-
Notifications
You must be signed in to change notification settings - Fork 490
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added new audit event sub-types #2170
Added new audit event sub-types #2170
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -8,5 +8,7 @@ namespace Microsoft.Health.Fhir.ValueSets | |||
public static class SpecialValues | |||
{ | |||
public const string System = "http://hl7.org/fhir/special-values"; | |||
|
|||
public const string CustomAuditHeaderPrefix = "http://hl7.org/fhir/special-values"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you sure? #Closed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No :) I just updated the correct value
@@ -22,7 +23,7 @@ public class FhirServerConfiguration : IApiConfiguration | |||
|
|||
public OperationsConfiguration Operations { get; } = new OperationsConfiguration(); | |||
|
|||
public AuditConfiguration Audit { get; } = new AuditConfiguration("X-MS-AZUREFHIR-AUDIT-"); | |||
public AuditConfiguration Audit { get; } = new AuditConfiguration(SpecialValues.CustomAuditHeaderPrefix); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
new AuditConfiguration(SpecialValues.CustomAuditHeaderPrefix)
That's not right.
And it's not your fault, but if you touch this code we have chance to make it right.
It's either should be config or it should be const string, it can't be both.
I would suggest to move to away from config to const, for simpicity reasons. #Closed
@@ -145,6 +146,7 @@ private async Task AddRequestChargeToFhirRequestContext(double responseRequestCh | |||
} | |||
|
|||
requestContext.ResponseHeaders[CosmosDbHeaders.RequestCharge] = responseRequestCharge.ToString(CultureInfo.InvariantCulture); | |||
requestContext.RequestHeaders[SpecialValues.CustomAuditHeaderPrefix + CosmosDbHeaders.RequestCharge] = responseRequestCharge.ToString(CultureInfo.InvariantCulture); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I mean, that collection setup on receiving request, and it's ok (actually not) to modify it while you preparing to process request, but after that, we need to work with response collection.
@@ -8,5 +8,7 @@ namespace Microsoft.Health.Fhir.ValueSets | |||
public static class SpecialValues | |||
{ | |||
public const string System = "http://hl7.org/fhir/special-values"; | |||
|
|||
public const string CustomAuditHeaderPrefix = "X-MS-AZUREFHIR-AUDIT-"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This isn't part of a FHIR ValueSet. I'd say this should be in https://github.com/microsoft/fhir-server/blob/main/src/Microsoft.Health.Fhir.Core/Features/KnownHeaders.cs
Read custom audit headers from the response context
…split-telemetry-add-new-operations
This pull request introduces 2 alerts when merging b8048ef into 3d53871 - view on LGTM.com new alerts:
|
|
||
object cachedCustomHeaders; | ||
var customHeaders = new Dictionary<string, string>(); | ||
if (httpContext.Items.TryGetValue(AuditConstants.CustomAuditHeaderKeyValue, out cachedCustomHeaders)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -25,10 +28,12 @@ public class AuditHelperTests | |||
private static readonly IReadOnlyCollection<KeyValuePair<string, string>> Claims = new List<KeyValuePair<string, string>>(); | |||
private static readonly IPAddress CallerIpAddress = new IPAddress(new byte[] { 0xA, 0x0, 0x0, 0x0 }); // 10.0.0.0 | |||
private const string CallerIpAddressInString = "10.0.0.0"; | |||
private static readonly string _customAuditHeaderPrefix = KnownHeaders.CustomAuditHeaderPrefix; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://thumbs.gfycat.com/CourageousSoreCurlew-max-1mb.gif In reply to: 900559395 Refers to: src/Microsoft.Health.Fhir.Shared.Api/Controllers/FhirController.cs:466 in 2423c46. [](commit_id = 2423c46, deletion_comment = False) |
if (auditAction == AuditAction.Executed) | ||
{ | ||
CheckForCustomAuditHeadersInResponse(httpContext, customHeaders); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Put it under if statement below.
No need to do computation if they not gonna be used. #Closed
@@ -68,6 +77,13 @@ private void Log(AuditAction auditAction, HttpStatusCode? statusCode, HttpContex | |||
IFhirRequestContext fhirRequestContext = _fhirRequestContextAccessor.RequestContext; | |||
|
|||
string auditEventType = fhirRequestContext.AuditEventType; | |||
var customHeaders = _auditHeaderReader.Read(httpContext) as Dictionary<string, string>; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You change it to casting it to type, it's a same semantic.
Don't cast it, create a new one.
@@ -145,6 +150,7 @@ private async Task AddRequestChargeToFhirRequestContext(double responseRequestCh | |||
} | |||
|
|||
requestContext.ResponseHeaders[CosmosDbHeaders.RequestCharge] = responseRequestCharge.ToString(CultureInfo.InvariantCulture); | |||
requestContext.ResponseHeaders[_auditConfiguration.Value.CustomAuditHeaderPrefix + CosmosDbHeaders.RequestCharge] = responseRequestCharge.ToString(CultureInfo.InvariantCulture); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
_auditConfiguration.Value.CustomAuditHeaderPrefix + CosmosDbHeaders.RequestCharge
Probably should ask that question few iterations before, but why we use custom header mechanism to report database consumption?
First should it even go through custom header section of the audit i.e. AuditLogger.AuditMessageFormat
and why not add another section instead of custom header.
If that's ok we can extend IFhirRequestContext to have float/integer to represent consumption charge (with default to 0) and set it up respectfully for sql/cosmos.
Also how it's gonna be used?
var headerValue = header.Value.ToString(); | ||
if (headerValue.Length > AuditConstants.MaximumLengthOfCustomHeader) | ||
{ | ||
throw new AuditHeaderTooLargeException(header.Key, headerValue.Length); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, but I would add compartment search as separate audit event. |
…split-telemetry-add-new-operations
…split-telemetry-add-new-operations
Description
Added new audit event sub-types for -
Related issues
Addresses [77729].
Addresses #1453
Testing
Manual Testing
FHIR Team Checklist
Semver Change (docs)
Patch|Skip|Feature|Breaking (reason)