Implement audit logging
Description
Implement audit logging as set out in #34 (closed)
Further details
Task list
- Update code to ensure audit logs are written at an
INFOlevel. - Audit logs should have an identifiable
messageor an identifiable key in the JSON payload that marks them as audit logs.- This is so the logs can be captured separately in GCP by a log sink
Acceptance criteria
- Audit logs are written by the API, and are distinguishable from general logs
Links/references
Designs
Is blocked by
Activity
added issuetypeTask teamIdentity workflowNeeds Refinement labels
added to epic uis/devops&239 (closed)
marked this issue as blocked by #34 (closed)
added workflowSprint Ready label and removed workflowNeeds Refinement label
changed iteration to IAM Sprint Feb 12, 2025 - Feb 25, 2025
Audit logs should have an identifiable
messageor an identifiable key in the JSON payload that marks them as audit logs.Suggest rather than having specific
message, that we log atype/category"audit" in the payload, thenmessagecan be kept as context relevant. We then don't need to create additional log messages where one already exists and just add the "audit" type/category to its the payload.Edited by Robin GoodallIn fact, I'll pick up https://gitlab.developers.cam.ac.uk/uis/devops/iam/activate-account/infrastructure/-/issues/21 assuming this but can be changed if others disagree
Started work on https://gitlab.developers.cam.ac.uk/uis/devops/iam/activate-account/infrastructure/-/issues/21 - hit some provider bug/versioning issues - but was intending to use
jsonPayload.category = "audit"as the filter for the sink.
mentioned in merge request !105 (merged)
assigned to @rjg21
added workflowReview Required label and removed workflowSprint Ready label
added workflowUnder Review label and removed workflowReview Required label
closed with merge request !105 (merged)
mentioned in commit 53667662
added workflowDone label and removed workflowUnder Review label
