Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added new audit event sub-types #2170

Merged

Conversation

apurvabhaleMS
Copy link
Contributor

@apurvabhaleMS apurvabhaleMS commented Aug 17, 2021

Description

Added new audit event sub-types for -

  1. Conditional-Update as its own sub-type
  2. Conditional-Create as its own sub-type
  3. Conditional-Delete as its own sub-type
  4. Operations - $member-match, $purge-history

Related issues

Addresses [77729].
Addresses #1453

Testing

Manual Testing

FHIR Team Checklist

  • Update the title of the PR to be succinct and less than 50 characters
  • Add a milestone to the PR for the sprint that it is merged (i.e. add S47)
  • Tag the PR with the type of update: Bug, Dependencies, Enhancement, or New-Feature
  • Tag the PR with Azure API for FHIR if this will release to the managed service
  • Review squash-merge requirements

Semver Change (docs)

Patch|Skip|Feature|Breaking (reason)

@Ivanidzo4ka
Copy link
Contributor

    [AuditEventType(AuditEventSubType.Search)]

Since we doing this, is it worth to add CompartmentSearch here?


Refers to: src/Microsoft.Health.Fhir.Shared.Api/Controllers/FhirController.cs:466 in 2423c46. [](commit_id = 2423c46, deletion_comment = False)

Ivanidzo4ka
Ivanidzo4ka previously approved these changes Aug 17, 2021
Copy link
Contributor

@Ivanidzo4ka Ivanidzo4ka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@apurvabhaleMS apurvabhaleMS added this to the S69 milestone Aug 17, 2021
@@ -8,5 +8,7 @@ namespace Microsoft.Health.Fhir.ValueSets
public static class SpecialValues
{
public const string System = "http://hl7.org/fhir/special-values";

public const string CustomAuditHeaderPrefix = "http://hl7.org/fhir/special-values";
Copy link
Contributor

@Ivanidzo4ka Ivanidzo4ka Aug 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

http://hl7.org/fhir/special-values

Are you sure? #Closed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No :) I just updated the correct value

@Ivanidzo4ka Ivanidzo4ka dismissed their stale review August 17, 2021 23:24

revoking review

@@ -22,7 +23,7 @@ public class FhirServerConfiguration : IApiConfiguration

public OperationsConfiguration Operations { get; } = new OperationsConfiguration();

public AuditConfiguration Audit { get; } = new AuditConfiguration("X-MS-AZUREFHIR-AUDIT-");
public AuditConfiguration Audit { get; } = new AuditConfiguration(SpecialValues.CustomAuditHeaderPrefix);
Copy link
Contributor

@Ivanidzo4ka Ivanidzo4ka Aug 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

new AuditConfiguration(SpecialValues.CustomAuditHeaderPrefix)

That's not right.
And it's not your fault, but if you touch this code we have chance to make it right.

It's either should be config or it should be const string, it can't be both.
I would suggest to move to away from config to const, for simpicity reasons. #Closed

@@ -145,6 +146,7 @@ private async Task AddRequestChargeToFhirRequestContext(double responseRequestCh
}

requestContext.ResponseHeaders[CosmosDbHeaders.RequestCharge] = responseRequestCharge.ToString(CultureInfo.InvariantCulture);
requestContext.RequestHeaders[SpecialValues.CustomAuditHeaderPrefix + CosmosDbHeaders.RequestCharge] = responseRequestCharge.ToString(CultureInfo.InvariantCulture);
Copy link
Contributor

@Ivanidzo4ka Ivanidzo4ka Aug 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RequestHeaders

That doesn't sound right.

What request header has to do with request charge? #Closed

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean, that collection setup on receiving request, and it's ok (actually not) to modify it while you preparing to process request, but after that, we need to work with response collection.

@@ -8,5 +8,7 @@ namespace Microsoft.Health.Fhir.ValueSets
public static class SpecialValues
{
public const string System = "http://hl7.org/fhir/special-values";

public const string CustomAuditHeaderPrefix = "X-MS-AZUREFHIR-AUDIT-";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lgtm-com
Copy link

lgtm-com bot commented Aug 18, 2021

This pull request introduces 2 alerts when merging b8048ef into 3d53871 - view on LGTM.com

new alerts:

  • 2 for Dereferenced variable may be null


object cachedCustomHeaders;
var customHeaders = new Dictionary<string, string>();
if (httpContext.Items.TryGetValue(AuditConstants.CustomAuditHeaderKeyValue, out cachedCustomHeaders))
Copy link
Contributor

@Ivanidzo4ka Ivanidzo4ka Aug 18, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CustomAuditHeaderKeyValue

This would interfere with auditHeaderReader.Read, right?

Also in general is there case where you would call this method twice during request processing? If not, I would omit whole caching process, because it's not needed. #Closed

@@ -25,10 +28,12 @@ public class AuditHelperTests
private static readonly IReadOnlyCollection<KeyValuePair<string, string>> Claims = new List<KeyValuePair<string, string>>();
private static readonly IPAddress CallerIpAddress = new IPAddress(new byte[] { 0xA, 0x0, 0x0, 0x0 }); // 10.0.0.0
private const string CallerIpAddressInString = "10.0.0.0";
private static readonly string _customAuditHeaderPrefix = KnownHeaders.CustomAuditHeaderPrefix;
Copy link
Contributor

@Ivanidzo4ka Ivanidzo4ka Aug 18, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

private static readonly string _customAuditHeaderPrefix = KnownHeaders.CustomAuditHeaderPrefix;

Feels excessive to create const to assign it another const. #Closed

@Ivanidzo4ka
Copy link
Contributor

    [AuditEventType(AuditEventSubType.Search)]

https://thumbs.gfycat.com/CourageousSoreCurlew-max-1mb.gif


In reply to: 900559395


Refers to: src/Microsoft.Health.Fhir.Shared.Api/Controllers/FhirController.cs:466 in 2423c46. [](commit_id = 2423c46, deletion_comment = False)

if (auditAction == AuditAction.Executed)
{
CheckForCustomAuditHeadersInResponse(httpContext, customHeaders);
}
Copy link
Contributor

@Ivanidzo4ka Ivanidzo4ka Aug 19, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Put it under if statement below.
No need to do computation if they not gonna be used. #Closed

@@ -68,6 +77,13 @@ private void Log(AuditAction auditAction, HttpStatusCode? statusCode, HttpContex
IFhirRequestContext fhirRequestContext = _fhirRequestContextAccessor.RequestContext;

string auditEventType = fhirRequestContext.AuditEventType;
var customHeaders = _auditHeaderReader.Read(httpContext) as Dictionary<string, string>;
Copy link
Contributor

@Ivanidzo4ka Ivanidzo4ka Aug 19, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as Dictionary<string, string>

This is dangerous.
Not every IReadOnlyDictionary is a Dictionary, so this can become null if implementation of Read would change.

You can do
var newDictionary = Dictionary<string,string>(_auditHeaderReader.Read(httpContext))

to make it editable.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You change it to casting it to type, it's a same semantic.
Don't cast it, create a new one.

@@ -145,6 +150,7 @@ private async Task AddRequestChargeToFhirRequestContext(double responseRequestCh
}

requestContext.ResponseHeaders[CosmosDbHeaders.RequestCharge] = responseRequestCharge.ToString(CultureInfo.InvariantCulture);
requestContext.ResponseHeaders[_auditConfiguration.Value.CustomAuditHeaderPrefix + CosmosDbHeaders.RequestCharge] = responseRequestCharge.ToString(CultureInfo.InvariantCulture);
Copy link
Contributor

@Ivanidzo4ka Ivanidzo4ka Aug 19, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

_auditConfiguration.Value.CustomAuditHeaderPrefix + CosmosDbHeaders.RequestCharge

Probably should ask that question few iterations before, but why we use custom header mechanism to report database consumption?

First should it even go through custom header section of the audit i.e. AuditLogger.AuditMessageFormat
and why not add another section instead of custom header.

If that's ok we can extend IFhirRequestContext to have float/integer to represent consumption charge (with default to 0) and set it up respectfully for sql/cosmos.

Also how it's gonna be used?

var headerValue = header.Value.ToString();
if (headerValue.Length > AuditConstants.MaximumLengthOfCustomHeader)
{
throw new AuditHeaderTooLargeException(header.Key, headerValue.Length);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AuditHeaderTooLargeException

Why we check it twice?

Copy link
Contributor

@Ivanidzo4ka Ivanidzo4ka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@Ivanidzo4ka
Copy link
Contributor

LGTM, but I would add compartment search as separate audit event.

@CaitlinV39 CaitlinV39 modified the milestones: S69, S70 Aug 23, 2021
@apurvabhaleMS apurvabhaleMS marked this pull request as ready for review August 24, 2021 05:44
@apurvabhaleMS apurvabhaleMS requested a review from a team as a code owner August 24, 2021 05:44
@apurvabhaleMS apurvabhaleMS merged commit 34dca88 into main Aug 24, 2021
@apurvabhaleMS apurvabhaleMS deleted the personal/apurvabhale/split-telemetry-add-new-operations branch August 24, 2021 05:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants