Skip to content

WPB-20208 Audit log on asset download #4784

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
battermann merged 14 commits into from
Sep 29, 2025
Merged

WPB-20208 Audit log on asset download #4784

battermann merged 14 commits into from
Sep 29, 2025

Conversation

@battermann
Copy link
Contributor

@battermann battermann commented Sep 19, 2025
edited
Loading

https://wearezeta.atlassian.net/browse/WPB-20208

Checklist

  • Add a new entry in an appropriate subdirectory of changelog.d
  • Read and follow the PR guidelines

@battermann battermann force-pushed the WPB-20208-add-audit-logging-to-asset-download branch from 72cc58d to f1b0322 Compare September 19, 2025 13:06
@zebot zebot added the ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist label Sep 19, 2025
@battermann battermann marked this pull request as ready for review September 23, 2025 09:49
@battermann battermann requested review from a team as code owners September 23, 2025 09:49
@battermann battermann requested a review from Copilot September 23, 2025 09:50
Copilot AI reviewed Sep 23, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements comprehensive audit logging for asset operations in the Cargohold service, extending beyond upload events to include download, signed URL creation, and remote asset download logging.

Key changes include:

  • Enhanced audit logging functions to cover download, signed URL creation, and remote asset operations
  • Updated asset handling functions to include audit metadata and qualified principals for proper logging
  • Comprehensive unit tests with property-based testing to validate audit log JSON structure
  • Integration tests covering various federated download scenarios across multiple backends

Reviewed Changes

Copilot reviewed 21 out of 21 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
services/cargohold/src/CargoHold/API/AuditLog.hs Expanded audit logging with new functions for download, URL creation, and remote access
services/cargohold/src/CargoHold/API/V3.hs Updated asset operations to support qualified principals and audit metadata
services/cargohold/src/CargoHold/Util.hs Modified signed URL generation to include audit logging
services/cargohold/src/CargoHold/S3.hs Added Arbitrary instances and cleaned up type signatures
services/cargohold/test/unit/Test/CargoHold/API/AuditLogTest.hs Property-based tests for audit log JSON validation
services/cargohold/test/unit/Test/CargoHold/API/LogJSON.hs Test utilities for structured JSON logging
integration/test/Test/Cargohold/API.hs Enhanced integration tests for federated audit logging scenarios

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@battermann battermann force-pushed the WPB-20208-add-audit-logging-to-asset-download branch from c825167 to 890a52a Compare September 26, 2025 13:36
blackheaven
blackheaven approved these changes Sep 26, 2025
View reviewed changes
services/cargohold/test/unit/Test/CargoHold/API/LogJSON.hs
Comment on lines +20 to +21
lookupText,
lookupBool,
Copy link
Contributor

@blackheaven blackheaven Sep 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

they don't seems to be used, maybe we can rely on lens-aeson instead.

Copy link
Contributor Author

@battermann battermann Sep 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, I'll remove these in the follow-up PR to reduce the number of rebases...

pcapriotti
pcapriotti approved these changes Sep 29, 2025
View reviewed changes
Copy link
Contributor

@pcapriotti pcapriotti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@battermann battermann merged commit ba9e4bc into develop Sep 29, 2025
8 checks passed
@battermann battermann deleted the WPB-20208-add-audit-logging-to-asset-download branch September 29, 2025 08:46
battermann added a commit that referenced this pull request Oct 2, 2025
@battermann
WPB-20208 Audit log on asset download (#4784)
47b1467
This was referenced Oct 20, 2025
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pcapriotti pcapriotti pcapriotti approved these changes

@blackheaven blackheaven blackheaven approved these changes

Assignees

No one assigned

Labels

ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@battermann @pcapriotti @blackheaven @zebot