Commit 4175bf6
authored
Audit log all endpoints + coverage test (#9467)
Closes #8819
Closes #8820
1. An ergonomic helper `audit_and_time` that
a. Wraps up the two annoying audit log calls — init and complete — into
a single function that takes the handler logic as a callback
b. Combines that with the latency timing function, because it's ugly to
do both
2. A test that uses the `VERIFY_ENDPOINTS` list to make sure every
non-get endpoint gets an audit log entry when you call it
* Two exceptions: `system_timeseries_query` and `timeseries_query`,
which are POSTs because of the query body but are read operations
3. Add audit log calls to every relevant endpoint.
Logging IDs of created resource (#8811) was discussed in here and
prototyped, but I took it out because it requires some decision-making.
The idea with the helper is that however if we do the resource IDs by
implementing a trait on response structs (I will post a draft PR showing
how this looks), it shouldn’t require changing all the callsites. Then
again, even if it did, it's not a huge deal.
<details>
<summary>Original PR description</summary>
This is a draft because I want to get reactions to the approach. Would
address #8820, #8811, and #8819. The idea is:
1. An ergonomic helper `audit_and_time` that
a. Wraps up the two annoying audit log calls — init and complete — into
a single function that takes the handler logic as a callback
b. Combines that with the latency timing function, because it's ugly to
do both
2. A test that uses the `VERIFY_ENDPOINTS` list to make sure every
non-get endpoint gets an audit log entry when you call it
The only added functionality here is the use of a trait
`MaybeHasResourceId` (could rename to `AuditResponse` or something) to
extract the ID of created resources so we can log them. Note that this
PR doesn't do any of the DB work yet to actually store that ID — I want
to make sure people like the callsite ergonomics first.
### Concerns and future plans
* Here I am specifically pulling out the ID of the created resource, but
in #8821 we discuss wanting to log the entire response body, and that
would include the ID and be strictly more general. So we might want to
skip straight to that if we expect to do it eventually. Added some notes
on handling giant responses
[here](#8821 (comment)).
* This doesn't address #8813 but that issue doesn't have anything to do
with the helper — we'll have to store the credential ID in the opctx and
pull it off of there in the audit log entry init call
</details>1 parent b7beb65 commit 4175bf6
4 files changed
Lines changed: 966 additions & 2296 deletions
File tree
- nexus
- src
- external_api
- tests
- integration_tests
- output
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
28 | 28 | | |
29 | 29 | | |
30 | 30 | | |
| 31 | + | |
31 | 32 | | |
32 | 33 | | |
33 | 34 | | |
| 35 | + | |
| 36 | + | |
34 | 37 | | |
35 | 38 | | |
36 | 39 | | |
| |||
334 | 337 | | |
335 | 338 | | |
336 | 339 | | |
| 340 | + | |
| 341 | + | |
| 342 | + | |
| 343 | + | |
| 344 | + | |
| 345 | + | |
| 346 | + | |
| 347 | + | |
| 348 | + | |
| 349 | + | |
| 350 | + | |
| 351 | + | |
| 352 | + | |
| 353 | + | |
| 354 | + | |
| 355 | + | |
| 356 | + | |
| 357 | + | |
| 358 | + | |
| 359 | + | |
| 360 | + | |
| 361 | + | |
| 362 | + | |
| 363 | + | |
| 364 | + | |
| 365 | + | |
| 366 | + | |
| 367 | + | |
| 368 | + | |
| 369 | + | |
| 370 | + | |
| 371 | + | |
| 372 | + | |
| 373 | + | |
| 374 | + | |
| 375 | + | |
337 | 376 | | |
338 | 377 | | |
339 | 378 | | |
| |||
0 commit comments