Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log FhirOperation linked to anonymous calls to Request metrics #2295

Merged
merged 13 commits into from
Nov 6, 2021
Merged

Log FhirOperation linked to anonymous calls to Request metrics #2295

merged 13 commits into from
Nov 6, 2021

Conversation

apurvabhaleMS
Copy link
Contributor

@apurvabhaleMS apurvabhaleMS commented Oct 22, 2021
edited
Loading

Description

We use audit infrastructure to log into RequestMetric due to which we currently don't log operations for endpoint that does not require authentication. In RequestMetrics, AuditEventType is logged as FhirOperation. For anonymous endpoint calls like Metadata or Versions we log {"Authentication":"","Operation":"","ResourceType":""} in RequestMetric table.

With this PR, we added new FhirAnonymousOperationAttribute which extends AllowAnonymousAttribute (making sure these calls are still marked as anonymous calls) and gives us the flexibility to provide the Fhir operation which will be used as AuditEventType/FhirOperation type in RequestMetrics log. After this change we should see an entry as {"Authentication":"","Operation":"metadata","ResourceType":""} for metadata call, in request metric. This PR also ensures that extra audit log entries are not created for anonymous calls like metadata/$versions

Related issues

Addresses [74172].

Testing

  1. Deploy personal environment to DF. Make anonymous calls like metadata/$versions. Check RequestMetric logs for the respective endpoint call. We should see a fhir operation specified as metadata/versions - {"Authentication":"","Operation":"metadata","ResourceType":""}/ {"Authentication":"","Versions":"metadata","ResourceType":""}
  2. Unit test to ensure the right Fhir operation is returned for metadata and versions call
  3. Unit test to ensure that the AuditLog is not logged for FhirAnonymousOperationTypes - Metadata/Versions

FHIR Team Checklist

  • Update the title of the PR to be succinct and less than 50 characters
  • Add a milestone to the PR for the sprint that it is merged (i.e. add S47)
  • Tag the PR with the type of update: Bug, Dependencies, Enhancement, or New-Feature
  • Tag the PR with Azure API for FHIR if this will release to the Azure API for FHIR managed service (CosmosDB or common code related to service)
  • Tag the PR with Azure Healthcare APIs if this will release to the Azure Healthcare APIs managed service (Sql server or common code related to service)
  • Review squash-merge requirements

Semver Change (docs)

Patch|Skip|Feature|Breaking (reason)

@apurvabhaleMS apurvabhaleMS marked this pull request as ready for review November 3, 2021 22:02
@apurvabhaleMS apurvabhaleMS requested a review from a team as a code owner November 3, 2021 22:02
brendankowitz
brendankowitz reviewed Nov 4, 2021
View reviewed changes
src/Microsoft.Health.Fhir.ValueSets/FhirAnonymousOperationType.cs Outdated
/// <summary>
/// Value set for Fhir operations which do not require authorization
/// </summary>
public static class FhirAnonymousOperationType
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't look like a FHIR ValueSet

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hm right, moved to Fhir.Api.Features.AnonymousOperations. Let me know if there is a better place

brendankowitz
brendankowitz reviewed Nov 4, 2021
View reviewed changes
src/Microsoft.Health.Fhir.Api/Features/Audit/AuditHelper.cs Outdated
/// Return all the values of constants of the specified type
/// </summary>
/// <returns>List of constant values</returns>
public static IList<string> GetConstants()
Copy link
Member

@brendankowitz brendankowitz Nov 4, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: ambiguous name, perhaps GetAnonymousOperations.

The data type also looks like it could be Lazy<List<string>>...to be clearer, private type Lazy<List<string>> exposed type is still IList<string>, this could then be converted to a property

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated the PR as per suggestions

@apurvabhaleMS
Copy link
Contributor Author

/azp run

@azure-pipelines
Copy link

Pull request contains merge conflicts.

@apurvabhaleMS
Merge remote-tracking branch 'origin/main' into personal/apurvabhale/…
10f95b4 
…log-anonymous-endpoint-calls-to-requestMetric

# Conflicts:
#	src/Microsoft.Health.Fhir.Api/Features/Audit/AuditHelper.cs
@apurvabhaleMS
Solved merge conflicts
b60e185
@apurvabhaleMS
Merge remote-tracking branch 'origin/main' into personal/apurvabhale/…
ea92b5e 
…log-anonymous-endpoint-calls-to-requestMetric
@apurvabhaleMS apurvabhaleMS merged commit 1e3bf14 into main Nov 6, 2021
@apurvabhaleMS apurvabhaleMS deleted the personal/apurvabhale/log-anonymous-endpoint-calls-to-requestMetric branch November 6, 2021 01:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brendankowitz brendankowitz brendankowitz left review comments

@LTA-Thinking LTA-Thinking LTA-Thinking approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@apurvabhaleMS @brendankowitz @LTA-Thinking