-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Audit log #1071
Labels
enhancement
New feature or request that adds new things or value to Hive
Comments
n1ru4l
added
the
enhancement
New feature or request that adds new things or value to Hive
label
Nov 6, 2023
I wrote a brief proposal here: https://github.com/kamilkisiela/graphql-hive/blob/audit-log-wip/docs/proposals/proposal-audit-log.md I even opened it here for a draft PR in case you would want to comment on specific lines in the markdown doc: #4990 let me know your feedback @kamilkisiela @n1ru4l |
Audit logs WorkflowStep 1: DB Implementation
Step 2: GraphQL API
Step 3: Audit logs table
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Background
Audit logs provide a full record of all user activities and system events, scoped under each organization.
Having this kind of log will allow organizations to monitor all actions (and background actions) for security and compliance purposes.
Implementation
To achieve this kind of logging, we would need to have an easy-to-use technical mechanism to integrate with the crucial flows.
Some of the flows might be triggered by a user (for example: CLI) or a machine (for example: CI/CD actions, GraphQL gateway), or by a background job (for example: Hive purge process)
Events
To get started with this task, we'll need the following events to be fully covered (also see Compliance section):
Storage
We expect the audit log to contain a lot of records, and we expect to allow users to have time-series views on that data, we want to use ClickHouse.
Compliance
To be compliant with requirements, we need to allow admins to:
The following are nice-to-have, but can help with compliance:
Technical Design
API
API needs to expose the list of events, including actor, date & time, and other significant information based on the event (based on the type of the event).
To achieve such a thing, we can use an approach similar to ActivityLog implementation (a GraphQL
interface
and implementingtype
s).Access to that part of the API needs to be allowed to the organization's admins.
UI
We can begin with a paginated list of recent events, and allow filtering based on event type and/or date/time range. By default, the list should show the N (30?) last events.
Definition of Done
Based on the definition above, this task can be split into multiple sub-tasks/standalone PRs:
The text was updated successfully, but these errors were encountered: