Audit logging #440

nikomakela · 2024-12-04T10:53:22Z

Kukkuu audit logging

Audit logging is implemented with django-auditlog, but it has some extended features applied with hel_django_auditlog_extra -app.

Audit log extension

This pull request introduces hel_django_auditlog_extra, a Django application that enhances django-auditlog with the following features:

Fixes set_actor context manager: The original set_actor in django-auditlog is designed to extract user and IP address information from the request and log it. However, it has issues with Graphene and its authentication mechanisms. This has been corrected.
New context manager for request path logging: Adds a new context manager to include request.path in the logs. This information is added to the additional_data field of LogEntry.
Middleware for context managers: Provides middleware that utilizes both of the aforementioned context managers.
Graphene decorator for access logging: Includes a Graphene decorator that logs access information every time the get_node method of a Graphene object is called.
Admin view mixin for audit logging: Offers an admin view mixin that enables audit logging for admin view requests.
Optional configuration tool: Introduces an optional configuration tool that monitors and enforces audit logging for all models, either through an inclusive or exclusive approach.

This PR is splitted so that it would contain only the new hel_django_auditlog_extra -app. The Kukkuu configuration is added in another PR: #441.

hel_django_auditlog_extra/README.md

hel_django_auditlog_extra/context.py

hel_django_auditlog_extra/mixins.py

karisal-anders

Overall good job! I left some comments, please take a look at them.

nikomakela · 2024-12-17T12:59:47Z

NOTE: Django-auditlog provides a generic view access log mixin out of the box: https://django-auditlog.readthedocs.io/en/latest/usage.html#automatically-logging-changes. This should be usable with DRF.

KK-1113 KK-1125.

KK-1113

KK-1113. Use Python context manager to set a request path to the LogEntry instance's additional data field when it's available, the same way as the `set_actor` of the `django-auditlog` sets the ip address and user to the LogEntry instance.

KK-1113

terovirtanen · 2024-12-19T14:38:11Z

KUKKUU-API branch is deployed to platta: https://kukkuu-pr440.api.dev.hel.ninja 🚀🚀🚀

terovirtanen · 2024-12-19T14:40:14Z

TestCafe result is success for https://kukkuu-pr440.api.dev.hel.ninja 😆🎉🎉🎉

terovirtanen · 2024-12-19T14:55:47Z

KUKKUU-API branch is deployed to platta: https://kukkuu-pr440.api.dev.hel.ninja 🚀🚀🚀

terovirtanen · 2024-12-19T14:58:19Z

TestCafe result is success for https://kukkuu-pr440.api.dev.hel.ninja 😆🎉🎉🎉

terovirtanen · 2024-12-19T15:19:43Z

KUKKUU-API branch is deployed to platta: https://kukkuu-pr440.api.dev.hel.ninja 🚀🚀🚀

terovirtanen · 2024-12-19T15:22:28Z

TestCafe result is success for https://kukkuu-pr440.api.dev.hel.ninja 😆🎉🎉🎉

terovirtanen · 2024-12-19T20:43:44Z

KUKKUU-API branch is deployed to platta: https://kukkuu-pr440.api.dev.hel.ninja 🚀🚀🚀

terovirtanen · 2024-12-19T20:45:55Z

TestCafe result is success for https://kukkuu-pr440.api.dev.hel.ninja 😆🎉🎉🎉

terovirtanen · 2024-12-20T11:40:05Z

KUKKUU-API branch is deployed to platta: https://kukkuu-pr440.api.dev.hel.ninja 🚀🚀🚀

terovirtanen · 2024-12-20T11:42:44Z

TestCafe result is success for https://kukkuu-pr440.api.dev.hel.ninja 😆🎉🎉🎉

terovirtanen · 2024-12-20T12:56:43Z

KUKKUU-API branch is deployed to platta: https://kukkuu-pr440.api.dev.hel.ninja 🚀🚀🚀

terovirtanen · 2024-12-20T12:59:07Z

TestCafe result is success for https://kukkuu-pr440.api.dev.hel.ninja 😆🎉🎉🎉

terovirtanen · 2024-12-20T14:52:31Z

KUKKUU-API branch is deployed to platta: https://kukkuu-pr440.api.dev.hel.ninja 🚀🚀🚀

terovirtanen · 2024-12-20T14:54:50Z

TestCafe result is success for https://kukkuu-pr440.api.dev.hel.ninja 😆🎉🎉🎉

KK-1113

KK-1113.

KK-1113

nikomakela · 2024-12-20T15:08:49Z

The ContextVar stuff related to get_object would be good to test that it works

Okay, I finally had time to test this and it the test result is that the contextvar works wrong: it persists through multiple requests. I need to find a proper fix for that or manipulate the request object instead.

terovirtanen · 2024-12-20T15:12:45Z

KUKKUU-API branch is deployed to platta: https://kukkuu-pr440.api.dev.hel.ninja 🚀🚀🚀

terovirtanen · 2024-12-20T15:15:10Z

TestCafe result is success for https://kukkuu-pr440.api.dev.hel.ninja 😆🎉🎉🎉

KK-1113. Replace the contextvar usage with a request object manipulation, since the contextvar was not reinitialized for every Django request.

terovirtanen · 2024-12-23T08:07:14Z

KUKKUU-API branch is deployed to platta: https://kukkuu-pr440.api.dev.hel.ninja 🚀🚀🚀

sonarqubecloud · 2024-12-23T08:07:21Z

Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
96.9% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

terovirtanen · 2024-12-23T08:09:45Z

TestCafe result is success for https://kukkuu-pr440.api.dev.hel.ninja 😆🎉🎉🎉

nikomakela force-pushed the KK-1113-audit-log branch from c2274ad to e7d31e5 Compare December 4, 2024 11:16

nikomakela mentioned this pull request Dec 4, 2024

Configure audit logging in Kukkuu project #441

Merged

nikomakela force-pushed the KK-1113-audit-log branch from 72585f0 to cf7f660 Compare December 4, 2024 12:19

City-of-Helsinki deleted a comment from sonarqubecloud bot Dec 4, 2024

nikomakela marked this pull request as ready for review December 4, 2024 12:35

nikomakela requested review from charn, tuomas777, karisal-anders, jammi and jakezu December 4, 2024 12:36

karisal-anders reviewed Dec 5, 2024

View reviewed changes