omni icon indicating copy to clipboard operation
omni copied to clipboard

Published 20 hours ago verified publisher icon siderolabs

Omni audit logs

Open steverfrancis opened this issue 1 year ago • 1 comments

Omni needs to have an audit log accessible in the UI for any action that changes configurations, whether by omnictl or the UI.

I'd suggest different labels for actions affecting Omni (user additions/deletions/role changes etc), Clusters and Machines. For machines, things like user initiated reboots, or deletions, as well as changes to patches and machine configs, need to be logged.

Update 2024-08-12 Implementation status and tasks

## Remaining steps
- [ ] https://github.com/siderolabs/omni/issues/545
- [ ] https://github.com/siderolabs/omni/issues/546
- [ ] https://github.com/siderolabs/omni/issues/578
- [ ] https://github.com/siderolabs/omni/issues/586
- [ ] https://github.com/siderolabs/omni/issues/593
- [ ] Deploy to production

## Future ideas
- [ ] Allow user to specify the retention policy
- [ ] Allow user to speciby the `begin` and `end` dates for getting logger
- [ ] Add support for MachineClass resources.
- [ ] Resource deletion should also print associated labels.
- [ ] Log when user downloads `talosconfig`.
- [ ] Log when user downloads `kubeconfig`.
- [ ] Maybe drop `GET` requests from logging k8s access.

steverfrancis avatar May 12 '23 19:05 steverfrancis