Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: log the correct editor in audit log for writing action via public APIs #1331

Closed
hvn2k1 opened this issue Nov 15, 2024 · 0 comments · Fixed by #1344
Closed

feat: log the correct editor in audit log for writing action via public APIs #1331

hvn2k1 opened this issue Nov 15, 2024 · 0 comments · Fixed by #1344
Assignees
@hvn2k1
Labels
feature request

Comments

@hvn2k1
Copy link
Contributor

hvn2k1 commented Nov 15, 2024
edited
Loading

Describe the feature you'd like

  • The editor of write action on audit log via public APIs is always internal service.
  • We need to log the correct editor in audit log for writing action via public APIs.

Background

  • Currently, the editor who did the action is got from access token.
  • For public APIs, the authorization method is API keys, so after our API gateway request to web gRPC service, the access token is got from internal environment, which is the service token, so the email being shown in audit log for public API write action is always internal Bucketeer email, which is not really correct.

Alternative solutions

In https://github.com/bucketeer-io/bucketeer/blob/main/docs/rfcs/public-api-get-editor-for-audit-log.md
This was referenced Nov 15, 2024
Merged
Merged
hvn2k1 added a commit that referenced this issue Nov 21, 2024
@hvn2k1
docs: rfc for public api get correct audit log (#1332)
61bc78b 
To prosose solution for #1331
@hvn2k1 hvn2k1 mentioned this issue Nov 22, 2024
Merged
hvn2k1 added a commit that referenced this issue Nov 22, 2024
@hvn2k1
feat: implement CreateAPIKey support no command, save extra api key a…
a785ed9 
…nd maintainer column (#1344)

To resolve #1331 and part of #904

- Save maintainer and APIKey
- No command support
@hvn2k1 hvn2k1 reopened this Nov 22, 2024
This was referenced Nov 22, 2024
Merged
Merged
Merged
@hvn2k1 hvn2k1 self-assigned this Dec 2, 2024
hvn2k1 added a commit that referenced this issue Dec 4, 2024
@hvn2k1
feat: return extra info of public API key and obfuscate the returned …
736d9a0 
…key (#1349)

Part of #1331

- Return public API key maintainer and description from database
- Return obfuscated key
- Changes apply to these apis: GetAPIKey, GetAPIKeyBySearchingAllEnvironments and ListAPIKeys
- Implement getAPIKeyByAPIKey in storage db layer
@hvn2k1 hvn2k1 mentioned this issue Dec 6, 2024
Merged
hvn2k1 added a commit that referenced this issue Dec 6, 2024
@hvn2k1
chore: create sync api key maintainer migration (#1374)
831bbe2 
Part of #1331

- Get creator of api key from audit_log table and update api_key.maintainer so audit log issue can also be resolved for old api keys
@hvn2k1 hvn2k1 closed this as completed Dec 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hvn2k1 hvn2k1

Labels
feature request
Projects
None yet
Milestone
No milestone
1 participant
@hvn2k1