fix: link assigned name in activity create summaries for generateName

scotwells · scotwells · commit 4e43bf8bea13 · 2026-06-25T10:26:04.000-05:00
Activity summaries dereferenced audit fields that are not always present, so activity generation failed silently and creates went missing from the user's activity feed. Confirmed in production for Connector (create) and Domain (update). Two distinct causes: - generateName creates have no objectRef.name; the assigned name lives in responseObject.metadata.name. Reading objectRef.name errored with "no such key: name". - Domain's domainName is required and immutable, so updates/patches omit it from the request body; requestObject.spec.domainName is absent on updates. Key changes: - Connector, ConnectorAdvertisement, TrafficProtectionPolicy, BackendTLSPolicy, Gateway: create-rule summaries link responseObject.metadata.name. Update rules unchanged — objectRef.name is always present on updates. - Domain: create and update summaries link responseObject.spec.domainName (the stored object always carries it), matching the existing delete rule. Claude-Session: https://claude.ai/code/session_01KnYuL5Pf1R5ysZoxxNkKiu
diff --git a/config/milo/activity/policies/backendtlspolicy-policy.yaml b/config/milo/activity/policies/backendtlspolicy-policy.yaml
@@ -17,7 +17,7 @@ spec:
     # BackendTLSPolicy creation with spec available
     - name: create
       match: "!audit.user.username.startsWith('system:') && audit.verb == 'create' && has(audit.requestObject.spec)"
-      summary: "{{ actor }} created backend TLS policy {{ link(audit.objectRef.name, audit.objectRef) }}"
+      summary: "{{ actor }} created backend TLS policy {{ link(audit.responseObject.metadata.name, audit.objectRef) }}"
 
     # BackendTLSPolicy creation fallback (no spec)
     - name: create-fallback
diff --git a/config/milo/activity/policies/connector-policy.yaml b/config/milo/activity/policies/connector-policy.yaml
@@ -17,7 +17,7 @@ spec:
     # Connector creation with spec available
     - name: create
       match: "!audit.user.username.startsWith('system:') && audit.verb == 'create' && has(audit.requestObject.spec)"
-      summary: "{{ actor }} created connector {{ link(audit.objectRef.name, audit.objectRef) }}"
+      summary: "{{ actor }} created connector {{ link(audit.responseObject.metadata.name, audit.objectRef) }}"
 
     # Connector creation fallback (no spec)
     - name: create-fallback
diff --git a/config/milo/activity/policies/connectoradvertisement-policy.yaml b/config/milo/activity/policies/connectoradvertisement-policy.yaml
@@ -18,7 +18,7 @@ spec:
     # ConnectorAdvertisement creation with spec available
     - name: create
       match: "!audit.user.username.startsWith('system:') && audit.verb == 'create' && has(audit.requestObject.spec)"
-      summary: "{{ actor }} created connector advertisement {{ link(audit.objectRef.name, audit.objectRef) }}"
+      summary: "{{ actor }} created connector advertisement {{ link(audit.responseObject.metadata.name, audit.objectRef) }}"
 
     # ConnectorAdvertisement creation fallback (no spec)
     - name: create-fallback
diff --git a/config/milo/activity/policies/domain-policy.yaml b/config/milo/activity/policies/domain-policy.yaml
@@ -18,7 +18,7 @@ spec:
     # Domain creation with spec.domainName available - use domain name as display text
     - name: create
       match: "!audit.user.username.startsWith('system:') && audit.verb == 'create' && has(audit.requestObject.spec)"
-      summary: "{{ actor }} created domain {{ link(audit.requestObject.spec.domainName, audit.objectRef) }}"
+      summary: "{{ actor }} created domain {{ link(audit.responseObject.spec.domainName, audit.objectRef) }}"
 
     # Domain creation fallback (no spec)
     - name: create-fallback
@@ -38,7 +38,7 @@ spec:
     # Domain update with spec available - excludes status subresource
     - name: update
       match: "!audit.user.username.startsWith('system:') && audit.verb in ['update', 'patch'] && !has(audit.objectRef.subresource) && has(audit.requestObject.spec)"
-      summary: "{{ actor }} updated domain {{ link(audit.requestObject.spec.domainName, audit.objectRef) }}"
+      summary: "{{ actor }} updated domain {{ link(audit.responseObject.spec.domainName, audit.objectRef) }}"
 
     # Domain update fallback (no spec)
     - name: update-fallback
diff --git a/config/milo/activity/policies/gateway-policy.yaml b/config/milo/activity/policies/gateway-policy.yaml
@@ -17,7 +17,7 @@ spec:
     # Gateway creation with spec available
     - name: create
       match: "!audit.user.username.startsWith('system:') && audit.verb == 'create' && has(audit.requestObject.spec)"
-      summary: "{{ actor }} created gateway {{ link(audit.objectRef.name, audit.objectRef) }}"
+      summary: "{{ actor }} created gateway {{ link(audit.responseObject.metadata.name, audit.objectRef) }}"
 
     # Gateway creation fallback (no spec)
     - name: create-fallback
diff --git a/config/milo/activity/policies/trafficprotectionpolicy-policy.yaml b/config/milo/activity/policies/trafficprotectionpolicy-policy.yaml
@@ -17,7 +17,7 @@ spec:
     # TrafficProtectionPolicy creation with spec available
     - name: create
       match: "!audit.user.username.startsWith('system:') && audit.verb == 'create' && has(audit.requestObject.spec)"
-      summary: "{{ actor }} created traffic protection policy {{ link(audit.objectRef.name, audit.objectRef) }}"
+      summary: "{{ actor }} created traffic protection policy {{ link(audit.responseObject.metadata.name, audit.objectRef) }}"
 
     # TrafficProtectionPolicy creation fallback (no spec)
     - name: create-fallback
