Audit Logs for Postgres connections opened through a data link #9873
Conversation
| @Override | ||
| public DatabaseMetaData getMetaData() throws SQLException { | ||
| return underlying.getMetaData(); | ||
| } |
There was a problem hiding this comment.
Currently metadata is not audited. That means that the act of listing tables existing in the database is not audited.
Do you think we should change that? It was unclear to me if it's something that we want to log or not. It is easy to add if we decided that we do want it.
There was a problem hiding this comment.
Agree don't think we need to audit Metadata queries.
…gres # Conflicts: # CHANGELOG.md
|
I was curious what happens if I open an SQLite database file stored in the Enso Cloud (or S3). It was failing with So I added the missing method, changing the failure to a clearer: |
std-bits/database/src/main/java/org/enso/database/audit/CloudAuditedConnection.java
Outdated
Show resolved
Hide resolved
| @Override | ||
| public DatabaseMetaData getMetaData() throws SQLException { | ||
| return underlying.getMetaData(); | ||
| } |
There was a problem hiding this comment.
Agree don't think we need to audit Metadata queries.
There was a problem hiding this comment.
How come this needs to be in Standard.Base?
There was a problem hiding this comment.
The problem is that Enso_Cloud.Internal.Utils used here are private.
We'd need to start running Base_Tests with --disable-private-check. But tbh I'm worried about doing that as I already noted somewhere. If we run our whole test suite with --disable-private-check then we are testing with different settings than used in production. We already ran into problems where private keyword introduced regressions - the display method that I fix in this PR got broken because of it. Here the regression went unnoticed because our tests did not cover the display method. But if we then --disable-private-check for our test suite, we can have such undetected regressions in other places, only to be seen when used in production environments that lack the --disable-private-check parameter.
On the other hand I remember we wanted to restructure our tests in such a way that they'd be able to access private methods of the tested package by default. Given that Enso is an inherently dynamic language, the problems described in the paragraph above convince me this may not be the safest thing to do.
There was a problem hiding this comment.
Still, I agree that these utils probably should not be part of the library.
I can move them to the tests and change so that Base_Tests are run with --disable-private-check for now. But I think for longer term some better solution is needed.
My proposal (that's just one way we could do that) would be to:
- change
--disable-private-checkto--allow-disabling-private-checkand changing the methods of overcoming private acccess to be more localized: - for the static part - i.e. imports - introduce a
private import A.B.Csyntax that allows to import private modules, - for the dynamic part, introduce
Context.Private_Access.with_enabledthat allows to enable private access only within a delimited scope.
The two new constructs would only be allowed if --allow-disabling-private-check flag was passed to the interpreter. If no such flag was passed, the private import would need to result in a compiler error, and the Context.Private_Access.with_enabled would panic. Thus in normal usage of Enso, private access will not be allowed, and within our tests (that would have this flag turned on), we can enable the access but only if explicitly opted-in, delimited to the minimal scopes where this is really needed (e.g. only to implement such Test_Utils helper). Thus all other tests that do not rely on exposing privacy would be unaffected and still test the behaviour as it is working in production configurations.
|
Report from OpenSearch logs, sorted by the sequence number. I highlighted a block corresponding to a table update rows transaction. |
…gres # Conflicts: # CHANGELOG.md
Pull Request Description
EnsoMeta- a helper Java class that can be used in our helper libraries to access Enso types.Table.displayto share code between in-memory and DB - it was needed as the function stopped working forDB_Tableafter adding making theTableconstructorprivate.Correlate Database audit log entries with the asset id of the data link used for the connection, if available #9869
Include project name in Database audit logs #9875
Audit Logs should be able to handle pressure #9870
System.exitis usedSystem.exitdoes not give a chance for background threads to complete, affecting audit logs #9871Important Notes
Checklist
Please ensure that the following checklist has been satisfied before submitting the PR:
Scala,
Java,
TypeScript,
and
Rust
style guides. In case you are using a language not listed above, follow the Rust style guide.