-
Notifications
You must be signed in to change notification settings - Fork 316
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Audit Logs for Postgres connections opened through a data link #9873
Conversation
@Override | ||
public DatabaseMetaData getMetaData() throws SQLException { | ||
return underlying.getMetaData(); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Currently metadata is not audited. That means that the act of listing tables existing in the database is not audited.
Do you think we should change that? It was unclear to me if it's something that we want to log or not. It is easy to add if we decided that we do want it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree don't think we need to audit Metadata queries.
…gres # Conflicts: # CHANGELOG.md
I was curious what happens if I open an SQLite database file stored in the Enso Cloud (or S3). It was failing with So I added the missing method, changing the failure to a clearer: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great - a few little questions.
std-bits/database/src/main/java/org/enso/database/audit/CloudAuditedConnection.java
Outdated
Show resolved
Hide resolved
@Override | ||
public DatabaseMetaData getMetaData() throws SQLException { | ||
return underlying.getMetaData(); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree don't think we need to audit Metadata queries.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How come this needs to be in Standard.Base?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The problem is that Enso_Cloud.Internal.Utils
used here are private
.
We'd need to start running Base_Tests
with --disable-private-check
. But tbh I'm worried about doing that as I already noted somewhere. If we run our whole test suite with --disable-private-check
then we are testing with different settings than used in production. We already ran into problems where private
keyword introduced regressions - the display
method that I fix in this PR got broken because of it. Here the regression went unnoticed because our tests did not cover the display
method. But if we then --disable-private-check
for our test suite, we can have such undetected regressions in other places, only to be seen when used in production environments that lack the --disable-private-check
parameter.
On the other hand I remember we wanted to restructure our tests in such a way that they'd be able to access private methods of the tested package by default. Given that Enso is an inherently dynamic language, the problems described in the paragraph above convince me this may not be the safest thing to do.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still, I agree that these utils probably should not be part of the library.
I can move them to the tests and change so that Base_Tests are run with --disable-private-check
for now. But I think for longer term some better solution is needed.
My proposal (that's just one way we could do that) would be to:
- change
--disable-private-check
to--allow-disabling-private-check
and changing the methods of overcoming private acccess to be more localized: - for the static part - i.e. imports - introduce a
private import A.B.C
syntax that allows to import private modules, - for the dynamic part, introduce
Context.Private_Access.with_enabled
that allows to enable private access only within a delimited scope.
The two new constructs would only be allowed if --allow-disabling-private-check
flag was passed to the interpreter. If no such flag was passed, the private import
would need to result in a compiler error, and the Context.Private_Access.with_enabled
would panic. Thus in normal usage of Enso, private access will not be allowed, and within our tests (that would have this flag turned on), we can enable the access but only if explicitly opted-in, delimited to the minimal scopes where this is really needed (e.g. only to implement such Test_Utils
helper). Thus all other tests that do not rely on exposing privacy would be unaffected and still test the behaviour as it is working in production configurations.
…gres # Conflicts: # CHANGELOG.md
Pull Request Description
EnsoMeta
- a helper Java class that can be used in our helper libraries to access Enso types.Table.display
to share code between in-memory and DB - it was needed as the function stopped working forDB_Table
after adding making theTable
constructorprivate
.Correlate Database audit log entries with the asset id of the data link used for the connection, if available #9869
Include project name in Database audit logs #9875
Audit Logs should be able to handle pressure #9870
System.exit
is usedSystem.exit
does not give a chance for background threads to complete, affecting audit logs #9871Important Notes
Checklist
Please ensure that the following checklist has been satisfied before submitting the PR:
Scala,
Java,
TypeScript,
and
Rust
style guides. In case you are using a language not listed above, follow the Rust style guide.