-
Notifications
You must be signed in to change notification settings - Fork 644
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Prefix] Add auditing for reserved namespaces #4940
Conversation
public bool IsPrefix { get; } | ||
public bool IsSharedNamespace { get; } | ||
|
||
public AuditedReservedNamespace(ReservedNamespace reservedNamespace) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should probably keep the default ctor in case we need it for deserialization.
We should use a consistent pattern across all audit entities... maybe like AuditedPackageRegistration does it (default ctor and static CreateFrom for populating from the EF entity)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't see consistency here, AuditedUserSecurityPolicy
doesn't use CreateFrom
uses the ctor to create audit record.
I don't mind making this to use CreateFrom
instead.
@@ -15,6 +15,7 @@ public enum AuditedPackageAction | |||
Edit, | |||
[Obsolete("Undo package edit functionality is being retired.")] | |||
UndoEdit, | |||
Verify | |||
Verify, | |||
UploadFailedNamespaceConflict |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't audit upload failures due to id/title conflict, so I don't think we should with namespace either. The only failures we currently audit are authentication related (package push attempt by non-owner, login failed).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed this to telemetry value rather than auditing.
RemoveOwner | ||
RemoveOwner, | ||
MarkVerified, | ||
MarkUnverified |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think you need separate actions for MarkVerified/MarkUnverified. AuditedPackageRegistration.IsVerified will be logged when the action that caused verification is audited (i.e., package owner added, or push of new package).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
True, will remove this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On second thoughts, I think we should have these actions for AffectedRegistrations
in the reserved namespace audit, the registration records are updated for marking verified/unverified actions, which cannot be said of using (Add/Remove)Owner
see this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point. I was thinking the list of packages that became verified could be audited as part of the register/unregister namespace. This is probably better since the audit path will be more consistent for when packages become un-/verified.
If we want to see when a package became verified, regardless of how, do we just look under registration auditing (auditing/{package-id})?
public enum AuditedReservednamespaceAction | ||
{ | ||
Allocate, | ||
Deallocate, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would rename to [Reserve/Unreserve]Namespace or [Add/Remove]NamespaceReservation, which seems more specific.
|
||
namespace NuGetGallery.Auditing | ||
{ | ||
public enum AuditedReservednamespaceAction |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Casing - should be AuditedReservedNamespaceAction
|
||
public static AuditedPackageRegistration CreateFrom(PackageRegistration packageRegistration) | ||
{ | ||
return new AuditedPackageRegistration | ||
{ | ||
Id = packageRegistration.Id, | ||
DownloadCount = packageRegistration.DownloadCount, | ||
Key = packageRegistration.Key | ||
Key = packageRegistration.Key, | ||
IsVerified = packageRegistration.IsVerified |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit trailing comma so that future diffs only change one line
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Putting a trailing comma on the last property of an object seems weird to me. Ticks my OCD :)
@@ -30,6 +30,9 @@ public class PackageAuditRecord : AuditRecord<AuditedPackageAction> | |||
Reason = reason; | |||
} | |||
|
|||
public PackageAuditRecord(string id, string version, AuditedPackageAction action, string reason) | |||
: this(id, version, "", null, null, action, reason) { } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
name ambiguous parameters
@chenriksson - addressed feedback. |
case AuditedReservedNamespaceAction.RemoveOwner: | ||
return AuditedPackageRegistrationAction.MarkUnverified; | ||
default: | ||
return null; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This default case shouldn't happen... I would have it throw instead of complicating the code to work with nullables.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will throw and add tests.
{ | ||
AffectedOwner = username; | ||
|
||
var registrationAction = GetPackageRegistrationAction(action); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No need to call GetPackageRegistrationAction if registrations is null/empty
- good catch
@@ -216,6 +203,30 @@ private static string GetApiKeyCreationDate(User user, IIdentity identity) | |||
return apiKey?.Created.ToString("O") ?? "N/A"; | |||
} | |||
|
|||
private void TrackPackageForEvent(string eventValue, string packageId, string packageVersion, User user, IIdentity identity) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you add AuthenticationMethod, would also match TrackPackagePushEvent. Maybe worth doing?
- sure
Assert.Equal(prefix.IsPrefix, record.AffectedReservedNamespace.IsPrefix); | ||
Assert.Equal(AuditedReservedNamespaceAction.AddOwner, record.Action); | ||
Assert.Equal(registrationsList.Count, record.AffectedRegistrations.Length); | ||
Assert.Equal(owner.Username, record.AffectedOwner); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Arrange/Act/Assert comments would be useful in a long test like this
- done
@@ -2,12 +2,14 @@ | |||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. | |||
|
|||
using Moq; | |||
using NuGetGallery.TestUtils; | |||
using Xunit; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: sort
I will send out the Shim changes once I get a build out of this merge, since it requires the changes from
NuGetGallery.Core
for the new audit record types and actions. Addresses #4549 first part.