feat(auth-admin): Delegation-admin webhook auditlog

[GunnlaugurG]

What

Audit logs for delegation-admin Zendesk route

Why

☝️

Screenshots / Gifs

Attach Screenshots / Gifs to help reviewers understand the scope of the pull request

Checklist:

• I have performed a self-review of my own code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• Formatting passes locally with my changes
• I have rebased against main before asking for a review

Summary by CodeRabbit

• New Features

  • Introduced enhanced auditing for delegation actions, improving the clarity and context of logs.
  • Updated delegation creation method to return detailed delegation data, enhancing user experience.
  • Added new optional properties to track the creator's national ID in delegation records.

• Bug Fixes

  • Simplified action strings in audit logs for better readability.

[coderabbitai]

Walkthrough

The changes in this pull request enhance the delegation management system by introducing an audit decorator in the createByZendeskId method of the DelegationAdminController. The return type of the createDelegationByZendeskId method in the DelegationAdminCustomService has been changed to return a DelegationDTO. Additionally, new optional properties createdByNationalId and createdBy have been added to the DelegationDTO class, and the Delegation model's toDTO method has been updated to include these properties.

Changes

File Path	Change Summary
apps/services/auth/admin-api/src/app/v2/delegations/delegation-admin.controller.ts	Introduced a new audit decorator to createByZendeskId method, updating its implementation.
libs/auth-api-lib/src/lib/delegations/admin/delegation-admin-custom.service.ts	Updated createDelegationByZendeskId method to return Promise<DelegationDTO> instead of Promise<void>.
libs/auth-api-lib/src/lib/delegations/dto/delegation.dto.ts	Added new optional properties createdByNationalId and createdBy to DelegationDTO class.
libs/auth-api-lib/src/lib/delegations/models/delegation.model.ts	Modified toDTO method in Delegation class to include createdByNationalId and createdBy in the return object.
apps/services/auth/admin-api/src/app/v2/delegations/test/delegation-admin.auth.spec.ts	Updated import order and mock implementation in tests to reflect changes in DelegationDTO.

Possibly related PRs

• feat(auth-api-lib): add support for delegation types to api-scopes #14887: This PR adds support for delegation types to API scopes, which may relate to the changes in delegation types and their management in the main PR.
• feat(admin-api): Get delegation providers #14943: This PR introduces a new endpoint for fetching delegation providers, which could be relevant to the delegation management enhancements in the main PR.
• feat(delegations): Verifu usage of ASDT instead of PRSP #15060: This PR updates the process for looking up scope permissions to use Api_Scope_Delegation_Type, which aligns with the changes in delegation handling in the main PR.
• feat(delegation-api): Add GeneralMandate delegations to accessControl #16170: This PR adds GeneralMandate delegations to access control, which directly relates to the enhancements made in the main PR regarding delegation types and their management.
• feat(ids-api): Filter out accessControlled scopes #16175: This PR filters out access-controlled scopes, which may connect to the delegation management improvements in the main PR, particularly in how delegations are processed and displayed.

Suggested labels

automerge

Suggested reviewers

• saevarma

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (1)

apps/services/auth/admin-api/src/app/v2/delegations/delegation-admin.controller.ts (1)

Line range hint 1-145: Consider adding audit decorators to other methods for consistency

The addition of the @Audit decorator to the createByZendeskId method is a good improvement. For consistency and comprehensive auditing, consider adding similar @Audit decorators to other methods in this controller that perform create, update, or delete operations, if they're not already covered by the class-level @Audit({ namespace }) decorator.

For example, the create and delete methods might benefit from method-level audit decorators to capture more specific details about these operations.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 2c1d7e4 and 6449052.

📒 Files selected for processing (3)

• apps/services/auth/admin-api/src/app/v2/delegations/delegation-admin.controller.ts (1 hunks)
• apps/services/auth/delegation-api/src/app/delegations/delegation-index.controller.ts (2 hunks)
• libs/auth-api-lib/src/lib/delegations/delegations-index.service.ts (3 hunks)

🧰 Additional context used

📓 Path-based instructions (3)

apps/services/auth/admin-api/src/app/v2/delegations/delegation-admin.controller.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

apps/services/auth/delegation-api/src/app/delegations/delegation-index.controller.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

libs/auth-api-lib/src/lib/delegations/delegations-index.service.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

🔇 Additional comments (7)

apps/services/auth/admin-api/src/app/v2/delegations/delegation-admin.controller.ts (1)

102-102: LGTM: Audit decorator added correctly

The addition of the @Audit decorator to the createByZendeskId method aligns well with the PR objective of implementing audit logs for the delegation-admin Zendesk route. This change enhances the auditing capabilities of the controller.

A few observations:

1. The decorator is correctly placed above the method definition.
2. It uses a generic type <{ id: string }> which matches the expected input.
3. The resources function extracts the id from the body, which is appropriate for tracking the affected resource.

This implementation adheres to the NestJS architecture and follows good practices for adding cross-cutting concerns like auditing.

apps/services/auth/delegation-api/src/app/delegations/delegation-index.controller.ts (3)

91-91: Improved audit logging with namespace

The addition of the namespace parameter to the auditService.auditPromise call enhances the audit logging by providing more specific context. This change will make it easier to filter and analyze logs related to delegation index operations.

---

127-127: Consistent audit logging improvement

The addition of the namespace parameter to the auditService.auditPromise call in the removeDelegationRecord method is consistent with the previous change. This ensures uniform audit logging across different operations in the controller.

---

Line range hint 1-143: Overall analysis: Adherence to NestJS best practices and improved audit logging

The changes in this file are well-implemented and consistent with NestJS best practices:

1. The controller follows NestJS architecture, including proper use of decorators, guards, and dependency injection.
2. Authentication and authorization are handled correctly using @UseGuards and @Scopes decorators.
3. The file includes appropriate documentation using Swagger decorators.
4. The audit logging improvements are consistent across methods and enhance the overall functionality.

The changes adhere to the coding guidelines for NestJS applications and improve the audit logging capabilities without introducing any new issues or inconsistencies.

libs/auth-api-lib/src/lib/delegations/delegations-index.service.ts (3)

313-314: Improved audit logging for createOrUpdateDelegationRecord

The changes to the audit logging in this method enhance clarity and consistency:

1. The action string has been simplified, making it more readable.
2. The addition of the namespace property provides better context for the audit log entry.

These improvements align well with the overall goal of refining the logging strategy.

---

337-338: Consistent audit logging improvements in removeDelegationRecord

The changes in this method mirror those in createOrUpdateDelegationRecord:

1. The action string has been simplified for better readability.
2. The namespace property has been added, maintaining consistency across methods.

This consistent approach to audit logging across different methods is commendable and improves the overall logging strategy.

---

442-443: Completed audit logging improvements in saveToIndex

The changes in this method complete the audit logging improvements across all relevant methods:

1. The action string has been simplified to 'save-to-index'.
2. The namespace property has been added, maintaining consistency with other methods.

This change ensures that all entry points for indexing have consistent and clear audit logging, which is crucial as saveToIndex is used by multiple entry points when indexing.

[codecov]

Codecov Report

Attention: Patch coverage is 66.66667% with 3 lines in your changes missing coverage. Please review.

Project coverage is 36.76%. Comparing base (83b076f) to head (773703a).
Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
...legations/admin/delegation-admin-custom.service.ts	0.00%	3 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #16335   +/-   ##
=======================================
  Coverage   36.75%   36.76%           
=======================================
  Files        6807     6807           
  Lines      140972   140959   -13     
  Branches    40145    40122   -23     
=======================================
+ Hits        51811    51817    +6     
+ Misses      89161    89142   -19     

Flag	Coverage Δ
api	3.37% <ø> (ø)
api-domains-auth-admin	48.48% <ø> (ø)
application-system-api	41.41% <ø> (-0.01%)	⬇️
application-template-api-modules	27.88% <ø> (ø)
services-auth-admin-api	51.89% <66.66%> (+0.04%)	⬆️
services-auth-delegation-api	57.38% <0.00%> (-0.01%)	⬇️
services-auth-ids-api	51.40% <0.00%> (-0.04%)	⬇️
services-auth-personal-representative	45.16% <0.00%> (-0.01%)	⬇️
services-auth-personal-representative-public	41.24% <0.00%> (-0.04%)	⬇️
services-auth-public-api	48.91% <0.00%> (-0.01%)	⬇️
services-user-notification	47.02% <ø> (ø)
services-user-profile	62.10% <ø> (-0.08%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
.../app/v2/delegations/delegation-admin.controller.ts	97.61% <100.00%> (+0.32%)	⬆️
...src/app/delegations/delegation-index.controller.ts	93.75% <ø> (ø)
...b/src/lib/delegations/delegations-index.service.ts	87.01% <ø> (ø)
...legations/admin/delegation-admin-custom.service.ts	78.26% <0.00%> (-0.69%)	⬇️

... and 26 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update df6c638...773703a. Read the comment docs.

[datadog-island-is]

Datadog Report

All test runs 0c7f5b1 🔗

✅ 13 Total Test Services: 0 Failed, 13 Passed
🔻 Test Sessions change in coverage: 1 decreased (-0.02%), 1 increased (+0.02%), 22 no change

Test Services

This report shows up to 10 services

Service Name	Failed	Known Flaky	New Flaky	Passed	Skipped	Total Time	Code Coverage Change	Test Service View
api	0	0	0	4	0	2.72s	1 no change	Link
api-domains-auth-admin	0	0	0	18	0	11.92s	1 no change	Link
application-system-api	0	0	0	120	2	3m 23.59s	1 no change	Link
application-template-api-modules	0	0	0	123	0	2m 36.87s	1 no change	Link
auth-api-lib	0	0	0	20	0	28.08s	1 no change	Link
services-auth-admin-api	0	0	0	128	0	3m 58.89s	1 increased (+0.02%)	Link
services-auth-delegation-api	0	0	0	256	0	3m 7.37s	1 no change	Link
services-auth-ids-api	0	0	0	152	0	1m 22.07s	1 no change	Link
services-auth-personal-representative	0	0	0	59	0	1m 24.57s	1 no change	Link
services-auth-personal-representative-public	0	0	0	10	0	36.62s	1 no change	Link

🔻 Code Coverage Decreases vs Default Branch (1)

• services-user-profile - jest 52.74% (-0.02%) - Details

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (3)

libs/auth-api-lib/src/lib/delegations/dto/delegation.dto.ts (1)

48-50: LGTM! Consider adding a description to the @ApiPropertyOptional decorator.

The addition of the createdByNationalId property is well-implemented and follows the existing coding style. It's correctly typed and marked as optional.

To improve documentation and make the DTO more self-explanatory, consider adding a description to the @ApiPropertyOptional() decorator. This can help API consumers understand the purpose of this field.

Here's a suggested improvement:

-  @ApiPropertyOptional()
+  @ApiPropertyOptional({ description: 'National ID of the user who created the delegation' })
   createdByNationalId?: string

libs/auth-api-lib/src/lib/delegations/models/delegation.model.ts (1)

144-144: LGTM! Consider adding a comment for consistency.

The addition of createdByNationalId to the DTO is appropriate and aligns with the class structure. It enhances the information provided by the DTO, which can be useful for audit purposes.

For consistency with other properties in the class, consider adding a brief comment explaining the purpose of createdByNationalId, similar to the comment for referenceId. For example:

/**
 * National ID of the user who created this delegation
 */
@Column({
  type: DataType.STRING,
  allowNull: true,
})
createdByNationalId?: string;

This would improve code readability and maintain consistency throughout the class.

apps/services/auth/admin-api/src/app/v2/delegations/delegation-admin.controller.ts (1)

109-126: Improved audit logging with potential for refinement

The use of auditService.auditPromise significantly enhances the audit trail by capturing detailed information about the delegation operation. This is a positive change that improves system observability.

However, consider the following suggestions:

1. The use of 'Unknown' as a fallback for undefined values might not be ideal. Consider using a more descriptive placeholder or omitting the field entirely if it's undefined.
2. The complexity of the resources function might make it harder to maintain. Consider extracting it to a separate, testable function for better readability and maintainability.

Here's a suggested refactoring to address these points:

const formatAuditResources = (res: DelegationDTO) => {
  const fields = [
    ['id', res.id],
    ['toNationalId', res.toNationalId],
    ['fromNationalId', res.fromNationalId],
    ['createdByNationalId', res.createdByNationalId]
  ];
  return fields
    .filter(([_, value]) => value !== undefined)
    .map(([key, value]) => `${key}: ${value}`)
    .join(', ');
};

await this.auditService.auditPromise(
  {
    system: true,
    namespace,
    action: 'createByZendeskId',
    resources: formatAuditResources,
    meta: { id },
  },
  this.delegationAdminService.createDelegationByZendeskId(id),
);

This refactoring improves readability and allows for easier unit testing of the formatAuditResources function.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 6449052 and 9e16ff4.

📒 Files selected for processing (4)

• apps/services/auth/admin-api/src/app/v2/delegations/delegation-admin.controller.ts (1 hunks)
• libs/auth-api-lib/src/lib/delegations/admin/delegation-admin-custom.service.ts (2 hunks)
• libs/auth-api-lib/src/lib/delegations/dto/delegation.dto.ts (1 hunks)
• libs/auth-api-lib/src/lib/delegations/models/delegation.model.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (4)

apps/services/auth/admin-api/src/app/v2/delegations/delegation-admin.controller.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

libs/auth-api-lib/src/lib/delegations/admin/delegation-admin-custom.service.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

libs/auth-api-lib/src/lib/delegations/dto/delegation.dto.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

libs/auth-api-lib/src/lib/delegations/models/delegation.model.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

🔇 Additional comments (3)

apps/services/auth/admin-api/src/app/v2/delegations/delegation-admin.controller.ts (1)

102-102: Audit decorator enhances traceability

The addition of the @Audit decorator improves the traceability of the createByZendeskId operation. This aligns well with the NestJS architecture and enhances the overall security and accountability of the system.

libs/auth-api-lib/src/lib/delegations/admin/delegation-admin-custom.service.ts (2)

Line range hint 1-368: Approve overall file structure and adherence to guidelines

The file structure and implementation adhere to the coding guidelines for libs/**/* files. Specifically:

1. The code demonstrates good reusability practices, with the DelegationAdminCustomService potentially being used across different NextJS apps.
2. TypeScript is used effectively for defining types and method signatures.
3. The code structure supports effective tree-shaking and bundling practices.

---

Line range hint 156-192: Approve changes and verify impact on codebase

The changes to the createDelegationByZendeskId method improve its functionality by returning the created delegation data. This is a positive change that provides more information to the caller.

To ensure this change doesn't introduce any breaking changes, please run the following script to check for any usage of this method in the codebase:

If any usages are found, please ensure they are updated to handle the new return value appropriately.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (1)

apps/services/auth/admin-api/src/app/v2/delegations/test/delegation-admin.auth.spec.ts (1)

164-173: LGTM: Improved mock implementation with a suggestion.

The updated mock implementation for createDelegationByZendeskId now returns a more detailed DelegationDTO object, which improves the fidelity of the test data. This change enhances type safety and better represents the actual service response.

Suggestion: Consider using a factory function or a fixture to generate the mock DelegationDTO object. This would make it easier to maintain and reuse across different tests.

Example:

const createMockDelegationDTO = (): DelegationDTO => ({
  id: '123',
  fromNationalId: '1234567890',
  fromName: 'Test',
  toNationalId: '0987654321',
  toName: 'Test',
  createdByNationalId: '0101010101',
});

jest
  .spyOn(delegationAdminService, 'createDelegationByZendeskId')
  .mockImplementation(() => Promise.resolve(createMockDelegationDTO()));

This approach would make it easier to maintain consistent mock data across your test suite.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 55f8ebe and 2c865f5.

📒 Files selected for processing (2)

• apps/services/auth/admin-api/src/app/v2/delegations/delegation-admin.controller.ts (1 hunks)
• apps/services/auth/admin-api/src/app/v2/delegations/test/delegation-admin.auth.spec.ts (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/services/auth/admin-api/src/app/v2/delegations/delegation-admin.controller.ts

🧰 Additional context used

📓 Path-based instructions (1)

apps/services/auth/admin-api/src/app/v2/delegations/test/delegation-admin.auth.spec.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

📓 Learnings (1)

apps/services/auth/admin-api/src/app/v2/delegations/test/delegation-admin.auth.spec.ts (2)

Learnt from: saevarma
PR: island-is/island.is#16257
File: apps/services/auth/admin-api/src/app/v2/delegations/test/delegation-admin.auth.spec.ts:178-201
Timestamp: 2024-10-04T07:46:37.013Z
Learning: In `apps/services/auth/admin-api/src/app/v2/delegations/test/delegation-admin.auth.spec.ts`, ensure that test case names accurately describe the scenario being tested, particularly in cases involving invalid request signatures.

Learnt from: saevarma
PR: island-is/island.is#16257
File: apps/services/auth/admin-api/src/app/v2/delegations/test/delegation-admin.auth.spec.ts:178-201
Timestamp: 2024-10-08T15:39:04.351Z
Learning: In `apps/services/auth/admin-api/src/app/v2/delegations/test/delegation-admin.auth.spec.ts`, ensure that test case names accurately describe the scenario being tested, particularly in cases involving invalid request signatures.

🔇 Additional comments (2)

apps/services/auth/admin-api/src/app/v2/delegations/test/delegation-admin.auth.spec.ts (2)

14-18: LGTM: Import statement reorganization.

The reorganization of imports improves code readability by grouping related entities from the @island.is/auth-api-lib module. This change aligns with TypeScript and NestJS best practices for import management.

---

Line range hint 1-238: Overall assessment: Well-structured and comprehensive test suite.

This test file demonstrates adherence to NestJS best practices for testing, including:

1. Proper use of dependency injection and service encapsulation.
2. Comprehensive coverage of authentication and authorization scenarios.
3. Use of setupApp and setupAppWithoutAuth for different test contexts.
4. Clear separation of arrange, act, and assert phases in test cases.

The recent changes have improved the mock data fidelity and import organization without introducing any issues. The test suite remains robust and well-structured.