Skip to content

[server] audit log service #19917

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 25, 2024
Merged

[server] audit log service #19917

merged 1 commit into from
Jun 25, 2024

Conversation

svenefftinge
Copy link
Contributor

@svenefftinge svenefftinge commented Jun 17, 2024
edited
Loading

Description

Introduces generic audit logging, that can be turned on through a feature flag.

It only works for user that have an organizationId. For testing you need to manually update the db entry and then log out and in again.
Just ping me after you signed up and I will do that for you.

Related Issue(s)

Fixes #

How to test

Documentation

Preview status

Gitpod was successfully deployed to your preview environment.

  • 🏷️ Name - se-audit-logs
  • 🔗 URL - se-audit-logs.preview.gitpod-dev.com/workspaces.
  • 📚 Documentation - See our internal documentation for information on how to interact with your preview environment.
  • 📦 Version -
  • 🗒️ Logs - GCP Logs Explorer

    • Build Options

    Build
    • /werft with-werft
      Run the build with werft instead of GHA
    • leeway-no-cache
    • /werft no-test
      Run Leeway with --dont-test
    Publish
    • /werft publish-to-npm
    • /werft publish-to-jb-marketplace
    Installer
    • analytics=segment
    • with-dedicated-emulation
    • workspace-feature-flags
      Add desired feature flags to the end of the line above, space separated
    Preview Environment / Integration Tests
    • /werft with-local-preview
      If enabled this will build install/preview
    • /werft with-preview
    • /werft with-large-vm
    • /werft with-gce-vm
      If enabled this will create the environment on GCE infra
    • /werft preemptible
      Saves cost. Untick this only if you're really sure you need a non-preemtible machine.
    • with-integration-tests=all
      Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh. If enabled, with-preview and with-large-vm will be enabled.
    • with-monitoring

    /hold

filiptronicek
filiptronicek reviewed Jun 18, 2024
View reviewed changes
@roboquat roboquat added size/XXL and removed size/XL labels Jun 20, 2024
@svenefftinge svenefftinge force-pushed the se/audit-logs branch 3 times, most recently from 4ca0e54 to dfeceb9 Compare June 20, 2024 12:00
@svenefftinge svenefftinge marked this pull request as ready for review June 20, 2024 12:00
@svenefftinge svenefftinge requested review from a team as code owners June 20, 2024 12:00
filiptronicek
filiptronicek reviewed Jun 20, 2024
View reviewed changes
Copy link
Member

@filiptronicek filiptronicek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Took a quick look at the code and left some comments. I am happy to test and have signed up in the preview environment.

@svenefftinge svenefftinge force-pushed the se/audit-logs branch 4 times, most recently from b540867 to fabe902 Compare June 24, 2024 12:44
@Siddhant-K-code
Copy link
Member

It only works for user that have an organizationId. For testing you need to manually update the db entry and then log out and in again.
Just ping me after you signed up and I will do that for you.

@svenefftinge can you do that for me 🙏🏼

temp orgId: 4ac145ee-ad57-431e-9503-2fa5bb745310
temp userId: b64e91b6-0a78-4147-ada6-5cb282022ea3

@svenefftinge
Copy link
Contributor Author

svenefftinge commented Jun 24, 2024
edited
Loading

@Siddhant-K-code @filiptronicek I changed your users to enable audit logs

You can try the API with this:

curl -X POST \
  "https://api.$GITPOD_DOMAIN/gitpod.v1.AuditLogService/ListAuditLogs" \
  --header "Authorization: Bearer $TOKEN" \
  --header 'content-type: application/json' \
  --data-raw '{
    "organizationId": "<organization_id>",
    "pagination": {
        "pageSize": 200,
        "page": 0
    },
    "from": "2024-01-13T07:06:45.659Z",
    "to": "2024-07-13T07:06:48.659Z"
}'

filiptronicek
filiptronicek approved these changes Jun 24, 2024
View reviewed changes
Copy link
Member

@filiptronicek filiptronicek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can get audit logs correctly for basically everything I did in the preview environment, it's very nice.

I assume the next step is filtering this down to non-personal write events? Do we have a ticket for that?

{
  "pagination": {
    "total": 118
  },
  "auditLogs": [
    {
      "id": "5c62c015-834d-45a6-9090-07716335e22a",
      "timestamp": "2024-06-24T14:16:40.612Z",
      "action": "gitpod.v1.OrganizationService/listOrganizationMembers",
      "organizationId": "1ea2a67e-cc3a-468a-b776-30fe0504f201",
      "actorId": "010529b6-17e5-4289-b9e5-7446e9393164",
      "args": "[{\"pagination\":{\"page\":0,\"token\":\"\",\"pageSize\":1000},\"organizationId\":\"1ea2a67e-cc3a-468a-b776-30fe0504f201\"}]"
    },
    {
      "id": "f1464525-8f33-4f05-97d8-5862dda4bae1",
      "timestamp": "2024-06-24T14:16:40.611Z",
      "action": "gitpod.v1.OrganizationService/getOrganizationInvitation",
      "organizationId": "1ea2a67e-cc3a-468a-b776-30fe0504f201",
      "actorId": "010529b6-17e5-4289-b9e5-7446e9393164",
      "args": "[{\"organizationId\":\"1ea2a67e-cc3a-468a-b776-30fe0504f201\"}]"
    },
    {
      "id": "47dc651d-f6f9-4e20-9491-94584afdb007",
      "timestamp": "2024-06-24T14:16:39.465Z",
      "action": "gitpod.v1.WorkspaceService/listWorkspaces",
      "organizationId": "1ea2a67e-cc3a-468a-b776-30fe0504f201",
      "actorId": "010529b6-17e5-4289-b9e5-7446e9393164",
      "args": "[{\"pinned\":true,\"pagination\":{\"page\":0,\"token\":\"\",\"pageSize\":50},\"searchTerm\":\"\",\"organizationId\":\"1ea2a67e-cc3a-468a-b776-30fe0504f201\"}]"
    },
  ]
}

@svenefftinge svenefftinge force-pushed the se/audit-logs branch 2 times, most recently from d6fe2ec to 55d374d Compare June 24, 2024 16:20
@svenefftinge
Copy link
Contributor Author

/unhold

@roboquat roboquat merged commit 9fa6f88 into main Jun 25, 2024
@roboquat roboquat deleted the se/audit-logs branch June 25, 2024 08:10
@geropl geropl mentioned this pull request Jul 21, 2024
Merged
15 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@filiptronicek filiptronicek filiptronicek approved these changes

Assignees
No one assigned
Labels
size/XXL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@svenefftinge @Siddhant-K-code @filiptronicek @roboquat