Skip to content

feat: audit git ssh key regeneration #4544

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Oct 14, 2022
Merged

feat: audit git ssh key regeneration #4544

merged 5 commits into from
Oct 14, 2022

Conversation

coadler
Copy link
Contributor

@coadler coadler commented Oct 13, 2022

Updates #4541

@coadler coadler requested a review from Kira-Pilot October 13, 2022 21:26
@coadler coadler self-assigned this Oct 13, 2022
@Kira-Pilot
Copy link
Member

The resource name for this type of diff is quite long - a whole key.
You can see the string displayed on the FE below:
Screen Shot 2022-10-14 at 1 56 51 PM

Do you think we could get away with not displaying the resource name for audit logs of this type, i.e. amending the description field such that it returns "description": "{user} updated git ssh key" instead of "description": "{user} updated git ssh key {target}"?

@Kira-Pilot
Copy link
Member

Screen Shot 2022-10-14 at 2 03 34 PM

Since the private key diff value will be empty, can we omit this?

@Kira-Pilot
Copy link
Member

This is working great for the regenerateGitSSHKey handler as it is hit from the UI.

Is there any CLI command counterpart we need to worry about here?

If not, do you mind adjusting audit-logs.md so that we show support for GitSSHKey again?

@coadler
Copy link
Contributor Author

coadler commented Oct 14, 2022

The resource name for this type of diff is quite long - a whole key. You can see the string displayed on the FE below: Screen Shot 2022-10-14 at 1 56 51 PM

Do you think we could get away with not displaying the resource name for audit logs of this type, i.e. amending the description field such that it returns "description": "{user} updated git ssh key" instead of "description": "{user} updated git ssh key {target}"?

I think that's a good idea! I'll change that.

This is working great for the regenerateGitSSHKey handler as it is hit from the UI.

Is there any CLI command counterpart we need to worry about here?

If not, do you mind adjusting audit-logs.md so that we show support for GitSSHKey again?

CLI commands don't need to be updated, I'll add it back as well!

@coadler
Copy link
Contributor Author

coadler commented Oct 14, 2022

Screen Shot 2022-10-14 at 2 03 34 PM

Since the private key diff value will be empty, can we omit this?

The idea of secret values in diffs is so we can tell a value changed without leaking that value. Maybe we can get a better way to display secret values?

@coadler coadler merged commit 7ec88bf into main Oct 14, 2022
@coadler coadler deleted the colin/auditgitsshkey branch October 14, 2022 21:25
@github-actions github-actions bot locked and limited conversation to collaborators Oct 14, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Kira-Pilot Kira-Pilot Kira-Pilot approved these changes

Assignees

@coadler coadler

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@coadler @Kira-Pilot