[Prefix] Add auditing for reserved namespaces #4940
Conversation
shishirx34
requested review from
joelverhagen,
agr,
xavierdecoster,
ryuyu,
chenriksson,
skofman1 and
scottbommarito
| public bool IsPrefix { get; } | ||
| public bool IsSharedNamespace { get; } | ||
|
|
||
| public AuditedReservedNamespace(ReservedNamespace reservedNamespace) |
There was a problem hiding this comment.
You should probably keep the default ctor in case we need it for deserialization.
We should use a consistent pattern across all audit entities... maybe like AuditedPackageRegistration does it (default ctor and static CreateFrom for populating from the EF entity)?
There was a problem hiding this comment.
I didn't see consistency here, AuditedUserSecurityPolicy doesn't use CreateFrom uses the ctor to create audit record.
I don't mind making this to use CreateFrom instead.
| @@ -15,6 +15,7 @@ public enum AuditedPackageAction | |||
| Edit, | |||
| [Obsolete("Undo package edit functionality is being retired.")] | |||
| UndoEdit, | |||
| Verify | |||
| Verify, | |||
| UploadFailedNamespaceConflict | |||
There was a problem hiding this comment.
We don't audit upload failures due to id/title conflict, so I don't think we should with namespace either. The only failures we currently audit are authentication related (package push attempt by non-owner, login failed).
There was a problem hiding this comment.
changed this to telemetry value rather than auditing.
| RemoveOwner | ||
| RemoveOwner, | ||
| MarkVerified, | ||
| MarkUnverified |
There was a problem hiding this comment.
I don't think you need separate actions for MarkVerified/MarkUnverified. AuditedPackageRegistration.IsVerified will be logged when the action that caused verification is audited (i.e., package owner added, or push of new package).
There was a problem hiding this comment.
True, will remove this.
There was a problem hiding this comment.
On second thoughts, I think we should have these actions for AffectedRegistrations in the reserved namespace audit, the registration records are updated for marking verified/unverified actions, which cannot be said of using (Add/Remove)Owner see this
There was a problem hiding this comment.
Good point. I was thinking the list of packages that became verified could be audited as part of the register/unregister namespace. This is probably better since the audit path will be more consistent for when packages become un-/verified.
If we want to see when a package became verified, regardless of how, do we just look under registration auditing (auditing/{package-id})?
| public enum AuditedReservednamespaceAction | ||
| { | ||
| Allocate, | ||
| Deallocate, |
There was a problem hiding this comment.
Would rename to [Reserve/Unreserve]Namespace or [Add/Remove]NamespaceReservation, which seems more specific.
|
|
||
| namespace NuGetGallery.Auditing | ||
| { | ||
| public enum AuditedReservednamespaceAction |
There was a problem hiding this comment.
Casing - should be AuditedReservedNamespaceAction
|
|
||
| public static AuditedPackageRegistration CreateFrom(PackageRegistration packageRegistration) | ||
| { | ||
| return new AuditedPackageRegistration | ||
| { | ||
| Id = packageRegistration.Id, | ||
| DownloadCount = packageRegistration.DownloadCount, | ||
| Key = packageRegistration.Key | ||
| Key = packageRegistration.Key, | ||
| IsVerified = packageRegistration.IsVerified |
There was a problem hiding this comment.
nit trailing comma so that future diffs only change one line
There was a problem hiding this comment.
Putting a trailing comma on the last property of an object seems weird to me. Ticks my OCD :)
| @@ -30,6 +30,9 @@ public class PackageAuditRecord : AuditRecord<AuditedPackageAction> | |||
| Reason = reason; | |||
| } | |||
|
|
|||
| public PackageAuditRecord(string id, string version, AuditedPackageAction action, string reason) | |||
| : this(id, version, "", null, null, action, reason) { } | |||
|
@chenriksson - addressed feedback. |
| case AuditedReservedNamespaceAction.RemoveOwner: | ||
| return AuditedPackageRegistrationAction.MarkUnverified; | ||
| default: | ||
| return null; |
There was a problem hiding this comment.
This default case shouldn't happen... I would have it throw instead of complicating the code to work with nullables.
There was a problem hiding this comment.
Will throw and add tests.
| { | ||
| AffectedOwner = username; | ||
|
|
||
| var registrationAction = GetPackageRegistrationAction(action); |
There was a problem hiding this comment.
No need to call GetPackageRegistrationAction if registrations is null/empty
- good catch
| @@ -216,6 +203,30 @@ private static string GetApiKeyCreationDate(User user, IIdentity identity) | |||
| return apiKey?.Created.ToString("O") ?? "N/A"; | |||
| } | |||
|
|
|||
| private void TrackPackageForEvent(string eventValue, string packageId, string packageVersion, User user, IIdentity identity) | |||
There was a problem hiding this comment.
If you add AuthenticationMethod, would also match TrackPackagePushEvent. Maybe worth doing?
- sure
| Assert.Equal(prefix.IsPrefix, record.AffectedReservedNamespace.IsPrefix); | ||
| Assert.Equal(AuditedReservedNamespaceAction.AddOwner, record.Action); | ||
| Assert.Equal(registrationsList.Count, record.AffectedRegistrations.Length); | ||
| Assert.Equal(owner.Username, record.AffectedOwner); |
There was a problem hiding this comment.
nit: Arrange/Act/Assert comments would be useful in a long test like this
- done
| @@ -2,12 +2,14 @@ | |||
| // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. | |||
|
|
|||
| using Moq; | |||
| using NuGetGallery.TestUtils; | |||
| using Xunit; | |||
I will send out the Shim changes once I get a build out of this merge, since it requires the changes from
NuGetGallery.Corefor the new audit record types and actions. Addresses #4549 first part.