Skip to content

Pass audit log subject, sanitized token, peer name fields for export and import operations and suboperations #23722

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
UgnineSirdis merged 4 commits into from
Sep 3, 2025
Merged

Pass audit log subject, sanitized token, peer name fields for export and import operations and suboperations #23722

UgnineSirdis merged 4 commits into from
Sep 3, 2025

Conversation

@UgnineSirdis
Copy link
Collaborator

@UgnineSirdis UgnineSirdis commented Aug 28, 2025

Changelog entry

...

Changelog category

  • Not for changelog (changelog entry is not required)

Description for reviewers

...

@UgnineSirdis UgnineSirdis requested a review from a team as a code owner August 28, 2025 14:08
@github-actions
Copy link

github-actions bot commented Aug 28, 2025
edited
Loading

2025-08-28 14:10:00 UTC Pre-commit check linux-x86_64-release-asan for e5564a2 has started.
2025-08-28 14:10:15 UTC Artifacts will be uploaded here
2025-08-28 14:14:05 UTC ya make is running...
🟡 2025-08-28 17:01:47 UTC Some tests failed, follow the links below. This fail is not in blocking policy yet

Test history | Ya make output | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
17156 16680 0 120 322 34

🟢 2025-08-28 17:03:20 UTC Build successful.
🟢 2025-08-28 17:03:50 UTC ydbd size 4.0 GiB changed* by +75.3 KiB, which is < 100.0 KiB vs main: OK

ydbd size dash main: 7eb7e19 merge: e5564a2 diff diff %
ydbd size 4 279 850 856 Bytes 4 279 927 936 Bytes +75.3 KiB +0.002%
ydbd stripped size 1 484 402 872 Bytes 1 484 419 192 Bytes +15.9 KiB +0.001%

*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation

@github-actions
Copy link

github-actions bot commented Aug 28, 2025

🟢 2025-08-28 14:10:27 UTC The validation of the Pull Request description is successful.

@github-actions
Copy link

github-actions bot commented Aug 28, 2025
edited
Loading

2025-08-28 14:11:39 UTC Pre-commit check linux-x86_64-relwithdebinfo for e5564a2 has started.
2025-08-28 14:11:53 UTC Artifacts will be uploaded here
2025-08-28 14:15:45 UTC ya make is running...
🟡 2025-08-28 16:20:53 UTC Some tests failed, follow the links below. Going to retry failed tests...

Details

Test history | Ya make output | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
39843 37067 0 5 2729 42

2025-08-28 16:24:21 UTC ya make is running... (failed tests rerun, try 2)
🟡 2025-08-28 16:39:15 UTC Some tests failed, follow the links below. Going to retry failed tests...

Details

Test history | Ya make output | Test bloat | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
517 (only retried tests) 488 0 1 0 28

2025-08-28 16:39:26 UTC ya make is running... (failed tests rerun, try 3)
🔴 2025-08-28 17:01:51 UTC Some tests failed, follow the links below.

Test history | Ya make output | Test bloat | Test bloat | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
240 (only retried tests) 215 0 1 0 24

🟢 2025-08-28 17:01:59 UTC Build successful.
🟢 2025-08-28 17:02:24 UTC ydbd size 2.3 GiB changed* by +49.0 KiB, which is < 100.0 KiB vs main: OK

ydbd size dash main: 7eb7e19 merge: e5564a2 diff diff %
ydbd size 2 435 289 832 Bytes 2 435 339 968 Bytes +49.0 KiB +0.002%
ydbd stripped size 510 151 496 Bytes 510 156 648 Bytes +5.0 KiB +0.001%

*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation

CyberROFL
CyberROFL reviewed Aug 29, 2025
View reviewed changes
Copy link
Member

@CyberROFL CyberROFL left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Поправь тест схемы. В остальном lgtm, но пусть еще остальные посмотрят: @ijon @pixcc

@CyberROFL CyberROFL requested review from ijon and pixcc August 29, 2025 09:32
@github-actions
Copy link

github-actions bot commented Aug 29, 2025
edited
Loading

2025-08-29 11:17:55 UTC Pre-commit check linux-x86_64-release-asan for a7b13c5 has started.
2025-08-29 11:18:20 UTC Artifacts will be uploaded here
2025-08-29 11:23:03 UTC ya make is running...
🟡 2025-08-29 14:06:17 UTC Some tests failed, follow the links below. This fail is not in blocking policy yet

Test history | Ya make output | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
17157 16546 0 204 370 37

🟢 2025-08-29 14:07:47 UTC Build successful.
🟢 2025-08-29 14:08:17 UTC ydbd size 4.0 GiB changed* by +75.2 KiB, which is < 100.0 KiB vs main: OK

ydbd size dash main: 5e185c1 merge: a7b13c5 diff diff %
ydbd size 4 283 535 632 Bytes 4 283 612 648 Bytes +75.2 KiB +0.002%
ydbd stripped size 1 485 776 664 Bytes 1 485 792 920 Bytes +15.9 KiB +0.001%

*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation

@github-actions
Copy link

github-actions bot commented Aug 29, 2025
edited
Loading

2025-08-29 11:18:05 UTC Pre-commit check linux-x86_64-relwithdebinfo for a7b13c5 has started.
2025-08-29 11:18:18 UTC Artifacts will be uploaded here
2025-08-29 11:22:07 UTC ya make is running...
🟡 2025-08-29 13:21:42 UTC Some tests failed, follow the links below. Going to retry failed tests...

Details

Test history | Ya make output | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
39848 37072 0 1 2721 54

2025-08-29 13:25:12 UTC ya make is running... (failed tests rerun, try 2)
🟢 2025-08-29 13:41:53 UTC Tests successful.

Test history | Ya make output | Test bloat | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
683 (only retried tests) 644 0 0 4 35

🟢 2025-08-29 13:42:03 UTC Build successful.
🟢 2025-08-29 13:42:25 UTC ydbd size 2.3 GiB changed* by +48.9 KiB, which is < 100.0 KiB vs main: OK

ydbd size dash main: 5e185c1 merge: a7b13c5 diff diff %
ydbd size 2 437 292 312 Bytes 2 437 342 416 Bytes +48.9 KiB +0.002%
ydbd stripped size 510 574 280 Bytes 510 579 400 Bytes +5.0 KiB +0.001%

*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation

CyberROFL
CyberROFL reviewed Aug 29, 2025
View reviewed changes
pixcc
pixcc requested changes Aug 29, 2025
View reviewed changes
ydb/core/protos/flat_tx_scheme.proto
optional string UserToken = 7 [(Ydb.sensitive) = true]; // serialized NACLib::TUserToken
// Fields for audit logging
optional string PeerName = 8;
optional string UserSID = 9;
Copy link
Member

@pixcc pixcc Aug 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

UserSID разве не передается внутри UserToken?

Copy link
Collaborator Author

@UgnineSirdis UgnineSirdis Aug 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Всё так, разумеется, он и берётся из UserToken. Но:

  • мы уже не имеем токена внутри операции SchemeShard. Его можно было бы сохранить в SchemeShard, но это чувствительные данные, предпочтительнее не сохранять их.
  • токен в интерфейсе есть, но он предназначен для проверки, у нас же цель - это не дополнительная проверка, а лишь аудитное логирование

CyberROFL
CyberROFL reviewed Aug 29, 2025
View reviewed changes
@github-actions
Copy link

github-actions bot commented Aug 31, 2025
edited
Loading

2025-08-31 08:50:59 UTC Pre-commit check linux-x86_64-relwithdebinfo for e2d68e3 has started.
2025-08-31 08:51:28 UTC Artifacts will be uploaded here
2025-08-31 08:55:45 UTC ya make is running...
🟡 2025-08-31 10:48:39 UTC Some tests failed, follow the links below. Going to retry failed tests...

Details

Test history | Ya make output | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
39852 36990 0 2 2822 38

2025-08-31 10:52:09 UTC ya make is running... (failed tests rerun, try 2)
🟢 2025-08-31 11:08:14 UTC Tests successful.

Test history | Ya make output | Test bloat | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
387 (only retried tests) 357 0 0 0 30

🟢 2025-08-31 11:08:23 UTC Build successful.
🟡 2025-08-31 11:08:43 UTC ydbd size 2.3 GiB changed* by +110.2 KiB, which is >= 100.0 KiB vs main: Warning

ydbd size dash main: 64b7734 merge: e2d68e3 diff diff %
ydbd size 2 437 801 744 Bytes 2 437 914 616 Bytes +110.2 KiB +0.005%
ydbd stripped size 510 653 864 Bytes 510 662 696 Bytes +8.6 KiB +0.002%

*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation

@github-actions
Copy link

github-actions bot commented Aug 31, 2025
edited
Loading

2025-08-31 08:53:01 UTC Pre-commit check linux-x86_64-release-asan for e2d68e3 has started.
2025-08-31 08:53:16 UTC Artifacts will be uploaded here
2025-08-31 08:56:59 UTC ya make is running...
🟡 2025-08-31 11:36:01 UTC Some tests failed, follow the links below. This fail is not in blocking policy yet

Test history | Ya make output | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
17161 16673 0 126 328 34

🟢 2025-08-31 11:37:30 UTC Build successful.
🟡 2025-08-31 11:38:01 UTC ydbd size 4.0 GiB changed* by +164.4 KiB, which is >= 100.0 KiB vs main: Warning

ydbd size dash main: c788933 merge: e2d68e3 diff diff %
ydbd size 4 284 724 184 Bytes 4 284 892 552 Bytes +164.4 KiB +0.004%
ydbd stripped size 1 486 160 632 Bytes 1 486 184 760 Bytes +23.6 KiB +0.002%

*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation

pixcc
pixcc previously approved these changes Sep 1, 2025
View reviewed changes
CyberROFL
CyberROFL previously approved these changes Sep 1, 2025
View reviewed changes
ijon
ijon reviewed Sep 3, 2025
View reviewed changes
@UgnineSirdis UgnineSirdis dismissed stale reviews from CyberROFL and pixcc via ce62ef6 September 3, 2025 13:38
ijon
ijon previously approved these changes Sep 3, 2025
View reviewed changes
@github-actions
Copy link

github-actions bot commented Sep 3, 2025
edited
Loading

2025-09-03 13:48:13 UTC Pre-commit check linux-x86_64-release-asan for e946a7c has started.
2025-09-03 13:48:50 UTC Artifacts will be uploaded here
2025-09-03 13:53:14 UTC ya make is running...
🔴 2025-09-03 13:55:11 UTC Build failed, see the logs. Also see fail summary

@github-actions
Copy link

github-actions bot commented Sep 3, 2025
edited
Loading

2025-09-03 13:51:32 UTC Pre-commit check linux-x86_64-relwithdebinfo for e946a7c has started.
2025-09-03 13:51:45 UTC Artifacts will be uploaded here
2025-09-03 13:55:28 UTC ya make is running...
🔴 2025-09-03 13:57:40 UTC Build failed, see the logs. Also see fail summary

@UgnineSirdis UgnineSirdis force-pushed the pass-audit-log-subject-fields branch from ce62ef6 to 38d4d37 Compare September 3, 2025 15:09
@github-actions
Copy link

github-actions bot commented Sep 3, 2025
edited
Loading

2025-09-03 15:09:57 UTC Pre-commit check linux-x86_64-relwithdebinfo for c2cad5e has started.
2025-09-03 15:10:26 UTC Artifacts will be uploaded here
2025-09-03 15:15:17 UTC ya make is running...
🟡 2025-09-03 17:16:12 UTC Some tests failed, follow the links below. Going to retry failed tests...

Details

Test history | Ya make output | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
39973 37213 0 8 2717 35

2025-09-03 17:19:45 UTC ya make is running... (failed tests rerun, try 2)
🟡 2025-09-03 17:40:00 UTC Some tests failed, follow the links below. Going to retry failed tests...

Details

Test history | Ya make output | Test bloat | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
478 (only retried tests) 452 0 1 0 25

2025-09-03 17:40:10 UTC ya make is running... (failed tests rerun, try 3)
🟢 2025-09-03 17:55:12 UTC Tests successful.

Test history | Ya make output | Test bloat | Test bloat | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
240 (only retried tests) 217 0 0 0 23

🟢 2025-09-03 17:55:20 UTC Build successful.
🟡 2025-09-03 17:55:42 UTC ydbd size 2.3 GiB changed* by +106.3 KiB, which is >= 100.0 KiB vs main: Warning

ydbd size dash main: 9bc3eb2 merge: c2cad5e diff diff %
ydbd size 2 440 149 152 Bytes 2 440 258 008 Bytes +106.3 KiB +0.004%
ydbd stripped size 511 002 152 Bytes 511 006 952 Bytes +4.7 KiB +0.001%

*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation

@github-actions
Copy link

github-actions bot commented Sep 3, 2025
edited
Loading

2025-09-03 15:11:51 UTC Pre-commit check linux-x86_64-release-asan for c2cad5e has started.
2025-09-03 15:12:13 UTC Artifacts will be uploaded here
2025-09-03 15:16:39 UTC ya make is running...
🟡 2025-09-03 17:46:38 UTC Some tests failed, follow the links below. This fail is not in blocking policy yet

Test history | Ya make output | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
17270 16808 0 116 317 29

🟢 2025-09-03 17:48:06 UTC Build successful.
🟡 2025-09-03 17:48:37 UTC ydbd size 4.0 GiB changed* by +149.7 KiB, which is >= 100.0 KiB vs main: Warning

ydbd size dash main: 9bc3eb2 merge: c2cad5e diff diff %
ydbd size 4 288 600 168 Bytes 4 288 753 496 Bytes +149.7 KiB +0.004%
ydbd stripped size 1 487 080 536 Bytes 1 487 096 216 Bytes +15.3 KiB +0.001%

*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation

@UgnineSirdis UgnineSirdis merged commit 444f586 into ydb-platform:main Sep 3, 2025
12 checks passed
@UgnineSirdis UgnineSirdis deleted the pass-audit-log-subject-fields branch September 3, 2025 19:45
UgnineSirdis added a commit to UgnineSirdis/ydb that referenced this pull request Sep 3, 2025
@UgnineSirdis @ijon
Pass audit log subject, sanitized token, peer name fields for export …
54d6992 
…and import operations and suboperations (ydb-platform#23722)

Co-authored-by: ijon <ivan.chelubeev@gmail.com>
(cherry picked from commit 444f586)
UgnineSirdis added a commit to UgnineSirdis/ydb that referenced this pull request Sep 4, 2025
@UgnineSirdis @ijon
Pass audit log subject, sanitized token, peer name fields for export …
4802fc6 
…and import operations and suboperations (ydb-platform#23722)

Co-authored-by: ijon <ivan.chelubeev@gmail.com>
(cherry picked from commit 444f586)
UgnineSirdis added a commit that referenced this pull request Sep 6, 2025
@UgnineSirdis @ijon
Pass audit log subject, sanitized token, peer name fields for export …
386981c 
…and import operations and suboperations (#23722)

Co-authored-by: ijon <ivan.chelubeev@gmail.com>
(cherry picked from commit 444f586)
UgnineSirdis added a commit that referenced this pull request Sep 6, 2025
@UgnineSirdis @ijon
Pass audit log subject, sanitized token, peer name fields for export …
92b2338 
…and import operations and suboperations (#23722)

Co-authored-by: ijon <ivan.chelubeev@gmail.com>
(cherry picked from commit 444f586)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ijon ijon ijon approved these changes

@CyberROFL CyberROFL CyberROFL left review comments

@pixcc pixcc pixcc left review comments

Assignees

No one assigned

Labels

not-for-changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@UgnineSirdis @ijon @CyberROFL @pixcc