Skip to content

Commit

Permalink
CBG-4093 Add audit events for all roles, users (#7001)
Browse files Browse the repository at this point in the history
  • Loading branch information
@adamcfraser
adamcfraser authored Jul 22, 2024
1 parent 342f91e commit 38396f0
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 6 deletions.
22 changes: 16 additions & 6 deletions base/audit_events.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -701,10 +701,15 @@ var AuditEvents = events{
},
AuditIDUsersAll: {
Name: "Read all users",
Description: "All users were viewed",
Description: "List of all users was viewed",
MandatoryFields: AuditFields{
"db": "database name",
"usernames": []string{"list", "of", "usernames"},
AuditFieldNameOnly: true,
},
mandatoryFieldGroups: []fieldGroup{
fieldGroupDatabase,
},
OptionalFields: AuditFields{
AuditFieldLimit: 100,
},
EnabledByDefault: true,
FilteringPermitted: true,
Expand Down Expand Up @@ -759,10 +764,15 @@ var AuditEvents = events{
},
AuditIDRolesAll: {
Name: "Read all roles",
Description: "All roles were viewed",
Description: "List of all roles was viewed",
MandatoryFields: AuditFields{
"db": "database name",
"roles": []string{"list", "of", "roles"},
AuditFieldIncludeDeleted: true,
},
mandatoryFieldGroups: []fieldGroup{
fieldGroupDatabase,
},
OptionalFields: AuditFields{
AuditFieldLimit: 100,
},
EnabledByDefault: true,
FilteringPermitted: true,
Expand Down
5 changes: 5 additions & 0 deletions base/audit_events_fields.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,11 @@ const (
// Session events 53282, 53283
AuditFieldSessionID = "session_id"

// User and role events
AuditFieldNameOnly = "name_only"
AuditFieldLimit = "limit"
AuditFieldIncludeDeleted = "include_deleted"

// AuditIDChangesFeedStarted AuditID = 54200
AuditFieldSince = "since"
AuditFieldFilter = "filter"
Expand Down
11 changes: 11 additions & 0 deletions rest/admin_api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1894,6 +1894,15 @@ func (h *handler) getUsers() error {
if marshalErr != nil {
return marshalErr
}

auditFields := base.AuditFields{
base.AuditFieldNameOnly: nameOnly,
}
if limit > 0 {
auditFields[base.AuditFieldLimit] = limit
}
base.Audit(h.ctx(), base.AuditIDUsersAll, auditFields)

h.writeRawJSON(bytes)
return nil
}
Expand All @@ -1908,6 +1917,8 @@ func (h *handler) getRoles() error {
}

bytes, err := base.JSONMarshal(roles)

base.Audit(h.ctx(), base.AuditIDRolesAll, base.AuditFields{base.AuditFieldIncludeDeleted: includeDeleted})
h.writeRawJSON(bytes)
return err
}
Expand Down

0 comments on commit 38396f0

Please sign in to comment.