Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

logs: Add audit logs for organization and user namespace activities (PROJQUAY-3482) #1846

Merged
merged 17 commits into from
May 3, 2023
Merged

logs: Add audit logs for organization and user namespace activities (PROJQUAY-3482) #1846

merged 17 commits into from
May 3, 2023

Conversation

dmesser
Copy link
Contributor

@dmesser dmesser commented Apr 30, 2023

This adds several new action log event types, entries and corresponding UI support for the following activities:

  • user/organization creation
  • user/organization deletion
  • user enable / disable via superuser
  • organization rename via superuser
  • change of an user/organization's email address, invoicing and time machine settings
  • change of a users's password
  • user creation via registration
  • user Docker CLI password generation

Changes have been tested and verified with the table-based log model as well as the log list view UI.

Screenshot 2023-04-28 at 10 45 28

Screenshot 2023-04-28 at 12 20 53

Screenshot 2023-04-29 at 22 12 11

@dmesser
add auditing events for orgs
2670b68 
Signed-off-by: dmesser <dmesser@redhat.com>
@dmesser
add database migrations
604db71 
Signed-off-by: dmesser <dmesser@redhat.com>
@dmesser
fix org delete race condition
fe0fcfc 
Signed-off-by: dmesser <dmesser@redhat.com>
@dmesser
action log visualization
873ddc2 
Signed-off-by: dmesser <dmesser@redhat.com>
@dmesser
audit superuser events
b49102e 
Signed-off-by: dmesser <dmesser@redhat.com>
@dmesser
additional user auditing
7f74f66 
Signed-off-by: dmesser <dmesser@redhat.com>
@dmesser
audit log visualization refinement
c50e49b 
Signed-off-by: dmesser <dmesser@redhat.com>
@dmesser
consistent email change auditing
5116aa6 
Signed-off-by: dmesser <dmesser@redhat.com>
@dmesser
Merge branch 'quay:master' into org-auditing
8bb4d0a
@dmesser
python black formatting
7cc4704 
Signed-off-by: dmesser <dmesser@redhat.com>
@dmesser
fix incorrect log kind
012e732 
Signed-off-by: dmesser <dmesser@redhat.com>
@dmesser
missing log kind in migration
7a48eb5 
Signed-off-by: dmesser <dmesser@redhat.com>
@dmesser
python black formatting
33da2ad 
Signed-off-by: dmesser <dmesser@redhat.com>
@dmesser
even more python black formatting
bb24e10 
Signed-off-by: dmesser <dmesser@redhat.com>
@dmesser
Copy link
Contributor Author

dmesser commented Apr 30, 2023

No idea what that failing cyprus test in the am64 build is about, but I suppose it is unrelated?

@dmage
Copy link
Member

dmage commented May 3, 2023

SNAFU, failing tests are not related to this PR.

dmage
dmage previously approved these changes May 3, 2023
View reviewed changes
endpoints/api/superuser.py Outdated Show resolved Hide resolved
@dmesser
remove unnecessary import
f3f3033 
Signed-off-by: dmesser <dmesser@redhat.com>
@dmesser
bump alembic revision to head
51884c0 
Signed-off-by: dmesser <dmesser@redhat.com>
@dmesser
alembic metadata change
5dcd01c 
Signed-off-by: dmesser <dmesser@redhat.com>
@dmage dmage merged commit 37e4990 into quay:master May 3, 2023
15 of 16 checks passed
@dmesser dmesser deleted the org-auditing branch May 4, 2023 07:32
dmesser added a commit to dmesser/quay that referenced this pull request May 4, 2023
@dmesser
logs: Add audit logs for organization and user namespace activities (…
82b5ebb 
…PROJQUAY-3482) (quay#1846)

* add auditing events for orgs

Signed-off-by: dmesser <dmesser@redhat.com>

* add database migrations

Signed-off-by: dmesser <dmesser@redhat.com>

* fix org delete race condition

Signed-off-by: dmesser <dmesser@redhat.com>

* action log visualization

Signed-off-by: dmesser <dmesser@redhat.com>

* audit superuser events

Signed-off-by: dmesser <dmesser@redhat.com>

* additional user auditing

Signed-off-by: dmesser <dmesser@redhat.com>

* audit log visualization refinement

Signed-off-by: dmesser <dmesser@redhat.com>

* consistent email change auditing

Signed-off-by: dmesser <dmesser@redhat.com>

* python black formatting

Signed-off-by: dmesser <dmesser@redhat.com>

* fix incorrect log kind

Signed-off-by: dmesser <dmesser@redhat.com>

* missing log kind in migration

Signed-off-by: dmesser <dmesser@redhat.com>

* python black formatting

Signed-off-by: dmesser <dmesser@redhat.com>

* even more python black formatting

Signed-off-by: dmesser <dmesser@redhat.com>

* remove unnecessary import

Signed-off-by: dmesser <dmesser@redhat.com>

* bump alembic revision to head

Signed-off-by: dmesser <dmesser@redhat.com>

* alembic metadata change

Signed-off-by: dmesser <dmesser@redhat.com>

---------

Signed-off-by: dmesser <dmesser@redhat.com>
@dmage
Copy link
Member

dmage commented May 5, 2023

/cherrypick redhat-3.8

@openshift-cherrypick-robot
Copy link

@dmage: #1846 failed to apply on top of branch "redhat-3.8":

Applying: add auditing events for orgs
Applying: add database migrations
Applying: fix org delete race condition
Applying: action log visualization
Applying: audit superuser events
Applying: additional user auditing
Applying: audit log visualization refinement
Applying: consistent email change auditing
Applying: python black formatting
Applying: fix incorrect log kind
Applying: missing log kind in migration
Applying: python black formatting
Using index info to reconstruct a base tree...
M	data/model/oci/tag.py
M	data/registry_model/registry_oci_model.py
M	endpoints/api/tag.py
Falling back to patching base and 3-way merge...
Auto-merging endpoints/api/tag.py
CONFLICT (content): Merge conflict in endpoints/api/tag.py
Auto-merging data/registry_model/registry_oci_model.py
CONFLICT (content): Merge conflict in data/registry_model/registry_oci_model.py
Auto-merging data/model/oci/tag.py
CONFLICT (content): Merge conflict in data/model/oci/tag.py
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0012 python black formatting
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherrypick redhat-3.8

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@harishsurf harishsurf mentioned this pull request Jul 17, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dmage dmage dmage approved these changes

@harishsurf harishsurf Awaiting requested review from harishsurf

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
3 participants
@dmesser @dmage @openshift-cherrypick-robot