-
Notifications
You must be signed in to change notification settings - Fork 44
fix(membership): log audit record failures instead of dropping them #1770
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -801,14 +801,39 @@ func (s *Service) createRelation(ctx context.Context, resourceID, resourceType, | |
| return nil | ||
| } | ||
|
|
||
| // createAuditRecord writes the audit record and, when the write fails, logs | ||
| // every detail of the record so it can be recreated manually. | ||
| func (s *Service) createAuditRecord(ctx context.Context, record auditrecord.AuditRecord) { | ||
| if _, err := s.auditRecordRepository.Create(ctx, record); err != nil { | ||
| args := []any{ | ||
| "error", err, | ||
| "event", record.Event, | ||
| "org_id", record.OrgID, | ||
| "resource_id", record.Resource.ID, | ||
| "resource_type", record.Resource.Type, | ||
| "resource_name", record.Resource.Name, | ||
| "occurred_at", record.OccurredAt, | ||
| } | ||
| if record.Target != nil { | ||
| args = append(args, | ||
| "target_id", record.Target.ID, | ||
| "target_type", record.Target.Type, | ||
| "target_name", record.Target.Name, | ||
| "target_metadata", record.Target.Metadata, | ||
| ) | ||
| } | ||
|
Comment on lines
+817
to
+824
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win Redact PII from the fallback audit logs. Logging Consider redacting or hashing PII fields from the log arguments before logging. |
||
| s.log.WarnContext(ctx, "failed to create audit record", args...) | ||
| } | ||
| } | ||
|
|
||
| func (s *Service) auditOrgMemberRoleChanged(ctx context.Context, org organization.Organization, p principalInfo, roleID string) { | ||
| targetType, _ := principalTypeToAuditType(p.Type) | ||
| meta := map[string]any{"role_id": roleID} | ||
| if p.Email != "" { | ||
| meta["email"] = p.Email | ||
| } | ||
|
|
||
| s.auditRecordRepository.Create(ctx, auditrecord.AuditRecord{ | ||
| s.createAuditRecord(ctx, auditrecord.AuditRecord{ | ||
| Event: pkgAuditRecord.OrganizationMemberRoleChangedEvent, | ||
| Resource: auditrecord.Resource{ | ||
| ID: org.ID, | ||
|
|
@@ -840,7 +865,7 @@ func (s *Service) auditOrgMemberAdded(ctx context.Context, org organization.Orga | |
| meta["email"] = p.Email | ||
| } | ||
|
|
||
| s.auditRecordRepository.Create(ctx, auditrecord.AuditRecord{ | ||
| s.createAuditRecord(ctx, auditrecord.AuditRecord{ | ||
| Event: pkgAuditRecord.OrganizationMemberAddedEvent, | ||
| Resource: auditrecord.Resource{ | ||
| ID: org.ID, | ||
|
|
@@ -866,7 +891,7 @@ func (s *Service) auditOrgMemberAdded(ctx context.Context, org organization.Orga | |
| } | ||
|
|
||
| func (s *Service) auditOrgMemberRemoved(ctx context.Context, org organization.Organization, targetID string, targetType pkgAuditRecord.EntityType) { | ||
| s.auditRecordRepository.Create(ctx, auditrecord.AuditRecord{ | ||
| s.createAuditRecord(ctx, auditrecord.AuditRecord{ | ||
| Event: pkgAuditRecord.OrganizationMemberRemovedEvent, | ||
| Resource: auditrecord.Resource{ | ||
| ID: org.ID, | ||
|
|
@@ -1103,7 +1128,7 @@ func (s *Service) auditProjectMember(ctx context.Context, event pkgAuditRecord.E | |
| meta = map[string]any{} | ||
| } | ||
| meta["principal_type"] = principalType | ||
| s.auditRecordRepository.Create(ctx, auditrecord.AuditRecord{ | ||
| s.createAuditRecord(ctx, auditrecord.AuditRecord{ | ||
| Event: event, | ||
| Resource: auditrecord.Resource{ | ||
| ID: prj.ID, | ||
|
|
@@ -1708,7 +1733,7 @@ func (s *Service) auditGroupMemberAdded(ctx context.Context, grp group.Group, p | |
| meta["email"] = p.Email | ||
| } | ||
|
|
||
| s.auditRecordRepository.Create(ctx, auditrecord.AuditRecord{ | ||
| s.createAuditRecord(ctx, auditrecord.AuditRecord{ | ||
| Event: pkgAuditRecord.GroupMemberAddedEvent, | ||
| Resource: auditrecord.Resource{ | ||
| ID: grp.ID, | ||
|
|
@@ -1741,7 +1766,7 @@ func (s *Service) auditGroupMemberRoleChanged(ctx context.Context, grp group.Gro | |
| meta["email"] = p.Email | ||
| } | ||
|
|
||
| s.auditRecordRepository.Create(ctx, auditrecord.AuditRecord{ | ||
| s.createAuditRecord(ctx, auditrecord.AuditRecord{ | ||
| Event: pkgAuditRecord.GroupMemberRoleChangedEvent, | ||
| Resource: auditrecord.Resource{ | ||
| ID: grp.ID, | ||
|
|
@@ -1774,7 +1799,7 @@ func (s *Service) auditGroupMemberRemoved(ctx context.Context, grp group.Group, | |
| meta["email"] = p.Email | ||
| } | ||
|
|
||
| s.auditRecordRepository.Create(ctx, auditrecord.AuditRecord{ | ||
| s.createAuditRecord(ctx, auditrecord.AuditRecord{ | ||
| Event: pkgAuditRecord.GroupMemberRemovedEvent, | ||
| Resource: auditrecord.Resource{ | ||
| ID: grp.ID, | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🗄️ Data Integrity & Integration | 🟡 Minor | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
Repository: raystack/frontier
Length of output: 10010
🏁 Script executed:
Repository: raystack/frontier
Length of output: 10862
🏁 Script executed:
Repository: raystack/frontier
Length of output: 2831
🏁 Script executed:
Repository: raystack/frontier
Length of output: 4954
Include the actor ID in the fallback log
WarnContextonly carries request-scoped attrs here, and this path still logs an empty actor because the repository fills it in later. Add the actor ID from context so a failed audit write can be recreated fully.Source: Learnings