Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge audit logging feature branch into main #6946

Merged
merged 7 commits into from
Jul 8, 2024

Conversation

@bbrks bbrks requested a review from torcolvin July 8, 2024 14:54
bbrks added 6 commits July 8, 2024 15:54
* Add audit types and placeholder event

* Add code and test to generate auditd compatible JSON module descriptor

* Run addlicense

* Rearrange for single-file of event definitiuons

* Rename and clarify auditd type magic values
* Add config fields for audit logging

* Support all flag types and pointers in fillConfigWithFlags

* tweak comment

* wip

* rebase fix for rotation_interval

* Move uint map key to string for JSON

* Add API specs

* make GET API actually return the data...

* Add placeholder audit log config for runtime server config

* Add db/global audit log API changes

* unindent
Ran into issues pretty quickly with import cycles due to audit code requiring utils in base (e.g. MultiError).
This is just an inherent problem with SG's base package structure that we have to deal with.

No easy way around this without larger refactoring and splitting of base, so just flatten audit into base.
* Initial implementation of Audit() - Replace placeholder with ReadDatabase

* Validate the passed audit ID at Audit() invocation

* Complete auth events descriptors

* Run CI tests with cb_sg_devmode build flag

* Run with devmode flag in integration tests

* run race with devmode flag set

* comment typo

* Share common code across audit logger and file logger, rip out slog...

* Rename `checkAuth` to `checkPublicAuth`, make audit events PublicUser specific (will have separate ones for Admin users), remove unused placeholder events.
…#6918)

* Wire up config for audit logging. Per-database audit log settings can be read/written through /db/_config api

* Show correct 'enabled' state for event in /db/_config/audit

* Allow rutime setting of bootstrap logging.audit.enabled from root /_config like the other loggers
@bbrks bbrks force-pushed the feature/CBG-3822-audit-logging branch from 8c39b48 to 0ae687d Compare July 8, 2024 14:57
Copy link

github-actions bot commented Jul 8, 2024

Redocly previews

torcolvin
torcolvin previously approved these changes Jul 8, 2024
@bbrks bbrks enabled auto-merge (rebase) July 8, 2024 15:44
@bbrks bbrks merged commit 0f24f7f into main Jul 8, 2024
36 of 37 checks passed
@bbrks bbrks deleted the feature/CBG-3822-audit-logging branch July 8, 2024 15:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants