synthetic-monitoring-app
synthetic-monitoring-app copied to clipboard
grafana
[Feature Request] audit log for checks creation & updates
What would you like to be added: Logs indicating which user created a specific check. Logs indicating which user updated which check, and what the update was (at least which section of the check was modified is any, when the user clicks "Save")
Why is this needed: When dealing with a lot of users it becomes mandatory to backtrack actions or know who did what. At this moment what we can get from the logs is the users who updated a check, and when they updated it, but we cannot tell what the modification was. We can also see when a user creates a check, but not which check.
@rdubrock does the plugin have access to to the currently logged in user? I guess yes, but confirming.
maybe we can keep a limited number of serialized versions of the check. The API doesn't know who is changing the check, as the identification happens thru the tenant, not the user.
@rdubrock I'm thinking we could do this using Grafana logs. For the cloud case, I don't think the user has access to Grafana logs. If that's the case, the next best approximation to this issue is to pass the user from the app to the API and have the API log the change in the user's Loki instance (it has all the information required to do that), but that would be a major change.
There's a mechanism that allows some of the Grafana logs to be surfaced to the user. I think it's necessary to add a specific key-value pair to the log entry. The plugin can use that to generate logs and include the requested information there.
I think audit logging is going to have to originate in the API. We can provide a UI around it in the plugin, but until we are actually publishing those logs, there's not much the plugin can accomplish here. I do think this is deeply entwined with conversations around RBAC and user level permissions. This feature could probably be wrapped up with that effort.
