/datomic-for-audit-trails-talk

Code/slides for a talk at the Nov 2019 Clojure Meetup in Singapore, about how Datomic is a great database for implementing apps requiring audit trails

Primary LanguageClojureMIT LicenseMIT

Exploring Datomic for Audit Trails

Ackerley Tng

github.com/ackerleytng

Background

  • Day of Datomic Cloud Workshop at Strange Loop 2019
    • That was my introduction to Datomic
  • Many of the apps we build at work have a requirement for audit trails
    • Who changed this entity in the database?
    • When was it changed in the database?
    • Approvals - when was it approved?
    • What changed between these two dates?
  • This talk explains what I’ve explored using a sample problem

Setting up Datomic Starter for exploration

  1. Hop over to https://www.datomic.com/get-datomic.html (requires free sign up)
  2. Click the downloads tab and download the latest zip
  3. Start datomic with no persistent storage
bin/run -m datomic.peer-server -h localhost -p 8998 -a myaccesskey,mysecret -d hello,datomic:mem://hello

Setting up Datomic client

  • Add com.datomic/client-pro {:mvn/version "0.9.41"} to your deps.edn

Motivating Problem

  • Want to build a system to manage firewall rules
  • Firewall rejects all connections by default
  • Users request to allow traffic through, for selected IPv4 ranges and ports
  • Need to track who requested any changes to firewall rules

Data Model (conventional)

  • Firewall Rule Entry
    • Name
    • Description
    • Source IP Range
    • Destination IP Range
    • Destination Port
  • Users
    • UUID (from SSO service)

Modelling Requester Info…?

namesrc_ip_rangedst_ip_rangeportrequester
magical-unicorn192.168.1.0/24192.168.50.0/24443<alice>
mutant-reindeer192.168.2.0/24192.168.51.0/248443<bob>
magical-unicorn192.168.1.0/24192.168.50.0/2480<carol>

Reified Transactions

  • Transactions are themselves entities in Datomic
    • Can attach attribute to every transaction
  • The requester is a property of the change to the firewall rule entry and not the entry itself
  • Datomic automatically stores the transaction time of every transaction

Datomic Facts

[entity attribute value transaction added?]

entityfirewall-rule-entry
attribute:firewall/name
value“magical-unicorn”
transactioninternal reference
added?asserted or retracted

Summary

  • Reified transactions
  • Built-in tracking of transaction time
  • Convenient d/history, d/since, d/as-of functions

Thanks for listening!

Slides and code available at

https://github.com/ackerleytng/datomic-for-audit-trails-talk