`jhack audit`?

[sed-i]

Currently, juju audit information is spread across show-status-log --format=json, debug-log.

It would be handy if jhack could augment/restructure/filter it into an audit log that addresses a separate use case. Perhaps something like:

$ jhack audit --aggregate-by=application-name

"traefik-k8s/trfk":
  - time: "09 Oct 2024 16:50:40-00:00"
    event: deploy
  - time: "09 Oct 2024 16:50:42-00:00"
    event: integrate
    endpoints: [trfk:ingress-per-app, am:ingress]
  - time: ""09 Oct 2024 16:50:43-00:00"
    event: config-changed
    # no need to list relation-changed events here because it's implementation detail
    # from a model audit perspective, relation created+removed and config changed should be enough?

I don't have a spec, but the above are some preliminary requirements I could think of.

Related: https://bugs.launchpad.net/juju/+bug/2084176

[PietroPasotti]

Interesting. Could you clarify what you mean by 'audit'? I think you mean a 'changelog of the model topology and toplevel app configuration', is that accurate? An interesting side-note is that juju doesn't tell us what has changed in the config (if anything at all), so would you want the audit info to pick up "juju has sent us a config-changed event", or would you like it to say "our config has changed (from A to B)"? Imho the latter would be more interesting from a model-audit perspective, but that would require us to do some manual diffing