Draft: Audit log GraphQL API

codegen setup fix some some some some more ? ?? SOME? ?? ? fix some? SOME ??? more some some test fix some code review! ? fix some clean! fix codegen path ??? ? ?? ? ? added scope ti auditlogmanager scheme publish & check & delete members role CLEAN MORE target project prettier fix resolver schema published lint fix code review! ? ? prettier migration fix! clean fix filters
graphql-hive · Oct 6, 2024 · dab6855 · dab6855
1 parent 498f621
commit dab6855
Show file tree

Hide file tree

Showing 45 changed files with 2,052 additions and 17 deletions.
diff --git a/codegen.mts b/codegen.mts
@@ -80,6 +80,31 @@ const config: CodegenConfig = {
  ID: 'string',
  },
  mappers: {
+ AuditLog: '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
+ UserInvitedAuditLog: '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
+ UserJoinedAuditLog: '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
+ UserRemovedAuditLog: '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
+ OrganizationSettingsUpdatedAuditLog:
+ '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
+ OrganizationTransferredAuditLog:
+ '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
+ ProjectCreatedAuditLog: '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
+ ProjectSettingsUpdatedAuditLog:
+ '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
+ ProjectDeletedAuditLog: '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
+ TargetCreatedAuditLog: '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
+ TargetSettingsUpdatedAuditLog:
+ '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
+ TargetDeletedAuditLog: '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
+ SchemaPolicySettingsUpdatedAuditLog:
+ '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
+ SchemaCheckedAuditLog: '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
+ SchemaPublishAuditLog: '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
+ SchemaDeletedAuditLog: '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
+ RoleCreatedAuditLog: '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
+ RoleAssignedAuditLog: '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
+ RoleDeletedAuditLog: '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
+ RoleUpdatedAuditLog: '../modules/audit-logs/module.graphql.mappers#AuditLogMapper',
  SchemaChange: '../modules/schema/module.graphql.mappers#SchemaChangeMapper',
  SchemaChangeApproval:
  '../modules/schema/module.graphql.mappers#SchemaChangeApprovalMapper',

diff --git a/packages/libraries/core/src/client/agent.ts b/packages/libraries/core/src/client/agent.ts
@@ -110,7 +110,6 @@ export function createAgent<TEvent>(
  const promise = captureAsync(event);
  inProgressCaptures.push(promise);
  void promise.finally(() => {
- // eslint-disable-next-line @typescript-eslint/no-floating-promises
  inProgressCaptures = inProgressCaptures.filter(p => p !== promise);
  });
  } else {

diff --git a/packages/migrations/src/clickhouse-actions/011-audit-logs.ts b/packages/migrations/src/clickhouse-actions/011-audit-logs.ts
@@ -0,0 +1,20 @@
+import type { Action } from '../clickhouse';
+
+export const action: Action = async exec => {
+ await exec(`
+ CREATE TABLE IF NOT EXISTS "audit_log"
+ (
+ "id" UUID DEFAULT generateUUIDv4() CODEC(ZSTD(1)),
+ "event_time" DateTime CODEC(ZSTD(1)),
+ "user_id" String CODEC(ZSTD(1)),
+ "user_email" String CODEC(ZSTD(1)),
+ "organization_id" String CODEC(ZSTD(1)),
+ "event_action" String CODEC(ZSTD(1)),
+ "metadata" String CODEC(ZSTD(1))
+ )
+ ENGINE = ReplacingMergeTree
+ ORDER BY ("event_time", "user_id")
+ TTL event_time + INTERVAL 1 YEAR
+ SETTINGS index_granularity = 8192
+ `);
+};
diff --git a/packages/migrations/src/clickhouse.ts b/packages/migrations/src/clickhouse.ts
@@ -166,6 +166,7 @@ export async function migrateClickHouse(
  import('./clickhouse-actions/008-daily-operations-log'),
  import('./clickhouse-actions/009-ttl-1-year'),
  import('./clickhouse-actions/010-app-deployment-operations'),
+ import('./clickhouse-actions/011-audit-logs'),
  ]);
 
  async function actionRunner(action: Action, index: number) {

diff --git a/packages/services/api/src/create.ts b/packages/services/api/src/create.ts
@@ -4,6 +4,7 @@ import { adminModule } from './modules/admin';
 import { alertsModule } from './modules/alerts';
 import { WEBHOOKS_CONFIG, WebhooksConfig } from './modules/alerts/providers/tokens';
 import { appDeploymentsModule } from './modules/app-deployments';
+import { auditLogsModule } from './modules/audit-logs';
 import { authModule } from './modules/auth';
 import { billingModule } from './modules/billing';
 import { BILLING_CONFIG, BillingConfig } from './modules/billing/providers/tokens';
@@ -81,6 +82,7 @@ const modules = [
  integrationsModule,
  alertsModule,
  feedbackModule,
+ auditLogsModule,
  cdnModule,
  adminModule,
  usageEstimationModule,

diff --git a/packages/services/api/src/modules/audit-logs/index.ts b/packages/services/api/src/modules/audit-logs/index.ts
@@ -0,0 +1,13 @@
+import { createModule } from 'graphql-modules';
+import { ClickHouse } from '../operations/providers/clickhouse-client';
+import { AuditLogManager } from './providers/audit-logs-manager';
+import { resolvers } from './resolvers.generated';
+import { typeDefs } from './module.graphql';
+
+export const auditLogsModule = createModule({
+ id: 'audit-logs',
+ dirname: __dirname,
+ typeDefs,
+ resolvers,
+ providers: [AuditLogManager, ClickHouse],
+});
diff --git a/packages/services/api/src/modules/audit-logs/module.graphql.mappers.ts b/packages/services/api/src/modules/audit-logs/module.graphql.mappers.ts
@@ -0,0 +1,3 @@
+import { AuditLogModel } from './providers/audit-logs-manager';
+
+export type AuditLogMapper = AuditLogModel;
diff --git a/packages/services/api/src/modules/audit-logs/module.graphql.ts b/packages/services/api/src/modules/audit-logs/module.graphql.ts
@@ -0,0 +1,238 @@
+import { gql } from 'graphql-modules';
+
+export const typeDefs = gql`
+ scalar DateTime
+ scalar Date
+ interface AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ }
+
+ type AuditLogUserRecord {
+ userId: ID!
+ userEmail: String!
+ user: User # this one is nullable because it can be deleted!
+ }
+
+ type AuditLogConnection {
+ nodes: [AuditLog]!
+ total: Int!
+ }
+
+ type AuditLogFileExport {
+ id: ID!
+ url: String!
+ validUntil: DateTime!
+ createdAt: DateTime!
+ }
+
+ type ExportResultEdge {
+ node: AuditLogFileExport!
+ cursor: String!
+ }
+
+ type ExportResultConnection {
+ edges: [ExportResultEdge!]!
+ pageInfo: PageInfo!
+ }
+
+ input AuditLogFilter {
+ date: Date
+ userId: String
+ organizationId: String
+ eventType: String
+ }
+
+ extend type Query {
+ auditLogs(filter: AuditLogFilter, limit: Int, offset: Int): AuditLogConnection!
+ auditLogExports(limit: Int, offset: Int, filter: AuditLogFilter): ExportResultConnection!
+ }
+
+ extend type Mutation {
+ exportAuditLogsToFile(filter: AuditLogFilter!): AuditLogFileExport!
+ }
+
+ type ModifyAuditLogError implements Error {
+ message: String!
+ }
+
+ type UserInvitedAuditLog implements AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ inviteeId: String!
+ inviteeEmail: String!
+ }
+
+ type UserJoinedAuditLog implements AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ inviteeId: String!
+ inviteeEmail: String!
+ }
+ type UserRemovedAuditLog implements AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ removedUserId: String!
+ removedUserEmail: String!
+ }
+
+ type OrganizationSettingsUpdatedAuditLog implements AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ updatedFields: JSON!
+ }
+
+ type OrganizationTransferredAuditLog implements AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ newOwnerId: String!
+ newOwnerEmail: String!
+ }
+
+ type ProjectCreatedAuditLog implements AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ projectId: String!
+ projectName: String!
+ }
+
+ type ProjectSettingsUpdatedAuditLog implements AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ projectId: String!
+ updatedFields: JSON!
+ }
+
+ type ProjectDeletedAuditLog implements AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ projectId: String!
+ projectName: String!
+ }
+
+ type TargetCreatedAuditLog implements AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ projectId: String!
+ targetId: String!
+ targetName: String!
+ }
+
+ type TargetSettingsUpdatedAuditLog implements AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ projectId: String!
+ targetId: String!
+ updatedFields: JSON!
+ }
+
+ type TargetDeletedAuditLog implements AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ projectId: String!
+ targetId: String!
+ targetName: String!
+ }
+
+ type SchemaPolicySettingsUpdatedAuditLog implements AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ projectId: String!
+ updatedFields: JSON!
+ }
+
+ type SchemaCheckedAuditLog implements AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ projectId: String!
+ targetId: String!
+ schemaSdl: String!
+ }
+
+ type SchemaPublishAuditLog implements AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ projectId: String!
+ targetId: String!
+ schemaName: String!
+ }
+
+ type SchemaDeletedAuditLog implements AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ projectId: String!
+ targetId: String!
+ schemaName: String!
+ }
+
+ type RoleCreatedAuditLog implements AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ roleId: String!
+ roleName: String!
+ }
+
+ type RoleAssignedAuditLog implements AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ roleId: String!
+ roleName: String!
+ userIdAssigned: String!
+ userEmailAssigned: String!
+ }
+
+ type RoleDeletedAuditLog implements AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ roleId: String!
+ roleName: String!
+ }
+
+ type RoleUpdatedAuditLog implements AuditLog {
+ id: ID!
+ eventTime: DateTime!
+ user: AuditLogUserRecord!
+ organizationId: String!
+ roleId: String!
+ roleName: String!
+ updatedFields: JSON!
+ }
+`;