CBG-4046 add attachment and create, update, delete events #6988
Conversation
torcolvin
force-pushed
the
CBG-4046-attachment-events
branch
from
a066f72 to
d037861
Compare
torcolvin
changed the title
db/crud.go
Outdated
| if doc.IsDeleted() { | ||
| base.Audit(ctx, base.AuditIDDocumentDelete, base.AuditFields{ | ||
| base.AuditFieldDocID: docid, | ||
| base.AuditFieldDocVersion: newRevID, |
There was a problem hiding this comment.
Tombstones can have channels - feels like we should be including base.AuditFieldChannels here too.
| }, | ||
|
|
||
| optionalFieldGroups: []fieldGroup{ | ||
| fieldGroupRequest, // this will be present everywhere except tests, |
There was a problem hiding this comment.
I expect this comment should match the one for Delete, since exceptions would be the same?
base/audit_events.go
Outdated
| fieldGroupKeyspace, | ||
| }, | ||
| optionalFieldGroups: []fieldGroup{ | ||
| fieldGroupRequest, // this is not present on ISGR or import, |
There was a problem hiding this comment.
Should this be included on AuditIDDocumentUpdate and AuditIDDocumentCreate (or omitted here)?
db/database.go
Outdated
| return base.UserLogCtx(ctx, "rosmar_noauth", base.UserDomainBuiltin, nil) | ||
| } | ||
| username, _, _ := dbCtx.BucketSpec.Auth.GetCredentials() | ||
| return base.UserLogCtx(ctx, username, base.UserDomainBuiltin, nil) // FIXME, should I pick up roles? |
There was a problem hiding this comment.
@bbrks what's your take on this question?
There was a problem hiding this comment.
Not needed. Roles are passed for filtering only. In the case of builtin users, people can use the username based filtering if they don't want these audit events.
| @@ -536,7 +536,8 @@ func (rt *RestTester) GetUserAdminAPI(username string) auth.PrincipalConfig { | |||
| // GetSingleTestDatabaseCollection will return a DatabaseCollection if there is only one. Depending on test environment configuration, it may or may not be the default collection. | |||
| func (rt *RestTester) GetSingleTestDatabaseCollection() (*db.DatabaseCollection, context.Context) { | |||
| c := db.GetSingleDatabaseCollection(rt.TB(), rt.GetDatabase()) | |||
| return c, c.AddCollectionContext(rt.Context()) | |||
| ctx := base.UserLogCtx(c.AddCollectionContext(rt.Context()), "gotest", base.UserDomainBuiltin, nil) | |||
There was a problem hiding this comment.
The UserLogCtx feels like it is getting set arbitrarily in a lot of places. Can you help me understand the general approach we're using to decide whether to set "gotest"? I would have thought a DatabaseCollection shouldn't have a user context (since it's not a DatabaseCollectionWithUser).
There was a problem hiding this comment.
This is for code that works directly in a test: collection.Put(ctx, ..) needs a user and this provides a user. I wanted to make it clear that this wasn't a real user. This is for cases like import tests where we directly call functions outside of REST calls.
rest/doc_api.go
Outdated
| @@ -644,6 +648,10 @@ func (h *handler) handleGetLocalDoc() error { | |||
| } | |||
| value[db.BodyId] = "_local/" + docid | |||
| h.writeJSON(value) | |||
| base.Audit(h.ctx(), base.AuditIDDocumentRead, base.AuditFields{ | |||
| base.AuditFieldDocID: docid, | |||
| base.AuditFieldDocVersion: value[db.BodyRev], // this value might not be populated if this is a doc that starts with _sync | |||
There was a problem hiding this comment.
I agree, I don't think BodyRev is a required field for local docs. Can we just remove this?
rest/audit_test.go
Outdated
| events := jsonLines(rt.TB(), output) | ||
| countFound := 0 | ||
| for _, event := range events { | ||
| // skip events that are not document read events |
There was a problem hiding this comment.
| // skip events that are not document read events | |
| // skip events that are not the target eventID |
rest/audit_test.go
Outdated
| @@ -974,6 +1120,22 @@ func requireDocumentReadEvents(rt *RestTester, output []byte, docID string, docV | |||
| require.Equal(rt.TB(), docVersions, docVersionsFound) | |||
| } | |||
|
|
|||
| // requireAttachmentEvents validates that create attachment events | |||
There was a problem hiding this comment.
Is the idea that this expects that eventID is one of the attachment crud event IDs?
rest/bulk_api.go
Outdated
| if atts, ok := body[db.BodyAttachments]; ok && atts != nil { | ||
| attsMap, ok := atts.(db.AttachmentsMeta) | ||
| if !ok { | ||
| base.WarnfCtx(h.ctx(), "Unexpected format of attachments in the body %+v", atts) | ||
| } | ||
| for attachment := range attsMap { | ||
| base.Audit(h.ctx(), base.AuditIDAttachmentRead, base.AuditFields{ | ||
| base.AuditFieldDocID: docid, | ||
| base.AuditFieldDocVersion: revid, | ||
| base.AuditFieldAttachmentID: attachment, | ||
| }) | ||
| } | ||
| } |
There was a problem hiding this comment.
This is only reading metadata of the attachment, unless includeAttachments is set.
Does this need to be conditional?
db/raw_doc_with_inline_sync.json
Outdated
| @@ -0,0 +1,14 @@ | |||
| { | |||
There was a problem hiding this comment.
I think I'd rather be more deliberate about switching to the use of embed and standalone json files for testing, instead of just adding this single standalone file - would like to think about organization, packaging, etc. Any reason this can't be inline with the test file, like we do in other spots?
| @@ -2355,7 +2399,7 @@ func (db *DatabaseCollectionWithUser) DeleteDoc(ctx context.Context, docid strin | |||
| } | |||
|
|
|||
| // Purges a document from the bucket (no tombstone) | |||
| func (db *DatabaseCollectionWithUser) Purge(ctx context.Context, key string) error { | |||
| func (db *DatabaseCollectionWithUser) Purge(ctx context.Context, key string, needsAudit bool) error { | |||
There was a problem hiding this comment.
I'm not seeing any cases that call this with needsAudit=false. Are there such cases?
There was a problem hiding this comment.
The single case is
Line 1497 in 1fff8bb
I added tests for REST api and didn't add tests for blip code.
Pre-review checklist
fmt.Print,log.Print, ...)base.UD(docID),base.MD(dbName))docs/apiIntegration Tests
GSI=true,xattrs=truehttps://jenkins.sgwdev.com/job/SyncGateway-Integration/2613/