Audit log of suspensions

Question

Audit log of suspensions

Closed this issue 9 months ago · 11 comments

foot commented a year ago

As a user I would like to understand WHO suspended a resource (gitrepo/ks/hr) and WHY.

Lets split this up into a few smaller PRs.

Stage 1:

Just add the annotation to the suspended resource
Clear user annotation on resume
Show suspender in the UI. ("Supended" -> "Suspended by ${annotations["weave.works/suspended-by"]}"
Make sure we have a <Metadata /> etc info block on the gitopssets-details and ACD-details pages

Stage 2:

Accept a message in the BE API and save as annotation too
Clear message annotation on resume
Show message in the UI

Stage 3:

Allow user to specify an alternate OIDC claim as the "display name" / username / email field to be used instead of principal.ID

A little bit of BE work in OSS

Add "comment" field to suspend message in proto
Save principal / comment to the annotations...

FE work

(Sync w/ Olga as she's been unifying the sync/suspend buttons?)
Add a dialog to enter an optional message
Show the an alert/info thing on the details page / table page w/ the reason its suspended. I guess updating the "getMessage" helpers we have in OSS

Maybe we should add get suspendComment() onto FluxObject and even a <SuspendCommentInfo obj={myFluxObjectThing} /> so we can put it onto the:

automations details
source details

Import onto EE and add to the

gitopssets page
terraform page

Proposed annotations

weave.works/suspended-by:
weave.works/suspended-comment:

Answer 1 · 2023-10-25T14:45:13.000Z

Where principal here is principal.ID

https://github.com/weaveworks/weave-gitops/blob/main/pkg/server/auth/server.go#L503-L504

Answer 2 · 2023-10-25T14:51:39.000Z

cc @opudrovs you mentioned you've been doing so unifying work around sync/suspend? We will want to build on that probably!

Answer 3 · 2023-10-25T14:54:12.000Z

@foot sure, I will raise PRs for Sync/Suspend/Edit buttons soon, probably tomorrow or the day after tomorrow. There are many small changes finished + some notification changes left.

Answer 4 · 2023-10-25T14:55:04.000Z

I can assign you as a reviewer in my PRs.

Answer 5 · 2023-10-26T09:27:25.000Z

Other potential improvements to tackle:

Principal.ID might not be very human readable sometimes, allow user to configure the OIDC claim field for "display-name" to use in the UI / these annotations?

Answer 6 · 2023-11-07T16:47:08.000Z

Other potential improvements to tackle:

Principal.ID might not be very human readable sometimes, allow user to configure the OIDC claim field for "display-name" to use in the UI / these annotations?

The ID is technically "guaranteed" to be unique, but I agree that there's a broader use here, and it'd be nice if we could let you configure the "user" field.

Answer 7 · 2023-11-08T11:39:19.000Z

Probably wanna set the annotations:

weave.works/suspended-by:
weave.works/suspended-comment:

Here:
https://github.com/weaveworks/weave-gitops/blob/main/core/server/suspend.go#L56

Do we also want to allow the user to set a reason why they unsuspend / resume something? cc @bigkevmcd ?

Answer 8 · 2023-11-08T11:40:46.000Z

Probably wanna set the annotations:

weave.works/suspended-by:

weave.works/suspended-comment:

To be clear, we must have suspended-by, "comment" is nice to have, but if it's delaying things, we can defer.

Do we also want to allow the user to set a reason why they unsuspend / resume something? cc @bigkevmcd ?

No, I don't think we need this, but when we unsuspend, we should clear the annotations.

Answer 9 · 2023-11-15T12:24:25.000Z

do you have an ETA for this?
we have a client who is asking for this and we need to let them know when they might see a release. Is it likely to be in a release in November or December?

Answer 10 · 2023-11-15T12:27:11.000Z

As you've spotted there's an open PR, it's being reviewed, it should hopefully land in the next release.

Answer 11 · 2023-11-15T13:48:54.000Z

foot commented 10 months ago