Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit: Timestamps on sink entries should match the creation time of the audit event #26088

Merged
merged 2 commits into from
Mar 22, 2024
Merged

Audit: Timestamps on sink entries should match the creation time of the audit event #26088

merged 2 commits into from
Mar 22, 2024

Conversation

peteski22
Copy link

@peteski22 peteski22 commented Mar 22, 2024
edited
Loading

Previously when entries for audit were written to configured sinks (file, socket, syslog) the time associated with each entry was related to the exact time the sink tried to write it, and not the time the audit entry itself was created.

This PR changes this so that the time the entry (audit event) is created is the time which appears in the sink logs, this will help Operators to coordinate entries across multiple audit device sinks.

Addresses #8466

@peteski22 peteski22 added core/audit hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed labels Mar 22, 2024
@peteski22 peteski22 added this to the 1.16.1 milestone Mar 22, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 22, 2024
edited
Loading

CI Results:
All Go tests succeeded! ✅

@peteski22 peteski22 marked this pull request as ready for review March 22, 2024 10:33
@github-actions GitHub Actions
Copy link

Build Results:
All builds succeeded! ✅

VioletHynes
VioletHynes approved these changes Mar 22, 2024
View reviewed changes
Copy link
Contributor

@VioletHynes VioletHynes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great! I love the implementation. Very clean and easy to understand.

audit/entry_formatter_test.go
// to provide a formatted time.
type testTimeProvider struct{}

// formattedTime always returns the same value for 22nd March 2024 at 10:00:05 (and 10 nanos).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Environmental storytelling ;P

ccapurso
ccapurso approved these changes Mar 22, 2024
View reviewed changes
Copy link
Contributor

@ccapurso ccapurso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@peteski22 peteski22 merged commit 5a1d20b into main Mar 22, 2024
99 of 124 checks passed
@peteski22 peteski22 deleted the peteski22/audit/timestamps branch March 22, 2024 13:26
Merged
@heatherezell heatherezell mentioned this pull request Mar 25, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VioletHynes VioletHynes VioletHynes approved these changes

@ccapurso ccapurso ccapurso approved these changes

@biazmoreira biazmoreira Awaiting requested review from biazmoreira

@marcboudreau marcboudreau Awaiting requested review from marcboudreau

@kubawi kubawi Awaiting requested review from kubawi

Assignees
No one assigned
Labels
core/audit hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed
Projects
None yet
Milestone
1.16.1
Development

Successfully merging this pull request may close these issues.
3 participants
@peteski22 @ccapurso @VioletHynes