Created audit logged JDBC connection for Postgres based Datalinks #9599
Comments
jdunkerley
added
-libs
|
Probably worth describing how hard it is to still go around this wrapping using reflection (try out in practice). |
Should this be used with Postgres connections established through any data link, or only through data links that are on the Enso Cloud? Should maybe the data link have an |
Decided that for now we will audit all connections opened through any datalink regardless of source. That is because it is trivial to copy a cloud datalink to the local machine. |
|
Radosław Waśko reports a new STANDUP for yesterday (2024-04-29): Progress: Starting work on Audited Postgres connection. Creating stub for the AuditedConnection, implementing sending audit logs in background. WIP. It should be finished by 2024-05-07. Next Day: Next day I will be working on the same task. Continue with implementation. Write tests for audit and for the Postgres connection in particular. Add log functionality to cloud mock for easier testing. |
|
Radosław Waśko reports a new STANDUP for yesterday (2024-04-30): Progress: Implemented logic for sending audit logs. Added simple tests. Work on integrating audited connection in Postgres JDBC. It should be finished by 2024-05-07. Next Day: Next day I will be working on the same task. Fix failures to send the logs. Add tests for DB. Connect everything together. |
|
Radosław Waśko reports a new STANDUP for yesterday (2024-05-02): Progress: Added tests for logs. Tested them on the prod Cloud. Debugged failures. Reported problems to the Cloud team. Implemented a workaround. Debugged problems with Enso_Project returning wrong project reference / not working from Java - filed an Issue. For now logs stay without project name. Continued implementation of the Audited JDBC connection. PoC integration with Postgres datalink - first SQL audit logs visible. It should be finished by 2024-05-07. Next Day: Next day I will be working on the same task. Implement the Cloud Mock for logs for easier testing. Correlate asset id of the datalink with its connection. |
|
Radosław Waśko reports a new STANDUP for yesterday (2024-05-06): Progress: Fixed signature extraction in the Types prototype and added more tests for it. Implemented the Cloud Mock for logs. Added tests for SQL auditing. Thinking how to integrate asset id correlation. It should be finished by 2024-05-07. Next Day: Next day I will be working on the same task. Create the PR. Plan followup work. |
|
Radosław Waśko reports a new STANDUP for yesterday (2024-05-07): Progress: Final touches - improved the tests a bit. Created follow up tickets. Put up the PR. It should be finished by 2024-05-07. Next Day: Next day I will be working on the #9673 task. Work on next tasks. |
|
Radosław Waśko reports a new 🔴 DELAY for yesterday (2024-05-08): Summary: There is 1 day delay in implementation of the Created audit logged JDBC connection for Postgres based Datalinks (#9599) task. Delay Cause: some more work was needed, also fixing some partially related problems |
|
Radosław Waśko reports a new STANDUP for yesterday (2024-05-08): Progress: Added some missing implementations in AuditedStatement that i forgot about earlier. Refactor table display: it regressed due to private keyword changes and was untested; removed some duplicate code. Improved error message for SQLite over remote backend. Work on finishing the follow up PR for license tool. It should be finished by 2024-05-08. Next Day: Next day I will be working on the #9812 task. Get the PRs ready for merge. Work on Types. |
- Closes #9599 - Implemented API for sending audit logs to the cloud on a background thread. - If the Postgres connection is opened through a datalink, its internal JDBC connection is replaced by a wrapper that reports executed queries to the audit log. - Also introduces `EnsoMeta` - a helper Java class that can be used in our helper libraries to access Enso types. - I have replaced the common pattern scattered throughout the codebase with calls to this 'library' to avoid repetitive code. - Refactored `Table.display` to share code between in-memory and DB - it was needed as the function stopped working for `DB_Table` after adding making the `Table` constructor `private`. - Clearer error when reading a SQLite database from a remote file (tells the user to download it first). - Follow up - correlate asset id of the data link: #9869 - Follow up - include project name (once bug is fixed): #9875 - Some problems/improvements of the audit log: - The audit log system is not yet ready for high throughput of logs #9870 - The logs may be lost if `System.exit` is used #9871
New feature in the
Standard.Base.Enso_Cloudlibrary, allowing us to write an "audit" message to the cloud.Audited JDBC Proxy object is returned instead of the base JDBC proxy.
While not this task, the Snowflake JDBC connection will likewise be sat behind the same.
Eventually, we can also allow the user to opt into auditing all JDBC actions.
The text was updated successfully, but these errors were encountered: