argoproj
feat: Additional audit log information for updating argocd applications (resolves #23130)
When users update applications in the argocd ui, the audit log should be clear about what was changed in the application/applicationset. This change allows auditors to understand the difference in an update.
For example, if a user sets a helm parameter override, or points the application at a branch in the webui. Auditing should reflect that.
This information will not get included in the kubernetes event log, you can include very large differences in a spec.source.helm.values field, and it would clutter the kubernetes event log.
This change also adds logFields to the various calls to logAppEvent to allow future developers to add arbitrary contents to the audit logs.
Log Output (changed)
Kubernetes Event Output (unchanged)
Closes [ISSUE #23130]
Checklist:
- [x] Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
- [x] The title of the PR states what changed and the related issues number (used for the release note).
- [x] The title of the PR conforms to the Toolchain Guide
- [x] I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
- [x] I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
- [x] Does this PR require documentation updates?
- [x] I've updated documentation as required by this PR.
- [x] I have signed off all my commits as required by DCO
- [x] I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
- [x] My build is green (troubleshooting builds).
- [x] My new feature complies with the feature status guidelines.
- [x] I have added a brief description of why this PR is necessary and/or what this PR solves.
- [ ] Optional. My organization is added to USERS.md.
- [ ] Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).
:x: Preview Environment undeployed from Bunnyshell
Available commands (reply to this comment):
- :rocket:
/bns:deployto deploy the environment
![bunnyshell[bot] avatar](https://avatars.githubusercontent.com/in/338154?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
:x: Patch coverage is 58.10811% with 62 lines in your changes missing coverage. Please review.
:white_check_mark: Project coverage is 60.23%. Comparing base (6f6c39d) to head (7506ee0).
Additional details and impacted files
@@ Coverage Diff @@
## master #23131 +/- ##
==========================================
- Coverage 60.25% 60.23% -0.03%
==========================================
Files 350 350
Lines 59959 60061 +102
==========================================
+ Hits 36128 36176 +48
- Misses 20930 20960 +30
- Partials 2901 2925 +24
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
I've marked as a draft as I haven't had a chance to test the latest changes with a real Argo CD deployment, with some logging tool (like loki), and the kubernetes event log. I'll probably be able to do this early next week and upload some screenshots.
I've also extended the diff logging to include ApplicationSets. I've copied the jsonDiff function into the applicationset package, as I don't know where the best place for that function to live.
Hey @crenshaw-dev, please could I get another review at your convenience, thanks.
@crenshaw-dev - sorry to keep bothering you, could I get some feedback please.