Audit log of suspensions
Closed this issue · 11 comments
As a user I would like to understand WHO suspended a resource (gitrepo/ks/hr) and WHY.
Lets split this up into a few smaller PRs.
Stage 1:
-
Just add the annotation to the suspended resource
-
Clear user annotation on resume
-
Show suspender in the UI. ("Supended" -> "Suspended by ${annotations["weave.works/suspended-by"]}"
-
Make sure we have a
<Metadata />
etc info block on the gitopssets-details and ACD-details pages
Stage 2:
- Accept a
message
in the BE API and save as annotation too - Clear message annotation on resume
- Show message in the UI
Stage 3:
- Allow user to specify an alternate OIDC claim as the "display name" / username / email field to be used instead of
principal.ID
A little bit of BE work in OSS
- Add "comment" field to suspend message in proto
- Save principal / comment to the annotations...
FE work
- (Sync w/ Olga as she's been unifying the sync/suspend buttons?)
- Add a dialog to enter an optional message
- Show the an alert/info thing on the details page / table page w/ the reason its suspended. I guess updating the "getMessage" helpers we have in OSS
Maybe we should add get suspendComment()
onto FluxObject
and even a <SuspendCommentInfo obj={myFluxObjectThing} />
so we can put it onto the:
- automations details
- source details
Import onto EE and add to the
- gitopssets page
- terraform page
Proposed annotations
- weave.works/suspended-by:
- weave.works/suspended-comment:
Where principal here is principal.ID
https://github.com/weaveworks/weave-gitops/blob/main/pkg/server/auth/server.go#L503-L504
cc @opudrovs you mentioned you've been doing so unifying work around sync/suspend? We will want to build on that probably!
@foot sure, I will raise PRs for Sync/Suspend/Edit buttons soon, probably tomorrow or the day after tomorrow. There are many small changes finished + some notification changes left.
I can assign you as a reviewer in my PRs.
Other potential improvements to tackle:
- Principal.ID might not be very human readable sometimes, allow user to configure the OIDC claim field for "display-name" to use in the UI / these annotations?
Other potential improvements to tackle:
- Principal.ID might not be very human readable sometimes, allow user to configure the OIDC claim field for "display-name" to use in the UI / these annotations?
The ID is technically "guaranteed" to be unique, but I agree that there's a broader use here, and it'd be nice if we could let you configure the "user" field.
Probably wanna set the annotations:
- weave.works/suspended-by:
- weave.works/suspended-comment:
Here:
https://github.com/weaveworks/weave-gitops/blob/main/core/server/suspend.go#L56
Do we also want to allow the user to set a reason why they unsuspend / resume something? cc @bigkevmcd ?
Probably wanna set the annotations:
- weave.works/suspended-by:
- weave.works/suspended-comment:
To be clear, we must have suspended-by, "comment" is nice to have, but if it's delaying things, we can defer.
Do we also want to allow the user to set a reason why they unsuspend / resume something? cc @bigkevmcd ?
No, I don't think we need this, but when we unsuspend, we should clear the annotations.
do you have an ETA for this?
we have a client who is asking for this and we need to let them know when they might see a release. Is it likely to be in a release in November or December?
As you've spotted there's an open PR, it's being reviewed, it should hopefully land in the next release.