975 branch July 8, 2024 13:12
@bbrks bbrks mentioned this pull request Jul 8, 2024
Merged
1 task
bbrks added a commit that referenced this pull request Jul 8, 2024
@bbrks
CBG-3975: Configuration wiring for audit logging and /db/_config APIs (
0ae687d 
…#6918)

* Wire up config for audit logging. Per-database audit log settings can be read/written through /db/_config api

* Show correct 'enabled' state for event in /db/_config/audit

* Allow rutime setting of bootstrap logging.audit.enabled from root /_config like the other loggers
bbrks added a commit that referenced this pull request Jul 8, 2024
@bbrks
CBG-3975: Configuration wiring for audit logging and /db/_config APIs (
b0b5680 
…#6918)

* Wire up config for audit logging. Per-database audit log settings can be read/written through /db/_config api

* Show correct 'enabled' state for event in /db/_config/audit

* Allow rutime setting of bootstrap logging.audit.enabled from root /_config like the other loggers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@torcolvin torcolvin torcolvin approved these changes

Assignees

@bbrks bbrks

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bbrks @torcolvin