Audit Events
Greg Cobb edited this page Jun 8, 2018
·
1 revision
This is an attempt to codify how audit events should ideally work. It is not representative of how audit events currently work in CC.
This applies only to audit events. It does not apply to usage events!
An audit event shall be created:
- When the action represented by the event is attempted
- Regardless of whether the event was triggered directly by user action
- Regardless of whether the action succeeds or fails
- After authentication and authorization are checked
- After superficial validations are completed
- For async jobs, when work on the async job is started, not when it is requested
- Audit events should be created in Action classes
- Audit events should be created before work is attempted in the action
- Audit events should not be created in transactions shared with other resources
- Triggered by TPS watcher, not indicative of user action/ intent
- Named "delete-request" instead of "delete"
- Generally occurs when operation succeeds instead of when attempted
- Triggered by nightly job, non indicative of user action/ intent
-
Pipelines
-
Contributing
- Tips and Tricks
- Cloud Controller API v3 Style Guide
- Playbooks
- Development configuration
- Testing
-
Architectural Details
-
CC Resources
- Apps
- Audit Events
- Deployments
- Labels
- Services
- Sidecars
-
Dependencies
-
Troubleshooting
- Ruby Console Script to Find Fields that Cannot Be Decrypted
- Logging database queries in unit tests
- Inspecting blobstore cc resources and cc packages(webdav)
- How to Use USR1 Trap for Diagnostics
- How to Perf: Finding and Fixing Bottlenecks
- How to get access to mysql database
- How To Get a Ruby Heap Dumps & GC Stats from CC
- How to curl v4 internal endpoints with mtls
- How to access Bosh Director console and restore an outdated Cloud Config
- Analyzing Cloud Controller's NGINX logs using the toplogs script
-
k8s
-
Archive