Thanks to visit codestin.com
Credit goes to github.com

Skip to content

audit: audit the audit log πŸ” #4408

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bpmct opened this issue Oct 6, 2022 · 6 comments
Closed

audit: audit the audit log πŸ” #4408

bpmct opened this issue Oct 6, 2022 · 6 comments
Assignees
@Kira-Pilot
Milestone
EE

Comments

@bpmct
Copy link
Member

bpmct commented Oct 6, 2022

As we're quickly building/changing features, we need to ensure the audit log is capturing an accurate trail of user actions.

A 🦈 has caught a couple of issues, but we need to do a comprehensive list of CRUD actions (CLI and dashboard) and ensure they're being accurately represented.

The intended behavior is documented here.

Additionally, we should have a process in place for ensuring incoming features (#4125, #4311) are represented in the audit log. Can we do this via automated tests or should we build something into the product/QA process?

It's better to start thinking about this now before we introduce a lot of debt.
@bpmct bpmct added this to the EE milestone Oct 6, 2022
@f0ssel
Copy link
Contributor

f0ssel commented Oct 7, 2022

I think it's easy enough to write go tests for this, it's probably best to have each feature/endpoint do it's own expected audit log testing.

@coadler
Copy link
Contributor

coadler commented Oct 7, 2022

One thing that makes testing audit logs generated by AGPL routes hard is that the audit logs are generated in the enterprise code. You can really only assert the inputs to the enterprise code unless you want to move the tests there as well.

@Kira-Pilot Kira-Pilot self-assigned this Oct 7, 2022
@Kira-Pilot
Copy link
Member

Kira-Pilot commented Oct 10, 2022
edited
Loading

Discussed with @coadler and the path forward here is to:

  1. fix the above issues and any others we come across smoke-testing.
  2. ensure that we assert the creation (rather than content) of logs for each action. We cannot test the diffs because we cannot easily test the enterprise code.

There is no way to automate audit log creation for new features, but I can write a quick how-to if that's helpful, @bpmct.

@bpmct
Copy link
Member Author

bpmct commented Oct 10, 2022

There is no way to automate audit log creation for new features, but I can write a quick how-to if that's helpful, @bpmct.

That would be helpful! We can ensure that incoming features are in the audit log during QA and rely on automated tests to ensure records remain accurate. Does that make sense to you @Kira-Pilot?

@Kira-Pilot
Copy link
Member

Yup, sounds good to me! @bpmct

@bpmct bpmct changed the title Audit the audit log πŸ” audit: add/validate tests for audited events πŸ” Oct 10, 2022
@bpmct bpmct changed the title audit: add/validate tests for audited events πŸ” audit: audit the audit log πŸ” Oct 19, 2022
@Kira-Pilot
Copy link
Member

@bpmct I am going to close this issue if that's alright with you as I think it has been completed!
Here is a guide on auditing new features for product/future devs.
Here is an epic of Audit issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Kira-Pilot Kira-Pilot

Labels
None yet
Projects
None yet
Milestone
EE
Development

No branches or pull requests
4 participants
@coadler @Kira-Pilot @f0ssel @bpmct