-
Notifications
You must be signed in to change notification settings - Fork 15
[Feature] Audit
CxJ edited this page Sep 27, 2022
·
1 revision
Audit is a critical feature for enterprises and many industries require audit capabilities for compliance, and many businesses require it internally for security best practices. To ensure Arlon does not create a complicated audit environment with actions occurring in disparate tools Arlon will implement a strict audit capability, including events for:
- All user invocations of the CLI including create cluster, update, delete. Profile create, update and delete.
- Changes to Arlon CRs made in the management clusters.
- A "change" is detected, where a change is one of:
- User edits a Arlon managed object on a cluster or in the management cluster.
- A User updates Git. A user updates a ClusterSpec or Profile using Arlon CLI.
- When a user runs a Diff
The audit trail should contain details such as:
- is detected and contain where the change is (GitRepo or Cluster)
- When ArgoCD Sync, replace, repair, prune actions are made, either manually or automated
- Audits should store a history of the Diff, at a minimum the actual Diff (which lines were not matching)
- Audit logs should be saved in Arlon and support sending the events to an external system via at a minimum web hook.
Cluster Enforcement Mode & Audit Options By default Enforced and Monitored mode clusters will automatically log audit events. Users need to optionally enable Audit for unmanaged clusters.